Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
- Logged in as ikarus
- Last visit: Today 11:22:42
- Topics: Posted | New | Active | Unanswered
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2017-12-27 15:26:21
- Sentinel
- Contributor
- Registered: 2012-11-26
- Posts: 190
Calculate MAC for Mifare Plus SL3
hi All!
1.Authorization completed by FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF AESSectorKey 0x4000
2.Card set Transaction identifier: b551c6e7
3.Reading a card using the 33 command
data for calc MAC: 33 0000 b551c6e7 0300 01
33 - command code
0000 - read counter
b551c6e7 - Transaction identifier
0300 01 - Adress to read, block to read
substitute data for online calculation:330000b551c6e7030001
artjomb.github.io/cryptojs-extension
resalt CMAC: a33bd445f12b23a020c6b83b13f0e1d8
further 16 bytes turn into 8 bytes:
/* truncated MAC = [1, 3, 5, 7, 9, 11, 13, 15] of the input Mac */
MAC:3b452ba0c63bf0d8
4026592 | 4043968 | Rdr |02 33 03 00 01 a6 0b 6d 59 b5 b4 d9 38 e3 71 | ok |
resalt from trace: a60b6d59b5b4d938
The calculated and trace results are not equal:
3b452ba0c63bf0d8 <> a60b6d59b5b4d938
Documentation for the calculation of MAС:
http://nvlpubs.nist.gov/nistpubs/Legacy … 00-38b.pdf
#3 2017-12-29 13:24:56
- Sentinel
- Contributor
- Registered: 2012-11-26
- Posts: 190
Re: Calculate MAC for Mifare Plus SL3
Iceman, you are always right) The key for SMAC every time is different.
5fa7a36e1643c52eb6eb67a2714a9e9d - RNDB (from card)
80000000000000000000000000000001 - RNDA (magic RNDA from the program android NXP TOOL)
00000000002eb6eb67a2DFA7A36E1622 <-Session Key
encrypt key:FFFFF...FFFF of Session Key
e492273a7e903826e00ba488f3b48042 <- use this key for CMAC