Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2021-05-18 06:34:45
- Hotel-key-card
- Contributor
- Registered: 2020-06-27
- Posts: 10
The VINGCARD algorithm is very interesting
After a long time of analysis, the 1K algorithm is very simple:
UID+1 sector password
FCC8526B CC01D828220470FF0869C80D00F40410
5CE40646 DC0F2418F60E70FF08697C5954606C00
6C02506B BC059212E00370FF086948245002B013
ECB31446 BC01231F240870FF0869E80CA8619803
ECAA8C6B FC0A7A28CC0A70FF0869589508B1FC3F
EC72B86B BC056228E80F70FF0869E847001DA880
2C1A8469 DC0D2A13040F70FF0869D025341FFC72
BCCF7B6B EC06DF279B0170FF0869704990F9EB26
EC6DA169 7C055D26C10070FF086938444A041320
CC177E69 8C0DB71C1E0370FF08695CA331293072
AC8BA669 2C0FEB24660F70FF08698C9C893CA46B
AC837769 BC037320370F70FF086998212E0D0D48
6C56B469 DC0EA61D440770FF0869E061BCA0186F
8CA38969 7C0DB322890E70FF0869C071A05B2328
423718C5 C20A5715B80870FF0869922B4D49D011
1C02A069 8C0D7212B00E70FF0869A0174C02409C
1C067A69 AC0056101A0F70FF086918011806D003
FC739A69 BC0853279A0C70FF08690C7B4519781A
4C707069 9C022019E00A70FF0869480B40B1504E
1C20A369 7C0FA014130D70FF0869041B2029A50E
4CCB0F46 2C0D0B16CF0370FF0869743D6F206900
6C47361E 9C003710E60B70FF0869B001B648E010
7C294946 1C066913490670FF0869142C7D315D21
ECE9F81D EC0E492E480970FF08696CCF13A64816
3CB3C16B 8C020321810B70FF0869E80852780B99
8C1A671E 7C0FAA12170D70FF08694083441EF63D
AC4F501E 7C0BDF16300C70FF0869E874286FC044
8CF80F46 5C04681DDF0270FF0869E821C0CA7C0B
7CB6421E DC099619E20570FF086924497A1DD602
2CFB0F46 0C0A3B17AF0270FF0869541B6F74FB04
I don't think I made a calculation error.
Offline
#2 2021-05-20 18:50:15
- Onisan
- Contributor
- From: London
- Registered: 2016-07-18
- Posts: 88
Re: The VINGCARD algorithm is very interesting
Could you explain what you have done?
Offline
#3 2021-05-23 01:54:11
- nock
- Contributor
- Registered: 2019-12-11
- Posts: 15
Re: The VINGCARD algorithm is very interesting
After a long time of analysis, the 1K algorithm is very simple:
UID+1 sector password
FCC8526B CC01D828220470FF0869C80D00F40410
5CE40646 DC0F2418F60E70FF08697C5954606C00
6C02506B BC059212E00370FF086948245002B013
ECB31446 BC01231F240870FF0869E80CA8619803
ECAA8C6B FC0A7A28CC0A70FF0869589508B1FC3F
EC72B86B BC056228E80F70FF0869E847001DA880
2C1A8469 DC0D2A13040F70FF0869D025341FFC72
BCCF7B6B EC06DF279B0170FF0869704990F9EB26
EC6DA169 7C055D26C10070FF086938444A041320
CC177E69 8C0DB71C1E0370FF08695CA331293072
AC8BA669 2C0FEB24660F70FF08698C9C893CA46B
AC837769 BC037320370F70FF086998212E0D0D48
6C56B469 DC0EA61D440770FF0869E061BCA0186F
8CA38969 7C0DB322890E70FF0869C071A05B2328
423718C5 C20A5715B80870FF0869922B4D49D011
1C02A069 8C0D7212B00E70FF0869A0174C02409C
1C067A69 AC0056101A0F70FF086918011806D003
FC739A69 BC0853279A0C70FF08690C7B4519781A
4C707069 9C022019E00A70FF0869480B40B1504E
1C20A369 7C0FA014130D70FF0869041B2029A50E
4CCB0F46 2C0D0B16CF0370FF0869743D6F206900
6C47361E 9C003710E60B70FF0869B001B648E010
7C294946 1C066913490670FF0869142C7D315D21
ECE9F81D EC0E492E480970FF08696CCF13A64816
3CB3C16B 8C020321810B70FF0869E80852780B99
8C1A671E 7C0FAA12170D70FF08694083441EF63D
AC4F501E 7C0BDF16300C70FF0869E874286FC044
8CF80F46 5C04681DDF0270FF0869E821C0CA7C0B
7CB6421E DC099619E20570FF086924497A1DD602
2CFB0F46 0C0A3B17AF0270FF0869541B6F74FB04I don't think I made a calculation error.
