Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2017-06-27 11:13:36
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
[Solved]my attack nested doesnt work anymore since update.
i had tune problem because i used different client and firmware. problem fixed!
now i run under this last version
Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-527-g6100040-suspect 2017-06-26 15:28:02
os: master/v2.2.0-527-g6100040-suspect 2017-06-26 15:28:07
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 192561 bytes (73%). Free: 69583 bytes (27%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
my hf tune is about 15V and 12v with a tag.
my attack find a key but nested failed on all my tag.mifare 1k
doesnt find my tag and finally dark give me this:
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
uid(ba82c39f) nt(1ce2c881) par(0000000000000000) ks(020506070006010a) nr(2400000007)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000007| 2 | 7 |0,0,0,0,0,0,0,0|
| 20 |00000027| 5 | 0 |0,0,0,0,0,0,0,0|
| 40 |00000047| 6 | 3 |0,0,0,0,0,0,0,0|
| 60 |00000067| 7 | 2 |0,0,0,0,0,0,0,0|
| 80 |00000087| 0 | 5 |0,0,0,0,0,0,0,0|
| a0 |000000a7| 6 | 3 |0,0,0,0,0,0,0,0|
| c0 |000000c7| 1 | 4 |0,0,0,0,0,0,0,0|
| e0 |000000e7| a | f |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
key_count:0
Key not found (lfsr_common_prefix list is null). Nt=1ce2c881
Failing is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
uid(ba82c39f) nt(1ce2c881) par(0000000000000000) ks(04050c0f0701010d) nr(2400000008)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000008| 4 | 1 |0,0,0,0,0,0,0,0|
| 20 |00000028| 5 | 0 |0,0,0,0,0,0,0,0|
| 40 |00000048| c | 9 |0,0,0,0,0,0,0,0|
| 60 |00000068| f | a |0,0,0,0,0,0,0,0|
| 80 |00000088| 7 | 2 |0,0,0,0,0,0,0,0|
| a0 |000000a8| 1 | 4 |0,0,0,0,0,0,0,0|
| c0 |000000c8| 1 | 4 |0,0,0,0,0,0,0,0|
| e0 |000000e8| d | 8 |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...
p1:3e p2:1ac p3:0 key:ff994ff519ed
p1:9e1 p2:3fc3 p3:1 key:f0eafade7645
p1:1931 p2:a147 p3:2 key:d9615b66435b
p1:231d p2:df63 p3:3 key:ca5a653bd054
p1:2635 p2:f3a6 p3:4 key:c57bac9bb056
p1:2e8a p2:127cb p3:5 key:b916a297f542
p1:2edb p2:12979 p3:6 key:b8a5f294c882
p1:4c48 p2:1de84 p3:7 key:8d128be8c4ee
p1:5aee p2:23b8f p3:8 key:76f3a0811a46
p1:6f6d p2:2bcc6 p3:9 key:57eaa2f8ca80
p1:7877 p2:2f529 p3:a key:4a6352684677
p1:8fb0 p2:38b54 p3:b key:2686110d8c88
p1:93fc p2:3a6a8 p3:c key:200771c5587b
p1:a463 p2:411b3 p3:d key:06966a79aa29
key_count:14
------------------------------------------------------------------
Found valid key:4a6352684677
and nested attack give:
|000| 4a6352684677 | 1 | 536653644c65 | 1 |
|001| 4a6352684677 | 1 | 536653644c65 | 1 |
|002| 4a6352684677 | 1 | 536653644c65 | 1 |
|003| 4a6352684677 | 1 | 536653644c65 | 1 |
|004| 4a6352684677 | 1 | 536653644c65 | 1 |
|005| 4a6352684677 | 1 | 536653644c65 | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1
what i did wrong?
Last edited by platinium gsm (2017-06-29 12:45:29)
Offline
#2 2017-06-27 12:15:07
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
1) Distance between tag and antenna is important.
2) your darkside attack worked, found a valid key
3) your nested attack worked, found all keys
I don't understand your problem.
Especially since your subject say "hardnested".... Which you didn't even run in the output you posted.
Do please be more specific in your posts.
