search

DarkFlippers / unleashed-firmware

Flipper Zero Unleashed Firmware
https://t.me/flipperzero_unofficial
GNU General Public License v3.0
15.84k stars 1.34k forks source link

[NFC] Mifare Classic 1k - Cant read all sectors with all keys available #345

Closed UrSuLa360 closed 1 year ago

UrSuLa360 commented 1 year ago

Describe the bug.

Mifare classic 1k tag with only 5 custom B keys. (5 sectors protected ) I know these keys, they are already added in the user key dictionary. When reading the tag, the flipper got all keys but can't unlock the protected sectors.

Screenshot-20230217-095639

Reproduction

NFC->Read Get flipper near tag

Wait for it :)

Target

NFC

Logs

`Firmware version: release-cfw unlshd-030e (da68f2e4 built on 13-02-2023)

: log Press CTRL+C to stop... 861514 [I][LoaderSrv] Starting: NFC 861523 [I][AnimationManager] Unload animation 'L1_Tv_128x47' 861975 [D][DolphinState] icounter 844, butthurt 0 863338 [I][NfcWorker] Mifare Classic detected 863342 [I][NfcWorker] Trying to read a supported card ... 863348 [D][Plant] Verifying sector 8 863408 [D][FuriHalNfc] Timeout during data exchange 863414 [D][Troika] Verifying sector 11 863468 [D][FuriHalNfc] Timeout during data exchange 863472 [I][NfcWorker] Search for key cache ... 863584 [I][NfcWorker] Load keys cache success. Start reading 863586 [D][MfClassic] Try to read blocks with key A 863664 [D][MfClassic] Read 4 blocks out of 4 863667 [D][MfClassic] Try to read blocks with key A 863743 [D][MfClassic] Read 4 blocks out of 4 863746 [D][MfClassic] Try to read blocks with key A 863817 [D][MfClassic] Read 4 blocks out of 4 863820 [D][MfClassic] Try to read blocks with key A 863891 [D][MfClassic] Read 4 blocks out of 4 863894 [D][MfClassic] Try to read blocks with key A 863966 [D][MfClassic] Read 4 blocks out of 4 863969 [D][MfClassic] Try to read blocks with key A 864045 [D][MfClassic] Read 4 blocks out of 4 864048 [D][MfClassic] Try to read blocks with key A 864119 [D][MfClassic] Read 4 blocks out of 4 864122 [D][MfClassic] Try to read blocks with key A 864192 [D][MfClassic] Read 4 blocks out of 4 864195 [D][MfClassic] Try to read blocks with key A 864267 [D][MfClassic] Read 4 blocks out of 4 864270 [D][MfClassic] Try to read blocks with key A 864342 [D][MfClassic] Read 4 blocks out of 4 864346 [D][MfClassic] Try to read blocks with key A 864424 [D][MfClassic] Read 4 blocks out of 4 864427 [D][MfClassic] Try to read blocks with key A 864589 [D][FuriHalNfc] Timeout during data exchange 864693 [D][FuriHalNfc] Timeout during data exchange 864753 [D][MfClassic] Read 2 blocks out of 4 864756 [D][MfClassic] Try to read blocks with key B 864960 [D][MfClassic] Try to read blocks with key A 865064 [D][FuriHalNfc] Timeout during data exchange 865168 [D][FuriHalNfc] Timeout during data exchange 865272 [D][FuriHalNfc] Timeout during data exchange 865328 [D][MfClassic] Read 1 blocks out of 4 865331 [D][MfClassic] Try to read blocks with key B 865534 [D][MfClassic] Try to read blocks with key A 865641 [D][FuriHalNfc] Timeout during data exchange 865758 [D][FuriHalNfc] Timeout during data exchange 865862 [D][FuriHalNfc] Timeout during data exchange 865918 [D][MfClassic] Read 1 blocks out of 4 865921 [D][MfClassic] Try to read blocks