HF MF MIFARE issue.

Erictsk · 2015-05-26 08:43:00

Hi Guys,

I have a total of 4 Mifare 1K card and I am trying to use the command : hf mf mifare to try to get the Key. However, the response are quite different.

1) 1 card have the key found within few minutes while another got it in ~20mins.
2) 2 cards did not responds at all after the command is executing.. ( I heard the "clicking" sound on the board). I have to close the client and "plug+replug"the board.

Point (2) above seems weird Anyone can advice me on this point.

Thank you.

iceman · 2015-05-26 08:51:17

It could be tags that has the new prng, where the "hf mf mifare" attack doesn't work.

Erictsk · 2015-05-26 09:58:19

Hi Iceman,

"It could be tags that has the new prng." How do I check to know that it has the prng?

"where the "hf mf mifare" attack doesn't work." Can you advice me on this as well?

Thank you.

iceman · 2015-05-26 10:07:07

if it doesnt work, then the attack will not work on that tag.
you can try the "hf mf chk" with a dictionary to test know default keys.
or you can sniff traffic between valid reader / tag, and get key from there.
Then, use that key in "hf mf nested"...

Erictsk · 2015-05-26 10:28:12

It work perfectly with "hf mf chk" as I can find some keys which uses known default keys.
And when I uses "hf mf nested ...", I can obtain the whole memory info of the 4 cards that I have.

I don't understand the reason why "hf mf mifare" works on 2 cards whereas another 2 cards don't work. Any suggestions you can think of for me to try out? or is there anything I can do for you to understand a bit more on my situation?

iceman · 2015-05-26 10:31:33

you could mention if the tags are exact the same type, brand..
you could mention your hf antenna voltage..
you could mention if you tried different positions between antenna and tag..

And you could mention if you read alot of the threads on this forum talking about difference between old tags vs new tags

You know, the usual stuff..

Erictsk · 2015-05-26 10:48:21

**** Card that can response to "HF MF MIFARE"****

proxmark3> hf 14a read
ATQA : 00 04
UID : ee 84 6e 9c
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO

proxmark3> hf mf rdsc 0 A a0a1a2a3a4a5
--sector no:0 key type:A key:a0 a1 a2 a3 a4 a5
#db# READ SECTOR FINISHED
isOk:01
data : ee 84 6e 9c 98 08 04 00 62 63 64 65 66 67 68 69
data : 6f 01 51 90 51 90 00 00 00 00 00 00 00 00 00 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00

**** Card that could not respond to "HF MF MIFARE". -> Proxmark3 "shut down" after ~10sec****
proxmark3> hf 14a read
ATQA : 00 04
UID : 6a 08 00 03
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO

proxmark3> hf mf rdsc 0 A a0a1a2a3a4a5
--sector no:0 key type:A key:a0 a1 a2 a3 a4 a5
#db# READ SECTOR FINISHED
isOk:01
data : 6a 08 00 03 61 08 04 00 62 63 64 65 66 67 68 69
data : 6f 01 51 90 51 90 00 00 00 00 00 00 00 00 00 00
data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
trailer: 00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00

The above are info being read out. I will look at some other threads to find out what can be the cause of it as well.

ntk · 2015-05-31 16:29:45

resolved

Last edited by ntk (2015-06-16 00:28:18)

ntk · 2015-05-31 16:46:43

discussed on different thread

Last edited by ntk (2015-06-16 00:29:07)

Proxmark3 community

Announcement

#1 2015-05-26 08:43:00

HF MF MIFARE issue.

#2 2015-05-26 08:51:17

Re: HF MF MIFARE issue.

#3 2015-05-26 09:58:19

Re: HF MF MIFARE issue.

#4 2015-05-26 10:07:07

Re: HF MF MIFARE issue.

#5 2015-05-26 10:28:12

Re: HF MF MIFARE issue.

#6 2015-05-26 10:31:33

Re: HF MF MIFARE issue.

#7 2015-05-26 10:48:21

Re: HF MF MIFARE issue.

#8 2015-05-31 16:29:45

Re: HF MF MIFARE issue.

#9 2015-05-31 16:46:43

Re: HF MF MIFARE issue.

Board footer