Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2018-06-03 11:28:26

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

[resolved] is hardnested the only option to get the key for this card?

Hi,

I got a Mifare Classic Card,  where block0 is encrypted
block1-6 use ffffffffffff as A/B key
using nested  command returned "[-] Tag isn't vulnerable to Nested Attack (PRNG is not predictable)."
using hardnested command stop at nonces 335/336, ( i believe it is a memory issue --512Mb version-- as iceman mentioned in other thread"

without doing sniffing, is there any other way to move this forward?

Thanks in advance


pm3 --> hw version
[[[ Cached information ]]]

Proxmark3 RFID instrument

 [ ARM ]
 bootrom: iceman/master/ice_v3.1.0-787-g192aa9ab 2018-04-08 11:49:32
      os: iceman/master/ice_v3.1.0-787-g192aa9ab 2018-04-08 11:49:37
 [ FPGA ]
 LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
 HF image built for 2s30vq100 on 2017/11/10 at 19:24:16

 [ Hardware ]
  --= uC: AT91SAM7S512 Rev B
  --= Embedded Processor: ARM7TDMI
  --= Nonvolatile Program Memory Size: 512K bytes, Used: 237727 bytes (45%) Free: 286561 bytes (55%)
  --= Second Nonvolatile Program Memory Size: None
  --= Internal SRAM Size: 64K bytes
  --= Architecture Identifier: AT91SAM7Sxx Series
  --= Nonvolatile Program Memory Type: Embedded Flash Memory


pm3 --> hf 14a info
 UID : 33 DD A0 E7
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Prng detection: WEAK


pm3 --> hf mf chk *1 ? d
testing to read key B...
|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ------------  | 0 |  ------------  | 0 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ------------  | 0 |  ------------  | 0 |
|008|  ------------  | 0 |  ------------  | 0 |
|009|  ------------  | 0 |  ------------  | 0 |
|010|  ------------  | 0 |  ------------  | 0 |
|011|  ------------  | 0 |  ------------  | 0 |
|012|  ------------  | 0 |  ------------  | 0 |
|013|  ------------  | 0 |  ------------  | 0 |
|014|  ------------  | 0 |  ------------  | 0 |
|015|  ------------  | 0 |  ------------  | 0 |
|---|----------------|---|----------------|---|
Printing keys to binary file hf-mf-33DDA0E7-key.bin...




pm3 --> hf mf nested 1 4 A FFFFFFFFFFFF d
Testing known keys. Sector count=16
[-] Chunk: 0.9s | found 0/32 keys (21)

[+] Time to check 20 known keys: 1 seconds

enter nested attack
[-] Tag isn't vulnerable to Nested Attack (PRNG is not predictable).




pm3 --> hf mf hardnested 4 A FFFFFFFFFFFF 0 A
--target block no:  0, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second

 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 120 million (2^26.8) keys/s      | 140737488355328 |   14d
       0 |       0 | Using 0 precalculated bitflip state tables              | 140737488355328 |   14d
       5 |     112 | Apply bit flip properties                               | 140737488355328 |   14d
       7 |     224 | Apply bit flip properties                               | 140737488355328 |   14d
       9 |     336 | Apply bit flip properties                               | 140737488355328 |   14d
[!] Error: No response from Proxmark.

Last edited by rayway99 (2018-06-05 10:04:09)

Offline

#2 2018-06-03 12:57:57

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,219

Re: [resolved] is hardnested the only option to get the key for this card?

Memory size wouldn't matter if you were using the pm3 master firmware.  Not sure on icemans.

Offline

#3 2018-06-03 13:21:02

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

Re: [resolved] is hardnested the only option to get the key for this card?

thanks @marshmellow for the prompt reply

I switched back to the master firmware now the hardnested is running

    487 |   39289 | Apply bit flip properties                               |             nan |  nand      
...

and still going

not sure if the "nan|nand" are being expected or not ( first time to play with hardnested and not sure the norm duration for the process )

will report back and mark topic solved if successfuly

Offline

#4 2018-06-03 13:23:17

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,219

Re: [resolved] is hardnested the only option to get the key for this card?

Be sure you are not using sector numbers but actual block numbers.

