Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-01-01 18:08:13

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

[RDV4] upload dictionary files to flashmemory

In order to facilitate more easy usage of rdv4's flashmemory, I have added some possibilites to upload the dictionary files on to device.
These will be used in a stage 2 when running checkkeys or dictionary attack.
I have adapted @bogito's luascript read_pwd_mem.lua to read this out if the parameter -k is used.

Upload all dictionary files to fixed allocated sections in flashmemory

pm3 --> mem load f default_iclass_keys i
[+] loaded  6 keys from dictionary file default_iclass_keys.dic
[+] Wrote 50 bytes to offset 237568

pm3 --> mem load f default_keys m
[+] loaded 606 keys from dictionary file default_keys.dic
[+] Wrote 3638 bytes to offset 241664

pm3 --> mem load f default_pwd t
[+] loaded 104 keys from dictionary file default_pwd.dic
[+] Wrote 418 bytes to offset 245760

Read out passwords / keys from Flashmemory.

pm3 -->scr run read_pwd_mem -o 237568 -k 8

pm3 -->scr run read_pwd_mem -o 241664 -k 6

pm3 -->scr run read_pwd_mem -o 245760 -k 4

Offline

#2 2019-01-02 12:08:18

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [RDV4] upload dictionary files to flashmemory

Now hf mf fchk can use the on device dictionary.  With tweaks to checking algorithm,  the speedups are noticable compared with calling it with the file when used against a tag with known keys.   Once the dictionary doesn't contain all keys,  it goes slower since it has to check all currently 606 keys.

pm3 --> hf mf fchk 1 m

[-] Chunk: 0.4s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  0.4s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|---|----------------|---|----------------|---|

vs


pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1

[-] Chunk: 0.4s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  0.4s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|---|----------------|---|----------------|---|

3 second difference

pm3 --> hf mf fchk 1 m
..
[-] Chunk: 5.7s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  5.7s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|001|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|002|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|003|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|004|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|005|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|006|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|007|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|008|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|009|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|010|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|011|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|012|  54726176656c  | 1 |  776974687573  | 1 |
|013|  54726176656c  | 1 |  776974687573  | 1 |
|014|  54726176656c  | 1 |  776974687573  | 1 |
|015|  54726176656c  | 1 |  776974687573  | 1 |
|---|----------------|---|----------------|---|

vs

pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1
....
[-] Chunk: 8.6s | found 29/32 keys (85)

[-] Chunk: 0.2s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  8.8s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|001|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|002|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|003|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|004|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|005|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|006|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|007|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|008|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|009|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|010|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|011|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|012|  54726176656c  | 1 |  776974687573  | 1 |
|013|  54726176656c  | 1 |  776974687573  | 1 |
|014|  54726176656c  | 1 |  776974687573  | 1 |
|015|  54726176656c  | 1 |  776974687573  | 1 |
|---|----------------|---|----------------|---|

9 second difference

pm3 --> hf mf fchk 1 m
......
[-] Chunk: 13.6s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  13.6s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  484558414354  | 1 |  a22ae129c013  | 1 |
|001|  484558414354  | 1 |  49fae4e3849f  | 1 |
|002|  484558414354  | 1 |  38fcf33072e0  | 1 |
|003|  484558414354  | 1 |  8ad5517b4b18  | 1 |
|004|  484558414354  | 1 |  509359f131b1  | 1 |
|005|  484558414354  | 1 |  6c78928e1317  | 1 |
|006|  484558414354  | 1 |  aa0720018738  | 1 |
|007|  484558414354  | 1 |  a6cac2886412  | 1 |
|008|  484558414354  | 1 |  62d0c424ed8e  | 1 |
|009|  484558414354  | 1 |  e64a986a5d94  | 1 |
|010|  484558414354  | 1 |  8fa1d601d0a2  | 1 |
|011|  484558414354  | 1 |  89347350bd36  | 1 |
|012|  484558414354  | 1 |  66d2b7dc39ef  | 1 |
|013|  484558414354  | 1 |  6bc1e1ae547d  | 1 |
|014|  484558414354  | 1 |  22729a9bd40f  | 1 |
|015|  484558414354  | 1 |  484558414354  | 1 |
|---|----------------|---|----------------|---|

vs

pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1
.
[-] Chunk: 2.9s | found 0/32 keys (85)
.
[-] Chunk: 2.9s | found 0/32 keys (85)
.
[-] Chunk: 2.8s | found 0/32 keys (85)
......
[-] Chunk: 13.3s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  22.0s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  484558414354  | 1 |  a22ae129c013  | 1 |
|001|  484558414354  | 1 |  49fae4e3849f  | 1 |
|002|  484558414354  | 1 |  38fcf33072e0  | 1 |
|003|  484558414354  | 1 |  8ad5517b4b18  | 1 |
|004|  484558414354  | 1 |  509359f131b1  | 1 |
|005|  484558414354  | 1 |  6c78928e1317  | 1 |
|006|  484558414354  | 1 |  aa0720018738  | 1 |
|007|  484558414354  | 1 |  a6cac2886412  | 1 |
|008|  484558414354  | 1 |  62d0c424ed8e  | 1 |
|009|  484558414354  | 1 |  e64a986a5d94  | 1 |
|010|  484558414354  | 1 |  8fa1d601d0a2  | 1 |
|011|  484558414354  | 1 |  89347350bd36  | 1 |
|012|  484558414354  | 1 |  66d2b7dc39ef  | 1 |
|013|  484558414354  | 1 |  6bc1e1ae547d  | 1 |
|014|  484558414354  | 1 |  22729a9bd40f  | 1 |
|015|  484558414354  | 1 |  484558414354  | 1 |
|---|----------------|---|----------------|---|

Offline

#3 2019-01-02 21:45:14

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [RDV4] upload dictionary files to flashmemory

Made a little video about it
https://youtu.be/pvwUx00ka6I

Offline

Board footer

Powered by FluxBB