Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2020-04-05 10:04:12
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Proxmark3 (No valid keys found)
Hello!
According to the instructions, I successfully connected Proxmark3 to Ubuntu 18.04 - https://github.com/Proxmark/proxmark3/wiki/Ubuntu-Linux
Then I started trying to copy cards / keychain RFID, with a simple RFID keychain from my intercom I copied without problems, because it was not encrypted.
But with the card RFID from the parking there were problems.
1. Run command - hf search
proxmark3> hf search
UID: 43 8b b7 75
ATQA: 00 04
SAK: 08 [2]
TYPE: NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search2. Run command - hf mf chk * ?
proxmark3> hf mf chk * ?
--chk keys. sectors: 16, block no: 0, key type:?, eml: n, dmp = n checktimeout = 471 us
No key specified, trying default keys
chk default key [0] ffffffffffff
chk default key [1] 000000000000
chk default key [2] a0a1a2a3a4a5
chk default key [3] b0b1b2b3b4b5
chk default key [4] aabbccddeeff
chk default key [5] 1a2b3c4d5e6f
chk default key [6] 123456789abc
chk default key [7] 010203040506
chk default key [8] 123456abcdef
chk default key [9] abcdef123456
chk default key [10] 4d3a99c351dd
chk default key [11] 1a982c7e459a
chk default key [12] d3f7d3f7d3f7
chk default key [13] 714c5c886e97
chk default key [14] 587ee5f9350f
chk default key [15] a0478cc39091
chk default key [16] 533cb6c723f6
chk default key [17] 8fd0a4f256e9
To cancel this operation press the button on the proxmark ...
-.
No valid keys found.And I get the error "No valid keys found". What am I doing wrong? What should I do next?
Offline
#2 2020-04-05 15:11:38
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: Proxmark3 (No valid keys found)
Try 'hf mf mifare', then 'hf mf nested'.
Offline
#3 2020-04-05 17:44:05
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Try 'hf mf mifare', then 'hf mf nested'.
Hello, piwi! I previously ran these commands, but this does not help me copy the RFID-keychain
1. Run command - hf mf mifare
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.....Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown
generating polynomial with 16 effective bits only, but shows unexpected behaviour. 2. Run command - hf mf nested
proxmark3> hf mf nested
Usage:
all sectors: hf mf nested <card memory> <block number> <key A/B> <key (12 hex symbols)> [t|d|s|ss]
all sectors autosearch key: hf mf nested <card memory> * [t|d|s|ss]
one sector: hf mf nested o <block number> <key A/B> <key (12 hex symbols)>
<target block number> <target key A/B> [t]
card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K
t - transfer keys to emulator memory
d - write keys to binary file dumpkeys.bin
s - Slow (1ms) check keys (required by some non standard cards)
ss - Very slow (5ms) check keys
sample1: hf mf nested 1 0 A FFFFFFFFFFFF
sample2: hf mf nested 1 0 A FFFFFFFFFFFF t
sample3: hf mf nested 1 0 A FFFFFFFFFFFF d
sample4: hf mf nested o 0 A FFFFFFFFFFFF 4 A
sample5: hf mf nested 1 * t
sample6: hf mf nested 1 * ss 3. Run command - hf mf nested 1 * t
proxmark3> hf mf nested 1 * t
--nested. sectors:16, block no:*, eml:y, dmp=n checktimeout=471 us
Testing known keys. Sector count=16
Can't found any of the known keys. Maybe I need to execute other commands? Or maybe I need to do sniffing (snooping) RFID-keychain, but I have absolutely no experience in the sequence of my actions.
Offline
#4 2020-04-06 21:54:44
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Hello!
Since I could not find any key and standard keys do not fit. I tried to do a sniffing tag.
