nonce2key

iceman · 2015-01-18 18:03:27

There is two different versions of the nonce2key code.

A) /client/nonce2key
B) /tools/nonce2key

The code unde A is updated, and the B code compiles but when running it the last two bytes of the found key is zeroed out.
I'm trying to get the code A to compile into a nice little program. However the linker complains..

 ~/client/nonce2key$ gcc  -std=c99  -I../../include -I../../common -I../ *.c


c:\Temp\ccCWZQau.o:nonce2key.c:(.text+0x623): undefined reference to `num_to_bytes'
c:\Temp\ccCWZQau.o:nonce2key.c:(.text+0x667): undefined reference to `mfCheckKeys'
c:/mingw/bin/../lib/gcc/mingw32/4.8.1/../../../../mingw32/bin/ld.exe: c:\Temp\ccCWZQau.o: bad reloc address 0x20 in section `.eh_f
rame'
c:/mingw/bin/../lib/gcc/mingw32/4.8.1/../../../../mingw32/bin/ld.exe: final link failed: Invalid operation
collect2.exe: error: ld returned 1 exit status
pm3 ~/client/nonce2key$

What am I missing ??

rbubba1911 · 2016-01-19 17:20:13

Hi dudes,

I face exactly the same problem, did someone was able to compile (on linux i486) the nonce2key.c program, (located in ./client/nonce2key/)

I invoke gcc in this way :
gcc -I../../include/ -I../../common/ -I../ nonce2key.c

and I got this result :

/tmp/ccuabwqX.o: In function `nonce2key':
nonce2key.c:(.text+0x120): undefined reference to `PrintAndLog'
nonce2key.c:(.text+0x335): undefined reference to `PrintAndLog'
nonce2key.c:(.text+0x372): undefined reference to `lfsr_common_prefix'
nonce2key.c:(.text+0x3c1): undefined reference to `lfsr_rollback_word'
nonce2key.c:(.text+0x3e5): undefined reference to `crypto1_get_lfsr'
nonce2key.c:(.text+0x6ec): undefined reference to `num_to_bytes'
nonce2key.c:(.text+0x72c): undefined reference to `mfCheckKeys'
collect2: error: ld returned 1 exit status

note: I was able to compile the pm3 client without trouble .

What am I missing too ??

Last edited by rbubba1911 (2016-01-19 17:20:39)

iceman · 2016-01-19 18:15:19

I updated all these different version into one the latest crapto1 v3.3 in my fork.
So you can use the /tools/nonce2key without problems.

rbubba1911 · 2016-01-19 18:34:31

Hi iceman,

glad to ear you, I follow your fork with attention, I see your great progress on hardnested, I'm waiting for the BF

I already use your firmware version, tomorrow I'l update my repo and compile your tools/nonce2key

thanks for the info, I keep you in touch

rbubba1911 · 2016-01-19 19:11:19

Can't wait tomorrow !

update/make

.. your version compiles without problem, nice job.

thank again iceman

Last edited by rbubba1911 (2016-01-19 19:14:47)

iceman · 2016-01-19 19:17:49

sorry, I don't touch the hardnested. That is @piwi 's baby,

What I did was using hardnested and save the nonces, then run the crapto-ev1 solver (BF) from @blapost. My testresult just verify what @piwi and @blapost already have done, and that their different solutions works.

rbubba1911 · 2016-01-19 19:36:40

Doh !

I read so many post of both of you, I swaped your name

Hahaa, I understand a bit more, unfortunately the crapto-ev1 solver from bla is now unavailable, I can't do anything without this part (wink).

about the @piwi implementation, As I understand, it's work in progress and it need the brute force engine to find a key.

I'm missing something ?

iceman · 2016-01-19 19:41:38

yes, you are missing @piwi's point of not releasing a BF for his hardnested. He will not do that.
But @blapost will do release his tool again.

I've compile so many times now on MinGW/Win7 and on Ubuntu1404, 1510, to remove warnings and fix crashes, so yeah my fork should be very stable in that sence.

rbubba1911 · 2016-01-19 20:11:20

oO !

In fact, I miss the party !!

that's what I was afraid to understand when I read the end pf his post.
so, my only hope is the bla tool, is it a big deal to ask you to send me a copy ?

iceman · 2016-01-19 20:16:50

Why don't you ask @blapost ?

You know that you need to have a known key to be able to crack another key on the same tag? If you don't have that then the hardnested attack is useless. So don't put too much hope on it.

[edit] does the nonce2key work for you?

Last edited by iceman (2016-01-19 20:17:53)

rbubba1911 · 2016-01-19 20:30:37

Good idea, I will ask to bla too !

