Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-08-14 14:52:37

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Trouble with Mifare PLUS

Trying to crack Mifare PLUS using hardnested but getting nan

C:\Users\Ky\Downloads\Compressed\proxmark3\win32>proxmark3 COM5
Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2174-g69c89702 2017-08-14 12:25:10
os: iceman/master/v1.1.0-2174-g69c89702 2017-08-14 12:25:15
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26

uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 217895 bytes (83%). Free: 44249 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
pm3 --> hf mf hardnested 8 A A0A1A2A3A4A5 0 A
--target block no:  0, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second



 time    | #nonces | Activity                                                | expected to brute force
         |         |                                                         | #states         | time
------------------------------------------------------------------------------------------------------
       0 |       0 | Start using 8 threads and AVX SIMD core                 |                 |
       0 |       0 | Brute force benchmark: 120 million (2^26.8) keys/s      | 140737488355328 |   14d
       0 |       0 | Using 0 precalculated bitflip state tables              | 140737488355328 |   14d
       5 |     112 | Apply bit flip properties                               | 140737488355328 |   14d
       6 |     224 | Apply bit flip properties                               | 140737488355328 |   14d
       6 |     336 | Apply bit flip properties                               | 140737488355328 |   14d
       7 |     448 | Apply bit flip properties                               | 140737488355328 |   14d
       8 |     558 | Apply bit flip properties                               | 140737488355328 |   14d
       9 |     670 | Apply bit flip properties                               | 140737488355328 |   14d
      10 |     782 | Apply bit flip properties                               | 140737488355328 |   14d
      11 |     892 | Apply bit flip properties                               | 140737488355328 |   14d
      12 |    1003 | Apply bit flip properties                               | 140737488355328 |   14d
      13 |    1113 | Apply bit flip properties                               | 140737488355328 |   14d
      13 |    1221 | Apply bit flip properties                               | 140737488355328 |   14d
      14 |    1329 | Apply bit flip properties                               | 140737488355328 |   14d
      15 |    1438 | Apply Sum property. Sum(a0) = 128                       |             nan |  nand
      16 |    1548 | Apply bit flip properties                               |             nan |  nand
      17 |    1658 | Apply bit flip properties                               |             nan |  nand
      18 |    1766 | Apply bit flip properties                               |             nan |  nand
      19 |    1873 | Apply bit flip properties                               |             nan |  nand
      20 |    1981 | Apply bit flip properties                               |             nan |  nand
      20 |    2086 | Apply bit flip properties                               |             nan |  nand
      21 |    2196 | Apply bit flip properties                               |             nan |  nand
      22 |    2307 | Apply bit flip properties                               |             nan |  nand
      23 |    2416 | Apply bit flip properties                               |             nan |  nand
      24 |    2527 | Apply bit flip properties                               |             nan |  nand
      25 |    2634 | Apply bit flip properties                               |             nan |  nand
      26 |    2744 | Apply bit flip properties                               |             nan |  nand
      27 |    2853 | Apply bit flip properties                               |             nan |  nand
      27 |    2961 | Apply bit flip properties                               |             nan |  nand
      28 |    3066 | Apply bit flip properties                               |             nan |  nand
      34 |    3171 | Apply bit flip properties                               |             nan |  nand
      .
      .
      .
pm3 --> hf 14a reader
 UID : FD 4B BA 33
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
SAK incorrectly claims that card doesn't support RATS
 ATS : 0C 75 77 80 02 C1 05 2F 2F 00 35 C7 60 D3
       -  TL : length is 12 bytes
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5 (FSC = 64)
       - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 8 (FWT = 1048576/fc)
       - TC1 : NAD is NOT supported, CID is supported
       -  HB : C1 05 2F 2F 00 35 C7 -> MIFARE Plus S 2K or 4K
               c1 -> Mifare or (multiple) virtual cards of various type
                  05 -> Length is 5 bytes
                     2x -> MIFARE Plus
                        2x -> Released
                           x0 -> Only VCSL supported
Answers to magic commands: NO
Sending bytes to proxmark failed
Prng detection: HARDEND (hardnested)
pm3 -->

Offline

#2 2017-08-14 15:19:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Trouble with Mifare PLUS

That looks broken in many ways....
first,   lets try the offical firmware, compile /flash and test again.

Offline

#3 2017-08-23 05:31:07

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

Tried official firmware but it crashes everytime I try hardnested

C:\Users\Ky\Desktop\proxmark3\win32>proxmark3 COM6
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-70-g930763e-suspect 2017-08-22 11:37:54
os: master/v3.0.1-70-g930763e-suspect 2017-08-22 11:37:58
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/07/13 at 08:44:13

uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 197233 bytes (75%). Free: 64911 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf mf hardnested 8 A A0A1A2A3A4A5 0 A
--target block no:  0, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0

Offline

#4 2017-08-23 06:06:19

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

Is there a file permission issue with your system / client?

Offline

#5 2017-08-23 06:12:49

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

Nope. Got full access to the system

Got this error.

XI492Bx.png

Last edited by CrazyKidz (2017-08-23 06:16:54)

Offline

#6 2017-08-23 06:20:37

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

Sometimes Windows likes to play with folder and file permissions and I've seen similar errors from that, but it may not be in this case, just something to check.

Offline

#7 2017-08-23 06:38:13

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

So any idea what is the problem? When uses iceman firmware, it doesnt crash but crashes on official firmware

Offline

#8 2017-08-23 06:39:24

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Trouble with Mifare PLUS

... I've gotten several forum users the last two, three weeks saying that just hardnested crashes their client.
since my env compiles and runs the hardnested without issues its hard to replicate.  I use the @gator92600 proxspace,  this is the offical one the community supports. found here https://github.com/Gator96100/ProxSpace   To reduce some uncertanties,

@OP,  would you mind download and compile/flash from that environment?  What are your normal env setup?  Like os and gcc version.

