Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2017-06-27 11:13:36

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

[Solved]my attack nested doesnt work anymore since update.

i had tune problem because i used different client and firmware. problem fixed!

now i run under this last version
Prox/RFID mark3 RFID instrument         
bootrom: master/v2.2.0-527-g6100040-suspect 2017-06-26 15:28:02
os: master/v2.2.0-527-g6100040-suspect 2017-06-26 15:28:07
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/05/17 at 17:48:26
uC: AT91SAM7S256 Rev B         
Embedded Processor: ARM7TDMI         
Nonvolatile Program Memory Size: 256K bytes. Used: 192561 bytes (73%). Free: 69583 bytes (27%).         
Second Nonvolatile Program Memory Size: None         
Internal SRAM Size: 64K bytes         
Architecture Identifier: AT91SAM7Sxx Series         
Nonvolatile Program Memory Type: Embedded Flash Memory

my hf tune is about 15V and 12v with a tag.

my attack find a key but nested failed on all my tag.mifare 1k
doesnt find my tag and finally dark give me this:

#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
.#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
uid(ba82c39f) nt(1ce2c881) par(0000000000000000) ks(020506070006010a) nr(2400000007)
|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000007| 2 |  7  |0,0,0,0,0,0,0,0|
| 20 |00000027| 5 |  0  |0,0,0,0,0,0,0,0|
| 40 |00000047| 6 |  3  |0,0,0,0,0,0,0,0|
| 60 |00000067| 7 |  2  |0,0,0,0,0,0,0,0|
| 80 |00000087| 0 |  5  |0,0,0,0,0,0,0,0|
| a0 |000000a7| 6 |  3  |0,0,0,0,0,0,0,0|
| c0 |000000c7| 1 |  4  |0,0,0,0,0,0,0,0|
| e0 |000000e7| a |  f  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...         
key_count:0
Key not found (lfsr_common_prefix list is null). Nt=1ce2c881         
Failing is expected to happen in 25% of all cases. Trying again with a different reader nonce...         
.#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
.#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
.#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
.#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
#db# Mifare: Can't select card                 
uid(ba82c39f) nt(1ce2c881) par(0000000000000000) ks(04050c0f0701010d) nr(2400000008)
|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000008| 4 |  1  |0,0,0,0,0,0,0,0|
| 20 |00000028| 5 |  0  |0,0,0,0,0,0,0,0|
| 40 |00000048| c |  9  |0,0,0,0,0,0,0,0|
| 60 |00000068| f |  a  |0,0,0,0,0,0,0,0|
| 80 |00000088| 7 |  2  |0,0,0,0,0,0,0,0|
| a0 |000000a8| 1 |  4  |0,0,0,0,0,0,0,0|
| c0 |000000c8| 1 |  4  |0,0,0,0,0,0,0,0|
| e0 |000000e8| d |  8  |0,0,0,0,0,0,0,0|
parity is all zero,try special attack!just wait for few more seconds...         
p1:3e p2:1ac p3:0 key:ff994ff519ed
p1:9e1 p2:3fc3 p3:1 key:f0eafade7645
p1:1931 p2:a147 p3:2 key:d9615b66435b
p1:231d p2:df63 p3:3 key:ca5a653bd054
p1:2635 p2:f3a6 p3:4 key:c57bac9bb056
p1:2e8a p2:127cb p3:5 key:b916a297f542
p1:2edb p2:12979 p3:6 key:b8a5f294c882
p1:4c48 p2:1de84 p3:7 key:8d128be8c4ee
p1:5aee p2:23b8f p3:8 key:76f3a0811a46
p1:6f6d p2:2bcc6 p3:9 key:57eaa2f8ca80
p1:7877 p2:2f529 p3:a key:4a6352684677
p1:8fb0 p2:38b54 p3:b key:2686110d8c88
p1:93fc p2:3a6a8 p3:c key:200771c5587b
p1:a463 p2:411b3 p3:d key:06966a79aa29
key_count:14
------------------------------------------------------------------
Found valid key:4a6352684677

and nested attack give:
|000|  4a6352684677  | 1 |  536653644c65  | 1 |         
|001|  4a6352684677  | 1 |  536653644c65  | 1 |         
|002|  4a6352684677  | 1 |  536653644c65  | 1 |         
|003|  4a6352684677  | 1 |  536653644c65  | 1 |         
|004|  4a6352684677  | 1 |  536653644c65  | 1 |         
|005|  4a6352684677  | 1 |  536653644c65  | 1 |         
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1


what i did wrong?

Last edited by platinium gsm (2017-06-29 12:45:29)

Offline

#2 2017-06-27 12:15:07

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

1) Distance between tag and antenna is important.
2) your darkside attack worked,  found a valid key
3) your nested attack worked, found all keys

I don't understand your problem.
Especially since your subject say "hardnested"....   Which you didn't even run in the output you posted.

