Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-10-05 01:30:05

Elsin10
Contributor
Registered: 2018-02-27
Posts: 41

Having trouble cracking a Mifare card

I'm trying to crack a fare card but the card is protected. Can't do the hardnested attack

This is the card info

 UID : 48 b2 4d 09
ATQA : 00 04
 SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
 ATS : 0c 75 77 80 02 c1 05 2f 0f
       -  TL : length is 12 bytes
ATS may be corrupted. Length of ATS (9 bytes incl. 2 Bytes CRC) doesn't match TL
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5 (FSC = 64)
       - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 8 (FWT = 1048576/fc)
       - TC1 : NAD is NOT supported, CID is supported
       -  HB : c1 05 2f 0f 00 00 00
               c1 -> Mifare or (multiple) virtual cards of various type
                  05 -> Length is 5 bytes
                     2x -> MIFARE Plus
                        0x -> Engineering sample
                           x0 -> Only VCSL supported
No chinese magic backdoor command detected
Prng detection: HARDENED (hardnested)

Valid ISO14443A Tag Found - Quiting Search

I tried to use the hf mf mifare but i got this

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.Sending bytes to proxmark failed
..........#db# Canceled by button.
#db# COMMAND FINISHED.
Parity is all zero. Most likely this card sends NACK on every failed authentication.
#db# maxDataLen=2, Uart.state=0, Uart.len=0
Key not found (lfsr_common_prefix list is null). Nt=00000000
This is expected to happen in 25% of all cases. Trying again with a different reader nonce...
.Sending bytes to proxmark failed
Card is not vulnerable to Darkside attack (its random number generator is not predictable).
#db# Mifare: Can't select card
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.Sending bytes to proxmark failed
...............................................................................................................................................................................................................................................................................................Button pressed. Aborted.

---------------------------------
If is use hf mf hardnested 0 A FFFFFFFFFFFF 4 A w

i get
#db# Authentication failed. Card timeout.
#db# AcquireNonces: Auth1 error


Is there a way to crack this ?
Thanks

Offline

#2 2020-10-05 07:30:28

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Having trouble cracking a Mifare card

In order for hardnested to work you need to have one working key.  You can get that from either sniffing traffic between card and reader or try the hf mf chk command to look for known default keys

Offline

#3 2020-10-07 21:23:28

Elsin10
Contributor
Registered: 2018-02-27
Posts: 41

Re: Having trouble cracking a Mifare card

Thanks! I will try that.

Offline

Board footer

Powered by FluxBB