with key B 866124 [D][MfClassic] Try to read blocks with key A 866231 [D][FuriHalNfc] Timeout during data exchange 866335 [D][FuriHalNfc] Timeout during data exchange 866442 [D][FuriHalNfc] Timeout during data exchange 866498 [D][MfClassic] Read 1 blocks out of 4 866501 [D][MfClassic] Try to read blocks with key B 866704 [D][MfClassic] Try to read blocks with key A 866814 [D][FuriHalNfc] Timeout during data exchange 866918 [D][FuriHalNfc] Timeout during data exchange 866979 [D][MfClassic] Read 2 blocks out of 4 866982 [D][MfClassic] Try to read blocks with key B 867184 [D][MfClassic] Read 11 sectors and 32 keys 867186 [I][NfcWorker] Read 11 sectors out of 16 total 867208 [I][MfClassicDict] Loaded dictionary with 5 keys 867215 [D][NfcWorker] Start Dictionary attack, Key Count 5 867221 [I][NfcWorker] Sector 0 867225 [I][NfcWorker] Sector 1 867227 [I][NfcWorker] Sector 2 867229 [I][NfcWorker] Sector 3 867231 [I][NfcWorker] Sector 4 867233 [I][NfcWorker] Sector 5 867235 [I][NfcWorker] Sector 6 867237 [I][NfcWorker] Sector 7 867239 [I][NfcWorker] Sector 8 867241 [I][NfcWorker] Sector 9 867243 [I][NfcWorker] Sector 10 867245 [I][NfcWorker] Sector 11 867300 [D][NfcWorker] Try to auth to sector 11 with key 5191bcd6771d 867303 [D][MfClassic] Try to read blocks with key A 867466 [D][FuriHalNfc] Timeout during data exchange 867520 [D][MfClassic] Read 2 blocks out of 4 867522 [D][MfClassic] Try to read blocks with key B 867728 [I][NfcWorker] Sector 12 867780 [D][NfcWorker] Try to auth to sector 12 with key 5191bcd6771d 867783 [D][MfClassic] Try to read blocks with key A 867889 [D][FuriHalNfc] Timeout during data exchange 867993 [D][FuriHalNfc] Timeout during data exchange 868050 [D][MfClassic] Read 1 blocks out of 4 868054 [D][MfClassic] Try to read blocks with key B 868258 [I][NfcWorker] Sector 13 868308 [D][NfcWorker] Try to auth to sector 13 with key 5191bcd6771d 868311 [D][MfClassic] Try to read blocks with key A 868417 [D][FuriHalNfc] Timeout during data exchange 868521 [D][FuriHalNfc] Timeout during data exchange 868575 [D][MfClassic] Read 1 blocks out of 4 868577 [D][MfClassic] Try to read blocks with key B 868780 [I][NfcWorker] Sector 14 868832 [D][NfcWorker] Try to auth to sector 14 with key 5191bcd6771d 868835 [D][MfClassic] Try to read blocks with key A 868941 [D][FuriHalNfc] Timeout during data exchange 869045 [D][FuriHalNfc] Timeout during data exchange 869102 [D][MfClassic] Read 1 blocks out of 4 869106 [D][MfClassic] Try to read blocks with key B 869310 [I][NfcWorker] Sector 15 869361 [D][NfcWorker] Try to auth to sector 15 with key 5191bcd6771d 869364 [D][MfClassic] Try to read blocks with key A 869470 [D][FuriHalNfc] Timeout during data exchange 869524 [D][MfClassic] Read 2 blocks out of 4 869526 [D][MfClassic] Try to read blocks with key B 869976 [I][MfClassicDict] Loaded dictionary with 3560 keys 869983 [D][NfcWorker] Start Dictionary attack, Key Count 3560 869987 [I][NfcWorker] Sector 0 869989 [I][NfcWorker] Sector 1 869991 [I][NfcWorker] Sector 2 869993 [I][NfcWorker] Sector 3 869995 [I][NfcWorker] Sector 4 869997 [I][NfcWorker] Sector 5 869999 [I][NfcWorker] Sector 6 870001 [I][NfcWorker] Sector 7 870003 [I][NfcWorker] Sector 8 870005 [I][NfcWorker] Sector 9 870007 [I][NfcWorker] Sector 