Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
This is my first time playing around with Mifare tags and i'm getting a little lost...
First I ran...
proxmark3> hf 14a reader
UID : 2e c0 29 bd
ATQA : 00 02
SAK : 18 [2]
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
then...
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average :-)
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.
Card is not vulnerable to Darkside attack (its random number generator is not predictable).
proxmark3>
so then I...
proxmark3> hf mf chk *4 ? t
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 4d3a99c351dd
chk default key[ 6] 1a982c7e459a
chk default key[ 7] d3f7d3f7d3f7
chk default key[ 8] 714c5c886e97
chk default key[ 9] 587ee5f9350f
chk default key[10] a0478cc39091
chk default key[11] 533cb6c723f6
chk default key[12] 8fd0a4f256e9
--sector: 0, block: 3, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 1, block: 7, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 2, block: 11, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 3, block: 15, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 4, block: 19, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 5, block: 23, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 6, block: 27, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 7, block: 31, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 8, block: 35, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector: 9, block: 39, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:10, block: 43, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:11, block: 47, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:12, block: 51, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:13, block: 55, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:14, block: 59, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:15, block: 63, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:16, block: 67, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:17, block: 71, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:18, block: 75, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:19, block: 79, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:20, block: 83, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:21, block: 87, key type:A, key count:13
Found valid key:[ffffffffffff]
--sector:22, block: 91, key type:A, key count:13
Found valid key:[ffffffffffff]
etc.......
next i saw I tried
proxmark3> hf mf nested o 0 A FFFFFFFFFFFF 3 A
--target block no: 3, target key type:A
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).
and
proxmark3> hf mf nested 4 0 A FFFFFFFFFFFF
Testing known keys. Sector count=40
nested...
-----------------------------------------------
Tag isn't vulnerable to Nested Attack (random numbers are not predictable).
I've been searching all over the forum beacuse im sure the answer is right in front of my eyes but I cant seem to put it together. Is anyone able to point me in the right direction?
Offline
...if only there was a way to save the found keys in hf mf chk...
Online
...if only there was a way to save the found keys in hf mf chk...
Thanks Iceman!
hf mf chk *4 ? d
....am i on the right track? If I'm working on Windows, will I need python installed for datakey/datadump.bin?
Offline
the bin files are just ordinary binary files. You would need hexeditor to open them. if you don't like binary files, you always change them into eml (script run bintoemul) which is ascii files which you can open in any texteditor
Online
Salto 1K
card (4 byte UID)
fob (4 byte UID)
label (7 byte UID)
use FFFFFFFFFFFF for key A and B for sector 0,1,2,3,4
and a single key for sector A and a single key for sector B for all other sectors
Hint: One of the three (Card, Fob, Sticky Label) is prone to MFOC.
Offline
UID : 00 00 00 00
ATQA : 00 02
SAK : 18 [2]
TYPE : NXP MIFARE Classic 4k | Plus 4k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands (GEN1): NO
My guess if you need to clone them, you probably need this
Offline
if im still running ProxSpace-130613 would this cause issues with hardness attacks?
Offline
I doubt that old proxspace env is able to compile.
Online
ok I switched to Gators Proxspace but still cant run the hardnested cmds. Is there a way to check the new Github proxspace worked correctly.
Offline
the pm3 master does not have hardnested. do your background checks.
Online
You should be able to use the offical pm3 release now with hardnested in order to get some keys out.
Online
Yep, Hardnested will give you the keys. :-)
Offline
Did you have any luck with this fob Charlie?
Something odd happened to me. hf mf mifare found that ffffffffffff was the key (A and B) for most sectors except the last ones. I did a few hardnested attacks and found that ffffffffffff was supposedly the type A key for a few of the last sectors and also key type B for at least one of the last sectors. I don’t get why hf mf didn’t find this key. I was able to use it to read some of the last sectors with key A. But I was not able to use ffffffffffff as ley B... Not sure how to move forward with cloning this fob. Any tips are greatly appreciated. Thanks!
Offline
Pages: 1