r745, successful

iceman · 2013-06-22 12:14:48

After having my pm3 not working for months, basically since I bought it. It now works with the r745 revision, mifare cards are being successfully analyzed.

Getting to it was a bit different.

This worked for me.

1. Download the latest proxspace bundle: ProxSpace-130613.7z
2. Install it.
3. Follow instructions and install the ./update_Svn.sh

here is the difference..
4. inside the mingw env, checkout the Scripting branch of PM3 src with:
svn checkout http://proxmark3.googlecode.com/svn/branches/scripting

The scripting branch didnt work out the box. It was for me the Lua component.
so,

5. edit the ./client/Makefile

change row
cd ../liblua && make linux
to
cd ../liblua && make mingw

6. make clean && make all
7. do all the flashing, you know the drill

That worked for me, my system setup is win7 64b with vmware.

holiman · 2013-06-24 15:32:37

Thanks for the report! Glad to hear it worked for you!

I am back from vacation now, and will commit the mifare-things to the trunk soon (ish), I need to add some more stuff into it first. Also, I plan to move the stuff from the scripting-branch into trunk, but I want to be sure not to break builds all over the place (especially windows-environment).

asper · 2013-06-24 16:35:27

I will release a new windows package after you checked that everything is working fine, thank you again for you efforts !

iceman · 2013-06-24 16:56:12

Well,
hf mf mifare works
hf mf nested works

but sometime the hf mf chk hangs.
and sometime the new "auto-tune" in hf mf mifare doesnt find a good value and hangs.

holiman · 2013-06-24 17:58:55

Regarding hf mf chk, now that you have the lua client. try the new lua-based check instead. script run mfkeys, or whatever it was called...

holiman · 2013-06-24 18:05:18

and sometime the new "auto-tune" in hf mf mifare doesnt find a good value and hangs

What do you mean?
My expectation for this scenario would be that it settles for 2000ms after a while, and uses this for the attack. The attack would take like forever, if at all successfull. You would get very little feedback while this was ongoing, other than perhaps a blink every two seconds (but maybe I commented away that code?). If you press the device-button, it should still abort the operation.

iceman · 2013-06-24 18:12:46

well, that would be the " Nonce entropy is suspiciously high, something is wrong." message that seems to make it hang.

iceman · 2013-06-24 18:14:01

I guess thats what you mean with more than 100 states and 2000ms it would take long time. Could be, could be.

holiman · 2013-06-24 20:04:09

Ah, ok. There are two things happening.
1. Auto-tune. Tries to find the time required to power down the card.
2. Multiple states. Deals with the fact that we dont get the exact same nonce each time, by attacking several nonces simultaneously.

If the device says "Nonce entropy is suspiciously high, something is wrong", it means that the device does not get a stable nonce (or a set of stable nonces) to attack. This happens if the card does not power down completely.

Still, it should never 'hang' as in 'unresponsive to button-press'.

When you get that message - why is that - could you elaborate ? Is it a particular card? Does it happen often ?

iceman · 2013-06-24 21:20:15

I see.
It actually happens just for 1 card but I also guess that it doesnt become "hanging" , more like you said that it will take a long time. But normal procedure is 0-8 steps there, but for this card then it goes to 5/8, sometime 6/8 and seems to "hang" there. It becomes responsless.

holiman · 2013-06-24 21:39:50

Hm. 5-6 of 8 is pretty far, should be crackable. You could try increasing state-size to 1500 instead of 100

#define STATE_SIZE 1500

See if it makes a difference for that card. Leave it on overnight...

Last edited by holiman (2013-06-24 21:40:03)

iceman · 2013-06-24 21:42:33

Details card:

proxmark3> hf 14a read
ATQA : 04 00
UID : ba 38 de 3a
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k
proprietary non iso14443a-4 card found, RATS not supported

------
And by hanging I mean, I interupted with the keyboard the "hf mf mifare" cmd, (only for this specific card) but the PM3 is responsless to button press. So I need to unplug the PM3 to get it back online again.

holiman · 2013-06-24 21:50:22

Ok, then it sounds like an actual crash, and not an expected behaviour... I'll poke around... Any more details you could give would be great

iceman · 2013-06-24 21:57:09

What more is strange, "hf mf chk *2 ? t " Gives me sector 0 key ok (ffffffffff) but sector 1, then the PM3 is dead, hangs, and I need to unplug it aswell.
It seems like this card has a very irratic behavior which I dont get from my other cards.

holiman · 2013-06-25 20:38:02

Have you tested the lua-based check? Does it behave the same way?

iceman · 2013-06-25 22:37:41

Well, the lua-script did work att all.

proxmark3> script run mfkeys.lua
-----Executing file 'mfkeys.lua'
This script implements check keys. It utilises a large list of default keys (currently 69 keys).
If you want to add more, just put them inside mf_default_keys.lua.
Got data size 528, expected 544No response from card
No response from card

-----Finished

However I realized that I have been dumb. I used the precompiled proxmark3.exe from Asper, instead of the one inside Scripting - catalog when I was trying it out.