Offline

#5 2018-06-03 14:26:10

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

Re: [resolved] is hardnested the only option to get the key for this card?

hi @marshmellow,

I believe i have used the correct block number ( but i did stop the hardnested to double check..)

the process is now at at time #2552 , running over 1 hour now..

proxmark3> hf mf hardnested 8 A FFFFFFFFFFFF 56 A
--target block no: 56, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0
Using SSE2 SIMD core.
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second



 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 120 million (2^26.8) keys/s      | 140737488355328 |   14d
       0 |       0 | Using 0 precalculated bitflip state tables              | 140737488355328 |   14d
       5 |     112 | Apply bit flip properties                               | 140737488355328 |   14d
...
2552 |   65090 | Apply bit flip properties                               |             nan |  nand 
...

I wonder how long it might be running for ( I do have an wooden PC like 5 years back running dual-core 2.6GHz )

also curious under what circumstances one would put the known target key in the command as parameters ( isn't the target key being what are are trying to get from the hardnested attack ?)

Offline

#6 2018-06-04 14:39:41

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

Re: [resolved] is hardnested the only option to get the key for this card?

hmm i have run the hardnested for 2 hours on the PM3 (Elechouse Easy Model) and got error "Error: No response from Proxmark."

not sure if I am doing sth wrong but too obvious to catch with my own eyes

proxmark3> hw version
[[[ Cached information ]]]

Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-361-ge069547-suspect 2018-04-03 11:12:28
os: master/v3.0.1-361-ge069547-suspect 2018-04-03 11:12:31
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 199639 bytes (38%). Free: 324649 bytes (62%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory


proxmark3> hf 14a info
 UID : 33 dd a0 e7
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDEND (hardnested)

proxmark3> hf mf hardnested 12 A FFFFFFFFFFFF 52 A w
--target block no: 52, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0
Using SSE2 SIMD core.
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second



 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 120 million (2^26.8) keys/s      | 140737488355328 |   14d
       0 |       0 | Using 0 precalculated bitflip state tables              | 140737488355328 |   14d
       5 |       0 | Writing acquired nonces to binary file nonces.bin       | 140737488355328 |   14d
       5 |     111 | Apply bit flip properties                               | 140737488355328 |   14d
       6 |     223 | Apply bit flip properties                               | 140737488355328 |   14d
       6 |     334 | Apply bit flip properties                               | 140737488355328 |   14d
       7 |     445 | Apply bit flip properties                               | 140737488355328 |   14d
       8 |     557 | Apply bit flip properties                               | 140737488355328 |   14d
       9 |     666 | Apply bit flip properties                               | 140737488355328 |   14d
      10 |     775 | Apply bit flip properties                               | 140737488355328 |   14d
      11 |     887 | Apply bit flip properties                               | 140737488355328 |   14d
      12 |     998 | Apply bit flip properties                               | 140737488355328 |   14d
     12 |    1109 | Apply bit flip properties                               | 140737488355328 |   14d
      18 |    1216 | Apply Sum property. Sum(a0) = 128                       |             nan |  nand
      19 |    1325 | Apply bit flip properties                               |             nan |  nand         
      20 |    1437 | Apply bit flip properties                               |             nan |  nand 
...
    5071 |   65532 | Apply bit flip properties                               |             nan |  nand         
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
Error: No response from Proxmark.

Offline

#7 2018-06-04 18:42:14

piwi
Moderator
Registered: 2013-06-04
Posts: 524

Re: [resolved] is hardnested the only option to get the key for this card?

Using 0 precalculated bitflip state tables

Please check your installation. The bitflip state tables should be in the client/hardnested/tables directory (a few hundred of *.bin.z files). Hardnested doesn't work without them.

Offline

#8 2018-06-05 10:03:04

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

Re: [resolved] is hardnested the only option to get the key for this card?

thanks piwi, there are such folder for win32\hardnested\tables with those .bin.z files

but once I move the pm3 folder to the root directory of the local drive ( away from the parent direcoty contains non-English characters)

the hardnested starts to work as expected , thanks heaps and resolving the topic for now

***still have the doubt that when one should be using the known target key parameters in a hardnested attack***

proxmark3> hf mf hardnested 12 A FFFFFFFFFFFF 52 A w
--target block no: 52, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0
Using SSE2 SIMD core.