1. Run command - hf 14a snoop (several times)
And put "Tag - Proxmark - Reader"
2. Run command - hf list 14a -l myCardTrace21.trc , hf list 14a -l myCardTrace22.trc , hf list 14a -l myCardTrace25.trc
proxmark3> hf list 14a -l myCardTrace21.trc
Recorded Activity (TraceLen = 39281 bytes)
Start = Start of Frame, End = End of Frame. Src = Source of transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error, ' denotes short bytes) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 2368 | Tag | 04 00 | |
449376 | 451744 | Tag | 04 00 | |
891392 | 893760 | Tag | 04 00 | |
921072 | 926896 | Tag | 43 8b b7 75 0a | |
1371872 | 1374240 | Tag | 04 00 | |
1401680 | 1407504 | Tag | 43 8b b7 75 0a | |
1449264 | 1452784 | Tag | 08 b6 dd | |
1560208 | 1564880 | Tag | f7 ab 2b 69 | |
1576848 | 1581520 | Tag | dd! 46 c0! 9c | |
1608832 | 1629632 | Tag | 08! e0 5e! 39! ea 19 07! a2 47! 95 46 6b! 98 55 92 cb! | |
| | | 3a! 49! | !crc|
2977648 | 2980016 | Tag | 04 00 | |
3003676 | 3006140 | Rdr | 93 20 | | ANTICOLL
3007328 | 3013152 | Tag | 43 8b b7 75 0a | |
3044108 | 3054572 | Rdr | 93 70 43 8b b7 75 0a 68 cf | ok | SELECT_UID
3055808 | 3059328 | Tag | 08 b6 dd | |
3103468 | 3104524 | Rdr | 26' | | REQA
3105712 | 3108080 | Tag | 04 00 | |
3132252 | 3134716 | Rdr | 93 20 | | ANTICOLL
3135888 | 3141712 | Tag | 43 8b b7 75 0a | |
3185152 | 3188672 | Tag | 08 b6 dd | |
3232748 | 3233804 | Rdr | 26' | | REQA
3234992 | 3237360 | Tag | 04 00 | |
3262044 | 3264508 | Rdr | 93 20 | | ANTICOLL
3265680 | 3271504 | Tag | 43 8b b7 75 0a | |
3314944 | 3318464 | Tag | 08 b6 dd | |
3363872 | 3366240 | Tag | 04 00 | |
3393808 | 3399632 | Tag | 43 8b b7 75 0a | |
3429564 | 3440028 | Rdr | 93 70 43 8b b7 75 0a 68 cf | ok | SELECT_UID
3441280 | 3444800 | Tag | 08 b6 dd | |
3487712 | 3490080 | Tag | 04 00 | |
3513740 | 3516204 | Rdr | 93 20 | | ANTICOLL
3517392 | 3523216 | Tag | 43 8b b7 75 0a | |
.....I attach files - https://drive.google.com/drive/folders/ … sp=sharing
How can I find out the key, block number and type of key from this information?
Last edited by Rema78 (2020-04-06 22:09:43)
Offline
#5 2020-04-07 10:59:05
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: Proxmark3 (No valid keys found)
Hello, have you installed this repo:
# git clone https://github.com/RfidResearchGroup/proxmark3.git.there is the doc to install the proxmark3 correctly. Otherwise try hf mf autopwn.
Have a good day
Offline
#6 2020-04-07 23:38:20
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Hello, fazer!
I correctly installed my proxmark3 for Ubuntu 18.04 by official manual - https://github.com/Proxmark/proxmark3/wiki/Ubuntu-Linux
1. Run command - hf mf autopwn
proxmark3> hf mf autopwn
help This help
dbg Set default debug mode
rdbl Read MIFARE classic block
rdsc Read MIFARE classic sector
dump Dump MIFARE classic tag to binary file
restore Restore MIFARE classic binary file to BLANK tag
wrbl Write MIFARE classic block
auth4 ISO14443-4 AES authentication
chk Test block keys
mifare Read parity error messages.
