Proxmark3 community

folken42

Contributor

Registered: 2017-04-13

Posts: 4

I have so many question about SNIFF comunication

Hello !!
(sorry for my approximatif english, i'm french)
I have tried to sniff communication beetween an ARC122U and a mifare card.
I use the iceman library.
My objectif is to found the key :
         HF 14a SNIFF
         HF 14a LIST

| Rdr |93  70  3c  ce  c5  65  52  bb  b6                               |  ok | SELECT_UID
| Tag |08  b6  dd                                                              |     |
| Rdr |52                                                                         |     | WUPA
| Rdr |52                                                                         |     | WUPA
| Tag |04  00                                                                   |     |
| Rdr |93  70  3c  ce  c5  65  52  bb  b6                               |  ok | SELECT_UID
| Tag |08  b6  dd                                                              |     |
| Rdr |60  00  f5  7b                                                         |  ok | AUTH-A(0)
| Tag |05  09  2c  ea                                                         |     |
| Rdr |ea! 47! 74! 90! ee! 3f! cd  b1!                                    | !crc|
| Tag |fe  eb! 17  5d                                                          |     |
| Rdr |67! 1a  4f! bf!                                                         | !crc|
| Tag |fb! 04! 30  11! 6b! f9! ab! df  fa! 6a  5e  cd! 8e  87  9e! 9c!  |     |
|            |     |70  68!                                                      | !crc|
| Rdr |52                                                                         |     | WUPA
| Rdr |52                                                                         |     | WUPA
| Tag |04  00                                                                   |     |
| Rdr |93  70  3c  ce  c5  65  52  bb  b6                               |  ok | SELECT_UID
| Tag |08  b6  dd     

Now i think i have all information i need, but i do not know how to go back to the key from there.
who can help me ? plz

If i understand something : i need :

UID : 70  3c  ce  c5
Tag challenge : 05  09  2c  ea
Reader Challenge : ea! 47! 74! 90!
Reader response : ee! 3f! cd  b1!
Tag response : fe  eb! 17  5d

PS : When you have "!", This means that the reader is not sure about that information?
PS : someone have the software call "Crapto1.gui.exe" ??

Last edited by folken42 (2017-04-26 13:16:27)

piwi

Contributor

Registered: 2013-06-04

Posts: 704

Re: I have so many question about SNIFF comunication

You have correctly identified the required data. Feed it into tools/mfkey/mfkey64

The ! Indicate parity errors.. These are expected for encrypted data.

folken42

Contributor

Registered: 2017-04-13

Posts: 4

Re: I have so many question about SNIFF comunication

You have correctly identified the required data. Feed it into tools/mfkey/mfkey64

The ! Indicate parity errors.. These are expected for encrypted data.

Thank you for your answer, I'm just starting.
Can you explain me in detail, how to find and use mfkey64 ?
I saw a command "decrypt" in iceman library, can you use that to decrypt the key ?
What is the syntax ?

piwi

Contributor

Registered: 2013-06-04

Posts: 704

Re: I have so many question about SNIFF comunication

You have mfkey64 already. It is part of the proxmark repository. It is in directory tools/mfkey.