Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2009-11-07 17:35:23
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
I've obtained extrange results i don´t know
hi a sniff the comunication and i I've obtained this
---------+----+----+-----------
+ 0: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 3975: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 00 f5 7b
+ 1064: : b8 02 a4 c8 76 b5 7f d0 !crc
+ 792: : c9 1e ee 63 !crc
+ 28909: : d6 94 93 71 !crc
+ 784: 0: TAG 2a ec 8a! d4 d0 07 !crc
+ 492: 0: TAG 01
+ 23968: : 38 2c 9d 32 !crc
+ 354: 0: TAG 1d 8d! 25!
+ 246: 0: TAG 13
+ 434: 0: TAG 31! 73 01
+ 24836: : 4e 10 57 38 !crc
+ 536: 0: TAG 5f!
+ 96: 0: TAG 05!
+ 504: 0: TAG 02
+ 52506: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 987: : 26
+ 1012: : 52
+ 4447: : 60 04 d1 3d
+ 1064: : 71 c3 26 69 57 1a 2b 86 !crc
+ 792: : ff 89 22 c3 !crc
+ 53142: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 146: 0: TAG 00!
+ 574: : 50 00 57 cd
+ 1999: : 52
+ 1976: : 93 20
+ 256: 0: TAG 04
+ 1216: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 08 bd f7
+ 176: 0: TAG 02
+ 888: : 4b 8d 93 84 df 2d 25 db !crc
+ 792: : c5 2f 10 6b !crc
+ 648: 0: TAG 02
+ 26509: : 56 d1 54 c0 !crc
+ 1120: 0: TAG 00!
+ 132: 0: TAG 07
+ 52487: : 26
+ 1968: : 93 20
+ 111: 0: TAG 5b 02
+ 145: 0: TAG 04
+ 2929: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 394: 0: TAG 01
+ 1078: : 93 70 12 74 c2 65 c1 b7 20
+ 128: 0: TAG 13
+ 872: : 60 0c 99 b1
+ 1064: : 2e 0d 30 35 e6 f4 f7 82 !crc
+ 308: 0: TAG 01
+ 484: : 69 12 9c 37 !crc
+ 228: 0: TAG 07
+ 576: 0: TAG 01
+ 232: 0: TAG 01
+ 240: 0: TAG 03!
+ 26592: : 46 a4 e2 37 !crc
+ 511864: : 26
+ 1968: : 93 20
+ 258: 0: TAG 00!
+ 1222: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 987: : 26
+ 1009: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 00 f5 7b
+ 1064: : 0b 02 9d 66 39 6e 4d c6 !crc
+ 61647: : 26
+ 3591: 0: TAG 04
+ 576: : 50 00 57 cd
+ 986: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 14 50 2d
+ 1919: : e6 06 9e 11 !crc
+ 1768: : d2 eb 49 12 0b b3 cd 40 36 40 7c 67 20 ff 90 60 bc 3e !crc
+ 3152: : 5f f5 0c 72 !crc
+ 54009: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 987: : 26
+ 1148: 0: TAG 3f!
+ 1839: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 08 bd f7
+ 1064: : 33 45 0d ca e7 69 9b 4c !crc
+ 856: : 70 6b 2b 25 !crc
+ 1768: : f6 c6 95 b2 01 f6 0c 85 ba 5e 60 db 79 7d 2d b7 83 11 !crc
+ 3150: : 43 aa 38 7a !crc
+ 692: 0: TAG 01
+ 534: 0: TAG 13
+ 26896: : 27
+ 3228: : 3d 5f ba 2f !crcfrom this log i know that
UID is 12 74 c2 65
50 00 57 cd is the HALT
but i don´t know
Tag Chal
Reader Chal
Reader Resp
Tag Resp
i'm confused i aslo know 60 00 is sector 0, 60 04 sector 4, 60 08 sector 8....
could some one explain to me this log file i like to understand everything i have also been reading this post
http://www.proxmark.org/forum/topic/233 … -obtained/
because is similar to my log but my log .
thanks
Offline
#2 2009-11-07 18:10:03
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
obviously your problem is that you can't hear the tag
you are only seeing what the reader is saying.
so this leads to good news bad news.
the bad news obviously is that you can't directly read the Tag Challenge or Tag Response. Because it simply did not intercept it. There are a few posts on the forum which indicate possible causes/fixes. Use the Search
the good news is though that there is enough information to start breaking some stuff. after all there are reader only attacks and the cipher is well weak.
