Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2015-05-03 23:36:13

Coldzero
Member
Registered: 2015-05-03
Posts: 1

Breaking Hitag S?

Im trying to read the data on a Hitag S transponder and wanted to ask if
there are known ways to get the key and authenticate with it. im already able to read
the uid and config pages.
the crypto algorithm for Hitag 2 is already reverse engineered does Hitag S use the same?
i already tried to bruteforce the 32bit encrypted data in the Challenge request but it would take
8 years with my setup.

because of the fakt that there is nothing about Hitag S i believe its either super easy to break (somehow)
or its the exact same method as used to break Hitag 2.

Offline

#2 2015-05-05 18:56:09

lafeng666
Member
Registered: 2015-05-05
Posts: 1

Re: Breaking Hitag S?

roll

Offline

#3 2015-05-06 07:54:01

Sixkay
Contributor
Registered: 2015-03-18
Posts: 14

Re: Breaking Hitag S?

you dont need the key to read or write on a Hitags S  even if crypto-mode is being used.
just replay the Challenge request you sniffed from a reader-tag transaction after you selected
the tag.
this gives you the rights to read/write all pages except 1-5.

Offline

#4 2016-02-08 10:00:53

Joshm
Member
Registered: 2016-02-03
Posts: 5

Re: Breaking Hitag S?

Hi Coldzero,

How did you able to read the Hitag S UID and config pages?

I'm using the Hitag2 code in the proxmark and I get weird frame length.

did you use any special code?

Offline

#5 2016-03-03 14:35:23

ikarus
Contributor
Registered: 2012-09-20
Posts: 245
Website

Re: Breaking Hitag S?

Seems related to: 32c3 - talk about HITAG S

Offline

Board footer

Powered by FluxBB