Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#51 2015-02-16 19:46:32

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Since I have a generation 1,  I can't use the normal "hf mf wrbl".. 

Using the "hf mf csetblk" instead,  will write  it,  but will make my tag unreadable since the bcc & atqa & sak is wrong.
My magic tag is not configured for 7 bytes uid, I guess

Online

#52 2015-02-16 20:45:24

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Darkside attack not working ??

Can you tell us where do you get that card ?

Offline

#53 2015-02-17 09:43:07

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

i input the correct  atqa & sak but it still locked 100%, as you can see the previous post. I believed your magic card now locked 50%.

I really don't understand why is it "locked" for 7 bytes UID, since all input are correct..

@Asper, you can get the cards at alibaba or ebay .

Offline

#54 2015-02-17 09:50:35

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Nop, my card is not locked at all.  It is still writeable, if you know what to do.

Online

#55 2015-02-17 10:32:32

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

mine is generation 2

Offline

#56 2015-02-17 10:35:12

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

I never seen a magic tag that was able to handle 7bytes UID.  Has someone sold you a magic tag the claims to handle 7byte UID?   If so, where did you buy it?

Online

#57 2015-02-17 10:36:25

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

joe wrote:

Since you don't have 7 bytes tag, you can try 4 bytes magic card with this cmd " hf mf wrbl 0 A FFFFFFFFFFFF 04265f82f43880084400120111001514 ".

Then you tell me what happen.

No, you shouldn't do that! As iceman has pointed out, the SAK and ATQA will be wrong. Writing an inconsistent Block 0 to a Magic card might result in bricking the card. Probably this is what happened.

joe wrote:

All the answers are posted earlier, from the output,  please take a closer look .

Unfortunately not. You have posted lots of output but never mentioned if this is from reading/writing your original card or clone. You also still haven't answered if you are trying to write to a standard blank card or a magic card. And if it is a magic card it is still yet unclear if it is a 7 Byte version (if such a card exists).

Offline

#58 2015-02-17 10:43:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

My experience with generation 1 tags,  is that you just need to ignore the standard ISO commands and write to the tag the new data.   (works)
If you are using the standard "hf mf wrbl"  commands, to write to a generation 2 tag,   AND you made a wrong ATQA&SAK,  you most likley as Piwi says bricked it.  However Magic tags are usually magic for a reason.
Using "hf mf wrbl",  you should know that they are following the ISO standard,   and since your magic tag is not following the standrad anymore,  the second write command to the tag fails.

You need to understand that what fails is the  "iso_select_tag",   and IF (big if) since I don't know how generation 2 tags responds to direct commands,  you can issue a series of  "hf 14a raw" commands  where you write the new data.
Since I don't have any Generation 2 tags,  I can't help you.

The only one claiming to by 7uid,  with 0x00  as UID default is this one:
http://item.taobao.com/item.htm?spm=a23 … =17#detail

Online

#59 2015-02-17 11:03:05

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

This is the magic card, default data, is it exist ? or fake ??

proxmark3> hf 14a reader
ATQA : 00 44         
UID : 00 00 00 00 00 00 00           
SAK : 08 [2]         
MANUFACTURER : no tag-info available         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
SAK incorrectly claims that card doesn't support RATS         
ATS : 09 78 00 91 02 da bc 19 10 f0 05           
       -  TL : length is 9 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are supported, DR: [], DS: []         
       - TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : da bc 19 10           
Answers to chinese magic backdoor commands: NO         
proxmark3>
proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>

Offline

#60 2015-02-17 11:08:09

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

Looks like the one I linked to from TaoBao with all 0x00 default UID.

However, I have no clue how this card works.  On a generation 1 tag,  the bytes 567 is for ATQA & SAK.   But what is valid for your magic tag generation2 with 7bytes uid,  I have no clue.
If you got some information from your supplier about the specifics for your tag,  do please share it to the community.

Online

#61 2015-02-17 11:11:32

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

since nobody have experience with this magic card, then i quit further testing. no fun ..   roll

Offline

#62 2015-02-17 11:22:13

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

You should ask the seller about the details of your tag.  Otherwise nobody will be able to help you.

Online

#63 2015-03-02 15:39:37

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

I got another magic card from other seller, anyone have the same card with me and tested it before ?

proxmark3> hf 14a reader
ATQA : 00 44         
UID : 77 77 77 77 77 77 77           
SAK : 08 [2]         
MANUFACTURER : no tag-info available         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
SAK incorrectly claims that card doesn't support RATS         
ATS : 09 78 00 91 02 da bc 19 10 f0 05           
       -  TL : length is 9 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are supported, DR: [], DS: []         
       - TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : da bc 19 10           
Answers to chinese magic backdoor commands: NO         
proxmark3>
proxmark3> hf mf rdsc 0 A FFFFFFFFFFFF
--sector no:0 key type:A key:ff ff ff ff ff ff           
#db# READ SECTOR FINISHED                 
isOk:01         
data   : 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
data   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
trailer: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff           
proxmark3>

Offline

#64 2015-03-02 16:48:17

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Darkside attack not working ??

Yes, me too , i'm waiting for the seller to reply me. the atqa did not match, but is able to read. strange ??

Offline

#65 2016-12-10 15:58:16

raptor
Contributor
Registered: 2016-11-17
Posts: 27

Re: Darkside attack not working ??

Gentlemen

I tried running a nested attack as i have one known key but i get:

Tag isn't vulnerable to Nested Attack (random numbers are not predictable).

I tried running it many times but it keeps failing. So obviously i have the new mifare 4k classic with the new random number generator so nested and darkside will not work.

What are my options? Is my only hope sniffing between a reader and a card?
What if i can't find a way to trigger the reader to read all sectors (=all keys for all sectors)?
I want all keys so i can do a full dump.
I got the known key by sniffing between reader and card but i could only extract 1 key.

P.S This card is already cracked and the keys are known and included in the library but i want to learn by doing it myself. This is insanely fun neutral

Last edited by raptor (2016-12-10 16:02:14)

Offline

#66 2016-12-10 16:15:38

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Darkside attack not working ??

Read up on the hardnested attack.  (Not in the main trunk yet because it requires a compiler update.)

Offline

#67 2016-12-11 09:56:05

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Darkside attack not working ??

marshmellow wrote:

Read up on the hardnested attack.  (Not in the main trunk yet because it requires a compiler update.)

Huh? What compiler update? I had developed it with gcc 4.7.2. I didn't push to master yet, because it is not finished and some bugs need to be fixed.

Offline

#68 2016-12-11 14:52:22

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Darkside attack not working ??

The BF solver needs a compiler update,  not your part.

Online

#69 2016-12-11 22:05:00

raptor
Contributor
Registered: 2016-11-17
Posts: 27

Re: Darkside attack not working ??

Thanks marshmellow, I'm checking it out.
First part->I'm having problems getting iceman's fork working on my setup.
smile

Offline

Board footer

Powered by FluxBB