Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-08-13 09:11:14

groneF
Contributor
Registered: 2020-08-12
Posts: 3

Cloning MIFARE Classic, unable to dump data

Hi,

So I am pretty new to this and could use some help. I am trying to dump the data of a MIFARE card using proxmark 3 Easy with the latest official software. See code snippets below:

proxmark3> hf search

 UID : b5 32 97 2b
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: HARDENED (hardnested)

Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf mf chk *1 ? d
--chk keys. sectors:16, block no:  0, key type:?, eml:n, dmp=y checktimeout=471 us
No key specified, trying default keys
chk default key[ 0] ffffffffffff
chk default key[ 1] 000000000000
chk default key[ 2] a0a1a2a3a4a5
chk default key[ 3] b0b1b2b3b4b5
chk default key[ 4] aabbccddeeff
chk default key[ 5] 1a2b3c4d5e6f
chk default key[ 6] 123456789abc
chk default key[ 7] 010203040506
chk default key[ 8] 123456abcdef
chk default key[ 9] abcdef123456
chk default key[10] 4d3a99c351dd
chk default key[11] 1a982c7e459a
chk default key[12] d3f7d3f7d3f7
chk default key[13] 714c5c886e97
chk default key[14] 587ee5f9350f
chk default key[15] a0478cc39091
chk default key[16] 533cb6c723f6
chk default key[17] 8fd0a4f256e9

To cancel this operation press the button on the proxmark...
--o
|---|----------------|----------------|
|sec|key A           |key B           |
|---|----------------|----------------|
|000|  ffffffffffff  |  ffffffffffff  |
|001|        ?       |        ?       |
|002|  ffffffffffff  |  ffffffffffff  |
|003|  ffffffffffff  |  ffffffffffff  |
|004|  ffffffffffff  |  ffffffffffff  |
|005|  ffffffffffff  |  ffffffffffff  |
|006|  ffffffffffff  |  ffffffffffff  |
|007|  ffffffffffff  |  ffffffffffff  |
|008|  ffffffffffff  |  ffffffffffff  |
|009|  ffffffffffff  |  ffffffffffff  |
|010|  ffffffffffff  |  ffffffffffff  |
|011|  ffffffffffff  |  ffffffffffff  |
|012|  ffffffffffff  |  ffffffffffff  |
|013|  ffffffffffff  |  ffffffffffff  |
|014|  ffffffffffff  |  ffffffffffff  |
|015|  ffffffffffff  |  ffffffffffff  |
|---|----------------|----------------|
Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.
proxmark3> hf mf hardnested 0 A ffffffffffff 1 A w
--target block no:  1, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0
Using AVX2 SIMD core.

...(I REMOVED 80 LINES OF OUTPUT)
81| 2962 | Brute force phase completed. Key found: ffffffffffff | 0 | 0s 

I also did the same code as above but replaced 1 A with 1 B, and that also gives the same key. Does that mean that the key for all sectors is ffffffffffff  ?

I tried to do a dump, but it fails to read sector 1:

proxmark3> hf mf dump
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector  1. Trying with defaults...
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block  0 of sector  0.
#db# READ BLOCK FINISHED
Successfully read block  1 of sector  0.
#db# READ BLOCK FINISHED
Successfully read block  2 of sector  0.
#db# READ BLOCK FINISHED
Successfully read block  3 of sector  0.
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
Could not read block  0 of sector  1

I am sure I am doing something wrong, so I would really appreciate if someone can put me on the right track smile Thanks!

Offline

#2 2020-09-07 21:53:32

easyeasy
Contributor
Registered: 2020-09-06
Posts: 10

Re: Cloning MIFARE Classic, unable to dump data

Your Hardnested command pointed on block 1 of sector 0 but you needed block 4 of sector 1.
so use it it like that:

hf mf hardnested 0 A ffffffffffff 4 A w

Offline

Board footer

Powered by FluxBB