Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2017-05-03 10:40:15
- Erictsk
- Contributor
- Registered: 2015-05-22
- Posts: 39
Mifare S70 card
I have purchased some Mifare S70 blank card(UID non-changable) from some chinese website. I did some trials on the nested attack and realized that the proxmark become not responsive at certain condition.
My trials are as follows :
1) When all KeyA and KeyB are in default. Nested attack ("hf mf chk *4 ? d", followed by "hf mf nested 4 0 a FFFFFFFFFFFF d") could extract all keys. --> Normal and proxmark still response after.
2) Changed one of KeyB to non-default with other keys remains unchanged. Proxmark not responsive after "hf mf nested ..." is issued.
3) Firmware flashed with bootrom.elf and fullimage.elf from "iceman-fork". Launched nested attack. Proxmark is responsive but All Keys were extracted to be "FFFFF...FFF". -- Not Normal.
Can anyone provide me some hints what can goes wrong?
Thanks for the advice.
Offline
#2 2017-05-03 10:45:31
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: Mifare S70 card
the output from nested, when u run it via iceman fork, gives a nice one. Did it say success? and are u sure u run the same client as you flashed fullimage from?
Offline
#3 2017-05-03 11:08:35
- Erictsk
- Contributor
- Registered: 2015-05-22
- Posts: 39
Re: Mifare S70 card
You are right. I am so use to running at the same directory even though I have the new client.
the output from nested, when u run it via iceman fork, gives a nice one. Did it say success? and are u sure u run the same client as you flashed fullimage from?
Found valid key:[ffffffffffff]
--sector:39, block:255, key type:B, key count:13
Found valid key:[ffffffffffff]
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.
proxmark3>
proxmark3> hf mf nested 4 0 a ffffffffffff d
Testing known keys. Sector count=40
nested...
-----------------------------------------------
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).
After changing to the right client, this is the obtained result. These cards are not vulnerable to nested attack.
Last edited by Erictsk (2017-05-03 11:08:57)
Offline
Pages: 1