Offline
#3 2017-06-27 12:40:28
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
the distance is about 1 and 2 cm.i use original proxmark box/
my dark looks works perfectly
my nested looks working you say???
it s normal to have only one keys? and just ffffffffffffffffff for the other keys?
i use to make clone mifare and i had always different keys.
whatever if you are right my clones doesn t work since update.
And even if i downgrade i cant manage to clone my tags anymore
i m gona try to be more specific.
i took tag that i already clone before and i can t nested them i have same problem in keys . they don t work and read only one key with dark .
Offline
#4 2017-06-27 12:47:52
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
The rescolumns marked with X, shows if the key was successfully found. 0 = fail, 1 = success.
Hence I know your nested worked.
I also recognise that hotel system key generation. You need to look at your dump and clone dump, to see if they are an exact match.
You can't make hf mf restore on a magic tag once you done it...
X X
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 4a6352684677 | 1 | 536653644c65 | 1 |
|001| 4a6352684677 | 1 | 536653644c65 | 1 |
|002| 4a6352684677 | 1 | 536653644c65 | 1 |
|003| 4a6352684677 | 1 | 536653644c65 | 1 |
|004| 4a6352684677 | 1 | 536653644c65 | 1 |
|005| 4a6352684677 | 1 | 536653644c65 | 1 |
|006| ffffffffffff | 1 | ffffffffffff | 1 |
|007| ffffffffffff | 1 | ffffffffffff | 1 |
|008| ffffffffffff | 1 | ffffffffffff | 1 |
|009| ffffffffffff | 1 | ffffffffffff | 1 |
|010| ffffffffffff | 1 | ffffffffffff | 1 |
|011| ffffffffffff | 1 | ffffffffffff | 1 |
|012| ffffffffffff | 1 | ffffffffffff | 1 |
|013| ffffffffffff | 1 | ffffffffffff | 1 |
|014| ffffffffffff | 1 | ffffffffffff | 1 |
|015| ffffffffffff | 1 | ffffffffffff | 1 |Offline
#5 2017-06-27 13:00:04
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
ice man you know that i over respect all your words because i know your talent.
i agree ,of course, i Cant restore a magic tag 2 times. i can only write uid .
what s the way to check my dump and my clone dump?
i m gona post another attack to show you result with another different tag.
Offline
#6 2017-06-27 13:03:12
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
.............
uid(fe5477a9) nt(f0e7cd4d) par(1ca4a4bcc41c6c84) ks(0b060a0b01050d0d) nr(2400000000)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000000| b | e |0,0,1,1,1,0,0,0|
| 20 |00000020| 6 | 3 |0,0,1,0,0,1,0,1|
| 40 |00000040| a | f |0,0,1,0,0,1,0,1|
| 60 |00000060| b | e |0,0,1,1,1,1,0,1|
| 80 |00000080| 1 | 4 |0,0,1,0,0,0,1,1|
| a0 |000000a0| 5 | 0 |0,0,1,1,1,0,0,0|
| c0 |000000c0| d | 8 |0,0,1,1,0,1,1,0|
| e0 |000000e0| d | 8 |0,0,1,0,0,0,0,1|
key_count:1
------------------------------------------------------------------
Found valid key:8829da9daf76
proxmark3>
proxmark3> hf mf nested 1 0 A 8829da9daf76
Testing known keys. Sector count=16
nested...
Time in nested: 4.836 (inf sec per key)
-----------------------------------------------
Iterations count: 0
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|001| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|002| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|003| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|004| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|005| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|006| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|007| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|008| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|009| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|010| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|011| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|012| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|013| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|014| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
|015| 8829da9daf76 | 1 | 8829da9daf76 | 1 |
this is normal?
Offline
#7 2017-06-27 13:10:04
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
Especially since your subject say "hardnested".... .
i changed it
Offline
#8 2017-06-27 15:31:34
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
your last post shows another successfull recovery of all keys on tag. What is it that you don't understand with the output?
All kinds of cards can have different keys. If you expected the same pattern as in the first nested, then no. your two cards has different sets of keys.
hint You can use script run remagic to restore a magic card to clean state again
Offline
#9 2017-06-27 16:04:01
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
when i use to read mifare i had different keys .
now i have all the same. you tell me it s normal and i m sure it s not because i already read this last one tag and i had different keys .
whatever i can t clone it now.
look my dump is this :
proxmark3> hf mf dump 1
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 15.