Do please be more specific in your posts.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#3 2017-06-27 12:40:28

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

the distance is about 1 and 2 cm.i use original proxmark box/

my dark looks works perfectly
my nested looks working you say???

it s normal to have only one keys? and just ffffffffffffffffff for the other keys?

i use to make clone mifare and i had always different keys.

whatever if you are right my clones doesn t work since update.
And even if i downgrade i cant manage to clone my tags anymore

i m gona try to be more specific.
i took tag that i already clone before  and i can t nested them i have same problem in keys . they don t work and read only one key with dark .

Offline

#4 2017-06-27 12:47:52

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

The rescolumns marked with X,  shows if the key was successfully found.  0 = fail,  1 = success.
Hence I know your nested worked.

I also recognise that hotel system key generation. You need to look at your dump and clone dump, to see if they are an exact match.
You can't make hf mf restore on a magic tag once you done it...   

                       X                    X
|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  4a6352684677  | 1 |  536653644c65  | 1 |         
|001|  4a6352684677  | 1 |  536653644c65  | 1 |         
|002|  4a6352684677  | 1 |  536653644c65  | 1 |         
|003|  4a6352684677  | 1 |  536653644c65  | 1 |         
|004|  4a6352684677  | 1 |  536653644c65  | 1 |         
|005|  4a6352684677  | 1 |  536653644c65  | 1 |         
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |         
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |

If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#5 2017-06-27 13:00:04

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

ice man you know that i over respect all your words because i know your talent.
i agree ,of course, i Cant restore a magic tag 2 times. i can only write uid .
what s the way to check my dump and my clone dump?

i m gona post another attack to show you result with another different tag.

Offline

#6 2017-06-27 13:03:12

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

.............
uid(fe5477a9) nt(f0e7cd4d) par(1ca4a4bcc41c6c84) ks(0b060a0b01050d0d) nr(2400000000)
|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000000| b |  e  |0,0,1,1,1,0,0,0|
| 20 |00000020| 6 |  3  |0,0,1,0,0,1,0,1|
| 40 |00000040| a |  f  |0,0,1,0,0,1,0,1|
| 60 |00000060| b |  e  |0,0,1,1,1,1,0,1|
| 80 |00000080| 1 |  4  |0,0,1,0,0,0,1,1|
| a0 |000000a0| 5 |  0  |0,0,1,1,1,0,0,0|
| c0 |000000c0| d |  8  |0,0,1,1,0,1,1,0|
| e0 |000000e0| d |  8  |0,0,1,0,0,0,0,1|
key_count:1
------------------------------------------------------------------
Found valid key:8829da9daf76
proxmark3>
proxmark3> hf mf nested 1 0 A 8829da9daf76   
Testing known keys. Sector count=16         
nested...         
Time in nested: 4.836 (inf sec per key)
-----------------------------------------------
Iterations count: 0
|---|----------------|---|----------------|---|         
|sec|key A           |res|key B           |res|         
|---|----------------|---|----------------|---|         
|000|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|001|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|002|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|003|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|004|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|005|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|006|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|007|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|008|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|009|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|010|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|011|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|012|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|013|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|014|  8829da9daf76  | 1 |  8829da9daf76  | 1 |         
|015|  8829da9daf76  | 1 |  8829da9daf76  | 1 |     


this is normal?

Offline

#7 2017-06-27 13:10:04

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

iceman wrote:

Especially since your subject say "hardnested".... .

i changed it

Offline

#8 2017-06-27 15:31:34

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

your last post shows another successfull recovery of all keys on tag.   What is it that you don't understand with the output?
All kinds of cards can have different keys. If you expected the same pattern as in the first nested,  then no. your two cards has different sets of keys.

hint You can use  script run remagic to restore a magic card to clean state again


