Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-03-11 12:50:51

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Card not vulnerable

Hi
I'm trying to hack a card but result it's not what I aspected.
I have flashed SW v2.2.0 on my Proxmark3 rdv2:

[[[ Cached information ]]]
Prox/RFID mark3 RFID instrument          
bootrom: /-suspect 2015-08-16 18:49:55
os: /-suspect 2015-08-16 18:50:03
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 166521 bytes (32%). Free: 357767 bytes (68%).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory          

This is my hw tune output:

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)                 
......#db# DownloadFPGA(len: 42096)                 
.          
# LF antenna: 46.06 V @   125.00 kHz          
# LF antenna: 20.49 V @   134.00 kHz          
# LF optimal: 46.75 V @   123.71 kHz          
# HF antenna: 30.13 V @    13.56 MHz          

Card is a MIFARE Classic 1k:

 UID : 8b 3a 5b 1d           
ATQA : 00 04          
 SAK : 08 [2]          
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1          
proprietary non iso14443-4 card found, RATS not supported          
Answers to chinese magic backdoor commands: NO          

The only good result is a key found with "Test Block Keys" command. So I have one key:

--sector: 0, block:  3, key type:A, key count:13           
Found valid key:[a0a1a2a3a4a5]          

Now, if I try a Darkside attack I obtain the output "Card is not vulnerable to Darkside attack (its random number generator is not predictable)." and similar with a Nested attack: "Tag isn't vulnerable to Nested Attack".

What could I do?
Thanks

Offline

#2 2017-03-13 23:17:43

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Re: Card not vulnerable

What are steps to use the "hardnested" attack ?
I have read many posts where it seems easy but I can't launch command.
If I try something like this:

hf mf hardnested 0 A a0a1a2a3a4a5 44 B w

I receive only the help with commands listed.

I don't understand. Is it a software version problem ?

Offline

#3 2017-03-14 08:13:49

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Card not vulnerable

Does the "hardnested" command show in that list of commands?   if not, then you have your answer to your question.

Offline

#4 2017-03-14 08:28:46

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Card not vulnerable

Your software version 2.2.0 doesn't include the hf mf hardnested command. You have the following options:

Offline

#5 2017-03-14 23:25:37

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Re: Card not vulnerable

Thank you very much. Now I know why I couldn't use it.
Unfortunately I have problems with both options...
Precompiled binaries crash and I can't compile source code of your hardnested branch.

Offline

#6 2017-03-15 02:58:06

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Card not vulnerable

you can either use proxspace or minGW build environment to compile the SW .... there is detailed instruction to setup somewhere on the forum.

Offline

#7 2017-03-21 23:38:03

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Re: Card not vulnerable

Now I can compile correctly source code. I have a valid ProxSpace with Qt v4.6.2 and miniGW v5.3.0.
I don't get any compiling errors but every time I try to lunch my new compiled sw it crashes again.
I have tried both version (piwi and iceman 1.7.0, 1.6.8, ...)

I have flashed bootrom and fullimage files correctly on device. With an old client version (pm3-bin-2.2.0) I can verify it

Offline

#8 2017-03-22 06:03:22

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Card not vulnerable

Regard: sw crash.
There is little to go with when all you say "it crashes again".   You need to supply more information if you expect anyone to help out.
Start a new thread regarding this crash in relevant category,  but search the forum first to see if its already been answered.

Offline

#9 2017-03-23 23:04:00

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Re: Card not vulnerable

Crash is due to two missing files in output folder (client): QtCore4.dll and QtGui4.dll.
But there is no difference if I add them in the folder and lunch proxmark3 again.
With JIT Debugger and VS I obtain that error code is  0xC0000005.
In another post I have read that I need probabily to recompile Qt4. Unfortunately I'm using ProxSpace by gator where Qt is "light" version and links in the post are broken...

Is this the correct way?
Thanks

Offline

#10 2017-03-24 03:20:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Card not vulnerable

download a build env / or setut it up yourself,    pull latest sourcecode,  recompile, and you should be good to go.

Offline

#11 2017-03-29 22:01:35

MaBi
Contributor
Registered: 2016-11-06
Posts: 24

Re: Card not vulnerable

Is there a list of commands where I can find more informations about syntax and parameters ?
I have found Wiki list but I'm looking for hf mf hardnested or hf mf chk *4 (iceman fork) for example.

Thanks

Offline

#12 2017-03-29 22:22:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Card not vulnerable

many commands has a help text nowdays with h parameter.

hf mf gives some help
hf mf hardnest h gives some more help

You find Iceman fork command set here http://www.icedev.se/pm3cmds.aspx

Offline

Board footer

Powered by FluxBB