I'm aware about the know key requirement (it's currently the case !)

the program compile find, but I don't know how to find theses info, probably from nonces.bin or sniff trace ?

syntax: ./nonce2key <uid> <nt> <par> <ks>

iceman · 2016-01-19 20:34:57

If you run the "hf mf mifare" , it prints a line like:

uid(e9cadd9c) nt(a8bf4a12) par(a020a8285858b090) ks(050f010607060e07)

That is the info you need to run..

rbubba1911 · 2016-01-19 20:38:10

again, you make my night !

I was looking for this into hardnested output !

I drop a mail to bla, cross my fingers, fire a candle, kill a chicken and now I'm waiting for a reply

big thanks

Christian22 · 2016-04-18 19:58:48

iceman wrote:

sorry, I don't touch the hardnested. That is @piwi 's baby,
What I did was using hardnested and save the nonces, then run the crapto-ev1 solver (BF) from @blapost. My testresult just verify what @piwi and @blapost already have done, and that their different solutions works.

Hey iceman,

did you save the nonces with the w command in nonces.bin? Because I saved the nonces.bin and use the command ./solve -f nonces.bin and the program says "Input parse error pos:0".

Any suggestions what I'm doing wrong?

iceman · 2016-04-18 20:03:29

that because you need to convert the noncefile from piwi into a format that blapost's solver can read...

iceman · 2016-04-18 20:13:27

The GiHub user Aczid has released a new bruteforcer for Hardnested. Which even outperforms blapost's solver. I'vent tested it yet.
https://github.com/aczid/crypto1_bs/

Christian22 · 2016-04-18 20:36:47

iceman wrote:

The GiHub user Aczid has released a new bruteforcer for Hardnested. Which even outperforms blapost's solver. I'vent tested it yet.
https://github.com/aczid/crypto1_bs/

Thank you iceman, I'll give it a try. I've seen, that I don't need to transform my bin for the tool from Aczid.
I'll give feedback...

Christian22 · 2016-04-19 20:06:17

The tool solve_piwi_bs works for me perfectly.
With a 6 core PC it finds the key in between 5 till 10 minutes.

Thanks for Aczid for this great BF.

Next step is to patch my pm3 client.

iceman · 2016-04-19 21:57:31

That is some impressing speedups. Bonus of azcid to add three solvers for convinient testing.

rbubba1911 · 2016-04-20 13:01:43

Hi all,
I'm trying to use these tools, but I've got strange result:

./solve -f 0xcafec0de.txt -u 0xcafec0de
Leftover complexity: ffffffff548b43a4
100.00% done
FOUND: 626c61003333

./solve_bs 0xcafec0de.txt 0xcafec0de
Initializing BS crypto-1
Using 64-bit bitslices
Bitslicing rollback byte: 1f...
Bitslicing nonces...
Starting 6 threads to test 1418412964 states
Found key: 000061003333
Tested 3467318262 states

./solve_piwi 0xcafec0de.bin
Starting 6 threads to test 1418412964 states
Cracking... 56.71%
Found key: 000061003333

./solve_piwi_bs 0xcafec0de.bin
Initializing BS crypto-1
Using 64-bit bitslices
Bitslicing rollback byte: 1f...
Bitslicing nonces...
Starting 6 threads to test 1418412964 states
Found key: 000061003333
Tested 3518176550 states

It's seems that the first 2 bytes is zeroed (0000)

I'm think the real key is "626c61003333", why I've go this 'bad' result ?

btw if I try to compile just by using the makefile I've got an error :

crapto1-v3.3/crapto1.h:69:9: warning: implicit declaration of function ‘asm’ [-Wimplicit-function-declaration]
asm( "movl %1, %%eax\n"

crapto1-v3.3/crapto1.h:75:35: error: expected ‘)’ before ‘:’ token
"movzx %%al, %0\n": "=r"(x) : "r"(x): "eax","ecx");

As a workaround, I build library (.so) of crapto1
gcc -O3 crapto1.c -shared -o crapto1.so

and then use it instead of source.
gcc -O3 -mpopcnt -std=c99 solve_bs.c crypto1_bs.c crypto1_bs_crack.c -Icraptev1-v1.0 craptev1-v1.0/craptev1.c ./crapto1.so ./solve.so -o solve_bs -lpthread
or
gcc -O3 -mpopcnt -std=c99 solve_piwi_bs.c crypto1_bs.c crypto1_bs_crack.c -Icraptev1-v1.0 craptev1-v1.0/craptev1.c ./crapto1.so -o solve_piwi_bs -lpthread

iceman · 2016-04-20 13:13:25

yeah, rename
asm( "movl %1, %%eax\n"
into
__ asm( "movl %1, %%eax\n"

the solvers seems to work but not printing the first two bytes.

iceman · 2016-04-20 13:14:01

Do you get more compiler warnings?

rbubba1911 · 2016-04-20 13:20:26

Hi iceman,

thank to you, now it's compile fine.

