Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2015-07-22 19:00:32
- Stanger
- Contributor
- Registered: 2015-07-22
- Posts: 21
Wrong mifare keys
Hello,
First of all I want to say hello to all you people, I'm from Holland and new on this forum and I recently bought a pm3 from Rysc. I really like this machine and especially the people who contribute their time and knowledge to keep this running. I hope some day I can contribute but I'm limited by my knowledge about coding.
Ok my problem: I couldn't dump data with the pm3, it has some auth errors and didn't write the .bin file. So I started searching around and came to the conclusion I have 2 wrong keys. These are the keys and the card:
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
|sec|key A |res|key B |res|
|000| 55840cf0c674 | 1 | 55840cf0c674 | 1 |
|001| a2da098d4ede | 1 | a2da098d4ede | 1 |
|002| f4ea5f92fc16 | 1 | f4ea5f92fc16 | 1 |
|003| 9a8fddc4f224 | 1 | 9a8fddc4f224 | 1 |
|004| 344730841114 | 1 | 000000000000 | 0 |
|005| 8a50744bdfb1 | 1 | 8a50744bdfb1 | 1 |
|006| 000000000000 | 0 | 99be33b8e6ff | 1 |
|007| 3d7743c5b42b | 1 | 3d7743c5b42b | 1 |
|008| 1df56a6372b9 | 1 | 1df56a6372b9 | 1 |
|009| efbbf40da84c | 1 | efbbf40da84c | 1 |
|010| 98285420f9de | 1 | 98285420f9de | 1 |
|011| 608c9d1b2036 | 1 | 608c9d1b2036 | 1 |
|012| 61c56a02a7da | 1 | 61c56a02a7da | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
As you can See the wrong one's are 000000000000. They need to be the same as the A/B key of their sector. I tested with an acs and mfoc.
I hope someone knows something a about this.
Thanks
Offline
#2 2015-07-22 19:04:09
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Wrong mifare keys
When you dump these keys (parameter to the nested command) , you can afterwards edit this dumpkeys.bin file if you know the keys missing.
or you re-run the nested command until you get all "1" in the "res" column. zero indicates failed to retrieve the key.
Offline
#3 2015-07-22 19:16:18
- Stanger
- Contributor
- Registered: 2015-07-22
- Posts: 21
Re: Wrong mifare keys
I tried second time and now it failed getting keys of other sectors. Now when I want to edit the key.bin I cannot see a logic order or wich key is for what. I use wxhexeditor and there is no 00000000000 key in it.
Here are the keys of the second run and the debug of the dumping proces:
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 55840cf0c674 | 1 | 55840cf0c674 | 1 |
|001| a2da098d4ede | 1 | a2da098d4ede | 1 |
|002| f4ea5f92fc16 | 1 | f4ea5f92fc16 | 1 |
|003| 000000000000 | 0 | 9a8fddc4f224 | 1 |
|004| 344730841114 | 1 | 344730841114 | 1 |
|005| 8a50744bdfb1 | 1 | 000000000000 | 0 |
|006| 99be33b8e6ff | 1 | 99be33b8e6ff | 1 |
|007| 000000000000 | 0 | 3d7743c5b42b | 1 |
|008| 1df56a6372b9 | 1 | 1df56a6372b9 | 1 |
|009| 000000000000 | 0 | efbbf40da84c | 1 |
|010| 98285420f9de | 1 | 98285420f9de | 1 |
|011| 608c9d1b2036 | 1 | 608c9d1b2036 | 1 |
|012| 000000000000 | 0 | 61c56a02a7da | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |
|---|----------------|---|----------------|---|
Printing keys to binary file dumpkeys.bin...
proxmark3> hf mf dump
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 3. Trying with defaults...
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 7. Trying with defaults...
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 9. Trying with defaults...
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not get access rights for sector 12. Trying with defaults...
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 2.
#db# Authentication failed. Error card response.
#db# Auth error
#db# READ BLOCK FINISHED
Could not read block 0 of sector 3
Offline
#4 2015-07-22 19:35:52
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Wrong mifare keys
not sure if I remember it correct, but I think the "failed" key is 0xffffffffffff in the file.
If you look at your output in the client and look at the dumpkeys.bin in a hexeditor, you'll figure out the key layout quite easy.
Offline
#5 2015-07-22 23:37:58
- Stanger
- Contributor
- Registered: 2015-07-22
- Posts: 21
Re: Wrong mifare keys
not sure if I remember it correct, but I think the "failed" key is 0xffffffffffff in the file.
If you look at your output in the client and look at the dumpkeys.bin in a hexeditor, you'll figure out the key layout quite easy.
Yes this is correct and the client doens't collect the keys so if in a second run a specific key is not found but in the first run it was found it will change the found key to 0xffffffffffff. It is possible to change manually the keys.bin but I'm still confused why it can't find keys. I'm also wondering if it's possible to dump keys in a specific key file or to add keys to an existing key file to make an big key collection file.
Offline
#6 2015-07-22 23:52:02
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: Wrong mifare keys
If you read the help "hf mf nested h" you get your answer on how to dump the found keys.
if you rename that file, its up to you. However, the "hf mf restore" works with the default names and you'll need the files inside the client folder when you run it.
the nested attack isn't 100% successfull everytime, but run it a couple of times and you'll get all keys usually.
sometimes you'll cut 'nd paste a bit..
Offline
#7 2015-07-23 19:14:57
- Stanger
- Contributor
- Registered: 2015-07-22
- Posts: 21
Re: Wrong mifare keys
Alright then, thank you for clearing up!
Offline
Pages: 1