Issue 11 in mfoc: MFOC doesnt work on certain types of Mifare classic card.
1,180 views
Skip to first unread message
mf...@googlecode.com
Mar 23, 2014, 7:06:40 AM3/23/14
to nfc-tool...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 11 by maxz1...@gmail.com: MFOC doesnt work on certain types of
Mifare classic card.
http://code.google.com/p/mfoc/issues/detail?id=11
I am on MFOC 0.10.7 on libnfc 1.7.1.
I have tried with other cards and there is no problem retrieving the keys
under 5 minutes. However this card seems to be taking a long time.
The card is a mifare classic 1K but the manufacturer is unknown.
There are 13 other sectors using the default keys of
a1a2a3a4a5a6/b1b2b3b4b5b6.
Is it possible that mifare classic cards has been patched? or is there any
suggestions to retrieve the keys of this particular card.
On a side note, may I ask if there is any way to get mfoc to exploit other
sectors instead of 0? Maybe there's a chance.
mac-1320:src user$ mfoc -P 8000 -O dump
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 44
* UID size: double
* bit frame anticollision supported
UID (NFCID1): 2f f0 b8 be
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [..x.............]
[Key: a0a1a2a3a4a5] -> [..x.////////////]
[Key: d3f7d3f7d3f7] -> [..x.////////////]
[Key: 000000000000] -> [..x.////////////]
[Key: b0b1b2b3b4b5] -> [..x.xxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [..x.xxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [..x.xxxxxxxxxxxx]
[Key: aabbccddeeff] -> [..x.xxxxxxxxxxxx]
[Key: 714c5c886e97] -> [..x.xxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [..x.xxxxxxxxxxxx]
[Key: a0478cc39091] -> [..x.xxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [..x.xxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [..x.xxxxxxxxxxxx]
Sector 00 - UNKNOWN_KEY [A] Sector 00 - UNKNOWN_KEY [B]
Sector 01 - UNKNOWN_KEY [A] Sector 01 - UNKNOWN_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - UNKNOWN_KEY [A] Sector 03 - UNKNOWN_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 02 as an exploit sector
Sector: 0, type A, probe 0, distance 24267 .....
Sector: 0, type A, probe 1, distance 38049 .....
Sector: 0, type A, probe 2, distance 35545 .....
Sector: 0, type A, probe 3, distance 39176 .....
Sector: 0, type A, probe 4, distance 23788 .....
...
Sector: 0, type A, probe 1898, distance 24569 .....
The mfoc has been running for 3 hours but to no avail.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 11 by maxz1...@gmail.com: MFOC doesnt work on certain types of
Mifare classic card.
http://code.google.com/p/mfoc/issues/detail?id=11
I am on MFOC 0.10.7 on libnfc 1.7.1.
I have tried with other cards and there is no problem retrieving the keys
under 5 minutes. However this card seems to be taking a long time.
The card is a mifare classic 1K but the manufacturer is unknown.
There are 13 other sectors using the default keys of
a1a2a3a4a5a6/b1b2b3b4b5b6.
Is it possible that mifare classic cards has been patched? or is there any
suggestions to retrieve the keys of this particular card.
On a side note, may I ask if there is any way to get mfoc to exploit other
sectors instead of 0? Maybe there's a chance.
mac-1320:src user$ mfoc -P 8000 -O dump
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 44
* UID size: double
* bit frame anticollision supported
UID (NFCID1): 2f f0 b8 be
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [..x.............]
[Key: a0a1a2a3a4a5] -> [..x.////////////]
[Key: d3f7d3f7d3f7] -> [..x.////////////]
[Key: 000000000000] -> [..x.////////////]
[Key: b0b1b2b3b4b5] -> [..x.xxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [..x.xxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [..x.xxxxxxxxxxxx]
[Key: aabbccddeeff] -> [..x.xxxxxxxxxxxx]
[Key: 714c5c886e97] -> [..x.xxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [..x.xxxxxxxxxxxx]
[Key: a0478cc39091] -> [..x.xxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [..x.xxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [..x.xxxxxxxxxxxx]
Sector 00 - UNKNOWN_KEY [A] Sector 00 - UNKNOWN_KEY [B]
Sector 01 - UNKNOWN_KEY [A] Sector 01 - UNKNOWN_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - UNKNOWN_KEY [A] Sector 03 - UNKNOWN_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 02 as an exploit sector
Sector: 0, type A, probe 0, distance 24267 .....
Sector: 0, type A, probe 1, distance 38049 .....
Sector: 0, type A, probe 2, distance 35545 .....
