Default key does not accepted

HakonHystad / MFRC522_nested_attack

mifare nested authentication attack with the MFRC522 reader

GNU General Public License v3.0

61 stars 21 forks source link

Default key does not accepted #10

Open zsomi18 opened 5 years ago

zsomi18 commented 5 years ago

Hello, I'm having difficulties with extracting the keys. I always receive the following output:

Recovering keys.. this may take some time Timeout Not the right key? Could not authenticate Could not find key, time elapsed: 0 Timeout

Things that I've done:

setup: raspberry pi 2b raspbian. stretch 9.9 kernel (4.19.58-v7+) wiring: MOSI-19, MISO-21, SCK-23, RST-22, SDA/SS-24
with other tools discovered that the blocs 0- 48 have the default key a0a1a2a3a4a5
Modded RC522.cpp and added this key instead ffffffffffff. _byte defkeys[6] = {0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5} ; in for loop-> _p_keys[sector][bytePos] = defkeys[bytePos];// fill with default key
Modded main.cpp with correct vectors _(AUTHENTA, 4, 49, )

I also cloned @omersiar project but that is a no go too.

Do you guys have any hint, what should I check?

toast254 commented 5 years ago

almost done the same as you but I reversed the key (when using @omersiar fork) and it seems to go a bit further

main.cpp


byte key[] = {0xa5, 0xa4, 0xa3, 0xa2, 0xa1, 0xa0};

com.crackKey( AUTHENT_A, 63, 4, key);


>RC522.cpp

byte def_keys[6] = {0xA5, 0xA4, 0xA3, 0xA2, 0xA1, 0xA0} ; ... ... p_keys[sector][bytePos] = def_keys[bytePos];


Result :

$ make && sudo ./crack g++ -c --std=c++11 src/main.cpp -o build/main.o g++ build/main.o build/RC522.o build/MFrec.o build/crapto1.o build/crypto1.o -o crack -lpthread -lwiringPi Recovering keys.. this may take some time <45.484>Round 1: Found 1140818 possible keys, with most repeated key: 1 Timeout Could not find key, time elapsed: 45.484 Timeout

zsomi18 commented 5 years ago

Hi!

Yeah, I figured out myself too ... but I'm still far from cracking the key. I have the impression that my tag must have a hardened security.

For the next attempt I'll try to systematically play with the timings and other attributes.

HontoNoRoger commented 4 years ago

@zsomi18 Did you get it to work?

zsomi18 commented 4 years ago

Hey @HontoNoRoge, in short no I didn’t. I changed the usb reader and used a classic nested attack technique. It worked 😀

Hugomm commented 3 years ago

@zsomi18 @toast254 @HontoNoRoger @HakonHystad

Anyone has fixed the "Timeout" error? I have this output every time, I thinks its on the correct way but "Timeout" stops the exec.

./crack
Recovering keys.. this may take some time
<26.2032>Round 1: Found 977793 possible keys, with most repeated key: 0
Could not find key, time elapsed: 26.2032
Timeout

____________________________________________________________________________________

./crack
Recovering keys.. this may take some time
<28.3276>Round 1: Found 595026 possible keys, with most repeated key: 0
Could not find key, time elapsed: 28.3276
Timeout

____________________________________________________________________________________
./crack
Recovering keys.. this may take some time
<33.2>Round 1: Found 1229344 possible keys, with most repeated key: 0
Could not find key, time elapsed: 33.2
Timeout