Any chance to update it to support NFC refactor?

[fastbone]

Unfortunately the app is unsupported on 0.74.

It says API too old...

[AloneLiberty]

If you mean 0.94... NFC refactor made some parts way harder, I was planning to grab some code from NFC magic app, but it also was moved to events and I can't get any useful code for it. And I don't have such many time to migrate whole app (still doesn't know how to correctly select/drop card). Maybe will give it one more try in November

[fastbone]

sorry of course i meant 0.94 ... thx for your effort!!!

[Stepzor11]

If you mean 0.94... NFC refactor made some parts way harder, I was planning to grab some code from NFC magic app, but it also was moved to events and I can't get any useful code for it. And I don't have such many time to migrate whole app (still doesn't know how to correctly select/drop card). Maybe will give it one more try in November

I really hope you can make it, otherwise I'm not so sure that nfc refactor is worth losing nested attack 😕

[Qibli-wof]

Well, there's two points id like to mention

1. support for both the old and new NFC api is gonna be worked into the later versions of the firmware
2. it seems CryoPhynix has made a fork of this repository to make it work for the new api, doesnt seem to be working yet though

[Stepzor11]

Interesting 😁

Well, honestly whoever could make this available again, would do something great for the F0 community 🙏🏻

Plus I'm dreaming also of a darkside attack and maybe a phone connection to do the maths 😏

[noproto]

We are merging this with the official NFC application now @Stepzor11 . You'll still need FlipperNestedRecovery.

[Stepzor11]

Amazing! Thanks for your work! ❤️

[Stepzor11]

Any idea of when it might be ready?

[RealIndica]

Any updates about this?

[noproto]

Yes, we have a month of development time dedicated to merging Nested in the firmware starting tomorrow. We'll begin merging changes soon, we've completed most of our Static Nested changes already. @RealIndica @Stepzor11

[RealIndica]

Yes, we have a month of development time dedicated to merging Nested in the firmware starting tomorrow. We'll begin merging changes soon, we've completed most of our Static Nested changes already. @RealIndica @Stepzor11

Awesome! Can't wait to study the new merge and test it out.

[gauthi3r]

The project Xtrem have an action to integrate nested attack in next firmware

https://github.com/orgs/Flipper-XFW/projects/2/views/1?filterQuery=nested

@noproto are you talking about official fw or unlshd / xtrem fw ? thx

[zigad]

Yes, we have a month of development time dedicated to merging Nested in the firmware starting tomorrow. We'll begin merging changes soon, we've completed most of our Static Nested changes already. @RealIndica @Stepzor11

Any updates regarding this feature being introduced in original firmware?

[anarsoul]

Is anyone working on adapting the app to the new API? If not, I can look into that. @noproto @AloneLiberty

From a quick glance, https://github.com/flipperdevices/flipperzero-firmware/pull/3238 introduced mf_classic_poller_get_nt_nested() and mf_classic_poller_auth_nested() that can be used in nested.c

But I don't want to waste my time if someone else is already working on it

[casimirextreme]

@anarsoul It seems that nobody really had worked on it. If you have some time, please submit your work. Thanks a lot.

[zigad]

Just a quick update, latest version of Unleashed 074 has been released and it has this app updated to support the API refactor.

This was made possible because of @xMasterX

[anarsoul]

Just a quick update, latest version of Unleashed 074 has been released and it has this app updated to support the API refactor.

For those who's interested, the code lives at https://github.com/xMasterX/all-the-plugins/tree/dev/base_pack/mifare_nested and the app can be compiled just fine for regular flipperzero firmware

[noproto]

Sharing a progress update here, for anyone wondering what has been happening behind the scenes..

You have to understand the four attacks which fall under the scope of Nested attacks. There is:

• Static Nested: The easiest tags. I have supported cracking Static Nested nonces in the MFKey app for a while now. We reduced the memory usage of the attack by 99.9% to allow you to crack Static Nested keys on the Flipper Zero in several minutes, and FlipperNested collected the nonces.
• "Full" Nested: Anywhere from a little bit harder to much harder, depending on the distance. This could mean gigabytes of memory consumed on the desktop. Would take months or years on a Flipper Zero.
• Static Encrypted Nonce Nested: Thought to be impossible, no known card-only attacks. FlipperNested doesn't collect any nonces and visually indicates the futility of your situation with a crying dolphin.
• Hardnested: Gigabytes of memory required, impossible to run the attack on the Flipper Zero but FlipperNested will collect nonces so you can run the attack on your desktop.

So. What have we been doing about this? Quite a lot, and our work is coming to an end soon.

