Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2019-01-01 18:08:13

iceman
Administrator
Registered: 2013-04-25
Posts: 5,069
Website

[RDV4] upload dictionary files to flashmemory

In order to facilitate more easy usage of rdv4's flashmemory, I have added some possibilites to upload the dictionary files on to device.
These will be used in a stage 2 when running checkkeys or dictionary attack.
I have adapted @bogito's luascript read_pwd_mem.lua to read this out if the parameter -k is used.

Upload all dictionary files to fixed allocated sections in flashmemory

pm3 --> mem load f default_iclass_keys i
[+] loaded  6 keys from dictionary file default_iclass_keys.dic
[+] Wrote 50 bytes to offset 237568

pm3 --> mem load f default_keys m
[+] loaded 606 keys from dictionary file default_keys.dic
[+] Wrote 3638 bytes to offset 241664

pm3 --> mem load f default_pwd t
[+] loaded 104 keys from dictionary file default_pwd.dic
[+] Wrote 418 bytes to offset 245760

Read out passwords / keys from Flashmemory.

pm3 -->scr run read_pwd_mem -o 237568 -k 8

pm3 -->scr run read_pwd_mem -o 241664 -k 6

pm3 -->scr run read_pwd_mem -o 245760 -k 4


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#2 2019-01-02 12:08:18

iceman
Administrator
Registered: 2013-04-25
Posts: 5,069
Website

Re: [RDV4] upload dictionary files to flashmemory

Now hf mf fchk can use the on device dictionary.  With tweaks to checking algorithm,  the speedups are noticable compared with calling it with the file when used against a tag with known keys.   Once the dictionary doesn't contain all keys,  it goes slower since it has to check all currently 606 keys.

pm3 --> hf mf fchk 1 m

[-] Chunk: 0.4s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  0.4s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|---|----------------|---|----------------|---|

vs


pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1

[-] Chunk: 0.4s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  0.4s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|001|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|002|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|003|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|004|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|005|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|006|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|007|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|008|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|009|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|010|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|011|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|012|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|013|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|014|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|015|  ffffffffffff  | 1 |  ffffffffffff  | 1 |
|---|----------------|---|----------------|---|

3 second difference

pm3 --> hf mf fchk 1 m
..
[-] Chunk: 5.7s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  5.7s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|001|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|002|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|003|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|004|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|005|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|006|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|007|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|008|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|009|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|010|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|011|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|012|  54726176656c  | 1 |  776974687573  | 1 |
|013|  54726176656c  | 1 |  776974687573  | 1 |
|014|  54726176656c  | 1 |  776974687573  | 1 |
|015|  54726176656c  | 1 |  776974687573  | 1 |
|---|----------------|---|----------------|---|

vs

pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1
....
[-] Chunk: 8.6s | found 29/32 keys (85)

[-] Chunk: 0.2s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  8.8s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|001|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|002|  fc00018778f7  | 1 |  00000ffe2488  | 1 |
|003|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|004|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|005|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|006|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|007|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|008|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|009|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|010|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|011|  0297927c0f77  | 1 |  ee0042f88840  | 1 |
|012|  54726176656c  | 1 |  776974687573  | 1 |
|013|  54726176656c  | 1 |  776974687573  | 1 |
|014|  54726176656c  | 1 |  776974687573  | 1 |
|015|  54726176656c  | 1 |  776974687573  | 1 |
|---|----------------|---|----------------|---|

9 second difference

pm3 --> hf mf fchk 1 m
......
[-] Chunk: 13.6s | found 32/32 keys (0)
[+] Time in checkkeys (fast):  13.6s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  484558414354  | 1 |  a22ae129c013  | 1 |
|001|  484558414354  | 1 |  49fae4e3849f  | 1 |
|002|  484558414354  | 1 |  38fcf33072e0  | 1 |
|003|  484558414354  | 1 |  8ad5517b4b18  | 1 |
|004|  484558414354  | 1 |  509359f131b1  | 1 |
|005|  484558414354  | 1 |  6c78928e1317  | 1 |
|006|  484558414354  | 1 |  aa0720018738  | 1 |
|007|  484558414354  | 1 |  a6cac2886412  | 1 |
|008|  484558414354  | 1 |  62d0c424ed8e  | 1 |
|009|  484558414354  | 1 |  e64a986a5d94  | 1 |
|010|  484558414354  | 1 |  8fa1d601d0a2  | 1 |
|011|  484558414354  | 1 |  89347350bd36  | 1 |
|012|  484558414354  | 1 |  66d2b7dc39ef  | 1 |
|013|  484558414354  | 1 |  6bc1e1ae547d  | 1 |
|014|  484558414354  | 1 |  22729a9bd40f  | 1 |
|015|  484558414354  | 1 |  484558414354  | 1 |
|---|----------------|---|----------------|---|

vs

pm3 --> hf mf fchk 1 default_keys.dic
[+] Loaded 606 keys from default_keys.dic
[+] Running strategy 1
.
[-] Chunk: 2.9s | found 0/32 keys (85)
.
[-] Chunk: 2.9s | found 0/32 keys (85)
.
[-] Chunk: 2.8s | found 0/32 keys (85)
......
[-] Chunk: 13.3s | found 32/32 keys (85)
[+] Time in checkkeys (fast):  22.0s

|---|----------------|---|----------------|---|
|sec|key A           |res|key B           |res|
|---|----------------|---|----------------|---|
|000|  484558414354  | 1 |  a22ae129c013  | 1 |
|001|  484558414354  | 1 |  49fae4e3849f  | 1 |
|002|  484558414354  | 1 |  38fcf33072e0  | 1 |
|003|  484558414354  | 1 |  8ad5517b4b18  | 1 |
|004|  484558414354  | 1 |  509359f131b1  | 1 |
|005|  484558414354  | 1 |  6c78928e1317  | 1 |
|006|  484558414354  | 1 |  aa0720018738  | 1 |
|007|  484558414354  | 1 |  a6cac2886412  | 1 |
|008|  484558414354  | 1 |  62d0c424ed8e  | 1 |
|009|  484558414354  | 1 |  e64a986a5d94  | 1 |
|010|  484558414354  | 1 |  8fa1d601d0a2  | 1 |
|011|  484558414354  | 1 |  89347350bd36  | 1 |
|012|  484558414354  | 1 |  66d2b7dc39ef  | 1 |
|013|  484558414354  | 1 |  6bc1e1ae547d  | 1 |
|014|  484558414354  | 1 |  22729a9bd40f  | 1 |
|015|  484558414354  | 1 |  484558414354  | 1 |
|---|----------------|---|----------------|---|


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#3 2019-01-02 21:45:14

iceman
Administrator
Registered: 2013-04-25
Posts: 5,069
Website

Re: [RDV4] upload dictionary files to flashmemory

Made a little video about it
https://youtu.be/pvwUx00ka6I


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

Board footer

Powered by FluxBB