Offline
#3 2009-11-07 18:44:42
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
ok
thanks i will try to solve the problem
Offline
#4 2009-11-07 19:39:54
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
i was feeling helpful and i ran your log trough some parsing magic. You'll be happy to learn that you can extract the keys for a bunch of sectors.
they are the all the same key btw. which is plain ASCII (aka a readable 'word').
if there is a (brand) name associated with the card that starts with a z i wouldn't make it too complicated ;-)
Last edited by hat (2009-11-07 19:44:41)
Offline
#5 2009-11-07 20:04:44
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
hi
i don´t understand you, sorry i´m from Spain and sometimes tecnical words i don´t know the meaning
you say that you have extract from my log the keys??
the keys from all sectors are the same??
the key is a name??
it start whit the Z???
is this correct???
how do you do this??
could you give me some info or some link to read and to learm.
thanks
Offline
#6 2009-11-07 21:51:24
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
yes that is correct. The keys for the sectors 0 4 8 C are all the same.
you can find all the necessary information in this websites file section. Takes a few lines of code to call crapto1 correctly and recover the keys.
Offline
#7 2009-11-08 09:06:34
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
could you explain how to do this: Takes a few lines of code to call crapto1 correctly and recover the keys.
because i´ve been looking in the forum but i really don´t know how to do it without
Tag Chal
Reader Chal
Reader Resp
Tag Resp
could you put how do you recover it??
step by step
thanks
Last edited by thefkboss (2009-11-08 09:08:08)
Offline
#8 2009-11-08 19:30:00
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
i continue whit same problem
now a capture again
+ 0: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 987: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 00 f5 7b
+ 27557: : ad 54 40 8e !crc
+ 384: 0: TAG 23! 65 ec! 62 4e! b6 e9! 27! !crc
+ 25164: : 94 4b d2 fe !crc
+ 122: 0: TAG 04
+ 184: 0: TAG 5c 40 85
+ 264: 0: TAG fd! 04
+ 344: 0: TAG 58! 81! fb 23
+ 320: 0: TAG db! 02
+ 26940: : 48 54 7a bf !crc
+ 416: 0: TAG 04
+ 160: 0: TAG 42!
+ 576: 0: TAG a6 0b!
+ 51529: : 26
+ 1968: : 93 20
+ 256: 0: TAG 04
+ 144: 0: TAG 04
+ 1080: : 93 70 12 74 c2 65 c1 b7 20
+ 136: 0: TAG 09!
+ 584: : 50 00 57 cd
+ 1997: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 04 d1 3d
+ 1064: : b2 b4 09 e8 49 9f 1b 2c !crc
+ 210: 0: TAG 02
+ 582: : d9 2b f3 87 !crc
+ 378: 0: TAG 6b 01
+ 320: 0: TAG 02
+ 208: 0: TAG 00!
+ 72: 0: TAG 00!
+ 54: 0: TAG 2d!
+ 52250: : 26
+ 1968: : 93 20
+ 3186: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 3535: : 44 b8 83 2f 01 be c5 3c !crc
+ 792: : 23 88 20 a7 !crc
+ 29829: : 13 15 f7 d9 !crc
+ 53280: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 987: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 2471: : 60 0c 99 b1
+ 1064: : a5 4e 2e 10 18 1a ab 78 !crc
+ 792: : c4 bc aa 28 !crc
+ 26997: : f1 e3 a4 12 !crc
+11126532: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 1705: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 00 f5 7b
+ 1064: : a7 f0 0d 9d 49 79 7a b3 !crc
+ 792: : 18 91 77 a5 !crc
+ 194: 0: TAG 01
+ 26172: : ba
+ 320: 0: TAG e1 66 10
+ 424: 0: TAG 92 79 33! 02
+ 344: 0: TAG 09!
+ 25197: : a8 4f 5e 4d !crc
+ 608: 0: TAG 7d! 01
+ 120: 0: TAG 02
+ 25813: : 25 b3 bd ee !crc
+ 244: 0: TAG 03!
+ 364: 0: TAG d9! 02
+ 308: 0: TAG 03!
+ 224: 0: TAG 01
+ 51763: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 704: : 50 00 57 4d !crc
+ 1001: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 110: 0: TAG 5b 02
+ 1362: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 04 d1 3d
+ 1064: : 3a 0d 71 ea 54 9c 9b ea !crc
+ 110: 0: TAG 8b!
+ 682: : 42 65 a8 90 !crc
+ 55288: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 1996: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 08 bd f7
+ 178: 0: TAG 93!
+ 886: : 50 7a f0 b1 19 36 97 b4 !crc
+ 792: : 7f b0 49 53 !crc
+ 138: 0: TAG 0a! db! 08! 92 1b ff fc! 12! 01 !crc
+ 26188: : c8 dd 12 c5 !crc
+ 176: 0: TAG 2b 21!
+ 224: 0: TAG 15
+ 80: 0: TAG da 25! da! 25! 04!
+ 432: 0: TAG 27!
