search

AloneLiberty / FlipperNestedRecovery

Recover keys from collected nonces (Flipper Nested key recovery script)
GNU Lesser General Public License v3.0
118 stars 18 forks source link

Fatal Python error: Segmentation fault #12

Open Masqueey opened 1 year ago

Masqueey commented 1 year ago

I think this is again an issue with one of the underlying libraries and not with the app itself, but I encountered this error just now. Let me know who I should report this to and I will.

Recovering key type B, sector 32
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time 
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 8 threads                                   |                 |
[=]        0 |       0 | Brute force benchmark: 362 million (2^28,4) keys/s      | 140737488355328 |    5d
[=]        1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    5d
[=]       11 |     256 | Loading nonces from file                                |     20366032896 |   56s
[=]       19 |     512 | Loading nonces from file                                |     20366032896 |   56s
[=]       22 |     768 | Loading nonces from file                                |     20366032896 |   56s
[=]       24 |    1024 | Loading nonces from file                                |     20366032896 |   56s
[=]       24 |    1280 | Loading nonces from file                                |     20366032896 |   56s
[=]       27 |    1326 | Apply Sum property. Sum(a0) = 128                       |      4428968960 |   12s
[=]       28 |    1327 | Apply bit flip properties                               |      4428968960 |   12s
[=]       28 |    1328 | Apply bit flip properties                               |      4428968960 |   12s
[=]       29 |    1329 | Apply bit flip properties                               |      4428968960 |   12s
[=]       29 |    1329 | (Ignoring Sum(a8) properties)                           |      4428968960 |   12s
Fatal Python error: Segmentation fault

Thread 0x00007f9d99c2d740 (most recent call first):
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/main.py", line 317 in calculate_keys_hard
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/main.py", line 15 in wrapper_hard
  File "/usr/lib/python3.11/multiprocessing/process.py", line 108 in run
  File "/usr/lib/python3.11/multiprocessing/process.py", line 314 in _bootstrap
  File "/usr/lib/python3.11/multiprocessing/popen_fork.py", line 71 in _launch
  File "/usr/lib/python3.11/multiprocessing/popen_fork.py", line 19 in __init__
  File "/usr/lib/python3.11/multiprocessing/context.py", line 281 in _Popen
  File "/usr/lib/python3.11/multiprocessing/context.py", line 224 in _Popen
  File "/usr/lib/python3.11/multiprocessing/process.py", line 121 in start
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/main.py", line 212 in recover_keys
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/main.py", line 171 in extract_nonces_from_flipper
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/main.py", line 44 in run
  File "/home/masqueey/.local/pipx/venvs/flippernested/lib/python3.11/site-packages/FlipperNested/cli.py", line 17 in main
  File "/home/masqueey/.local/bin/FlipperNested", line 8 in <module>

Extension modules: google._upb._message, hardnested (total: 2)
[!!!] Something went VERY wrong in key recovery.
You MUST report this to developer!
[+] Found potential 16 keys, use "Check found keys" in app
[?] Saved keys to F1AC340C.keys

The following zip contains the nonces and thus far found keys: debug.zip

90d0 commented 1 year ago

Hi, I also came across a request to report a bug:

Recovering key type B, sector 15
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time 
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 4 threads                                   |                 |
[=]        0 |       0 | Brute force benchmark: 235 million (2^27.8) keys/s      | 140737488355328 |    7d
[=]        1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    7d
[=]       14 |     256 | Loading nonces from file                                |    462427783168 | 33min
[=]       23 |     512 | Loading nonces from file                                |    372292780032 | 26min
[=]       27 |     768 | Loading nonces from file                                |    372024573952 | 26min
[=]       30 |    1024 | Loading nonces from file                                |    372024573952 | 26min
[=]       31 |    1280 | Loading nonces from file                                |    372024573952 | 26min
[=]       31 |    1280 | Loading nonces from file                                |    372024573952 | 26min
[=]       31 |    1536 | Loading nonces from file                                |    372024573952 | 26min
[=]       34 |    1539 | Apply Sum property. Sum(a0) = 128                       |     67002486784 |  5min
[=]       35 |    1540 | Apply bit flip properties                               |     67002486784 |  5min
[=]       36 |    1541 | Apply bit flip properties                               |     67002486784 |  5min
[=]       37 |    1542 | Apply bit flip properties                               |     67002486784 |  5min
[=]       37 |    1542 | (Ignoring Sum(a8) properties)                           |     67002486784 |  5min
Fatal Python error: Segmentation fault

