Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hey guys,
recently someone showed us a little box, called the Viper 1 by some company Pentagon electronics or so. Supposedly a standalone mifare cloner. Somehow this claim seems a little strange, given that for the cardonly attacks you need some computing capability that usualy wouldnt fit in such a little box. Has anyone heard of this thing? Or is the claim bogus and is it just a proxmark-in-a-black-box?
Cheerio!
Offline
I think this would be possible using the card-only attack described by Nicolas T. Courtois.
In his attack he queries the card for a sequence of values, where he could learn the key from. The complexity is very low, since you can establish 2 sets of 21bits candidate keys-bits. Which could smartly be combined using the involved parity information. Testing these combination will only need a search space of 48-42=6bits.
I guess, it would not be "on the fly", but if you optimize it very much, within 1 minute may be possible with very good timing. Furthermore, for attacking the rest of the sectors, the nested authentication attack could be used best. But this brings your total to around ~5 minutes for a whole card. Though we may want to remember, attacks never get worse!
Do you have any links to the website where they are selling this tool?
Offline
Nope, no link, nothing other than what I wrote above..... I'll see if I can get some more info through the person who showed it.
Offline
@djrevmoon
Did you see it actually work? I guess the person who showed it did not tell you about the attack methode used.
@Roel
How did you calculate the time it takes to perform an attack?
And what would actually be the best way of atack?
I personally think that the attack shown by Roel @HAR, which is checking for default keys and continue with the nested authentication attack if one is found, is probably the quickest way to succes.
Regards,
Tom
Offline
i fail to see the relevance.
Of-course given that money or sanity isn't a constraint you would be able to construct such a device.
The exact details would probably be quite boring. I'm pretty sure you can optimize the the nicolas attack with some gigabytes of lookup tables.
There is a lot of information leakage by getting the encrypted nacks, a nice way of getting enough information to reduce the problem to a 6bit non-problem is provided.
Given more logic, more lookup tables and a bit of engineering you're sure are able to trade of online-time complexity for more computation and precalculation.
Virtually no claim about the weakness of the cipher is too far fetched at this point imho.
Last edited by hat (2009-11-08 12:43:30)
Offline
Pages: 1