Hi, can you please explain the key diversification algo for how the Sector 1 A/B keys are calculated from the UID?
Offline
#4 2021-05-23 22:51:48
- Hotel-key-card
- Contributor
- Registered: 2020-06-27
- Posts: 10
Re: The VINGCARD algorithm is very interesting
Could you explain what you have done?
I calculated it and want to verify if it is correct, or if you have a blank card, I am willing to try
Offline
#5 2021-05-23 22:53:55
- Hotel-key-card
- Contributor
- Registered: 2020-06-27
- Posts: 10
Re: The VINGCARD algorithm is very interesting
Hotel-key-card wrote:After a long time of analysis, the 1K algorithm is very simple:
UID+1 sector password
FCC8526B CC01D828220470FF0869C80D00F40410
5CE40646 DC0F2418F60E70FF08697C5954606C00
6C02506B BC059212E00370FF086948245002B013
ECB31446 BC01231F240870FF0869E80CA8619803
ECAA8C6B FC0A7A28CC0A70FF0869589508B1FC3F
EC72B86B BC056228E80F70FF0869E847001DA880
2C1A8469 DC0D2A13040F70FF0869D025341FFC72
BCCF7B6B EC06DF279B0170FF0869704990F9EB26
EC6DA169 7C055D26C10070FF086938444A041320
CC177E69 8C0DB71C1E0370FF08695CA331293072
AC8BA669 2C0FEB24660F70FF08698C9C893CA46B
AC837769 BC037320370F70FF086998212E0D0D48
6C56B469 DC0EA61D440770FF0869E061BCA0186F
8CA38969 7C0DB322890E70FF0869C071A05B2328
423718C5 C20A5715B80870FF0869922B4D49D011
1C02A069 8C0D7212B00E70FF0869A0174C02409C
1C067A69 AC0056101A0F70FF086918011806D003
FC739A69 BC0853279A0C70FF08690C7B4519781A
4C707069 9C022019E00A70FF0869480B40B1504E
1C20A369 7C0FA014130D70FF0869041B2029A50E
4CCB0F46 2C0D0B16CF0370FF0869743D6F206900
6C47361E 9C003710E60B70FF0869B001B648E010
7C294946 1C066913490670FF0869142C7D315D21
ECE9F81D EC0E492E480970FF08696CCF13A64816
3CB3C16B 8C020321810B70FF0869E80852780B99
8C1A671E 7C0FAA12170D70FF08694083441EF63D
AC4F501E 7C0BDF16300C70FF0869E874286FC044
8CF80F46 5C04681DDF0270FF0869E821C0CA7C0B
7CB6421E DC099619E20570FF086924497A1DD602
2CFB0F46 0C0A3B17AF0270FF0869541B6F74FB04I don't think I made a calculation error.
Hi, can you please explain the key diversification algo for how the Sector 1 A/B keys are calculated from the UID?
Friend, I’m very sorry, this is only suitable for personal research, not for commercial purposes
Offline
#6 2021-05-24 07:32:53
- nock
- Contributor
- Registered: 2019-12-11
- Posts: 15
Re: The VINGCARD algorithm is very interesting
nock wrote:Hotel-key-card wrote:After a long time of analysis, the 1K algorithm is very simple:
UID+1 sector password
FCC8526B CC01D828220470FF0869C80D00F40410
5CE40646 DC0F2418F60E70FF08697C5954606C00
6C02506B BC059212E00370FF086948245002B013
ECB31446 BC01231F240870FF0869E80CA8619803
ECAA8C6B FC0A7A28CC0A70FF0869589508B1FC3F
EC72B86B BC056228E80F70FF0869E847001DA880
2C1A8469 DC0D2A13040F70FF0869D025341FFC72
BCCF7B6B EC06DF279B0170FF0869704990F9EB26
EC6DA169 7C055D26C10070FF086938444A041320
CC177E69 8C0DB71C1E0370FF08695CA331293072
AC8BA669 2C0FEB24660F70FF08698C9C893CA46B
AC837769 BC037320370F70FF086998212E0D0D48
6C56B469 DC0EA61D440770FF0869E061BCA0186F
8CA38969 7C0DB322890E70FF0869C071A05B2328
423718C5 C20A5715B80870FF0869922B4D49D011
1C02A069 8C0D7212B00E70FF0869A0174C02409C
1C067A69 AC0056101A0F70FF086918011806D003
FC739A69 BC0853279A0C70FF08690C7B4519781A
4C707069 9C022019E00A70FF0869480B40B1504E
1C20A369 7C0FA014130D70FF0869041B2029A50E
4CCB0F46 2C0D0B16CF0370FF0869743D6F206900
6C47361E 9C003710E60B70FF0869B001B648E010
7C294946 1C066913490670FF0869142C7D315D21
ECE9F81D EC0E492E480970FF08696CCF13A64816
3CB3C16B 8C020321810B70FF0869E80852780B99
8C1A671E 7C0FAA12170D70FF08694083441EF63D
AC4F501E 7C0BDF16300C70FF0869E874286FC044
8CF80F46 5C04681DDF0270FF0869E821C0CA7C0B
7CB6421E DC099619E20570FF086924497A1DD602
2CFB0F46 0C0A3B17AF0270FF0869541B6F74FB04I don't think I made a calculation error.
