Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2009-10-22 17:12:06

schwa226
Contributor
Registered: 2009-09-17
Posts: 17

card only attack

Hi,

as I was reading here: http://www.proxmark.org/forum/topic/353 … -1-anyone/
A card only attack is possible.

So I tried a little bit and I stuck already at the first step:
Send a 8 byte random cryptogram to the tag and vary the parity until the tag answers.
This would be 2^8 = 256 tries for the parity.
So I take the dummy cryptogram C:

{ 0xdd,0x14,0x64,0x77,0xe4,0xa6,0x07,0xcc  };

and vary the parity from

{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }

to

{ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 }

But every try the function

if (!nfc_initiator_transceive_bits(pdi,abtArEnc,64,abtArEncPar,abtRx,&uiRxLen,abtRxPar)) return false;

returns false - so no 4 bits were received.

For every try I switch off the RF field and init the tag again.

What I'm doing wrong?

Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: c4  bd  e3  38
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd! 14! 64  77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 46ms [Nr + Nt']: dd! 14! 64  77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: c4  bd  e3  38
real delay time was 63ms [Nr + Nt']: dd! 14! 64  77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: e3  38  00  30
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64  77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd! 14! 64  77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd! 14! 64! 77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd! 14! 64! 77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ae  dc  f5  be
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: c4  bd  e3  38
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14! 64! 77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 47ms [Nr + Nt']: dd! 14! 64! 77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd! 14! 64! 77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 63ms [Nr + Nt']: dd! 14! 64! 77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 62ms [Nr + Nt']: dd! 14  64  77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14  64  77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd! 14  64  77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14  64  77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd! 14  64  77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 63ms [Nr + Nt']: dd! 14  64  77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd! 14  64  77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14  64  77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14  64  77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd! 14  64  77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14  64  77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14  64  77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 63ms [Nr + Nt']: dd! 14  64  77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 46ms [Nr + Nt']: dd! 14  64  77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64  77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: ae  dc  f5  be
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd! 14  64! 77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: c4  bd  e3  38
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: f5  be  61  eb
real delay time was 63ms [Nr + Nt']: dd! 14  64! 77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd! 14  64! 77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd! 14  64! 77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 63ms [Nr + Nt']: dd  14! 64  77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ae  dc  f5  be
real delay time was 62ms [Nr + Nt']: dd  14! 64  77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd  14! 64  77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 63ms [Nr + Nt']: dd  14! 64  77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14! 64  77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 63ms [Nr + Nt']: dd  14! 64  77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 46ms [Nr + Nt']: dd  14! 64  77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14! 64  77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64  77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 63ms [Nr + Nt']: dd  14! 64  77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14! 64  77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14! 64  77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 63ms [Nr + Nt']: dd  14! 64  77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd  14! 64  77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14! 64  77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 46ms [Nr + Nt']: dd  14! 64  77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14! 64  77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14! 64  77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd  14! 64  77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd  14! 64! 77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: f5  be  61  eb
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd  14! 64! 77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ae  dc  f5  be
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd  14! 64! 77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14! 64! 77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14! 64! 77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14! 64! 77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14  64  77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14  64  77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14  64  77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 62ms [Nr + Nt']: dd  14  64  77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: bd  e3  38  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 62ms [Nr + Nt']: dd  14  64  77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd  14  64  77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 63ms [Nr + Nt']: dd  14  64  77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14  64  77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14  64  77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd  14  64  77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14  64  77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 63ms [Nr + Nt']: dd  14  64  77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 62ms [Nr + Nt']: dd  14  64  77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14  64  77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64  77  e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: 7a  df  b0  75
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14  64! 77! e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 62ms [Nr + Nt']: dd  14  64! 77! e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 46ms [Nr + Nt']: dd  14  64! 77! e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: 57  ee  7a  df
real delay time was 63ms [Nr + Nt']: dd  14  64! 77! e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ea  23  72  7e
real delay time was 62ms [Nr + Nt']: dd  14  64! 77! e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: dc  f5  be  61
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14  64! 77! e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 62ms [Nr + Nt']: dd  14  64! 77! e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64! 77! e4  a6  07! cc
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 63ms [Nr + Nt']: dd  14  64! 77  e4! a6! 07  cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4! a6! 07  cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4! a6! 07! cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 62ms [Nr + Nt']: dd  14  64! 77  e4! a6! 07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 62ms [Nr + Nt']: dd  14  64! 77  e4! a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4! a6  07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4! a6  07! cc!
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 63ms [Nr + Nt']: dd  14  64! 77  e4! a6  07! cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4  a6! 07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4  a6! 07  cc
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 46ms [Nr + Nt']: dd  14  64! 77  e4  a6! 07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14  64! 77  e4  a6! 07! cc
Auth: 60  00  f5  7b
Nt: e2  de  71  1c
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4  a6  07  cc!
Auth: 60  00  f5  7b
Nt: de  71  1c  00
real delay time was 47ms [Nr + Nt']: dd  14  64! 77  e4  a6  07  cc
Auth: 60  00  f5  7b
Nt: 71  1c  00  18
real delay time was 62ms [Nr + Nt']: dd  14  64! 77  e4  a6  07! cc!
Auth: 60  00  f5  7b
Nt: ee  7a  df  b0
real delay time was 63ms [Nr + Nt']: dd  14  64! 77  e4  a6  07! cc

Offline

#2 2009-10-22 21:10:37

hat
Contributor
Registered: 2009-04-12
Posts: 160

Re: card only attack

for the attack you are trying you need to get the timing accurate enough to make it generate the same tag nonce.

in your trace the Nt should be the same for the different tries.

In reality you will not always get the same tag nonce, but you will only use one tag nonce. unless you want to improve on the technique a bit.

Last edited by hat (2009-10-22 23:35:27)

Offline

#3 2009-10-23 07:26:57

schwa226
Contributor
Registered: 2009-09-17
Posts: 17

Re: card only attack

I thought for the first search 1/256 to get a reply the Nt doesn't matter.

Stage 1.
We send 128 queries (in expectancy)
with a fixed or random nT , and a random 8-
byte cryptogram (c0;c1;c2;c3;c4;c5;c6;c7), and a
fixed or random PC to get one case where the card
answers with 4 bits.

Anyway, thx - I will try with a fixed Nt again.

Offline

#4 2009-10-23 07:43:16

hat
Contributor
Registered: 2009-04-12
Posts: 160

Re: card only attack

yes, i'm not going to use bold letters, but 'for the attack you are trying'.

- if you try all 256 combinations of parity bits you will only certainly get a hit if you keep the nonce constant.

- you can vary the nonce cryptogram and parity bits, and you will still have the right parity bits with a probability of 1/256, and and expected value of 128 queries.
However iterating over all the possible parity bits is pointless here. if you vary the nonce, you can just as well take the parity bits random (actually it's even better).

==> you were mixing up two things.

Offline

Pages: 1

Board footer

Powered by FluxBB