Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2019-08-27 19:43:51

theguy
Contributor
Registered: 2017-08-08
Posts: 52

Difficulty Reading MiFare Classic

pm3 --> hf sea
UID : XX XX XX XX         
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1         
[=] proprietary non iso14443-4 card found, RATS not supported         
[=] Answers to magic commands: NO         
[+] Prng detection: HARD         
         
[+] Valid ISO14443-A Tag Found


pm3 --> hf mf chk *1 ? extended-std.keys d
[+] Loaded 677 keys from extended-std.keys         

Time in checkkeys: 0 seconds
         
testing to read key B...         
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  ------------  | 0 |  ------------  | 0 |         
|001|  ------------  | 0 |  ------------  | 0 |         
|002|  ------------  | 0 |  ------------  | 0 |         
|003|  ------------  | 0 |  ------------  | 0 |         
|004|  ------------  | 0 |  ------------  | 0 |         
|005|  ------------  | 0 |  ------------  | 0 |         
|006|  ------------  | 0 |  ------------  | 0 |         
|007|  ------------  | 0 |  ------------  | 0 |         
|008|  ------------  | 0 |  ------------  | 0 |         
|009|  ------------  | 0 |  ------------  | 0 |         
|010|  ------------  | 0 |  ------------  | 0 |         
|011|  ------------  | 0 |  ------------  | 0 |         
|012|  ------------  | 0 |  ------------  | 0 |         
|013|  ------------  | 0 |  ------------  | 0 |         
|014|  ------------  | 0 |  ------------  | 0 |         
|015|  ------------  | 0 |  ------------  | 0 |         
|---|----------------|---|----------------|---|         
Printing keys to binary file hf-mf-EDFA8A45-key.bin...         
Found keys have been dumped to file hf-mf-EDFA8A45-key.bin. 0xffffffffffff has been inserted for unknown keys.         


Stuck here, not sure how to proceed.

Offline

#2 2019-08-27 21:33:07

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: Difficulty Reading MiFare Classic

New client and old firmware ?

Offline

#3 2019-08-27 21:46:59

theguy
Contributor
Registered: 2017-08-08
Posts: 52

Re: Difficulty Reading MiFare Classic

New client, new fw. latest iceman build.

Offline

#4 2019-08-28 09:33:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Difficulty Reading MiFare Classic

[admin] moved.

loading 677 keys and zero time in chk keys?   Is your device working like it should?

hw version
hw status
hw tune

Offline

#5 2019-08-28 18:24:25

theguy
Contributor
Registered: 2017-08-08
Posts: 52

Re: Difficulty Reading MiFare Classic

[ CLIENT ]         
client: iceman build for RDV40 with flashmem; smartcard; 
         
[ ARM ]
bootrom: iceman/master/ice_v3.1.0-1083-g05f43ba6 2019-05-17 02:40:08
      os: iceman/master/ice_v3.1.0-1091-g52fd820d 2019-08-12 19:27:16

[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23         

[ Hardware ]           
  --= uC: AT91SAM7S256 Rev D
  --= Embedded Processor: ARM7TDMI         
  --= Nonvolatile Program Memory Size: 256K bytes, Used: 237359 bytes (91%) Free: 24785 bytes ( 9%)         
  --= Second Nonvolatile Program Memory Size: None         
  --= Internal SRAM Size: 64K bytes         
  --= Architecture Identifier: AT91SAM7Sxx Series         
  --= Nonvolatile Program Memory Type: Embedded Flash Memory