I'll add -mmmx to get ride of warning message

but the key is always truncated

Starting 6 threads to test 1418412964 states
Found key: 000061003333
Tested 3486435654 states

do you have an idea, what can be the cause ?

Last edited by rbubba1911 (2016-04-20 13:23:26)

iceman · 2016-04-20 13:24:33

did you pull the latest commit?

rbubba1911 · 2016-04-20 13:30:14

I take yesterday's commit
I see many modification today (a least <24h)

I refresh my files, and try again.

I keep you in touch

rbubba1911 · 2016-04-20 13:36:03

I've got same result with latest files
key is truncated.

so sad !

./solve_bs Fail

a good point, now it's work with
"solve_piwi_bs" and "solve_piwi"
I've got full key

it's seems related to ./solve.so

Last edited by rbubba1911 (2016-04-20 13:47:03)

rbubba1911 · 2016-04-20 14:06:08

after some investigation,
I'm tend to think to a bug in solve_bs

is it working on your side ?

To test, I remove main() in solve.c and compile solve_bs like that

gcc -O3 -mpopcnt -mmmx -std=c99 solve_bs.c crypto1_bs.c crypto1_bs_crack.c -Icraptev1-v1.0 craptev1-v1.0/craptev1.c crapto1-v3.3/crapto1.c craptev1-v1.0/solve.c -o solve_bs -lpthread

(without building first the solve.so), compile fine but the key found is truncated.

Last edited by rbubba1911 (2016-04-20 14:08:46)

rbubba1911 · 2016-04-20 14:30:09

ok, I found the bug

in file "solve_bs.c" line 29

change the line :
printf("Found key: %012lx\n", key);

by :
printf("Found key: %012"llx"\n", key);

Hope it helps

iceman · 2016-04-20 14:39:59

Yeah, you are right, I missed that one "lx" in my first commit.
Added your -mmmx flags aswell and made another PR.

iceman · 2016-04-21 11:39:35

and I got @azcid's patch merged into my fork. Buildw & work on Mingw & Ubuntu14.04, breaks in Travis CI I think Travis CI doesn't like "-march=native" option for GCC

[edit]
it builds on my updated mingw enviroment, with gcc 4.9.3. The mingw env in the proxspace distro, will have some gcc compiler issues.
[/edit]

Proxmark3 community

Announcement

#1 2015-01-18 18:03:27

nonce2key

#2 2016-01-19 17:20:13

Re: nonce2key

#3 2016-01-19 18:15:19

Re: nonce2key

#4 2016-01-19 18:34:31

Re: nonce2key

#5 2016-01-19 19:11:19

Re: nonce2key

#6 2016-01-19 19:17:49

Re: nonce2key

#7 2016-01-19 19:36:40

Re: nonce2key

#8 2016-01-19 19:41:38

Re: nonce2key

#9 2016-01-19 20:11:20

Re: nonce2key

#10 2016-01-19 20:16:50

Re: nonce2key

#11 2016-01-19 20:30:37

Re: nonce2key

#12 2016-01-19 20:34:57

Re: nonce2key

#13 2016-01-19 20:38:10

Re: nonce2key

#14 2016-04-18 19:58:48

Re: nonce2key

#15 2016-04-18 20:03:29

Re: nonce2key

#16 2016-04-18 20:13:27

Re: nonce2key

#17 2016-04-18 20:36:47

Re: nonce2key

#18 2016-04-19 20:06:17

Re: nonce2key

#19 2016-04-19 21:57:31

Re: nonce2key

#20 2016-04-20 13:01:43

Re: nonce2key

#21 2016-04-20 13:13:25

Re: nonce2key

#22 2016-04-20 13:14:01

Re: nonce2key

#23 2016-04-20 13:20:26

Re: nonce2key

#24 2016-04-20 13:24:33

Re: nonce2key

#25 2016-04-20 13:30:14

Re: nonce2key

#26 2016-04-20 13:36:03

Re: nonce2key

#27 2016-04-20 14:06:08

Re: nonce2key

#28 2016-04-20 14:30:09

Re: nonce2key

#29 2016-04-20 14:39:59

Re: nonce2key

#30 2016-04-21 11:39:35

Re: nonce2key

Board footer