Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Trying to to do a nested on a Mifare Classic 1K. I have a sector 15 A and B keys
proxmark3> hf mf chk *1 A t default_keys.dic
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 0 | ffffffffffff | 0 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 0 | ffffffffffff | 0 |
|003| ffffffffffff | 0 | ffffffffffff | 0 |
|004| ffffffffffff | 0 | ffffffffffff | 0 |
|005| ffffffffffff | 0 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| xxxxxxxxxxxx | 1 | ffffffffffff | 0 |
|---|----------------|---|----------------|---|
proxmark3> hf mf chk *1 B t default_keys.dic
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| ffffffffffff | 0 | ffffffffffff | 0 |
|001| ffffffffffff | 0 | ffffffffffff | 0 |
|002| ffffffffffff | 0 | ffffffffffff | 0 |
|003| ffffffffffff | 0 | ffffffffffff | 0 |
|004| ffffffffffff | 0 | ffffffffffff | 0 |
|005| ffffffffffff | 0 | ffffffffffff | 0 |
|006| ffffffffffff | 0 | ffffffffffff | 0 |
|007| ffffffffffff | 0 | ffffffffffff | 0 |
|008| ffffffffffff | 0 | ffffffffffff | 0 |
|009| ffffffffffff | 0 | ffffffffffff | 0 |
|010| ffffffffffff | 0 | ffffffffffff | 0 |
|011| ffffffffffff | 0 | ffffffffffff | 0 |
|012| ffffffffffff | 0 | ffffffffffff | 0 |
|013| ffffffffffff | 0 | ffffffffffff | 0 |
|014| ffffffffffff | 0 | ffffffffffff | 0 |
|015| ffffffffffff | 0 | xxxxxxxxxxxx | 1 |
|---|----------------|---|----------------|---|
but when trying to do a nested I've got this:
proxmark3> hf mf nested 1 15 A xxxxxxxxxxxx
Can't authenticate to block: 15 key type:A key:xx xx xx xx xx xx
proxmark3> hf mf nested 1 15 B xxxxxxxxxxxx
Can't authenticate to block: 15 key type:B key:xx xx xx xx xx xx
What could I do? Card is:
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Weird thing is that MCT is able to read sector 15, but not the pm3
proxmark3> hf mf rdbl 15 B xxxxxxxxxxxx
--block no:15, key type:B, key:xx xx xx xx xx xx
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 15 A xxxxxxxxxxxx
--block no:15, key type:A, key:xx xx xx xx xx xx
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00
Thanx!
Last edited by nulldev (2019-04-04 17:13:30)
I've managed to start a nested attack with mfcuk and obtained few keys from there. Then stopped and did a successful nested with the pm3 and obtained all keys targeting 0/A. Still it looks like that I can get authorized only on sector 0 with key A. Maybe another sector too, haven't tested them all, but most of keys doesn't work with pm3.
Then decided to test the card with the MCT and it did a full card dump of all sectors and then restored the dump back on card. Weird...
Any ideas?
Thank you!