Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-08-30 12:30:33

meter
Contributor
Registered: 2015-07-13
Posts: 78

mfkey64 decryption stop to work after another authentication

I have the follow trace from snoop:

    3832108 |    3842636 | Rdr | 93  70  86  62  85  b1  d0  a9  08                              |  ok | SELECT_UID
    3843824 |    3847344 | Tag | 08  b6  dd                                                      |     | 
    3853100 |    3857868 | Rdr | 60  03  6e  49                                                  |  ok | AUTH-A(3)
    3859824 |    3864560 | Tag | b8  30  04  9b                                                  |     | 
    3866924 |    3876236 | Rdr | 8d  36 9b!  4d  92 48! 31! 4a!                                  | !crc| ?
    3877488 |    3882160 | Tag | 92  80 e2!  03                                                  |     | 
    3885228 |    3889932 | Rdr | 41  e5  86  f9                                                  | !crc| 
    3891312 |    3912112 | Tag |30! 83!  3a 9e! 9c! 01!  06  19 bb!  9a 1f! 7e! 79!  d8  d8 0e!  |     | 
            |            |     |7e!  5c                                                          | !crc| 
    3918380 |    3923084 | Rdr | a6 7f!  f4 79!                                                  | !crc| ?
    3925104 |    3929776 | Tag |35! 08!  ca 2f!                                                  |     | 
    3932204 |    3941580 | Rdr | 49  a8 bb!  52 cd! 19! 95!  b9                                  | !crc| ?
    3942768 |    3947504 | Tag |30!  c8  96 12!                                                  |     | 
    3951020 |    3955724 | Rdr | 2b  0e  b3  8e                                                  | !crc| ?
    3957104 |    3977968 | Tag | 89  5a f8! 68! b8! f6!  fb ea! 8d! 9a! 68!  51 e0! e1!  2f a4!  |     | 
            |            |     |80!  6e                                                          | !crc| 
    3981740 |    3986508 | Rdr |3e! 5d!  80  b6                                                  | !crc| 
    3987824 |    4008688 | Tag |3a! 6d!  57  59  74  e4  3e c1! b0! 24! e3!  92 70! a8!  46  2b  |     | 
            |            |     |48! 8e!                                                          | !crc| 
    4012332 |    4017036 | Rdr | 8d  60  fb 49!                                                  | !crc| ?
    4018416 |    4039280 | Tag | 02  61  af  ee  8c  43  47 58!  9c  64  7b 8e!  c9  e8  de 94!  |     | 
            |            |     | 5f 60!                                                          | !crc| 

mfkey found the correct password but in decrypted communication after another authentication, I can understand the commands.

./mfkey64 866285b1  b830049b 8d369b4d 9248314a 9280e203 41e586f9 30833a9e9c010619bb9a1f7e79d8d80e7e5c a67ff479 3508ca2f 49a8bb52cd1995b9 30c89612 2b0eb38e 895af868b8f6fbea8d9a6851e0e12fa4

MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!

Recovering key for:
   uid: 866285b1
    nt: b830049b
  {nr}: 8d369b4d
  {ar}: 9248314a
  {at}: 9280e203
{enc0}: 41e586f9
{enc1}: 30833a9e9c010619bb9a1f7e79d8d80e7e5c
{enc2}: a67ff479
{enc3}: 3508ca2f
{enc4}: 49a8bb52cd1995b9
{enc5}: 30c89612
{enc6}: 2b0eb38e
{enc7}: 895af868b8f6fbea8d9a6851e0e12fa4

LFSR successors of the tag challenge:
  nt' : 7b5d612b
  nt'': 8e15f092
Time spent in lfsr_recovery64(): 0.13 seconds

Keystream used to generate {ar} and {at}:
   ks2: e9155061
   ks3: 1c951291

Decrypted communication:
{dec0}: 3003999a
{dec1}: 000000000000787788c10000000000003e30
{dec2}: 60036e49    // New authentication to the same block
{dec3}: 9e030098    
{dec4}: 02d3ae2c12772386
{dec5}: 7c027c0a   
{dec6}: 3e39a917   // 3e is not a command, maybe a read
{dec7}: 378e2a67b3c0cf15f3f4c1afdce6c1d6 // return 16 byte response of read?

Found Key: [a0a1a2a3a4a5]

mfkey64 with new authentication not give me good data. Wrong password and no decrpyted data.

./mfkey64 866285b1 9e030098 02d3ae2c 12772386 7c027c0a 3e39a917 
MIFARE Classic key recovery - based on 64 bits of keystream
Recover key from only one complete authentication!

Recovering key for:
   uid: 866285b1
    nt: 9e030098
  {nr}: 02d3ae2c
  {ar}: 12772386
  {at}: 7c027c0a
{enc0}: 3e39a917

LFSR successors of the tag challenge:
  nt' : 51280dae
  nt'': 3f4dbee5
Time spent in lfsr_recovery64(): 0.10 seconds

Keystream used to generate {ar} and {at}:
   ks2: 435f2e28
   ks3: 434fc2ef

Decrypted communication:
{dec0}: 3e39a917    // NO decryption

Found Key: [635863a133db] // Wrong password

Suggestions for get all trace decrypted?