10 870009 [I][NfcWorker] Sector 11 870067 [D][NfcWorker] Try to auth to sector 11 with key ffffffffffff 870070 [D][MfClassic] Try to read blocks with key A 870233 [D][FuriHalNfc] Timeout during data exchange 870287 [D][MfClassic] Read 2 blocks out of 4 870289 [D][MfClassic] Try to read blocks with key B 870492 [I][NfcWorker] Sector 12 870552 [D][NfcWorker] Try to auth to sector 12 with key ffffffffffff 870555 [D][MfClassic] Try to read blocks with key A 870662 [D][FuriHalNfc] Timeout during data exchange 870769 [D][FuriHalNfc] Timeout during data exchange 870831 [D][MfClassic] Read 1 blocks out of 4 870833 [D][MfClassic] Try to read blocks with key B 871036 [I][NfcWorker] Sector 13 871092 [D][NfcWorker] Try to auth to sector 13 with key ffffffffffff 871095 [D][MfClassic] Try to read blocks with key A 871201 [D][FuriHalNfc] Timeout during data exchange 871305 [D][FuriHalNfc] Timeout during data exchange 871362 [D][MfClassic] Read 1 blocks out of 4 871366 [D][MfClassic] Try to read blocks with key B 871570 [I][NfcWorker] Sector 14 871626 [D][NfcWorker] Try to auth to sector 14 with key ffffffffffff 871629 [D][MfClassic] Try to read blocks with key A 871735 [D][FuriHalNfc] Timeout during data exchange 871841 [D][FuriHalNfc] Timeout during data exchange 871895 [D][MfClassic] Read 1 blocks out of 4 871897 [D][MfClassic] Try to read blocks with key B 872100 [I][NfcWorker] Sector 15 872160 [D][NfcWorker] Try to auth to sector 15 with key ffffffffffff 872163 [D][MfClassic] Try to read blocks with key A 872269 [D][FuriHalNfc] Timeout during data exchange 872323 [D][MfClassic] Read 2 blocks out of 4 872325 [D][MfClassic] Try to read blocks with key B 872737 [D][DolphinState] icounter 846, butthurt 0 884992 [I][SavedStruct] Loading "/int/.desktop.settings" 884995 [D][BtBatterySvc] Updating battery level characteristic 902741 [I][Dolphin] Flush stats 902743 [I][SavedStruct] Saving "/int/.dolphin.state" 902754 [D][StorageInt] Device erase: page 14, translated page: cf 902777 [D][StorageInt] Device sync: skipping 902780 [I][DolphinState] State saved 990474 [I][SavedStruct] Loading "/int/.desktop.settings" 990477 [D][BtBatterySvc] Updating battery level characteristic`

Anything else?

No response

xMasterX commented 1 year ago

Since we have no correct dumps of your card and can't replicate this issue what you need to do

Install latest official firmware dev branch, verify that your keys still in user dict (they should stay) Then try to read it again, if it still does same thing

it can mean two problems, first, card can have access bits set in a way you cannot read those sectors, only write for example system that uses this card writes different settings to that sectors, reads them, writes new data, then writes settings to lock them back

or if you think that issue is related to firmware and it will be present in OFW, create issue in official repo

UrSuLa360 commented 1 year ago

I have checked latest official firmware can't read the card anyway.

But using and old official firmware can read it (i.e 72.1) Screenshot-20230219-231634

I will open this bug in official repo.

Thank you very much for all the work you all are doing.

UrSuLa360 commented 1 year ago

Fixed in unlshd-034

Thank you all