Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-01-09 19:16:00

Danz
Contributor
From: Dubai
Registered: 2015-10-24
Posts: 98

New NXP mifare S50 hardened

Hello everyone,

New cards from nxp doesn't have any known keys (not even one on the common ones), darkside and nested wont work.

Is nonce bruteforce is the way to go or have to get sniffing to get keys from reader ?

Thanks,

Offline

#2 2018-01-09 19:21:10

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: New NXP mifare S50 hardened

easiest to sniff.  Not sure how you were going to bruteforce a nonce.  Would you care to elaborate?

Offline

#3 2018-01-10 14:16:10

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: New NXP mifare S50 hardened

Danz wrote:

Hello everyone,
New cards from nxp doesn't have any known keys (not even one on the common ones), darkside and nested wont work.

Can you please elaborate? What type of cards are these? Without known keys they would be quite useless because nobody would be able to write anything to them.

Offline

#4 2018-01-23 18:12:21

xiaojin1985
Contributor
From: China
Registered: 2017-12-21
Posts: 27

Re: New NXP mifare S50 hardened

I have the same card with fully encoded sectors........and there is NO WAY to sniff.....

Offline

#5 2018-01-23 18:21:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: New NXP mifare S50 hardened

Please explain why you can't sniff traffic between reader & card?

Offline

#6 2018-01-23 19:58:57

Danz
Contributor
From: Dubai
Registered: 2015-10-24
Posts: 98

Re: New NXP mifare S50 hardened

For me, software issue, I just crack it with chameleonmini then bruteforced the other keys out .. I am sure sniff the decrypt will do the same for proxmark as chameleonmini did smile

Offline

#7 2018-01-23 20:08:00

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: New NXP mifare S50 hardened

PM3 can get a key quite fast from simulation x,  but sniffing requires knowledge on what data to use for in mfkey32.
well, not if you use the "hf mf sniff"  that one will also find it.   However I removed that command from the fork,  still exists in offical pm3.

Chameleon mini makes that process a bit smoother. @danz, which device do you have?

Offline

#8 2018-01-25 17:49:07

xiaojin1985
Contributor
From: China
Registered: 2017-12-21
Posts: 27

Re: New NXP mifare S50 hardened

iceman wrote:

Please explain why you can't sniff traffic between reader & card?

My staff-id card is linked with some restricted area,if I do sniffering,the security guard may arrest me...

Offline

#9 2018-01-25 17:52:12

xiaojin1985
Contributor
From: China
Registered: 2017-12-21
Posts: 27

Re: New NXP mifare S50 hardened

and there is a monitor above any card-reader...I want backup my card data,but no way....

Offline

#10 2018-01-25 20:31:17

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: New NXP mifare S50 hardened

You should always have a printout of your management approval for the penetration test.

Offline

#11 2018-01-28 00:07:25

Danz
Contributor
From: Dubai
Registered: 2015-10-24
Posts: 98

Re: New NXP mifare S50 hardened

@iceman I have rdv2 and for chameleonmini .. got RevE and official ReveG.

Incase you need to run some tests let me know

Offline

#12 2018-01-28 00:11:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: New NXP mifare S50 hardened

That would be outside of the purpose of this thread.   However revg and the new gui would be nice if you tested smile

Offline

Board footer

Powered by FluxBB