Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-12-12 15:35:25

Nexus
Contributor
Registered: 2020-12-08
Posts: 3

[solved] Retrieve mifare classic key

Hello people.

Because i`m a noob in proxmark and RF-Things, i have some questions about retrieve a single key from a mifare classic card.
Let my show you what i do

in first place, i run command hf search

UID : 46 26 36 bb
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK

Valid ISO14443A Tag Found - Quiting Search

Then, i run command hf 14a snoop and i put my phone to read card with valid key`s. After some seconds, i recive:

#db# COMMAND FINISHED
#db# maxDataLen=2, Uart.state=0, Uart.len=9
#db# traceLen=39288, Uart.output[0]=00000093

i run command: hf list 14a and a very long data was captured, but, in all data i thing i have the handshake:

  119752624 |  119763088 | Rdr | 93  70  46  26  36  bb  ed  b5  55                              |  ok | SELECT_UID
  119764356 |  119767876 | Tag | 08  b6  dd                                                             |     |
  119848768 |  119853536 | Rdr | 60  04  d1  3d                                                        |  ok | AUTH-A(4)
  119855508 |  119860180 | Tag | c4  71  03  d8                                                        |     |
  119866944 |  119876256 | Rdr | 7b  a7  87! a7! 3f  dc  05! be                                    | !crc| ?
  119936736 |  119941504 | Rdr | 50  00  57  cd                                                        |  ok | HALT
  120022336 |  120023328 | Rdr | 52'                                                                       |     | WUPA
  120024596 |  120026964 | Tag | 04  00                                                                  |     |
  120045716 |  120049236 | Tag | 08  b6  dd                                                             |     |
  120133716 |  120138452 | Tag | c1  be  5f  5b                                                         |     |
  120227040 |  120231808 | Rdr | 50  00  57  cd                                                         |  ok | HALT
 
 
  120316656 |  120317648 | Rdr | 52'                                                                        |     | WUPA
  120318916 |  120321284 | Tag | 04  00                                                                   |     |
  120340036 |  120343556 | Tag | 08  b6  dd                                                              |     |
  120439312 |  120444080 | Rdr | 60  08  bd  f7                                                          |  ok | AUTH-A(8)
  120446036 |  120450772 | Tag | 1b  84  be  01                                                         |     |
  120457488 |  120466864 | Rdr | c8  fe  2e  e0! 3d  9a! 89! 1a                                     | !crc| ?
  120539888 |  120544656 | Rdr | 50  00  57  cd                                                         |  ok | HALT
  120635472 |  120636464 | Rdr | 52'                                                                        |     | WUPA
  120637716 |  120640084 | Tag | 04  00                                                                   |     |
  120658836 |  120662356 | Tag | 08  b6  dd                                                              |     |
  120763600 |  120768304 | Rdr | 61  08  65  ee                                                          |  ok | AUTH-B(8)
  120770324 |  120774996 | Tag | f0  06  a5  cf                                                           |     |
 
  with mfkey64 i try to retrive one key but seems is not working right
 
  462636bb is UID
  c47103d8 is NT
  7ba787a7 is NR
  3fdc05be is AR
  c1be5f5b is AT
 
  well...
 
./mfkey64 462636bb c47103d8 7ba787a7 3fdc05be c1be5f5b
MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!

Recovering key for:
   uid: 462636bb
    nt: c47103d8
  {nr}: 7ba787a7
  {ar}: 3fdc05be
  {at}: c1be5f5b

LFSR successors of the tag challenge:
  nt' : 02cf5af3
  nt'': 7ddede44
Time spent in lfsr_recovery64(): 0.85 seconds

Keystream used to generate {ar} and {at}:
   ks2: 3d135f4d
   ks3: bc60811f

Found Key: [74568adcbe73]


But given key is not the right one..
What i doing wrong?

i have all keys for this classic mifare and given key is not in my list.

Thank you, Nexus.

Last edited by Nexus (2020-12-14 00:22:57)

Offline

#2 2020-12-12 18:39:41

Nexus
Contributor
Registered: 2020-12-08
Posts: 3

Re: [solved] Retrieve mifare classic key

well. after some try, my eyes see the good handshake smile

  129524020 |  129528756 | Tag | 9f  7a  bf  b0                                                  |     |
  129535472 |  129544784 | Rdr | 48! 3a! 04! e2  1f  f1! 0d! 1f!                                 | !crc| ?
  129546036 |  129550772 | Tag | 01  7d  e6  e9 

Can you close the post now smile
Thank you, Nexus

Offline

Board footer

Powered by FluxBB