search

RfidResearchGroup / proxmark3

Iceman Fork - Proxmark3
http://www.icedev.se
GNU General Public License v3.0
3.81k stars 1.01k forks source link

Mifare 4K emulation failed to be read #219

Closed hornyd closed 5 years ago

hornyd commented 5 years ago

Describe the bug I have all the keys of the mifare 4K card and can read blocks with no problem with the proxmark. I generate a dump or manually generate the dump file and can be successfully loaded to memory

[usb] pm3 --> hf mf eload 4 hf-mf-B6FDD1A7-data [+] loaded 4096 bytes from text file hf-mf-B6FDD1A7-data.eml [=] Copying to emulator memory ............................................................

[+] Loaded 256 blocks from file: hf-mf-B6FDD1A7-data [usb] pm3 --> hf mf sim

Now, it is supposed to be in the memory. When I try to read the memory from a OMNIKEY reader (tool to read the card content), I am Always getting the error

15246650 [AWT-EventQueue-0] INFO X.card.client.pcsc.PcscClientThread - cardTerminal: PC/SC terminal OMNIKEY CardMan 5x21-CL 0 15246657 [Thread-25] INFO X.card.client.pcsc.PcscClientThread - Card detected 15248257 [Thread-25] INFO X.card.client.pcsc.PcscClientThread - Card detection finished 15249787 [Thread-25] INFO X.cardtool.ui.view.ioactions.AbstractIoAction - Status text: Writing Mifare4K card ... 15249787 [Thread-25] WARN X.card.mifare.Mifare4K - Reset card for retry. 15249787 [Thread-25] ERROR X.cardtool.ui.view.CardIODialog - Failed to handle card X.card.CardClientException: Could not read from block 0 at X.card.client.pcsc.common.MifarePcscClient.readMifareData(MifarePcscClient.java:86) at X.card.mifare.Mifare4K.read(Mifare4K.java:320) at X.card.mifare.Mifare4K.write(Mifare4K.java:357) at X.card.mifare.Mifare4K.writeCardContents(Mifare4K.java:941) at X.faremedia.card.Mifare4KCardManager.writeDataToCard(Mifare4KCardManager.java:485) at X.faremedia.card.Mifare4KCardManager.writeCardContentsGenericFromCardTool(Mifare4KCardManager.java:481) at X.faremedia.card.Mifare4KCardManager.writeCardContentsFromCardTool(Mifare4KCardManager.java:417) at X.cardtool.ui.view.ioactions.WriteIoAction.handleCsc(WriteIoAction.java:63) at X.cardtool.ui.view.CardIODialog.cardDetected(CardIODialog.java:364) at X.faremedia.card.WaitForCardHelper.cardDetected(WaitForCardHelper.java:226) at X.card.client.pcsc.PcscClientThread.cardDetected(PcscClientThread.java:226) at X.card.client.pcsc.PcscClientThread.run(PcscClientThread.java:139) Caused by: X.card.CardClientException: Could not load key 0 at X.card.client.pcsc.common.MifarePcscClient.authenticateImpl(MifarePcscClient.java:74) at X.card.client.pcsc.common.MifarePcscClient.readMifareDataImpl(MifarePcscClient.java:178) at X.card.client.pcsc.common.MifarePcscClient.readMifareData(MifarePcscClient.java:84) ... 11 more Caused by: X.card.CardClientException: Could not exchange APDU. at X.card.client.pcsc.PcscClientThread.exchangeAPDU(PcscClientThread.java:269) at X.card.client.pcsc.omnikey.OmnikeyPcScProxy.exchange(OmnikeyPcScProxy.java:101) at X.card.client.pcsc.omnikey.OmnikeyPcScProxy.loadKey(OmnikeyPcScProxy.java:97) at X.card.client.pcsc.common.MifarePcscClient.authenticateImpl(MifarePcscClient.java:72) ... 13 more Caused by: X.smartcard.exception.SmartCardException: Card is not available: Did not receive reply to CommandAPDU [cla=FF, ins=82, p1=20, p2=00, lc=06, le=NULL, data=00 00 00 00 00 00 ] at X.common.smartcard.SmartCard.exchangeAPDU(SmartCard.java:185) at X.card.client.pcsc.PcscClientThread.exchangeAPDU(PcscClientThread.java:258) ... 16 more

To Reproduce Steps to reproduce the behavior:

  1. Run the Check Keys command using the local file with the correct keys
  2. Run the hf mf dump 4
  3. Load the dump to memory

Expected behavior The tool can read or write to memory

Desktop (please complete the following information): [usb] pm3 --> hw version

[ Proxmark3 RFID instrument ]

[ CLIENT ] client: RRG/Iceman

[ PROXMARK RDV4 ] external flash: present smartcard reader: present

[ PROXMARK RDV4 Extras ] FPC USART for BT add-on support: absent

[ ARM ] bootrom: RRG/Iceman// 2019-07-01 16:33:22 os: RRG/Iceman// 2019-07-01 16:33:14

[ FPGA ] LF image built for 2s30vq100 on 2019/ 4/18 at 9:35:32 HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23

[ Hardware ] --= uC: AT91SAM7S512 Rev B --= Embedded Processor: ARM7TDMI --= Nonvolatile Program Memory Size: 512K bytes, Used: 249450 bytes (48%) Free: 274838 bytes (52%) --= Second Nonvolatile Program Memory Size: None --= Internal SRAM Size: 64K bytes --= Architecture Identifier: AT91SAM7Sxx Series --= Nonvolatile Program Memory Type: Embedded Flash Memory

[usb] pm3 --> hw status

db# Memory

db# BIGBUF_SIZE.............40000

db# Available memory........39168

db# Tracing

db# tracing ................0

db# traceLen ...............6781

db# Currently loaded FPGA image

db# mode.................... HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23

db# Flash memory

db# Baudrate................24 MHz

db# Init....................OK

db# Memory size.............2 mbits / 256 kb

db# Unique ID...............0xD567A882A75C9425

db# Smart card module (ISO 7816)

db# version.................v3.11

db# LF Sampling config

db# [q] divisor.............95 ( 125 kHz )

db# [b] bps.................8

db# [d] decimation..........1

db# [a] averaging...........Yes

db# [t] trigger threshold...0

db# LF T55XX config

db# [a] startgap............29*8 (232)

db# [b] writegap............17*8 (136)

db# [c] write_0.............15*8 (120)

db# [d] write_1.............47*8 (376)

db# [e] readgap.............15*8 (120)

db# Transfer Speed

db# Sending packets to client...

db# Time elapsed............500ms

db# Bytes transferred.......271872

db# Transfer Speed PM3 -> Client = 543744 bytes/s

db# Various

db# DBGLEVEL................1

db# ToSendMax...............39

db# ToSendBit...............8

db# ToSend BUFFERSIZE.......2308

db# Installed StandAlone Mode

db# LF HID26 standalone - aka SamyRun (Samy Kamkar)

db# Flash memory dictionary loaded

[usb] pm3 --> data tune

[=] Measuring antenna characteristics, please wait...

....

[+] LF antenna: 68.40 V - 125.00 kHz [+] LF antenna: 34.84 V - 134.00 kHz [+] LF optimal: 68.97 V - 123.71 kHz [+] LF antenna is OK

[+] HF antenna: 48.58 V - 13.56 MHz [+] HF antenna is OK

[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

Additional context I tried with Chameleon Mini Rev E it also fails. A note: I tried also with Utralight following the equivalent param and it works very well.

What am I missing to emulate 4K card?

hornyd commented 5 years ago

This issue was related to distance with the validator field. Issue can be closed.