Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
- Logged in as ikarus
- Last visit: Today 11:22:42
- Topics: Posted | New | Active | Unanswered
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2022-10-27 21:57:49
Mifare reader attack with pm3
Hello everyone!
Is there any reason that I've not found any info on the Mifare reader attack on proxmark3? It exists on ChameleonMini, and is a relevant attack vector (access to reader but not card). Or is it a hardware limitation? Hard to believe that. Or is it called something else and I have missed it?
Thankful for any input.
#3 2022-10-29 09:40:13
Re: Mifare reader attack with pm3
I would think you just don't know their names in the pm3 world,
darkside, nested, hardnested, staticnested,
I am pretty sure all of them are card attacks. I mean a reader attack, when you only have access to the reader, and not a card. As I understand it the device (ChameleonMini in "MF Detection" mode) pretends to be a card, and when the reader tries to read from the "card" with the unknown key, the device sniff this traffic, and with that you have enough data for calculating this first key.
When I think about it, maybe this is the same as sniffing (it was called snooping, but maybe it was 8-10 years ago when I started using pm3 hehe) between a reader and a card. I have always thought that it has to be a matching card (same keys as the reader expects). But it is possible to sniff the traffic between a reader and a random card and get enough info? Then it is just that ChameleonMini combined it with pretending to be such a card.
#4 2022-10-29 16:27:19
Re: Mifare reader attack with pm3
OK, I read your post to fast, in the pm3 world we use the pm3 to simulate the card against the reader and sniffing is a solid function. Two ways to do reader-only extraction of information.
little fact of the day,
Did you know that the Chameleon mf detection mode from the pm3? The only thing the Chameleon has implemented today that Pm3 doesn't is desfire simulation.