Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi
I did a few analyze of a Mifare 1k sl1 and proxmark3 stop responding when I try to find a key
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|001| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|002| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|003| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|004| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|005| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|006| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|007| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|008| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|009| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|010| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|011| a0a1a2a3a4a5 | 1 | b0b1b2b3b4b5 | 1 |
|012| a0a1a2a3a4a5 | 1 | ffffffffffff | 0 |
|013| a0a1a2a3a4a5 | 1 | ffffffffffff | 0 |
|014| a0a1a2a3a4a5 | 1 | ffffffffffff | 0 |
|015| a0a1a2a3a4a5 | 1 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
hf mf hardnested 0 a a0a1a2a3a4a5 56 b
"Acquired 75600 nonces (44903/45000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 6
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 112: 13750076573696 (2^43.6)
Number of remaining possible keys: 65114696924 (2^35.9)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 03 ...
Bitslicing nonces...
Starting 4 cracking threads to search 24 buckets containing a total of 65114696924 states..."
and crash...
Any idea of the problem?
Thanks for more informations
I do some test again and proxmark don't respond very quickly. I saved the nonces.bin.
https://www.sendspace.com/file/x4q0ng
Maybe I don't correctly use the command ?
hf mf hardnested 60 A a0a1a2a3a4a5 60 b w
"--target block no: 60, target key type:B, known target key: 0x000000000000 (not set), file action: write, Slow: No, Tests: 0
Allocating memory for partial statelists...
Generating partial statelists...
Generating bitflip statelist...
Acquiring nonces...
Writing acquired nonces to binary file nonces.bin
Checking for Filter Flip Properties...
Acquired 1680 nonces ( 1660/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 0
Acquired 2016 nonces ( 1984/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 0
Acquired 2576 nonces ( 2528/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 2
Acquired 3024 nonces ( 2952/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 6
Acquired 3584 nonces ( 3483/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 9
Acquired 4032 nonces ( 3914/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 12
Acquired 4592 nonces ( 4435/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 15
Acquired 5040 nonces ( 4860/ 5000 with distinct bytes 0,1). Bytes with probability for correctly guessed Sum(a8) > 95.0%: 18
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 128: 117726714265600 (2^46.7)
Number of remaining possible keys: 4682527972 (2^32.1)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 98 ...
Bitslicing nonces...
Starting 4 cracking threads to search 34 buckets containing a total of 4682527972 states..."
Last edited by koulikov (2017-05-01 23:35:44)
pm3 --> hf mf hardnested r
--target block no: 0, target key type:A, known target key: 0x000000000000 (not
set), file action: read, Slow: No, Tests: 0
Allocating memory for partial statelists...
Generating partial statelists...
Generating bitflip statelist...
Reading nonces from file nonces.bin...
Read 5264 nonces from file. cuid=fee78176, Block=60, Keytype=B
Checking for Filter Flip Properties...
Number of first bytes with confidence > 95.0%: 13
Generating crypto1 state candidates...
Number of possible keys with Sum(a0) = 128: 117726714265600 (2^46.7)
Number of remaining possible keys: 4848309092 (2^32.2)
Brute force phase starting.
Using 128-bit bitslices
Bitslicing best_first_byte^uid[3] (rollback byte): 98 ...
Bitslicing nonces...
Starting 4 cracking threads to search 34 buckets containing a total of 484830909
2 states...
............................Validating key search space
*
Time for bruteforce 9.2 seconds.
Found key: 065945e1aac2
Your command is corrent. What client/firmware version are you using? Did you use the precompiled builds? What OS are you running?
Interesting,
Currently I use the precomp build pm3 iceman 2017-04-29. The OS is Windows 10 and the firmware is os: iceman/master/v1.1.0-2031-g5198807 2017-04-29 15:55:01
I will try other version.