hardnested Nested attack for hardened Mifare cards
nested Test nested authentication
sniff Sniff card-reader communication
sim Simulate MIFARE card
eclr Clear simulator memory
eget Get simulator memory block
eset Set simulator memory block
eload Load from file emul dump
esave Save to file emul dump
ecfill Fill simulator memory with help of keys from simulator
ekeyprn Print keys from simulator memory
cwipe Wipe magic Chinese card
csetuid Set UID for magic Chinese card
csetblk Write block - Magic Chinese card
cgetblk Read block - Magic Chinese card
cgetsc Read sector - Magic Chinese card
cload Load dump into magic Chinese card
csave Save dump from magic Chinese card into file or emulator
decrypt [nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace
mad Checks and prints MAD
ndef Prints NDEF records from card
personalize Personalize UID (Mifare Classic EV1 only) But this command does not work!
Send me a link to configure and use the proxmark for Ubuntu in community "RfidResearchGroup", please
Last edited by Rema78 (2020-04-07 23:45:02)
Offline
#7 2020-04-08 08:15:41
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: Proxmark3 (No valid keys found)
Hi Rema78, look the reposite
# git clone https://github.com/RfidResearchGroup/proxmark3.git.[=] Session log /home/pascal/.proxmark3/log_20200408.txt
[=] Using UART port /dev/ttyACM0
[=] Communicating with PM3 over USB-CDC
██████╗ ███╗ ███╗ ████╗
██╔══██╗████╗ ████║ ══█║
██████╔╝██╔████╔██║ ████╔╝
██╔═══╝ ██║╚██╔╝██║ ══█║ ❄️ iceman@icesql.net ☕
██║ ██║ ╚═╝ ██║ ████╔╝ https://github.com/rfidresearchgroup/proxmark3/
╚═╝ ╚═╝ ╚═╝ ╚═══╝ pre-release v4.0
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman
compiled with GCC 9.2.1 20191008 OS:Linux ARCH:x86_64
[ PROXMARK3 RDV4 ]
external flash: present
smartcard reader: present
[ PROXMARK3 RDV4 Extras ]
FPC USART for BT add-on support: present
[ ARM ]
bootrom: RRG/Iceman/master/0181d5c8-dirty-unclean 2020-04-04 18:48:49
os: RRG/Iceman/master/0181d5c8-dirty-unclean 2020-04-04 18:49:05
compiled with GCC 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]
[ FPGA ]
LF image built for 2s30vq100 on 2020-02-22 at 12:51:14
HF image built for 2s30vq100 on 2020-01-12 at 15:31:16
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 282263 bytes (54%) Free: 242025 bytes (46%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
[usb] pm3 --> hf mf h
help This help
list List MIFARE history
darkside Darkside attack
nested Nested attack
hardnested Nested attack for hardened MIFARE Classic cards
staticnested Nested attack against static nonce MIFARE Classic cards
autopwn Automatic key recovery tool for MIFARE Classic
nack Test for MIFARE NACK bug
chk Check keys
fchk Check keys fast, targets all keys on card
decrypt [nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace
-----------
rdbl Read MIFARE classic block
rdsc Read MIFARE classic sector
dump Dump MIFARE classic tag to binary file
restore Restore MIFARE classic binary file to BLANK tag
wrbl Write MIFARE classic block
setmod Set MIFARE Classic EV1 load modulation strength
auth4 ISO14443-4 AES authentication
-----------
sim Simulate MIFARE card
eclr Clear simulator memory
eget Get simulator memory block
eset Set simulator memory block
eload Load from file emul dump
esave Save to file emul dump
ecfill Fill simulator memory with help of keys from simulator
ekeyprn Print keys from simulator memory
-----------
csetuid Set UID (magic chinese card)
cwipe Wipe card to default UID/Sectors/Keys
csetblk Write block (magic chinese card)
cgetblk Read block (magic chinese card)
cgetsc Read sector (magic chinese card)
cload Load dump (magic chinese card)
csave Save dump from magic chinese card into file or emulator
-----------
mad Checks and prints MAD
ndef Prints NDEF records from card
personalize Personalize UID (Mifare Classic EV1 only)
ice collect MIFARE Classic nonces to fileOffline
#8 2020-04-10 21:24:16
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Dears fazer and iceman!