Thread 0x00007ffaa2a25040 (most recent call first):
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/main.py", line 317 in calculate_keys_hard
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/main.py", line 15 in wrapper_hard
  File "/usr/lib/python3.11/multiprocessing/process.py", line 108 in run
  File "/usr/lib/python3.11/multiprocessing/process.py", line 314 in _bootstrap
  File "/usr/lib/python3.11/multiprocessing/popen_fork.py", line 71 in _launch
  File "/usr/lib/python3.11/multiprocessing/popen_fork.py", line 19 in __init__
  File "/usr/lib/python3.11/multiprocessing/context.py", line 281 in _Popen
  File "/usr/lib/python3.11/multiprocessing/context.py", line 224 in _Popen
  File "/usr/lib/python3.11/multiprocessing/process.py", line 121 in start
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/main.py", line 212 in recover_keys
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/main.py", line 171 in extract_nonces_from_flipper
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/main.py", line 44 in run
  File "/home/a6blp/venv/FlipperNestedRecovery/lib/python3.11/site-packages/FlipperNested/cli.py", line 17 in main
  File "/home/a6blp/venv/FlipperNestedRecovery/bin/FlipperNested", line 8 in <module>

Extension modules: google._upb._message, hardnested (total: 2)
[!!!] Something went VERY wrong in key recovery.
You MUST report this to developer!
[+] Found potential 26 keys, use "Check found keys" in app

(FlipperNestedRecovery) user@localhost:~/FlipperNestedRecovery$ 
(FlipperNestedRecovery) user@localhost:~/FlipperNestedRecovery$ python --version
Python 3.11.5
(FlipperNestedRecovery) user@localhost:~/FlipperNestedRecovery$ pip freeze
FlipperNested==2.3.1
protobuf==4.24.3
pyserial==3.5
(FlipperNestedRecovery) user@localhost:~/FlipperNestedRecovery$
cocus commented 1 year ago

I've managed to make this happen on my Windows and Linux machine. Both have python 3.8 (not 3.11). I've attached the keys and the found ones so far. This is a mifare EV1, 7 byte UID.

On Windows:

Recovering key type A, sector 4
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 8 threads                                   |                 |
[=]        0 |       0 | Brute force benchmark: 66 million (2^26,0) keys/s       | 140737488355328 |   25d
[=]        1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   25d
[=]        8 |     256 | Loading nonces from file                                |    405549776896 |    2h
[=]       12 |     512 | Loading nonces from file                                |    372024573952 |    2h
[=]       13 |     768 | Loading nonces from file                                |    372024573952 |    2h
[=]       13 |    1024 | Loading nonces from file                                |    372024573952 |    2h
[=]       14 |    1280 | Loading nonces from file                                |    372024573952 |    2h
[=]       15 |    1287 | Apply Sum property. Sum(a0) = 128                       |     84603731968 | 21min
[=]       16 |    1288 | Apply bit flip properties                               |     84603731968 | 21min
[=]       16 |    1288 | Apply bit flip properties                               |     84603731968 | 21min
[=]       16 |    1288 | Apply bit flip properties                               |     84603731968 | 21min
[=]       16 |    1288 | (Ignoring Sum(a8) properties)                           |     84603731968 | 21min
Windows fatal exception: access violation