 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 182 million (2^27.4) keys/s      | 140737488355328 |    9d
       3 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    9d
       7 |       0 | Writing acquired nonces to binary file nonces.bin       | 140737488355328 |    9d
       8 |     112 | Apply bit flip properties                               |    406019080192 | 37min
       9 |     224 | Apply bit flip properties                               |    288500187136 | 26min
      10 |     336 | Apply bit flip properties                               |    116740063232 | 11min
      11 |     447 | Apply bit flip properties                               |     47558418432 |  4min
      12 |     557 | Apply bit flip properties                               |     35742220288 |  3min
      13 |     668 | Apply bit flip properties                               |     34049961984 |  3min
      14 |     778 | Apply bit flip properties                               |     34049961984 |  3min
      15 |     889 | Apply bit flip properties                               |     17237016576 |  2min
      16 |    1001 | Apply bit flip properties                               |     16420960256 |  2min
      17 |    1111 | Apply bit flip properties                               |     16420960256 |  2min
      18 |    1219 | Apply bit flip properties                               |     15384170496 |   85s
      19 |    1329 | Apply bit flip properties                               |     15384170496 |   85s
      20 |    1439 | Apply bit flip properties                               |     15384170496 |   85s
      26 |    1549 | Apply Sum property. Sum(a0) = 128                       |      1438410752 |    8s
      28 |    1661 | Apply bit flip properties                               |      1438410752 |    8s
      32 |    1773 | Apply bit flip properties                               |      1350568320 |    7s
      37 |    1882 | Apply bit flip properties                               |      1147669504 |    6s
      37 |    1882 | (Ignoring Sum(a8) properties)                           |      1147669504 |    6s
      42 |    1882 | Starting brute force...                                 |      1147669504 |    6s
      44 |    1882 | Brute force phase completed. Key found: 6d01d74c2563    |               0 |    0s

proxmark3> hf mf chk *1 ? d key.dic

To cancel this operation press the button on the proxmark...
--o
|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|008|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|009|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|010|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|011|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|012|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|013|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|014|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|015|  6d01d74c2563  | 1 |  ffffffffffff  | 0 |
|---|----------------|---|----------------|---|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.

Offline

#9 2018-06-05 10:09:40

rayway99
Contributor
Registered: 2018-04-08
Posts: 20

Re: [resolved] is hardnested the only option to get the key for this card?

FYR, switching back to iceman fork and seems hardnested is indeed not working on my 512M ElecHouse Easy model, even with the bitflip state tables available

pm3 --> hf mf hardnested 4 A FFFFFFFFFFFF 0 A
--target block no:  0, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0

 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 177 million (2^27.4) keys/s      | 140737488355328 |    9d
       4 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    9d
       9 |     112 | Apply bit flip properties                               |    145693982720 | 14min
      11 |     223 | Apply bit flip properties                               |     96993132544 |  9min
      14 |     335 | Apply bit flip properties                               |     40709345280 |  4min
      17 |     447 | Apply bit flip properties                               |     40709345280 |  4min
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
[!] Error: No response from Proxmark.

pm3 --> hf mf hardnested 12 A FFFFFFFFFFFF 52 A w
--target block no: 52, target key type:A, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0   

 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 2 threads and SSE2 SIMD core                |                 |
       0 |       0 | Brute force benchmark: 178 million (2^27.4) keys/s      | 140737488355328 |    9d
       1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    9d
       6 |       0 | Writing acquired nonces to binary file hf-mf-33DDA0E7-nonces.bin | 140737488355328 |    9d
       7 |     111 | Apply bit flip properties                               |    180449984512 | 17min
       9 |     223 | Apply bit flip properties                               |     73415475200 |  7min
      11 |     335 | Apply bit flip properties                               |     15384170496 |   87s
      15 |     447 | Apply bit flip properties                               |     15384170496 |   87s
[!] Error: No response from Proxmark.

Offline

#10 2018-06-05 17:11:35

yaowang
Contributor
Registered: 2017-01-11
Posts: 15

Re: [resolved] is hardnested the only option to get the key for this card?

You need original pm3 easy,the original only have 256k flash

Offline

#11 2018-06-05 17:59:50

piwi
Moderator
Registered: 2013-06-04
Posts: 524

Re: [resolved] is hardnested the only option to get the key for this card?

***still have the doubt that when one should be using the known target key parameters in a hardnested attack***

This is only useful for debugging (it would tell you when the target key is wrongly eliminated from the set of remaining possible states) or testing (the undocumented option t n will simulate a tag and run hardnested n times offline)

Offline

Board footer

Powered by FluxBB