Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi Iceman & All,
I have extracted keys from 14 Mifare Plus Card. Differences on Sector 0 and 15.
Is there any tool available for me to try to decode the master key similar to what your team did for UL card?
I can send all the keys if you interested. Thanks
Offline
No idea actually,
how about you post a file with your findings, and lets see if @marshmellow and @asper is up for it?
Online
All codes removed as per privacy request. Please contact me for the codes. Thanks
Last edited by earlneo (2016-10-19 14:23:04)
Offline
Earlneo, as a last call with kindness,
Would you _PLEASE_ pursue your experiment by sharing these very set of key IN PRIVATE
_PRIVATE_ please, as these keys which yes, i confirm are of known derivation scheme but don't have to be made such publicity, alongside with their SAK* behavior, UID's etc etc ? thx
Last edited by cjbrigato (2016-10-15 11:48:14)
Offline
A list with the following columns is prefered.
UID | key type (A/B) | sector | key
Online
I wouldn't bother disturbing @marshmellow or @asper if you haven't spoken with them before. So ignore @cjbrigato's suggestion about that. If they are interested and want to be contacted, they will let it be known here in the thread.
Online
Iceman, I was re-iterating your name-dropping just to enforce a _PRIVATE_ communication on these keys. /EDIT : NOT encouraging any unwanted hassle.
And if I don't, someone else will.
Last edited by cjbrigato (2016-10-15 12:09:06)
Offline
As I mentioned in my previous post, these guys doesnt want to be bothered with private emails from ppl they don't know.
If they want to be contacted, they will make it clear here.
My name-dropping was to see if they were following this thread and were interested.
Online
Iceman, I understand without any discussion your meaning since the first occurence. I'm not discussing it and this is why if you would have checked you would have see the ambigous part already edited.
This was no discussion either after that, my only point is the privacy of this scheme. No problem for it to be researched upon but _is_ a problem to be so easyly packed _and_ correlated in public area such as this one. If you want to know anymore on this case, mail. If not, then this is over.
Offline
the algo appears to be quite easy. my question though, being that i do not know what these cards are used for is, what is your intent? or what is the application of these cards?
Offline
my company have multiple sites. each site have deployed different card system. mifare classic, mifare plus, proximity em4x, legic 256, and etc.
we deployed years ago based on the available budget. yeah, we did failed big time in security audit due to too many systems handling it.
too many suppliers as well.
for 2017, we plan consolidate these system into 1 centralized building system.
i'm analyzing all the current system and to check either the current readers, wiring, and setup still be able to use or we have to scrap all and install a new one. also it always comes to to the budget. shall we go all the way to latest and greatest or mifare desfire ev1 would be enough for us.
if cost too high, we might need to do it in 2018. at least i have done the internal audit for all the current systems deployed.
as usual for any building management system, the keys are already embedded into the system by the vendor and locked by a master key.
as buyer, we can only order pre-encoded cards from them.
the problem we have now, the vendor which supply this system have closed their business last year.
we have no more support and only have few unused cards left.
Offline
Earlneo, as a last call with kindness,
Would you _PLEASE_ pursue your experiment by sharing these very set of key IN PRIVATE
_PRIVATE_ please, as these keys which yes, i confirm are of known derivation scheme but don't have to be made such publicity, alongside with their SAK* behavior, UID's etc etc ? thx
Hi cjbrigato, this forum doesn't support private message function. Too bad.
Do you mind to share with me your findings on known derivation scheme? Thanks
Offline
Pages: 1