Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi all,
Our card system did a private company before and now we dont have their sector keys to do something. there are more then 100.000 card now in use and I did a special machine to find old sector keys ( with nested attack ) delete them and write our algoritm.. we try our machine nearly more than 200 cards and worked perfect. but yesterday a friend give me a student card. and proxmark can not attack it with nested. ( all cards are 1k standart mifare ).
Proxmark is giving = "Card is not vulnerable to Darkside attack (its random number generator is not predictable)."
I have old card reader and writer program( only compailed file not source code ), I dont know can I sniff keys when that program communicating with cards? ( I did not do it before )
Aim :
cards has 16 sector. I know sector 1-2-3 keys ( student cards can use city traffic system so they has open key ) I wanna delete sector 0-4-5-... 16 )
ps : Totaly I have 26 Proxmark3.
Last edited by smeric (2018-02-27 14:35:31)
Offline
Use hf mf hardnested instead of hf mf nested.
Offline
My version :
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-351-g51d51c6-suspect 2018-02-26 15:13:40
os: master/v3.0.1-351-g51d51c6-suspect 2018-02-26 15:13:44
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S512 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 199577 bytes (38%). Free: 324711 bytes (62%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
After write hardnested I am taking some Auth1 error message
in card all A and B key is same.. as I said before I know sector 1,2,3 keys .
proxmark3> hf mf hardnested 1 A c025f10a1d34 19 A FFFFFFFFFFFF
--target block no: 19, target key type:A, known target key: 0xffffffffffff, file action: none, Slow: No, Tests: 0
Using AVX2 SIMD core.
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 4 threads and AVX2 SIMD core | |
0 | 0 | Brute force benchmark: 482 million (2^28.8) keys/s | 140737488355328 | 3d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 3d
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error
#db# Authentication failed. Card timeout.
I am using official firmware .. must I use iceman release ?
Offline
card info which can not attackable
proxmark3> hf search
UID : 83 0d 29 e0
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDEND (hardnested)
Valid ISO14443A Tag Found - Quiting Search
card info which can attackable
proxmark3> hf search
UID : 2c b7 cf f0
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
Offline
#db# Authentication failed. Card timeout. #db# AcquireNonces: Auth1 error
c025f10a1d34 is a valid key A for block 1?
If yes, try adding option s to the hardnested command. Or play with the reader-to-card distance.
If no, you need to use another block/key pair.
Offline
Pages: 1