+ 53558: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 986: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 1472: : 93 70 12 74 c2 65 c1 b7 20
+ 1000: : 60 0c 99 b1
+ 1064: : 5a ec f9 94 d2 73 04 a5 !crc
+ 26365: : 40 9a 3a fa !crc
+ 591: 0: TAG 04
+ 466666: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 986: : 26
+ 1012: : 52
+ 1976: : 93 20
+ 96: 0: TAG 6e! a8! 53 49
+ 304: 0: TAG 04
+ 1072: : 93 70 12 74 c2 65 c1 b7 20
+ 104: 0: TAG 9f!
+ 1048: 0: TAG af! 23
+ 150: 0: TAG 8e!
+ 866: 0: TAG 8e 2d! 40
+ 686: : b8 11 c8 8d !crc
+ 402: 0: TAG 82 96! 00! 01
+ 264: 0: TAG 10
+ 128: 0: TAG 02
+ 240: 0: TAG 11! 7f 86
+ 238: 0: TAG 9a!
+ 59803: : 26
+ 1968: : 93 20
+ 1480: : 93 70 12 74 c2 65 c1 b7 20
+ 720: : 50 00 57 cd
+ 3973: : 93 20
+ 394: 0: TAG 09!
+ 1078: : 93 70 12 74 c2 65 c1 b7 20
+ 130: 0: TAG 13
+ 870: : 60 1c 18 a1
+ 252: 0: TAG 01
+ 126: 0: TAG 04 i can´t get anything that can i use to break the key.
some one could give me some ideas??
you say that they key start whit z in ASCCI
how dou you get it??
Offline
#9 2009-11-08 21:57:25
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
rather than dwell on this, you will want to make your sniffer create nice complete trace logs.
http://www.proxmark.org/forum/topic/225 … look-like/
http://www.proxmark.org/forum/topic/209 … ph14alist/
step by step guides are for pussies, nag less, do more.
Offline
#10 2009-11-08 22:37:20
- rule
- Member
- Registered: 2008-05-21
- Posts: 417
Re: I've obtained extrange results i don´t know
furthermore.... there is also the manual 
Offline
#11 2009-11-12 22:19:52
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
making the trip over to check the other topic not a total loss. I'll tease you with saying that the second letter is an O ;-)
only 4 to go
Offline
#12 2009-11-12 23:38:12
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
thanks a lot. really.
the problem know is that i want to know why the proxmark don´t capture the tag it muss be something with the reader power.
it has to be to strong this next week i will continue trying untill i have it.
know is a quetion of pride.
i have a quetion about the key you say is an O but capital letter??
an the first one the z is capital letter or tiny??
thanks a lot hat
Offline
#13 2009-11-13 03:08:40
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
yeah you really should figure out how to fix your proxmark setup, you'll probably have paid enough to get the device in the first place.
i purposefully mixed the case up, to retain an extra bit or 2 of entropy, just because it was a possibility.
the crypto part is pretty trivial, once you understand how it all works. Btw besides the fact that you don't hear the tag you were also not collecting accurate parity information. Do let us know if you figure it out
Offline
#14 2009-11-13 17:55:28
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
today i have built a new antenna it give me 14 v more or less and i have the same resoult it only hear the reader.
i´m thinking on puting silver role in the back of the proxmar, after this, a pice of plastic and the proxmark over all. i want to isolete the proxmark from the reader field. i think this is the only way for not to be affected from the reader field.
what do you thing???
could you give me 2 more letters please.
this weekend i´m going to be at home and i want to try bruteforce agains the card using my reader but with 2 leetter is imposible to attack there are thousand of combinations with 4 letters i thing is possible
thanks for everything
Last edited by thefkboss (2009-11-13 18:01:04)
Offline
#15 2009-11-13 18:55:41
- rule
- Member
- Registered: 2008-05-21
- Posts: 417
Re: I've obtained extrange results i don´t know
- Keep your reader with antenna to the wall-reader all the time.
- Practice a smooth hand-wave movement with the card.
- Wave the card ~2 cm away from the wall-reader/proxmark-antenna.
Good luck!
Offline
#16 2009-11-14 00:08:14
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
haha that made me laugh.
sorry though we're not in the business of bargening for key bytes. especially not for free . it's trivial to break the crypto if you read through the papers.
there is however little point in me cracking keys for you ,-)
Offline
#17 2009-11-14 09:57:18
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
ok i understand.
this monday i wil try everything you tell me.
thanks
Offline
#18 2009-11-17 22:25:05
- hat
- Contributor
- Registered: 2009-04-12
- Posts: 160
Re: I've obtained extrange results i don´t know
and the results were ...
Offline
#19 2009-11-17 22:59:35
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: I've obtained extrange results i don´t know
sorry i don´t have time this week i have to make a lot of proyects for the university.
but whe i have time i will post the result.
As i said i have made some new modificarions in my proxmark like i new antenna and the new silver role wall.
and i also have practised my new hand movement.
as soom i have time i will post it. i promise
Offline