1. I successfully flashed the device with firmware RfidResearchGroup
2. I run command hf mf autopwn
[usb] pm3 --> hf mf autopwn
[!] ⚠️ no known key was supplied, key recovery might fail
[+] loaded 23 keys from hardcoded default array
[=] running strategy 1
[=] Chunk: 0.4s | found 0/32 keys (23)
[=] running strategy 2
.
[=] Chunk: 3.9s | found 0/32 keys (23)
[=] --------------------------------------------------------------------------------
[=] executing Darkside attack. Expected execution time: 25sec on average
[=] press pm3-button on the Proxmark3 device to abort both Proxmark3 and client.
[=] --------------------------------------------------------------------------------
................................................................................................................................................................................................................................................I’ve been waiting for 10 minutes and nothing comes up, only the preloader with dots runs.
Two indicators are lit on the device - blue (d) and orange (c) and nothing happens.
Maybe I'm doing something wrong or should I leave the running command for a long time?
Offline
#9 2020-04-11 08:00:13
- fazer
- Contributor
- Registered: 2019-03-02
- Posts: 156
Re: Proxmark3 (No valid keys found)
Hello Rema78, glad to see that you were able to flash your proxmark correctly. Now I advise you to read in the file /doc/commands.md to see how you can get what you are looking for. The advantage we have and this documentation to work, I thank the team for their job. You can also look at the requests already made on the profile of your search.
Have a good day.
Offline
#10 2020-04-11 11:23:29
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Proxmark3 (No valid keys found)
Cheat sheet
https://github.com/RfidResearchGroup/pr … atsheet.md
In your case use the helptext parameter h, to understand the command better.
Offline
#11 2020-04-14 13:00:28
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Dears iceman and fazer!
1. I run command - hf search:
[usb] pm3 --> hf search
? Searching for ISO14443-A tag...
[+] UID: 43 8B B7 75
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] POSSIBLE TYPE: MIFARE Classic 1K / Classic 1K CL2
[+] POSSIBLE TYPE: MIFARE Plus 2K / Plus EV1 2K
[+] POSSIBLE TYPE: MIFARE Plus CL2 2K / Plus CL2 EV1 2K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection: weak
[+] Valid ISO14443-A tag found2. I run command - hf mf chk *1 ? d mfc_default_keys:
[usb] pm3 --> hf mf chk *1 ? d mfc_default_keys
[+] Loaded 920 keys from mfc_default_keys
................................................................................................................................................................................................................................................................................................................................................................
[=] Time in checkkeys: 217 seconds
[=] testing to read key B...
[+] found keys:
[+] |-----|----------------|---|----------------|---|
[+] | Sec | key A |res| key B |res|
[+] |-----|----------------|---|----------------|---|
[+] | 000 | ------------ | 0 | ------------ | 0 |
[+] | 001 | ------------ | 0 | ------------ | 0 |
[+] | 002 | ------------ | 0 | ------------ | 0 |
[+] | 003 | ------------ | 0 | ------------ | 0 |
[+] | 004 | ------------ | 0 | ------------ | 0 |
[+] | 005 | ------------ | 0 | ------------ | 0 |
[+] | 006 | ------------ | 0 | ------------ | 0 |
[+] | 007 | ------------ | 0 | ------------ | 0 |
[+] | 008 | ------------ | 0 | ------------ | 0 |