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#9 2017-06-27 16:04:01

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

when i use to read mifare i had different keys .
now i have all the same. you tell me it s normal and i m sure it s not because i already read this last one tag and i had different keys .
whatever i can t clone it now.
look my dump is this :
proxmark3> hf mf dump 1
|-----------------------------------------|         
|------ Reading sector access bits...-----|         
|-----------------------------------------|         
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
#db# READ BLOCK FINISHED                 
|-----------------------------------------|         
|----- Dumping all blocks to file... -----|         
|-----------------------------------------|         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  0.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  0.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  0.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  0.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  1.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  1.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  1.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  1.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  2.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  2.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  2.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  2.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  3.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  3.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  3.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  3.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  4.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  4.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  4.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  4.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  5.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  5.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  5.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  5.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  6.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  6.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  6.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  6.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  7.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  7.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  7.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  7.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  8.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  8.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  8.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  8.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector  9.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector  9.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector  9.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector  9.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 10.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 10.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 10.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 10.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 11.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 11.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 11.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 11.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 12.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 12.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 12.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 12.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 13.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 13.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 13.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 13.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 14.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 14.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 14.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 14.         
#db# READ BLOCK FINISHED                 
Successfully read block  0 of sector 15.         
#db# READ BLOCK FINISHED                 
Successfully read block  1 of sector 15.         
#db# READ BLOCK FINISHED                 
Successfully read block  2 of sector 15.         
#db# READ BLOCK FINISHED                 
Successfully read block  3 of sector 15.         
Dumped 64 blocks (1024 bytes) to file dumpdata.bin
and my restore give me this:
proxmark3> hf mf restore 1
Restoring dumpdata.bin to card         
Writing to block   0: fe 54 77 a9 74 88 04 00 47 b9 95 12 45 70 42 09           
#db# Cmd Error: 04                 
#db# Write block error                 
#db# WRITE BLOCK FINISHED                 
isOk:00         
Writing to block   1: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   3: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   7: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block   9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  11: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  15: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  19: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  23: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  24: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  25: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  26: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  27: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  28: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  29: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  31: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  33: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  34: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  35: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  36: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  37: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  38: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  39: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  41: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  42: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  43: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  44: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  45: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  47: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  49: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  51: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  52: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  53: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  54: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  55: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  56: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  57: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  58: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  59: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  61: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  62: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00           
#db# WRITE BLOCK FINISHED                 
isOk:01         
Writing to block  63: 88 29 da 9d af 76 7f 07 88 00 88 29 da 9d af 76           
#db# WRITE BLOCK FINISHED                 
isOk:01         
proxmark3>

my rewrite uid give me:
proxmark3> hf mf csetuid FE5477A9   
--wipe card:NO  uid:fe 54 77 a9           
old block 0:  e9 5c 52 02 e5 08 04 00 62 63 64 65 66 67 68 69           
new block 0:  fe 54 77 a9 74 08 04 00 62 63 64 65 66 67 68 69           
old UID:e9 5c 52 02           
new UID:fe 54 77 a9           
proxmark3>

my card clone must work now?

Offline

#10 2017-06-27 16:24:57

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

What kind of question is this?  Go and try it out,  how on earth would I know if your clone must work?  There is plenty of reasons for magic card not to work against real readers.  Only way is to test it against the system you cloned from.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#11 2017-06-27 16:48:30

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

sorry i really explain bad.

my question is after what you read i made good process or not?
because my tag doesn t work.
i used to make them perfectly before and now no one works.
that s why i show tha way i tried to find an issue.
sorry again if i explain my self so bad in english.

Offline

#12 2017-06-27 21:14:00

piwi
Contributor
Registered: 2013-06-04
Posts: 702

Re: [Solved]my attack nested doesnt work anymore since update.

hf mf restore failed (expectedly) at block 0. You may try to write it with hf mf csetblk (but be carefull not to brick your card).

Offline

#13 2017-06-27 21:45:03

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

Thanks iceman for you advice and self controle.
i m gona try again to see because i know you must be right and i must be wrong.
i m gona test again with another chinese tag. might be because of them that i can t do my work.
i receive tomorrow new tag and i will tell you result.

Offline

#14 2017-06-27 21:53:29

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

As @piwi says, block0 failed but don't use hf mf csetblk 0, I'm quite sure you mess it up. We got the csetuid for this.

Use hf mf csetuid on your clone tag.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#15 2017-06-28 09:53:26

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

platinium gsm wrote:

my rewrite uid give me:
proxmark3> hf mf csetuid FE5477A9

i used it no?

do i have to set uid before restoring dump.?

Offline

#16 2017-06-28 11:13:47

piwi
Contributor
Registered: 2013-06-04
Posts: 702

Re: [Solved]my attack nested doesnt work anymore since update.

HF MF csetuid doesn't write all 16 bytes of block 0 hence cannot create an exact clone. If the application detects the different SAK (08 vs 88) or a difference in the remaining bytes, the clone may not work. Changing the SAK is dangerous.

Offline

#17 2017-06-28 15:06:52

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

Few readers validate on block0.  They are more likely to validate on UID and SAK/ATQA. 
When gives a mixed problem for @OP...   
using csetuid @op will get a correct UID+bcc.   He can also set SAK /ATQA with csetuid. 
The rest of block 0 shouldn't be a problem, but it might be.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#18 2017-06-29 12:44:28

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

i finally receive new tag.

i have same problem with one tag but everything works perfect with all the others tag.

thanks for you knowledge as always.

Offline

#19 2017-06-29 12:47:34

platinium gsm
Contributor
Registered: 2016-08-06
Posts: 28

Re: [Solved]my attack nested doesnt work anymore since update.

platinium gsm wrote:

i finally receive new tag
i have same problem with one tag.

i always get error on block 0

does it change something to set uid after or before loading dump in tag?

you prefer i open new subject for this question?

Last edited by platinium gsm (2017-06-29 13:01:49)

Offline

#20 2017-06-29 13:29:18

iceman
Administrator
Registered: 2013-04-25
Posts: 6,178
Website

Re: [Solved]my attack nested doesnt work anymore since update.

start a new thread.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

Board footer

Powered by FluxBB