Thread 0x00002c28 (most recent call first):
  File "C:\Users\cocus\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\FlipperNested\main.py", line 317 in calculate_keys_hard
  File "C:\Users\cocus\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\FlipperNested\main.py", line 15 in wrapper_hard
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\multiprocessing\process.py", line 108 in run
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\multiprocessing\process.py", line 315 in _bootstrap
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\multiprocessing\spawn.py", line 129 in _main
  File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\multiprocessing\spawn.py", line 116 in spawn_main
  File "<string>", line 1 in <module>
[!!!] Something went VERY wrong in key recovery.
You MUST report this to developer!
[+] Found potential 3 keys, use "Check found keys" in app

On Ubuntu 20.04:

Recovering key type A, sector 4
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time 
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 12 threads                                  |                 |
[=]        0 |       0 | Brute force benchmark: 476 million (2^28,8) keys/s      | 140737488355328 |    3d
[=]        1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    3d
[=]        8 |     256 | Loading nonces from file                                |    405549776896 | 14min
[=]       15 |     512 | Loading nonces from file                                |    372024573952 | 13min
[=]       17 |     768 | Loading nonces from file                                |    372024573952 | 13min
[=]       17 |    1024 | Loading nonces from file                                |    372024573952 | 13min
[=]       18 |    1280 | Loading nonces from file                                |    372024573952 | 13min
[=]       20 |    1287 | Apply Sum property. Sum(a0) = 128                       |     84603731968 |  3min
[=]       21 |    1288 | Apply bit flip properties                               |     84603731968 |  3min
[=]       22 |    1288 | Apply bit flip properties                               |     84603731968 |  3min
[=]       23 |    1288 | Apply bit flip properties                               |     84603731968 |  3min
[=]       23 |    1288 | (Ignoring Sum(a8) properties)                           |     84603731968 |  3min
Fatal Python error: Segmentation fault

Thread 0x00007f13951a0740 (most recent call first):
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 317 in calculate_keys_hard
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 15 in wrapper_hard
  File "/usr/lib/python3.8/multiprocessing/process.py", line 108 in run
  File "/usr/lib/python3.8/multiprocessing/process.py", line 315 in _bootstrap
  File "/usr/lib/python3.8/multiprocessing/popen_fork.py", line 75 in _launch
  File "/usr/lib/python3.8/multiprocessing/popen_fork.py", line 19 in __init__
  File "/usr/lib/python3.8/multiprocessing/context.py", line 277 in _Popen
  File "/usr/lib/python3.8/multiprocessing/context.py", line 224 in _Popen
  File "/usr/lib/python3.8/multiprocessing/process.py", line 121 in start
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 212 in recover_keys
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 181 in extract_nonces_from_file
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 46 in run
  File "/home/cocus/.local/lib/python3.8/site-packages/FlipperNested/cli.py", line 17 in main
  File "/home/cocus/.local/bin/FlipperNested", line 8 in <module>
[!!!] Something went VERY wrong in key recovery.
You MUST report this to developer!
[+] Found potential 3 keys, use "Check found keys" in app

nested-debug.zip

Seems like the problem is on the "calculate_keys_hard" function? Not sure where though.

nullc0rp commented 1 year ago

Hello.