pm3 --> hw status
#db# Memory         
#db#   BIGBUF_SIZE.............40000         
#db#   Available memory........40000         
#db# Tracing         
#db#   tracing ................1         
#db#   traceLen ...............0         
#db# Currently loaded FPGA image         
#db#   mode.................... HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23         
#db# Flash memory         
#db#   init....................FAIL         
#db# Smart card module (ISO 7816)         
#db#   version.................FAILED         
#db# LF Sampling config         
#db#   [q] divisor.............95 (125 KHz)         
#db#   [ b ] bps.................8         
#db#   [d] decimation..........1         
#db#   [a] averaging...........Yes         
#db#   [t] trigger threshold...0         
#db# USB Speed         
#db#   Sending USB packets to client...         
#db#   Time elapsed............1500ms         
#db#   Bytes transferred.......803840         
#db#   USB Transfer Speed PM3 -> Client = 535893 Bytes/s         
#db# Various         
#db#   MF_DBGLEVEL.............1         
#db#   ToSendMax...............-1         
#db#   ToSendBit...............0         
#db#   ToSend BUFFERSIZE.......2308         
#db# Installed StandAlone Mods         
#db#    LF HID26 standalone - aka SamyRun (Samy Kamkar)


pm3 --> hw tune
         
[=] measuring antenna characteristics, please wait...
         
....
         
[+] LF antenna: 26.34 V - 125.00 kHz         
[+] LF antenna: 19.97 V - 134.00 kHz         
[+] LF optimal: 26.48 V - 123.71 kHz         
[+] LF antenna is OK
         
[+] HF antenna: 25.38 V - 13.56 MHz         
[+] HF antenna is OK         
         
[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

Offline

#6 2019-08-28 18:26:28

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: Difficulty Reading MiFare Classic

How about not using the deprecated iceman fork...  and use the RRG/Iceman repo instead?
Since you are not running on a RDV4 device,  I also suggest you read the advanced compilation page the GH in order to compile for your device.  Something tells me you are using a precompiled binary distribution,

Offline

#7 2019-08-28 18:37:22

theguy
Contributor
Registered: 2017-08-08
Posts: 52

Re: Difficulty Reading MiFare Classic

Seems to be an error in command / code. The client says to do the command the way I did, with *1 ? = all blocks, all keys.

I did

pm3 --> hf mf chk * A ? extended-std.keys d
[+] Loaded 677 keys from extended-std.keys         
..................................................................................................................
Time in checkkeys: 172 seconds
         
testing to read key B...         
Reading block 3         
Data:FF FF FF FF FF FF           
Reading block 63         
Data:FF FF FF FF FF FF           
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|001|  ------------  | 0 |  ------------  | 0 |         
|002|  ------------  | 0 |  ------------  | 0 |         
|003|  ------------  | 0 |  ------------  | 0 |         
|004|  ------------  | 0 |  ------------  | 0 |         
|005|  ------------  | 0 |  ------------  | 0 |         
|006|  ------------  | 0 |  ------------  | 0 |         
|007|  ------------  | 0 |  ------------  | 0 |         
|008|  ------------  | 0 |  ------------  | 0 |         
|009|  ------------  | 0 |  ------------  | 0 |         
|010|  ------------  | 0 |  ------------  | 0 |         
|011|  ------------  | 0 |  ------------  | 0 |         
|012|  ------------  | 0 |  ------------  | 0 |         
|013|  ------------  | 0 |  ------------  | 0 |         
|014|  ------------  | 0 |  ------------  | 0 |         
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|---|----------------|---|----------------|---|         
Printing keys to binary file hf-mf-EDFA8A45-key.bin...         
Found keys have been dumped to file hf-mf-EDFA8A45-key.bin. 0xffffffffffff has been inserted for unknown keys.   


And then ran it again with B instead of A, and got almost the same result.

Offline

#8 2019-08-28 22:40:21

mwalker
Moderator
Registered: 2019-05-11
Posts: 318

Re: Difficulty Reading MiFare Classic

Test if the A or B key can read sector 0
If there is a 1 beside the key it means it found that key, zero means not found.

When it dumps the keys to the file it saves all keys, so has to put something there, hence the comment about the ff for unknown keys.

Last edited by mwalker (2019-08-28 22:47:15)

Offline

Board footer

Powered by FluxBB