Dumped 64 blocks (1024 bytes) to file dumpdata.bin
and my restore give me this:
proxmark3> hf mf restore 1
Restoring dumpdata.bin to card
Writing to block 0: fe 54 77 a9 74 88 04 00 47 b9 95 12 45 70 42 09
#db# Cmd Error: 04
#db# Write block error
#db# WRITE BLOCK FINISHED
isOk:00
Writing to block 1: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 3: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 7: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 11: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 15: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 19: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 23: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 25: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 26: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 27: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 29: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 31: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 33: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 34: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 35: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 37: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 39: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 41: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 42: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 43: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 44: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 45: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 47: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 49: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 51: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 52: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 53: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 54: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 55: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 56: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 57: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 58: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 59: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 61: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 62: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# WRITE BLOCK FINISHED
isOk:01
Writing to block 63: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76
#db# WRITE BLOCK FINISHED
isOk:01
proxmark3>
my rewrite uid give me:
proxmark3> hf mf csetuid FE5477A9
--wipe card:NO uid:fe 54 77 a9
old block 0: e9 5c 52 02 e5 08 04 00 62 63 64 65 66 67 68 69
new block 0: fe 54 77 a9 74 08 04 00 62 63 64 65 66 67 68 69
old UID:e9 5c 52 02
new UID:fe 54 77 a9
proxmark3>
my card clone must work now?
Offline
#10 2017-06-27 16:24:57
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
What kind of question is this? Go and try it out, how on earth would I know if your clone must work? There is plenty of reasons for magic card not to work against real readers. Only way is to test it against the system you cloned from.
Offline
#11 2017-06-27 16:48:30
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
sorry i really explain bad.
my question is after what you read i made good process or not?
because my tag doesn t work.
i used to make them perfectly before and now no one works.
that s why i show tha way i tried to find an issue.
sorry again if i explain my self so bad in english.
Offline
#12 2017-06-27 21:14:00
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: [Solved]my attack nested doesnt work anymore since update.
hf mf restore failed (expectedly) at block 0. You may try to write it with hf mf csetblk (but be carefull not to brick your card).
Offline
#13 2017-06-27 21:45:03
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
Thanks iceman for you advice and self controle.
i m gona try again to see because i know you must be right and i must be wrong.
i m gona test again with another chinese tag. might be because of them that i can t do my work.
i receive tomorrow new tag and i will tell you result.
Offline
#14 2017-06-27 21:53:29
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
As @piwi says, block0 failed but don't use hf mf csetblk 0, I'm quite sure you mess it up. We got the csetuid for this.
Use hf mf csetuid on your clone tag.
Offline
#15 2017-06-28 09:53:26
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
my rewrite uid give me:
proxmark3> hf mf csetuid FE5477A9
i used it no?
do i have to set uid before restoring dump.?
Offline
#16 2017-06-28 11:13:47
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: [Solved]my attack nested doesnt work anymore since update.
HF MF csetuid doesn't write all 16 bytes of block 0 hence cannot create an exact clone. If the application detects the different SAK (08 vs 88) or a difference in the remaining bytes, the clone may not work. Changing the SAK is dangerous.
Offline
#17 2017-06-28 15:06:52
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
Few readers validate on block0. They are more likely to validate on UID and SAK/ATQA.
When gives a mixed problem for @OP...
using csetuid @op will get a correct UID+bcc. He can also set SAK /ATQA with csetuid.
The rest of block 0 shouldn't be a problem, but it might be.
Offline
#18 2017-06-29 12:44:28
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
i finally receive new tag.
i have same problem with one tag but everything works perfect with all the others tag.
thanks for you knowledge as always.
Offline
#19 2017-06-29 12:47:34
- platinium gsm
- Contributor
- Registered: 2016-08-06
- Posts: 28
Re: [Solved]my attack nested doesnt work anymore since update.
i finally receive new tag
i have same problem with one tag.
i always get error on block 0
does it change something to set uid after or before loading dump in tag?
you prefer i open new subject for this question?
Last edited by platinium gsm (2017-06-29 13:01:49)
Offline
#20 2017-06-29 13:29:18
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: [Solved]my attack nested doesnt work anymore since update.
start a new thread.
Offline