Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2013-06-22 04:10:44

willdsmaster
Member
Registered: 2013-06-21
Posts: 3

Snoop and Darkside not run in mifare classic with default/ keys!

Hello friends I am a novice in proxmark3 hardware, but I understand much of the operation_

I'm having problems with running SNOOP and DARKSIDE ATACK command. As example below is a card with the defaults keys, but the same happens with no dafault keys card.

The command NESTED the same card with a key defaults works fine.

I'm a few days studying the reasons I do not know what is happening.

I am tested on Windows 7, XP sp3 and BackTrack 5,  but the error persists.

I appreciate the help. Sorry my English.

tks! Will



svn 745

***ERROR IN DARKSIDE ATACK (AND SNOOP) WITH MIFARE 1K CLASSIC WITH DEFAULT KEYS


-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.

isOk:01


uid(dbbe9740) nt(f276277e) par(0000000000000000) ks(020309080a090100)


|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000000| 2 |  7  |0,0,0,0,0,0,0,0|
| 20 |00000020| 3 |  6  |0,0,0,0,0,0,0,0|
| 40 |00000040| 9 |  c  |0,0,0,0,0,0,0,0|
| 60 |00000060| 8 |  d  |0,0,0,0,0,0,0,0|
| 80 |00000080| a |  f  |0,0,0,0,0,0,0,0|
| a0 |000000a0| 9 |  c  |0,0,0,0,0,0,0,0|
| c0 |000000c0| 1 |  4  |0,0,0,0,0,0,0,0|
| e0 |000000e0| 0 |  5  |0,0,0,0,0,0,0,0|
Key not found (lfsr_common_prefix list is null). Nt=f276277e
-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..


***************MY HARDWARE********************

proxmark3> hw ver
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 715 2013-05-10 07:59:22
#db# os: svn 0 2013-06-23 01:49:28
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56

*****************MIFARE TAG******************

proxmark3> hf 14a reader
ATQA : 04 00
UID : db be 97 40
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k
proprietary non iso14443a-4 card found, RATS not supported


********* NESTED WORKS FINE IN SAME CARD WITH DEFAULT KEYS**************


proxmark3> hf mf nested 1 0 a ffffffffffff
--block no:00 key type:00 key:ff ff ff ff ff ff
Block shift=0
Testing known keys. Sector count=16
nested...
Iterations count: 0
|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|---|----------------|---|----------------|---|

Offline

#2 2013-06-24 18:02:36

C0Y0-Ck3r
Contributor
Registered: 2012-11-08
Posts: 87

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Well try with the last revision, I think there is a snoop problem with this new version. I'll be checking that when I can. Else you can check my tuts here for more help : http://youtube.com/C0Y0Ck3r

Offline

#3 2013-06-24 18:08:21

willdsmaster
Member
Registered: 2013-06-21
Posts: 3

Re: Snoop and Darkside not run in mifare classic with default/ keys!

nice video, what revision you use in this vídeo? tested other reviews and the problem persists. thanks for replying!

svn 715, 680, 630, 745....

Offline

#4 2013-06-24 18:15:01

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Actually,  you would need the src from the branch /scripting r745  to make it work again.

Offline

#5 2013-06-24 19:17:15

willdsmaster
Member
Registered: 2013-06-21
Posts: 3

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Thank you all for the help, I'm currently testing Rev 638, and apparently works well, post the final results of test later.

Offline

#6 2013-07-07 21:50:54

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Snoop and Darkside not run in mifare classic with default/ keys!

I *really* recommend:
1). Using r752 for classic attack "hf mf mifare"
2). Using scripting-branch, 'script run mfkeys.lua" to check default keys, instead of "hf mf check"

Offline

#7 2013-07-08 19:01:59

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Just committed a new implementation of hf mf mifare with r754 (sorry holiman - I told you that I was working on it). It is damn fast now (25seconds on average) by avoiding wrong nonces.