Sector: 0, type A, probe 3, distance 39176 .....
Sector: 0, type A, probe 4, distance 23788 .....
...
Sector: 0, type A, probe 1898, distance 24569 .....
The mfoc has been running for 3 hours but to no avail.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
mf...@googlecode.com
Jul 4, 2014, 5:11:41 PM7/4/14
to nfc-tool...@googlegroups.com
Comment #1 on issue 11 by joost.va...@gmail.com: MFOC doesnt work on
I could have a similar problem.
ISO/IEC 14443A (106 kbps) target:
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 40 e8 2c 1f
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [x\xxxxxxxxxxxxxx]
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: a0a1a2a3a4a5] -> [x\xxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [x\xxxxxxxxxxxxxx]
[Key: 000000000000] -> [x\xxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [x\xxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [x\xxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [x\xxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [x\xxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [x\xxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [x\xxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [x\xxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [x\xxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [x\xxxxxxxxxxxxxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 01 - UNKNOWN_KEY [A] Sector 01 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Sector: 1, type A, probe 0, distance 35029 .....
Sector: 1, type A, probe 1, distance 28911 .....
Sector: 1, type A, probe 2, distance 31888 .....
Sector: 1, type A, probe 3, distance 24325 .....
Sector: 1, type A, probe 4, distance 33525 .....
...
Sector: 1, type A, probe 1616, distance 41175 .....
Sector: 1, type A, probe 1617, distance 38282 .....
Sector: 1, type A, probe 1618, distance 36207 .....
Sector: 1, type A, probe 1619, distance 41301 .....
mf...@googlecode.com
Jul 10, 2014, 8:01:50 PM7/10/14
to nfc-tool...@googlegroups.com
Comment #2 on issue 11 by spawnrider: MFOC doesnt work on certain types of
Same issue for me :
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 70 3a 06 df
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [................]
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: a0a1a2a3a4a5] -> [////////////////]
[Key: d3f7d3f7d3f7] -> [////////////////]
[Key: 000000000000] -> [////////////////]
[Key: b0b1b2b3b4b5] -> [x/////xxxxxxxxxx]
[Key: 4d3a99c351dd] -> [x/////xxxxxxxxxx]
[Key: 1a982c7e459a] -> [x/////xxxxxxxxxx]
[Key: aabbccddeeff] -> [x/////xxxxxxxxxx]
[Key: 714c5c886e97] -> [x/////xxxxxxxxxx]
[Key: 587ee5f9350f] -> [x/////xxxxxxxxxx]
[Key: a0478cc39091] -> [x/////xxxxxxxxxx]
[Key: 533cb6c723f6] -> [x/////xxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [x/////xxxxxxxxxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - UNKNOWN_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - UNKNOWN_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - UNKNOWN_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - UNKNOWN_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector: 1, type B, probe 0, distance 21652 .....
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector: 1, type B, probe 1, distance 31633 .....
Sector: 1, type B, probe 2, distance 37318 .....
...
And no key retrieval...
Did you found any fix/tips to find the key ?
mf...@googlecode.com
Aug 11, 2014, 9:17:26 PM8/11/14
to nfc-tool...@googlegroups.com
Comment #3 on issue 11 by spawnrider: MFOC doesnt work on certain types of
Hi,
Any update on this issue ?
mf...@googlecode.com
Oct 15, 2014, 2:51:18 PM10/15/14
to nfc-tool...@googlegroups.com
Comment #4 on issue 11 by Borb...@gmail.com: MFOC doesnt work on certain
types of Mifare classic card.
https://code.google.com/p/mfoc/issues/detail?id=11
Tha same problem for me too. I have ran about 3.000 Probes and NOTHING
until now.
Come on guys, anyone have resolved it? :/
mf...@googlecode.com
Nov 21, 2014, 8:02:15 AM11/21/14
to nfc-tool...@googlegroups.com
Comment #5 on issue 11 by noudje1...@gmail.com: MFOC doesnt work on certain
Same problem here..
In my case it's a 7 bytes UID card
mfoc -O mifarecard.dump -P 1500 -T 4
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 44
* UID size: double
* bit frame anticollision supported
UID (NFCID1): 04 ca 0c 72 cf 2b 90
ATQA (SENS_RES): 00 44
* UID size: double
* bit frame anticollision supported
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [xxxxx...........]
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: a0a1a2a3a4a5] -> [xxxxx...........]
[Key: d3f7d3f7d3f7] -> [xxxxx...........]
[Key: 000000000000] -> [xxxxx...........]