Offline

#9 2017-08-23 07:36:20

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

I'm using windows 10 but unsure about gcc version. I just flash the already compiled firmware from @gator96100.

Downloaded ProxSpace but when I try to run runme.bat it close immediately.

Offline

#10 2017-08-23 09:17:55

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Trouble with Mifare PLUS

CrazyKidz wrote:

I'm using windows 10 but unsure about gcc version. I just flash the already compiled firmware from @gator96100.

Downloaded ProxSpace but when I try to run runme.bat it close immediately.

Be sure you do not use the autoBuild branch as it would finish immediately if no repository is found. If this problem still occurs I recommend open a new topic on that.
It could be an issue with Windows 10. I do test my precompiled images on Windows 7.
What CPU do you have?

Last edited by gator96100 (2017-08-23 09:24:29)

Offline

#11 2017-08-23 09:42:08

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

Using master branch

CPU Info
AIed5ZA.png

UPDATE:
Able to run runme.bat now but it still crash when using hardnested attack.

Last edited by CrazyKidz (2017-08-23 10:00:33)

Offline

#12 2017-08-23 13:16:01

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

In your proxspace environment you should compile and flash from it, after making sure it has the latest code from github.

Offline

#13 2017-08-23 13:46:16

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Trouble with Mifare PLUS

Why did nobody tell me that my precompiled builds have problems loading the precalculated bitflip state tables. Anyway it is fixed now and I don't think that this was causing the problem. I will check if hardnested works on one of my Windows 10 machines.

Last edited by gator96100 (2017-08-23 13:51:39)

Offline

#14 2017-08-23 13:53:08

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

At compile time it makes a few system checks and optimizes for that system.  It is always best to compile on the system you run on.

Offline

#15 2017-08-23 14:00:30

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Trouble with Mifare PLUS

@gator96100,  that happens alot... Ppl don't want to say something is wrong, don't ask why.   
So was the access right problems in yr build?    I don't use yr precompiled build so I've missed it.

Offline

#16 2017-08-23 15:29:35

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Trouble with Mifare PLUS

marshmellow wrote:

At compile time it makes a few system checks and optimizes for that system.  It is always best to compile on the system you run on.

Yeah, compiling for binary distribution isn't easy. You need to compile to a common instruction set for all kinds of CPUs. But that shouldn't be an issue if compiled with -march=generic (the default). Afaik this is the case for both iceman and official repo binaries (@gator96100: confirmed?).

Offline

#17 2017-08-23 15:37:32

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Trouble with Mifare PLUS

@iceman: I can't remember having access right problems in my builds.

Compiler optimization isn't an issue. I even compile with the same architecture(i7-2600).
After raging about 10 times about Windows 10, I managed to get the proxmark running on Windows 10 and there is no crash on hardnested.

Last edited by gator96100 (2017-08-23 15:47:10)

Offline

#18 2017-08-23 17:14:32

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

so it sounds like we are saying we can't reproduce the CrazyKidz's issue to identify it.

has anyone used hardnested on a mifare plus in classic mode before?  i know i haven't.  (or is it another chip emulating classic?)

Offline

#19 2017-08-23 17:58:26

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Trouble with Mifare PLUS

marshmellow wrote:

has anyone used hardnested on a mifare plus in classic mode before?

Yes, this was my test vehicle during development.

Offline

#20 2017-08-23 18:53:29

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Trouble with Mifare PLUS

@CrazyKidz: Anti-Malware is turned off?

This is the card I tested hardnested on:

proxmark3> hf 14a reader
 UID : 7a 39 6c cb
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO

Last edited by gator96100 (2017-08-23 18:53:57)

Offline

#21 2017-08-24 15:33:40

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

Now both iceman and official will crash using latest gator96100 compiled firmware. Maybe i will try compiling myself.

Any guide for me to follow on how to compile the firmware??

**
Update: Tried compiling but perl.exe crash.

make[1]: Entering directory `/pm3/proxmark3/armsrc'
perl ../tools/mkversion.pl .. > version.c || cp ../common/default_version.c version.c
      3 [main] perl 1480 child_copy: linked dll data write copy failed, 0xC2000..0xC2370, done 0, windows pid 1480, Win32 error 998

cRQquwE.png

Any idea which step I did wrong?

1) Git clone
2) cd proxmark3
3) git pull
4) make clean && make all

Last edited by CrazyKidz (2017-08-24 16:06:23)

Offline

#22 2017-08-24 16:16:54

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Trouble with Mifare PLUS

That error indicates your client does not have the proper file access permissions.

Give "Everyone" full access to your proxspace folders.

Or try elevating.

Offline

#23 2017-08-24 16:30:13

gator96100
Contributor
From: Austria
Registered: 2016-03-25
Posts: 177

Re: Trouble with Mifare PLUS

Don't forget to run the proxspace environment as admin and disable uac.

Last edited by gator96100 (2017-08-24 16:31:10)

Offline

#24 2017-08-25 03:44:07

CrazyKidz
Contributor
Registered: 2017-08-14
Posts: 9

Re: Trouble with Mifare PLUS

How to run the environment as admin?

Offline

#25 2017-08-25 16:59:31

717
Contributor
Registered: 2015-10-21
Posts: 22

Re: Trouble with Mifare PLUS

CrazyKidz wrote:

How to run the environment as admin?

How do you run anything on WIN as admin, google it...

Offline

#26 2017-09-30 12:09:50

gaucho
Contributor
From: France
Registered: 2010-06-15
Posts: 444
Website

Re: Trouble with Mifare PLUS

Deleted

Last edited by gaucho (2017-09-30 12:13:03)

Offline

Board footer

Powered by FluxBB