Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2015-11-13 20:51:56

Sentinel
Contributor
Registered: 2012-11-26
Posts: 191

inhova/tesa mifare password

The password is sent to the reader in encrypted form
first three bytes XOR mask 55AA55
next 3 bytes - unknown (((

encrypted  pass -> decrypted pass
F50BF74D4287 -> A0A1A2A3A4A5
E51BE7510ECB -> B0B1B2B3B4B5
AA55AA284343 -> FFFFFFFFFFFF

44BB44893434 -> 111111111111
778877AFADAD -> 222222222222
55AA556B4343 -> 000000FFFFFF
AA55AAD7BCBC -> FFFFFF000000
00FF00FF1616 -> 555555555555
FF00FF43E9E9 -> AAAAAAAAAAAA

55AA5594BCBC -> 000000000000
55AA5594BCBD -> 000000000001
55AA5595BCBD -> 000000010001

55AA5594BCBE -> 000000000002
55AA5596BCBE -> 000000020002

55AA5594BCBF -> 000000000003
55AA5594BCB8 -> 000000000004
55AA5594BCB9 -> 000000000005
55AA5594BCBA -> 000000000006
55AA5594BCBB -> 000000000007
55AA5594BCB4 -> 000000000008

55AA55000000 -> 00000094BCBC
55AA55FFFFFF -> 0000006B4343

55AA5494BCBC -> 000001000000
55AA5794BCBD -> 000002000000
55AA5694BCBD -> 000003000000
55AA5194BCBF -> 000004000000
55AA5094BCBF -> 000005000000
55AA5394BCBE -> 000006000000

54AA559479BC ->  010000000000
57AA559536BC ->  020000000000
51AA5597A8BC ->  040000000000
5DAA559294BC ->  080000000000

45AA5598ECBC ->  100000000000
75AA558C1CBC ->  200000000000
15AA55A5FCBC ->  400000000000
D5AA55F63CBC ->  800000000000

Last edited by Sentinel (2015-11-13 20:54:01)

Offline

#2 2015-11-14 12:48:55

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: inhova/tesa mifare password

Do you have the UIDs connected with those keys?

Offline

#3 2015-11-14 13:17:51

Sentinel
Contributor
Registered: 2012-11-26
Posts: 191

Re: inhova/tesa mifare password

It is a protocol between the reader and PC software inhova. in software exhibited the default password, and in the COM port (sysinternals/portmon) you can see the encrypted password. Then reader recovers password.

Offline

#4 2015-11-14 14:59:00

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: inhova/tesa mifare password

4th, 5th and 6th bytes are related to 1st 3bytes values. Not at home To study it further today.

Offline

#5 2015-11-14 19:48:41

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: inhova/tesa mifare password

They are first xored with 94BCBC but then xored with some result of a calc on first 3 bytes.  Not enough data to identify calc.  IMO.

Offline

#6 2015-11-14 20:23:13

Sentinel
Contributor
Registered: 2012-11-26
Posts: 191

Re: inhova/tesa mifare password

not enough time to set a logical 1 of all charges..In the near future following the results of research

Offline

Pages: 1

Board footer

Powered by FluxBB