When I run the proxmark3.exe inside mingw, then "hf mf chk" works great.
proxmark3>

holiman · 2013-06-26 08:19:34

Just to be clear - does "script run mfkeys.lua" work in the not-precompiled version? Which version produced the output above?

holiman · 2013-06-26 09:14:49

Oh, and btw, I changed the makefiles a bit in r746, I am curious if it works out of the box now in your environment ?

iceman · 2013-06-26 10:12:30

Sorry for my very confused messages.

Lets straighten some tings out.

1) All my previous problems with HFMFCHK, with the one card, was most likley due to me using the precompiled Asper windows binary instead of using the one in /scripting/Client..

2 ) The Lua-script was executed with the r745 /Scripting client.

iceman · 2013-06-26 10:18:10

I noticed just now that the Make Clean, doesn't delete the .o files inside the liblua libary.

So there is no fresh compiling of the liblua src when issuing: make clean && make all

The whole compilation now generates tons of warnings.

holiman · 2013-06-26 10:21:28

That's really strange!
Could you try something?
1. Create a file /scripts/atest.lua
2. Paste the following contents:

print(string.len(bin.pack("LLLLH",0, 0, 0, 0,string.rep("0",1024))));

3. script run atest.lua

holiman · 2013-06-26 10:24:09

iceman wrote:

I noticed just now that the Make Clean, doesn't delete the .o files inside the liblua libary.
So there is no fresh compiling of the liblua src when issuing: make clean && make all
The whole compilation now generates tons of warnings.

Yeah... I'm not proud of my makefile skills. Part of the reason why it's not in trunk... I'll take a stab att fixing it, any help appreciated.

Edit : commited as r748

Last edited by holiman (2013-06-26 12:00:10)

iceman · 2013-06-26 12:14:43

Well, i didnt flash my PM3. Thats why u se r745.
The script ran.

I noticed that if I run the proxmark from root, like

./client/proxmark3.exe com1

then the script list cmd can't open the scripts catalog.

So I have to run the proxmark3 in the right catalog.

cd client
./proxmark3.exe com1
now the script list cmd works.

----------------------------------------------

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 745-unclean 2013-06-22 10:39:20
#db# os: svn 745-unclean 2013-06-22 10:39:21
#db# FPGA image built on 2012/ 1/ 6 at 15:27:56
proxmark3> script list
atest.lua A script file
cmdline.lua A script file
helloworld.lua A script file
mfkeys.lua A script file
mifare.lua A script file
test.lua A script file
proxmark3> script run atest.lua
-----Executing file 'atest.lua'
528

-----Finished
proxmark3>

holiman · 2013-06-26 13:32:32

iceman wrote:

Well, i didnt flash my PM3. Thats why u se r745.
The script ran.
I noticed that if I run the proxmark from root, like
./client/proxmark3.exe com1
then the script list cmd can't open the scripts catalog.

Yes, I'm aware of that. You also get other problems, since it can't find dump-files and stuff if you run from root. It's an issue that I mean to fix some day.

iceman wrote:

proxmark3> script run atest.lua
-----Executing file 'atest.lua'
528
-----Finished
proxmark3>

That should be fixed now as of r749. You should now see

proxmark3> script run atest.lua
-----Executing file 'atest.lua'
544

-----Finished

Edit: Oh, and with this fix the problem reported above should be gone, lua-based check keys should work.

Last edited by holiman (2013-06-26 14:15:54)

Proxmark3 community

Announcement

#1 2013-06-22 12:14:48

r745, successful

#2 2013-06-24 15:32:37

Re: r745, successful

#3 2013-06-24 16:35:27

Re: r745, successful

#4 2013-06-24 16:56:12

Re: r745, successful

#5 2013-06-24 17:58:55

Re: r745, successful

#6 2013-06-24 18:05:18

Re: r745, successful

#7 2013-06-24 18:12:46

Re: r745, successful

#8 2013-06-24 18:14:01

Re: r745, successful

#9 2013-06-24 20:04:09

Re: r745, successful

#10 2013-06-24 21:20:15

Re: r745, successful

#11 2013-06-24 21:39:50

Re: r745, successful

#12 2013-06-24 21:42:33

Re: r745, successful

#13 2013-06-24 21:50:22

Re: r745, successful

#14 2013-06-24 21:57:09

Re: r745, successful

#15 2013-06-25 20:38:02

Re: r745, successful

#16 2013-06-25 22:37:41

Re: r745, successful

#17 2013-06-26 08:19:34

Re: r745, successful

#18 2013-06-26 09:14:49

Re: r745, successful

#19 2013-06-26 10:12:30

Re: r745, successful

#20 2013-06-26 10:18:10

Re: r745, successful

#21 2013-06-26 10:21:28

Re: r745, successful

#22 2013-06-26 10:24:09

Re: r745, successful

#23 2013-06-26 12:14:43

Re: r745, successful

#24 2013-06-26 13:32:32

Re: r745, successful

Board footer