[Key: b0b1b2b3b4b5] -> [xxxxx...........]
[Key: 4d3a99c351dd] -> [xxxxx...........]
[Key: 1a982c7e459a] -> [xxxxx...........]
[Key: aabbccddeeff] -> [xxxxx...........]
[Key: 714c5c886e97] -> [xxxxx...........]
[Key: 587ee5f9350f] -> [xxxxx...........]
[Key: a0478cc39091] -> [xxxxx...........]
[Key: 533cb6c723f6] -> [xxxxx...........]
[Key: 8fd0a4f256e9] -> [xxxxx...........]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - UNKNOWN_KEY [A] Sector 05 - UNKNOWN_KEY [B]
Sector 06 - UNKNOWN_KEY [A] Sector 06 - UNKNOWN_KEY [B]
Sector 07 - UNKNOWN_KEY [A] Sector 07 - UNKNOWN_KEY [B]
Sector 08 - UNKNOWN_KEY [A] Sector 08 - UNKNOWN_KEY [B]
Sector 09 - UNKNOWN_KEY [A] Sector 09 - UNKNOWN_KEY [B]
Sector 10 - UNKNOWN_KEY [A] Sector 10 - UNKNOWN_KEY [B]
Sector 11 - UNKNOWN_KEY [A] Sector 11 - UNKNOWN_KEY [B]
Sector 12 - UNKNOWN_KEY [A] Sector 12 - UNKNOWN_KEY [B]
Sector 13 - UNKNOWN_KEY [A] Sector 13 - UNKNOWN_KEY [B]
Sector 14 - UNKNOWN_KEY [A] Sector 14 - UNKNOWN_KEY [B]
Sector 15 - UNKNOWN_KEY [A] Sector 15 - UNKNOWN_KEY [B]
Using sector 00 as an exploit sector
Sector: 5, type A, probe 0, distance 33359 .....
Sector: 5, type A, probe 1, distance 39318 .....
Sector: 5, type A, probe 2, distance 30364 .....
Sector: 5, type A, probe 3, distance 20115 .....
Sector: 5, type A, probe 4, distance 44699 .....
Sector: 5, type A, probe 5, distance 32928 .....
Sector: 5, type A, probe 6, distance 27700 .....
Sector: 5, type A, probe 7, distance 50797 .....
Sector: 5, type A, probe 8, distance 28976 .....
Sector: 5, type A, probe 9, distance 25543 .....
Sector: 5, type A, probe 10, distance 29278 .....
...
mf...@googlecode.com
Nov 22, 2014, 12:09:33 PM11/22/14
to nfc-tool...@googlegroups.com
Comment #6 on issue 11 by samsung....@googlemail.com: MFOC doesnt work on
I've the same problem with an canteen card. Is it possible that this card
is a "plus" version of the mifare classic card? But I thought that there
are no mifare plus cards available with 1kb of memory.
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* UID size: single
* bit frame anticollision supported
UID (NFCID1): f2 df e2 dd
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: ffffffffffff] -> [xxxxxxxxx....xxx]
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: a0a1a2a3a4a5] -> [xxxxxxxxx....xxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxx....xxx]
[Key: 000000000000] -> [xxxxxxxxx....xxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxx\\\\xxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxx\\\\xxx]
[Key: 1a982c7e459a] -> [xxxxxxxxx\\\\xxx]
[Key: aabbccddeeff] -> [xxxxxxxxx\\\\xxx]
[Key: 714c5c886e97] -> [xxxxxxxxx\\\\xxx]
[Key: 587ee5f9350f] -> [xxxxxxxxx\\\\xxx]
[Key: a0478cc39091] -> [xxxxxxxxx\\\\xxx]
[Key: 533cb6c723f6] -> [xxxxxxxxx\\\\xxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxx\\\\xxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 01 - FOUND_KEY [A] Sector 01 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 09 - UNKNOWN_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - UNKNOWN_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - UNKNOWN_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - UNKNOWN_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector: 9, type A, probe 1, distance 24873 .....
Sector: 9, type A, probe 2, distance 46546 .....
Sector: 9, type A, probe 3, distance 38165 .....
Sector: 9, type A, probe 4, distance 38649 .....
Sector: 9, type A, probe 5, distance 40566 .....
Sector: 9, type A, probe 6, distance 46797 .....
Sector: 9, type A, probe 7, distance 42466 .....
Sector: 9, type A, probe 8, distance 25620 .....
Sector: 9, type A, probe 9, distance 39589 .....