Hi, can you please explain the key diversification algo for how the Sector 1 A/B keys are calculated from the UID?
Friend, I’m very sorry, this is only suitable for personal research, not for commercial purposes
Hi, if you are wanting to verify your algo, here is a UID: 19b07472 . I can let you know if section 1 is correct or not.
Offline
#7 2021-05-25 09:38:41
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: The VINGCARD algorithm is very interesting
Hi Nock, could you check . I use script hf mf uidkeycalcmizip.lua .
|UID| 19b07472
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| A0A1A2A3A4A5 | 1 | B4C132439EEF | 1 |
|001| 10A22E579055 | 1 | 855E9DE3AC53 | 1 |
|002| B2C5BD458B9F | 1 | 0795804E4633 | 1 |
|003| FBC235DD35B9 | 1 | DE3F0AC622DC | 1 |
|004| 28CAC35D5D20 | 1 | C4613E97598F | 1 |
|---|----------------|---|----------------|---|
### dumping keys to file
have a nice day
Offline
#8 2021-05-25 09:50:25
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: The VINGCARD algorithm is very interesting
UID: 19b07472
A: 09 0B 40 1A F4 05
B: 30 11 E0 28 08 6AOffline
#9 2021-05-25 11:40:40
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: The VINGCARD algorithm is very interesting
Hi Iceman, ok thanks the result is completely different from what I found with the script ??.
Have a good day.
Offline
#10 2021-05-25 11:54:42
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: The VINGCARD algorithm is very interesting
and that would be because you are running mizip calc... and I am using ving calc... Two different algorithms.
Offline
#11 2021-05-25 12:13:28
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: The VINGCARD algorithm is very interesting
Re Hello Iceman, indeed with two different algorithms the result cannot be identical, as much for me.
Thanks, have a good day.
Offline
#12 2021-05-26 16:00:41
- Hotel-key-card
- Contributor
- Registered: 2020-06-27
- Posts: 10
Re: The VINGCARD algorithm is very interesting
Hi Nock, could you check . I use script hf mf uidkeycalcmizip.lua .
|UID| 19b07472
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| A0A1A2A3A4A5 | 1 | B4C132439EEF | 1 |
|001| 10A22E579055 | 1 | 855E9DE3AC53 | 1 |
|002| B2C5BD458B9F | 1 | 0795804E4633 | 1 |
|003| FBC235DD35B9 | 1 | DE3F0AC622DC | 1 |
|004| 28CAC35D5D20 | 1 | C4613E97598F | 1 |
|---|----------------|---|----------------|---|
### dumping keys to file
have a nice day
090B401AF40570FF08693011E028086A
Offline
#13 2021-05-26 23:11:17
- nock
- Contributor
- Registered: 2019-12-11
- Posts: 15
Re: The VINGCARD algorithm is very interesting
090B401AF40570FF08693011E028086A
Yes that's correct.
Last edited by nock (2021-05-26 23:11:39)
Offline
#14 2021-05-27 01:40:59
- Hotel-key-card
- Contributor
- Registered: 2020-06-27
- Posts: 10
Re: The VINGCARD algorithm is very interesting
Hotel-key-card wrote:090B401AF40570FF08693011E028086A
Yes that's correct.
THANKS
Offline
#15 2021-09-05 11:33:56
- SAS
- Contributor
- Registered: 2020-06-29
- Posts: 4
Re: The VINGCARD algorithm is very interesting
Hi, Hotel-Key Card,
Would you mind share how to find/calculate just for the Key-A(0)---> "09" of the last sample :
UID: 19b07472
A: "09" 0B 40 1A F4 05
B: 30 11 E0 28 08 6A
Thank you
SAS
Offline
#16 2022-05-12 03:04:40
- adelie
- Contributor
- Registered: 2021-10-26
- Posts: 6
Re: The VINGCARD algorithm is very interesting
Is this algorithm going to be integrated into the proxmark3 client?
It would be really good to be able to check this sort of dynamically generated key automatically with "hf mf autopwn", for example.
Also I would very much like to hear your process for discovering the algorithm used here. I doubt I could understand it, but maybe if I read it 200 times!
Offline
#17 2022-10-20 15:49:58
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: The VINGCARD algorithm is very interesting
Good evening, I noticed that in the blk -1 there are always these same values on the cards that I have & if this value 7B0026882688000000000000000000000 & taken into account for the calculation of the keys.
Thanks, have a good day.
Offline