Proxmark3 community

koulikov

Contributor

Registered: 2017-04-15

Posts: 11

Proxmark3 not responding - hardnested

Hi

I did a few analyze of a Mifare 1k sl1 and proxmark3 stop responding when I try to find a key

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|001|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|002|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|003|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|004|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|005|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|006|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|007|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|008|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|009|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|010|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|011|  a0a1a2a3a4a5  | 1 |  b0b1b2b3b4b5  | 1 |
|012|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |
|013|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |
|014|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |
|015|  a0a1a2a3a4a5  | 1 |  ffffffffffff  | 0 |
|---|----------------|---|----------------|---|

hf mf hardnested 0 a a0a1a2a3a4a5 56 b

"Acquired 75600 nonces (44903/45000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 6
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 112: 13750076573696 (2^43.6)
Number of remaining possible keys: 65114696924 (2^35.9)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 03 ...
Bitslicing nonces...
Starting 4 cracking threads to search 24 buckets containing a total of 65114696924 states..."

and crash...

Any idea of the problem?

Thanks for more informations

iceman

Administrator

Registered: 2013-04-25

Posts: 9,538

Website

Re: Proxmark3 not responding - hardnested

hardnested has some issues,  not complete in that sense.
But if you always get it with the same key,  you can save the noncefile and upload it.  @piwi usually wants to look at those cases.

koulikov

Contributor

Registered: 2017-04-15

Posts: 11

Re: Proxmark3 not responding - hardnested

I do some test again and proxmark don't respond very quickly. I saved the nonces.bin.
https://www.sendspace.com/file/x4q0ng

Maybe I don't correctly use the command ?

hf mf hardnested 60 A a0a1a2a3a4a5 60 b w

"--target block no: 60, target key type:B, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0
Allocating memory for partial statelists...
Generating partial statelists...
Generating bitflip statelist...
Acquiring nonces...
Writing acquired nonces to binary file nonces.bin
Checking for Filter Flip Properties...
Acquired  1680 nonces ( 1660/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 0
Acquired  2016 nonces ( 1984/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 0
Acquired  2576 nonces ( 2528/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 2
Acquired  3024 nonces ( 2952/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 6
Acquired  3584 nonces ( 3483/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 9
Acquired  4032 nonces ( 3914/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 12
Acquired  4592 nonces ( 4435/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 15
Acquired  5040 nonces ( 4860/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 18
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 128: 117726714265600 (2^46.7)
Number of remaining possible keys: 4682527972 (2^32.1)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 98 ...
Bitslicing nonces...
Starting 4 cracking threads to search 34 buckets containing a total of 4682527972 states..."

Last edited by koulikov (2017-05-01 23:35:44)

gator96100

Contributor

From: Austria

Registered: 2016-03-25

Posts: 177

Re: Proxmark3 not responding - hardnested

pm3 --> hf mf hardnested r
--target block no:  0, target key type:A, known target key: 0x000000000000 (not
set), file action: read, Slow: No, Tests: 0
Allocating memory for partial statelists...
Generating partial statelists...
Generating bitflip statelist...
Reading nonces from file nonces.bin...
Read 5264 nonces from file. cuid=fee78176, Block=60, Keytype=B
Checking for Filter Flip Properties...
Number of first bytes with confidence > 95.0%: 13
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 128: 117726714265600 (2^46.7)
Number of remaining possible keys: 4848309092 (2^32.2)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 98 ...
Bitslicing nonces...
Starting 4 cracking threads to search 34 buckets containing a total of 484830909
2 states...
............................Validating key search space
*
Time for bruteforce 9.2 seconds.

Found key: 065945e1aac2

Your command is corrent. What client/firmware version are you using? Did you use the precompiled builds? What OS are you running?

koulikov

Contributor

Registered: 2017-04-15

Posts: 11

Re: Proxmark3 not responding - hardnested

Interesting,
Currently I use the precomp build pm3 iceman 2017-04-29. The OS is Windows 10 and the firmware is os: iceman/master/v1.1.0-2031-g5198807 2017-04-29 15:55:01
I will try other version.

koulikov

Contributor

Registered: 2017-04-15

Posts: 11

Re: Proxmark3 not responding - hardnested

ok I have test the last linux version. It works without crashing at the end.

Last edited by koulikov (2017-05-04 18:49:27)