Sector: 9, type A, probe 10, distance 36912 .....
mf...@googlecode.com
Feb 12, 2015, 1:01:47 PM2/12/15
to nfc-tool...@googlegroups.com
Comment #7 on issue 11 by architec...@gmail.com: MFOC doesnt work on
I have the same problem MFOC cannot recover keys on (mifare classic 1k)
card =/
root@mifare:~/mifare# mfoc -P 100000 -O 111.mfd -k 111111111111 -k
111111111111 -k 111111111111 ......
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
....
....
....
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 11 11 11 11
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: 111111111111] -> [./..............]
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys
found
[Key: 111111111111] -> [.//.............]
[Key: 111111111111] -> [.////...........]
[Key: 111111111111] -> [./////..........]
[Key: 111111111111] -> [./////.../......]
[Key: 111111111111] -> [./////...//.....]
[Key: 111111111111] -> [./////...///....]
[Key: 111111111111] -> [.x////...///....]
[Key: 111111111111] -> [.xx///...///....]
[Key: 111111111111] -> [.xxxx/...///....]
[Key: 111111111111] -> [.xxxxx...///....]
[Key: 111111111111] -> [.xxxxx...x//....]
[Key: 111111111111] -> [.xxxxx...xx/....]
[Key: ffffffffffff] -> [xxxxxxxxxxx/xxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxx/xxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxx/xxxx]
[Key: 000000000000] -> [xxxxxxxxxxx/xxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxx/xxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxx/xxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxx/xxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxx/xxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxx/xxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxx/xxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxx/xxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxx/xxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxx/xxxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 01 - FOUND_KEY [A] Sector 01 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - UNKNOWN_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector: 11, type B, probe 0, distance 27992 .....
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Using sector 00 as an exploit sector
Sector: 11, type B, probe 1, distance 31535 .....
Sector: 11, type B, probe 2, distance 44903 .....
....
....
....
Sector: 11, type B, probe 30707, distance 31067 .....
Sector: 11, type B, probe 30708, distance 44328 .....
Sector: 11, type B, probe 30709, distance 35697 .....
Sector: 11, type B, probe 30710, distance 29793 .....
Sector: 11, type B, probe 30711, distance 41959 .....
Sector: 11, type B, probe 30712, distance 21826 .....
Sector: 11, type B, probe 30713, distance 42576 .....
Sector: 11, type B, probe 30714, distance 24317 .....
5 days after still nothing ...
Can somebody tell me how to recover last key on sector 11:B ???
mf...@googlecode.com
Mar 13, 2015, 1:16:48 PM3/13/15
to nfc-tool...@googlegroups.com
Comment #8 on issue 11 by mains...@gmail.com: MFOC doesnt work on certain
I encountered the same problem while handling a mifare 1k card, mfoc goes
for days without recovering a new key. However, using a combination of the
nested attack(mfoc) and the dark side attack(mfcuk) I managed to go over
this.
Whenever mfoc would get stuck in an specific key (for example key A from
sector 3), I would save/write down the keys already found (aside the
default one), stop the nested attack and start looking for that specific
key with mfcuk (wich allways took a few hours). Then, I would feed mfoc
with the new found key (I actually added the keys to mfoc's source and
recompiled it) to continue the nested attack, mfoc would then proceed in
finding a few more keys, but would eventualy get stuck again, wich brings
us to the end of the cycle.
It took a few days to end this proccess and recover all the keys (1 default
and 31 non-default). Not sure if it was just because all the 32 keys were
different, or if the card is a possible "plus" version as mencioned in
other comments or if my computer is just weak.
Anyways, can't finish without saying that, apparently, the latest version
of the mfcuk is having some trouble with the latest version of libnfc and
the recovered key comes with the first four bytes wrong (checked). After
some reading, found that an older version of libnfc and mfcuk would go
together and work, however mfoc wouldn't work with suck version of libnfc.
Versions that worked for me:
mfcuk r65 with libnfc 1.5.1;
mfoc latest with libnfc latest.
1) Compiled and installed libnfc 1.5.1 in local directory;
2) Used mfcuk with libnfc 1.5.1 and used mfoc with the latest.
This post helped a lot in doing such:
https://zozs.se/2014/08/18/acr122u-mfcuk-mfoc-cracking-mifare-classic-on-arch-linux/
Hope this helps someone here.
ps3....@gmail.com
May 21, 2016, 11:12:01 PM5/21/16
to nfc-tools-issues, codesite...@google.com, mf...@googlecode.com
Hi. Is there still "mfcuk r65" in the internet somewhere?
Reply all
Reply to author
Forward
0 new messages