Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2022-02-14 18:07:08

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Some ideas about staticnested

Why not try this idea?
Can I get the password directly?


in mifarehost.c

    // the statelists now contain possible keys. The key we are searching for must be in the
    // intersection of both lists
    qsort(statelists[0].head.keyhead, statelists[0].len, sizeof(uint64_t), compare_uint64);
    qsort(statelists[1].head.keyhead, statelists[1].len, sizeof(uint64_t), compare_uint64);
    // Create the intersection
    statelists[0].len = intersection(statelists[0].head.keyhead, statelists[1].head.keyhead);


Is the above code suitable for staticnested?

Offline

#2 2022-02-15 20:16:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Some ideas about staticnested

Please try it and tell us  how it went!

Offline

#3 2022-02-16 02:57:01

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

I've tested it, but the intersection is 0

In theory, create two lists. Each list should have real password data. The intersection of the two lists should be the only password data, but why is the intersection 0?



But in China, it has been studied to let the staticnested command calculate the password directly in three seconds.

Offline

#4 2022-02-16 20:01:01

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Some ideas about staticnested

Do you have a link to the "in China, it has been studied to let the staticnested command calculate the password directly in three seconds" work?

Offline

#5 2022-02-17 16:51:13

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

Look this!

http://ls.txts.fun/Desktop.rar

Please let me know after you download it! I'm going to delete it!

Offline

#6 2022-02-17 16:55:47

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

[+]  UID: B3 45 5B A0
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[#] 1 static nonce 01200145
[+] Static nonce: yes
[#] Auth error


The card is 【1 static nonce 01200145】

Last edited by wdywmz (2022-02-17 16:57:19)

Offline

#7 2022-02-17 20:42:42

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Some ideas about staticnested

I got it.  Thanks.
The pictures shows that they are reading Key B from having Key A.  Not sure if thats how they do it, but if it is then it's a known way and already implemented both in pm3 and libnfc.
It only works if the access rights (ACL) allows for it.

Offline

#8 2022-02-17 20:54:45

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Some ideas about staticnested

Speaking of which,  the video show that  they are using libnfc stuff.  Around 1.20-1.30  you see that they use staticnested to get a key.  They got 55526 candidate keys, which they are now trying to find which is the correct.
It actually looks like they are using mylazycracker ....  but translated to Chinese.

The only thing in that video that I am curious of is how they are getting the KEY A that fast.....    There might be something there.

Offline

#9 2022-02-18 04:53:56

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

in mifarehost.c

// the statelists now contain possible keys. The key we are searching for must be in the
// intersection of both lists
qsort(statelists[0].head.keyhead, statelists[0].len, sizeof(uint64_t), compare_uint64);
qsort(statelists[1].head.keyhead, statelists[1].len, sizeof(uint64_t), compare_uint64);
// Create the intersection
statelists[0].len = intersection(statelists[0].head.keyhead, statelists[1].head.keyhead);


Is the above code suitable for staticnested?

Create two lists of data. Will there be an intersection between them?
Can we quickly calculate the password from this intersection?

Offline

#10 2022-02-18 05:02:28

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

532nfc decryption staticnested algorithm is transplanted from PM3 source code.
The algorithm is inspired by PM3 source code

Last edited by wdywmz (2022-02-18 13:50:15)

Offline

#11 2022-02-23 15:19:21

wdywmz
Contributor
Registered: 2021-01-18
Posts: 20

Re: Some ideas about staticnested

@iceman,Do you have email? I'll send you some information to see.
There are no private messages in this forum

Offline

Board footer

Powered by FluxBB