Offline

#8 2013-07-08 19:14:42

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Cool!
I haven't tested it yet, but it looks very clever. I kind of figured that no matter how precise you could make the timing, you still would need several states, but your solution to not turn off the power but just wait out the cycles is clever indeed, and probably lends itself to being a lot more exact than the old way to do it. Smart!

One thing: https://code.google.com/p/proxmark3/source/diff?spec=svn754&r=754&format=side&path=/branches/scripting/client/cmdmain.c
This commit went into the scripting-branch. Is that intended?

Offline

#9 2013-07-08 19:36:47

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Ok, here are my results. I used my 'bitchiest' card (swedish SL-card) which had a timeout-value of 800ms.
1. Using old-old hf mf, it never got cracked.
2. Using my version (r752) it took 12m 32s (including tuning, 8 paralell states)
3. Your version: 18s.

...

Awesome work piwi!!!!

Offline

#10 2013-07-08 20:24:48

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Snoop and Darkside not run in mifare classic with default/ keys!

holiman wrote:

One thing: https://code.google.com/p/proxmark3/source/diff?spec=svn754&r=754&format=side&path=/branches/scripting/client/cmdmain.c
This commit went into the scripting-branch. Is that intended?

Ooops. No, that was not intended. I indeed had some struggles with svn during my first commit. I have no idea why cmdmain.c was from the scripting branch and how to correct that. It is unmodified from the trunk cmdmain.c, so this should be fine. But the scripting branch should be affected...

Last edited by piwi (2013-07-09 13:06:46)

Offline

#11 2013-07-09 08:40:29

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Snoop and Darkside not run in mifare classic with default/ keys!

holiman wrote:

Cool!
I haven't tested it yet, but it looks very clever. I kind of figured that no matter how precise you could make the timing, you still would need several states, but your solution to not turn off the power but just wait out the cycles is clever indeed, and probably lends itself to being a lot more exact than the old way to do it. Smart!

To be fair: the basics of the new stuff wasn't my own idea but inspired by
http://www.proxmark.org/files/Documents/13.56%20MHz%20-%20MIFARE%20Classic/Implementing_an_RFID_MIFARE_CLASSIC_Attack.pdf

Really new is only the timing based on the FPGA clock instead of the ARM internal clock - this eliminates problems with clock drifts between ARM and FPGA/card (after several seconds even crystal oscillators will be off by quite some cycles).

Offline

#12 2013-07-09 22:58:15

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Awesome work piwi!

Using your implementation I was able to crack a card that was impossible by other means.

Right now, I'm running Nested, but It's not working... or nothing happens.. just a few lights at the beginning, and then, nothing else...

This is what I'm using:

proxmark3> #db# Prox/RFID mark3 RFID instrument                 
proxmark3> #db# bootrom: svn 754 2013-07-09 17:22:17                 
proxmark3> #db# os: svn 754 2013-07-09 17:22:22                 
proxmark3> #db# FPGA image built on 2012/ 1/ 6 at 15:27:56 

Also, I really liked the way the other revision shows the current state of the DarkSide attack. Is it possible to include something like that?

Thanks!

Offline

#13 2013-07-18 19:51:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Piwi!   Wrooooom,  it cracks 'em fast now.  Superb work!  o great master of fgpa clocks

Offline

#14 2013-08-13 10:42:28

merlok
Contributor
Registered: 2011-05-16
Posts: 132

Re: Snoop and Darkside not run in mifare classic with default/ keys!

Hi,

OK, as I see we cant use attacks on Security Level 1 MIFARE Plus. I have tried it, but there is no bugs(
but)
You always can sniff card's traffic and get keys.
and you can use http://www.proxmark.org/forum/viewtopic.php?pid=7897#p7897 (moebius, thanks for description!)

Unfortunately, there is no luck to attack cards  on Security Level 3 (. Because there is an AES authentication and crypto)

Offline

Board footer

Powered by FluxBB