Offline

#2 2017-08-30 12:53:03

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: mfkey64 decryption stop to work after another authentication

..what you are looking at is the Mifare functionality called nested authentication
..you will need to read up on J_Run's attack against nested authentications.  Its a two phased attack, first part is offline form trace. Second one is online against tag.   Now depending on your luck,  you can get a valid key form phase1...

see below smile

pm3 ~/tools/mf_nonce_brute$ mf_nonce_brute 866285b1 3508ca2f 1101 49a8bb52 cd1995b9 1110 30c89612 1001
Mifare classic nested auth key recovery. Phase 1.
-------------------------------------------------
uid:            866285b1
nt encrypted:   3508ca2f
nt parity err:  1101
nr encrypted:   49a8bb52
ar encrypted:   cd1995b9
ar parity err:  1110
at encrypted:   30c89612
at parity err:  1001

Bruteforce using 4 threads to find encrypted tagnonce last bytes

Valid Key found: [a0a1a2a3a4a5]

Offline

#3 2017-08-30 13:25:23

Tatka
Contributor
From: Czech rep., EU
Registered: 2017-08-21
Posts: 21

Re: mfkey64 decryption stop to work after another authentication

I think you're missing the beginning of communication.
Starter packets will be important for mfkey64 calculation.


@iceman: I'm glad I can learn something new now.

Last edited by Tatka (2017-08-30 13:31:51)

Offline

#4 2017-08-30 13:35:54

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: mfkey64 decryption stop to work after another authentication

@tatka, yes, you had a similar post

Offline

#5 2017-08-30 15:31:43

meter
Contributor
Registered: 2015-07-13
Posts: 78

Re: mfkey64 decryption stop to work after another authentication

Tatka wrote:

I think you're missing the beginning of communication.

I don't know but first 3 commands decrypted are good.
Read block 3, return 16 bytes from block 3, authentication on block 3.
Now I don't want recover keys, I have already all keys. I want understand the commands executed from reader on my tag.

Last edited by meter (2017-08-30 15:32:23)

Offline

#6 2017-08-30 15:43:09

meter
Contributor
Registered: 2015-07-13
Posts: 78

Re: mfkey64 decryption stop to work after another authentication

iceman wrote:

see below smile

Interesting this tool. I will study it, also how to calculate parity err parameters.
This tool help only to recover keys not to decrypt encrypted comunications.

EDIT
My fault, the tool accept more parameters after AR.

Last edited by meter (2017-08-30 15:50:32)

Offline

#7 2017-08-30 19:07:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: mfkey64 decryption stop to work after another authentication

Not quite right, 
https://github.com/iceman1001/mf_nonce_brute

If you modify the source to output some interesting stats,  you can use that in conjuction with another command.
Below you see those extra stats.

pm3 ~/tools/mf_nonce_brute$ mf_nonce_brute 866285b1 3508ca2f 1101 49a8bb52 cd1995b9 1110 30c89612 1001 2b0eb38e
Mifare classic nested auth key recovery. Phase 1.
-------------------------------------------------
uid:            866285b1
nt encrypted:   3508ca2f
nt parity err:  1101
nr encrypted:   49a8bb52
ar encrypted:   cd1995b9
ar parity err:  1110
at encrypted:   30c89612
at parity err:  1001
next cmd enc:   2b0eb38e


Bruteforce using 4 threads to find encrypted tagnonce last bytes
thread #0 idx 0
current nt(6fdb0220)  ar_enc(cd1995b9)  at_enc(30c89612)
ks2:54e245e4
ks3:c00bfb77
ks4:1b0eb126
CMD enc(2b0eb38e)
    dec(300002a8)       <-- Valid cmd

Valid Key found: [a0a1a2a3a4a5]

If the step above was succesfull, you can now do this:
Since you now know the nt, ar_enc, ar_enc used,  hook it into hf mf decrypt together with the tracelog data that comes after a successful nested auth.

{enc6}: 2b0eb38e
{enc7}: 895af868b8f6fbea8d9a6851e0e12fa4

pm3 --> hf mf decrypt 6fdb0220 cd1995b9 30c89612 2b0eb38e895af868b8f6fbea8d9a6851e0e12fa4
nt      6FDB0220
ar enc  CD1995B9
at enc  30C89612

Encrypted data: [2B 0E B3 8E 89 5A F8 68 B8 F6 FB EA 8D 9A 68 51 E0 E1 2F A4 ]
Decrypted data: [30 00 02 A8 86 62 85 B1 D0 88 04 00 47 C1 14 D7 A1 00 08 04 ]

The decrypted data sure looks like a auth to block 0 / keyA.  Which would indicate another authentication sequence..   

You get the idea...

High level Mifare Classic analyse

Offline

#8 2017-08-30 20:38:05

meter
Contributor
Registered: 2015-07-13
Posts: 78

Re: mfkey64 decryption stop to work after another authentication

iceman wrote:

You get the idea...

High level Mifare Classic analyse

Sure, thank you, now I have the knowledge to continue.

Offline

Board footer

Powered by FluxBB