Same error, ubuntu linux 20.04

FlipperNested --progress [15/11/23 | 12:36:19] [?] Checking xxxxx.nonces Recovering key type A, sector 1 [=] Hardnested attack starting... [=] ---------+---------+---------------------------------------------------------+-----------------+------- [=] | | | Expected to brute force [=] Time | #nonces | Activity | #states | time [=] ---------+---------+---------------------------------------------------------+-----------------+------- [=] 0 | 0 | Start using 8 threads | | [=] 0 | 0 | Brute force benchmark: 264 million (2^28,0) keys/s | 140737488355328 | 6d [=] 1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 6d [=] 10 | 256 | Loading nonces from file | 372972847104 | 24min [=] 18 | 512 | Loading nonces from file | 372024573952 | 23min [=] 21 | 768 | Loading nonces from file | 372024573952 | 23min [=] 22 | 1024 | Loading nonces from file | 372024573952 | 23min [=] 23 | 1280 | Loading nonces from file | 372024573952 | 23min [=] 23 | 1536 | Loading nonces from file | 372024573952 | 23min [=] 26 | 1590 | Apply Sum property. Sum(a0) = 128 | 45874135040 | 3min [=] 26 | 1590 | Apply bit flip properties | 45874135040 | 3min [=] 27 | 1590 | Apply bit flip properties | 45874135040 | 3min [=] 28 | 1590 | Apply bit flip properties | 45874135040 | 3min [=] 28 | 1590 | (Ignoring Sum(a8) properties) | 45874135040 | 3min [=] 167 | 1590 | Brute force phase completed. Key found: D8CD3540F3CA | 0 | 0s Found 1 key(s): ['xxxxxxxxxxx'] Recovering key type A, sector 2 [=] Hardnested attack starting... [=] ---------+---------+---------------------------------------------------------+-----------------+------- [=] | | | Expected to brute force [=] Time | #nonces | Activity | #states | time [=] ---------+---------+---------------------------------------------------------+-----------------+------- [=] 0 | 0 | Start using 8 threads | | [=] 0 | 0 | Brute force benchmark: 147 million (2^27,1) keys/s | 140737488355328 | 11d [=] 1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 11d [=] 15 | 256 | Loading nonces from file | 401885822976 | 45min [=] 23 | 512 | Loading nonces from file | 372024573952 | 42min [=] 28 | 768 | Loading nonces from file | 372024573952 | 42min [=] 30 | 1024 | Loading nonces from file | 372024573952 | 42min [=] 31 | 1280 | Loading nonces from file | 372024573952 | 42min [=] 32 | 1536 | Loading nonces from file | 372024573952 | 42min [=] 36 | 1754 | Apply Sum property. Sum(a0) = 128 | 65663377408 | 7min [=] 37 | 1754 | Apply bit flip properties | 65663377408 | 7min [=] 37 | 1754 | Apply bit flip properties | 65663377408 | 7min [=] 38 | 1754 | Apply bit flip properties | 65663377408 | 7min [=] 38 | 1754 | (Ignoring Sum(a8) properties) | 65663377408 | 7min Fatal Python error: Segmentation fault

Thread 0x00007f55945c9740 (most recent call first): File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 317 in calculate_keys_hard File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 15 in wrapper_hard File "/usr/lib/python3.8/multiprocessing/process.py", line 108 in run File "/usr/lib/python3.8/multiprocessing/process.py", line 315 in _bootstrap File "/usr/lib/python3.8/multiprocessing/popen_fork.py", line 75 in _launch File "/usr/lib/python3.8/multiprocessing/popen_fork.py", line 19 in init File "/usr/lib/python3.8/multiprocessing/context.py", line 277 in _Popen File "/usr/lib/python3.8/multiprocessing/context.py", line 224 in _Popen File "/usr/lib/python3.8/multiprocessing/process.py", line 121 in start File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 212 in recover_keys File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 171 in extract_nonces_from_flipper File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/main.py", line 44 in run File "/home/xead/.local/lib/python3.8/site-packages/FlipperNested/cli.py", line 17 in main File "/home/xead/.local/bin/FlipperNested", line 8 in [!!!] Something went VERY wrong in key recovery. You MUST report this to developer! [+] Found potential 1 keys, use "Check found keys" in app

cocus commented 1 year ago

I've figured that you can use the code directly out of the python wrapper. I had 100% success when this failed. Try with https://github.com/nfc-tools/mfoc-hardnested.git and the following set of patches: offline-stuff.patch

(I was lazy and didn't modify it properly, but just have a look at the new main() sources and put your UID and path to the nonces file you want to use). It just works!