• Static Nested: Will be integrated with the firmware upon our PR being completed. You will only have to read your tag and you'll have all of the nonces ready to be cracked by MFKey, no FlipperNested involved. What is better is that we can reuse our research here in order to do accelerated dictionary attacks. Reading your card will now take seconds, when originally it could take as long as 10-15 minutes.
• "Full" Nested: An unsolved problem in FlipperNested, we solved it. Through our research the complexity of the problem has been reduced so much, you'll be able to crack the keys on your Flipper Zero at the same speed as Static Nested (several minutes)
• Static Encrypted Nonce Nested: Previously unsolved for 2 years, we shared the first proof of concept attacks against this card on July 17th, 2024. Over the next week, we reduced the complexity enough to solve the cards in several hours or days. New research has emerged (not by us) which cannot be disclosed at this time. What we can say is that these formerly impossible cards will soon be able to be cracked on your Flipper Zero - also at the same speed as Static Nested.
• Hardnested: We're not magicians. The hardened tags will still need to be offloaded, and I'll write it into the Flipper mobile app if needed.

Feel free to follow along with the PR. I expect it to be ready to be merged within the next several weeks: https://github.com/flipperdevices/flipperzero-firmware/pull/3822

casimirextreme commented Apr 10, 2024 @anarsoul It seems that nobody really had worked on it. If you have some time, please submit your work. Thanks a lot.

Just because you didn't see the research happening didn't mean nobody was working on it. I've been working on it this entire time. I've also identified many minor issues in the FlipperNested application along the way which are being resolved in the update. I'm not being paid to work on this, it's a significant amount of research, and it takes time.

[casimirextreme]

@noproto Thanks for your hard work. About my quote, I was of course only talking about the refactoring, not on the research nor on the added features/improvements. Anyway thanks again for all you magnificent work.

[Stepzor11]

Sharing a progress update here, for anyone wondering what has been happening behind the scenes..

You have to understand the four attacks which fall under the scope of Nested attacks. There is:

• Static Nested: The easiest tags. I have supported cracking Static Nested nonces in the MFKey app for a while now. We reduced the memory usage of the attack by 99.9% to allow you to crack Static Nested keys on the Flipper Zero in several minutes, and FlipperNested collected the nonces.
• "Full" Nested: Anywhere from a little bit harder to much harder, depending on the distance. This could mean gigabytes of memory consumed on the desktop. Would take months or years on a Flipper Zero.
• Static Encrypted Nonce Nested: Thought to be impossible, no known card-only attacks. FlipperNested doesn't collect any nonces and visually indicates the futility of your situation with a crying dolphin.
• Hardnested: Gigabytes of memory required, impossible to run the attack on the Flipper Zero but FlipperNested will collect nonces so you can run the attack on your desktop.

So. What have we been doing about this? Quite a lot, and our work is coming to an end soon.

• Static Nested: Will be integrated with the firmware upon our PR being completed. You will only have to read your tag and you'll have all of the nonces ready to be cracked by MFKey, no FlipperNested involved. What is better is that we can reuse our research here in order to do accelerated dictionary attacks. Reading your card will now take seconds, when originally it could take as long as 10-15 minutes.
• "Full" Nested: An unsolved problem in FlipperNested, we solved it. Through our research the complexity of the problem has been reduced so much, you'll be able to crack the keys on your Flipper Zero at the same speed as Static Nested (several minutes)
• Static Encrypted Nonce Nested: Previously unsolved for 2 years, we shared the first proof of concept attacks against this card on July 17th, 2024. Over the next week, we reduced the complexity enough to solve the cards in several hours or days. New research has emerged (not by us) which cannot be disclosed at this time. What we can say is that these formerly impossible cards will soon be able to be cracked on your Flipper Zero - also at the same speed as Static Nested.
• Hardnested: We're not magicians. The hardened tags will still need to be offloaded, and I'll write it into the Flipper mobile app if needed.

Feel free to follow along with the PR. I expect it to be ready to be merged within the next several weeks: https://github.com/flipperdevices/flipperzero-firmware/pull/3822

casimirextreme commented Apr 10, 2024 @anarsoul It seems that nobody really had worked on it. If you have some time, please submit your work. Thanks a lot.

Just because you didn't see the research happening didn't mean nobody was working on it. I've been working on it this entire time. I've also identified many minor issues in the FlipperNested application along the way which are being resolved in the update. I'm not being paid to work on this, it's a significant amount of research, and it takes time.

Amazing! Thank you for your incredible job!♥️