[+] | 009 | ------------ | 0 | ------------ | 0 |
[+] | 010 | ------------ | 0 | ------------ | 0 |
[+] | 011 | ------------ | 0 | ------------ | 0 |
[+] | 012 | ------------ | 0 | ------------ | 0 |
[+] | 013 | ------------ | 0 | ------------ | 0 |
[+] | 014 | ------------ | 0 | ------------ | 0 |
[+] | 015 | ------------ | 0 | ------------ | 0 |
[+] |-----|----------------|---|----------------|---|
[+] ( 0 :Failed / 1 :Success)
[+] Generating binary key file
[+] Found keys have been dumped to hf-mf-438BB775-key.bin --> 0xffffffffffff has been inserted for unknown keys.3. I run command - hf mf fchk 1 m:
[usb] pm3 --> hf mf fchk 1 m
[+] No key specified, trying default keys
[ 0] ffffffffffff
[ 1] 000000000000
[ 2] a0a1a2a3a4a5
[ 3] b0b1b2b3b4b5
[ 4] c0c1c2c3c4c5
[ 5] d0d1d2d3d4d5
[ 6] aabbccddeeff
[ 7] 1a2b3c4d5e6f
[ 8] 123456789abc
[ 9] 010203040506
[10] 123456abcdef
[11] abcdef123456
[12] 4d3a99c351dd
[13] 1a982c7e459a
[14] d3f7d3f7d3f7
[15] 714c5c886e97
[16] 587ee5f9350f
[17] a0478cc39091
[18] 533cb6c723f6
[19] 8fd0a4f256e9
[20] 0000014b5c31
[21] b578f38a5c61
[22] 96a301bce267
[=] Running strategy 1
[=] Chunk: 0.4s | found 0/32 keys (23)
[=] Running strategy 2
.
[=] Chunk: 3.9s | found 0/32 keys (23)
[=] Time in checkkeys (fast): 4.4s
[!] ⚠️ No keys found 4. I run command - script run hf_bruteforce -s 0x438BB775 -e 0x438BB775 -t 1000 -x mfc:
[usb] pm3 --> script run hf_bruteforce -s 0x438BB775 -e 0x438BB775 -t 1000 -x mfc
[+] executing lua /home/administrator/proxmark3/client/luascripts/hf_bruteforce.lua
[+] args '-s 0x438BB775 -e 0x438BB775 -t 1000 -x mfc'
----------------------------------------
Bruteforcing Mifare Classic card numbers
----------------------------------------
Running: "hf 14a sim t 1 u 000000438bb775"
[+] Emulating ISO/IEC 14443 type A tag with 7 byte UID (00 00 00 43 8B B7 75)
[=] Press pm3-button to abort simulationI’ve been waiting for 10 minutes and nothing comes up.
One indicator are lit on the device - green (a) and nothing happens.
5. I run command - hf mf autopwn:
[usb] pm3 --> hf mf autopwn
[!] ⚠️ no known key was supplied, key recovery might fail
[+] loaded 23 keys from hardcoded default array
[=] running strategy 1
[=] Chunk: 0.4s | found 0/32 keys (23)
[=] running strategy 2
.
[=] Chunk: 3.9s | found 0/32 keys (23)
[=] --------------------------------------------------------------------------------
[=] executing Darkside attack. Expected execution time: 25sec on average
[=] press pm3-button on the Proxmark3 device to abort both Proxmark3 and client.
[=] --------------------------------------------------------------------------------
.................................................................................................................................................................I’ve been waiting for 10 minutes and nothing comes up, only the preloader with dots runs.
Two indicators are lit on the device - blue (d) and orange (c) and nothing happens.
I tried different options for the commands. But the keys are still not found.
What am I doing wrong, what other commands do I need to execute?
Offline
#12 2020-04-21 09:54:16
- Rema78
- Contributor
- Registered: 2020-04-04
- Posts: 20
Re: Proxmark3 (No valid keys found)
Dears iceman, fazer and others!
I beg you to help me.
Offline
#13 2022-02-04 17:37:10
- pbtek
- Contributor
- Registered: 2019-04-05
- Posts: 39
Re: Proxmark3 (No valid keys found)
I have the same: "No valid keys found."
did you solve it??
Offline
#14 2022-02-05 13:29:21
- pbtek
- Contributor
- Registered: 2019-04-05
- Posts: 39
Re: Proxmark3 (No valid keys found)
Do you have updates? I am interested in developments in your project...
Offline
Pages: 1