Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello, sorry I am new of this community. I read some thread about how to retrieve plain text from cipher-text after authentication.
But when I computer k4 to decrypt I get a different message respect what I expect.
R--> T 26
T --> R 04 00
R--> T 93 20
T --> R 2a 69 8d 43 8d
R--> T 93 70 2a 69 8d 43 8d
T --> R 08 b6 dd
R--> T 60 04 d1 3d
T --> R 3b ae 03 2d
R--> T c4 94 a1 d2 6e 96 86 42
T --> R 84 66 05 9e
R--> T 7d de a6 b3
T --> R e7 ee e3 ab 0f 89 bb ed 44 b1 91 ce ef 8a 4d ce
I got:
Keystream used to generate {ar} and {at}:
ks2: 1159b281
ks3: 02fbbe4b
Found Key: [ffffffffffff]
I am trying to decrypt: 7d de a6 b3 that should be: 30 04 cd d1.
I did:
enc = 7d de a6 b3; (message encrypted)
I compute Ks4 as: k4 = enc ^ prng_successor(nt, 128);
ks4: ffa08ef5
And then
7d de a6 b3 XOR ffa08ef5 = 82 7E 28 44
Where I am I wrong?
I hope I did not duplicate an other thread but I did find the answer.
Thank you very much.
Studying deeper and reading a thread in this forum I get that I was computing ks4 in the wrong way.
Now I should computing it correctly (ks4 = crypto1_word(revstate,0,0);) getting ks4 = 61652568. But If I use the XOR opearator the plain text is wrong. Where am I wrong? Thanks, bye.
To able to read the contents in your card you have to read the block or sector, not the sniff list.
BUT it's also the blocks are in cipher text, I think is in DES with CRC additionally have the MAC
To read the contents you need a master key and depend of yout card the key of the sector.
I you have some clue plz let me know