Open ikarus23 opened 5 days ago
iceman1001
commented
4 days ago Odd, 32 or 64b OS? I assume you compiled with clean and flashed properly. Since I see AVX512F, but there shouldn't be any difference in the hardnested loop client side based on device.
Might be something with the device not answering a correct message for turning off, which triggers this.
Still it would be a long shot.
Are you able to debug with GDB?
ikarus23
commented
2 days ago OK, I was now able to crack the key using said arch system for the first time. The difference was, that the hardnested never hit (Ignoring Sum(a8) properties).
[=] 24 | 2421 | Apply bit flip properties | 1286970496 | 2s
[=] 25 | 2421 | (1. guess: Sum(a8) = 224) | 1286970496 | 2s
[=] 25 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 1286970496 | 2s
[=] 25 | 2421 | (2. guess: Sum(a8) = 128) | 1650445824 | 3s
[=] 26 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 1650445824 | 3s
[=] 27 | 2421 | (3. guess: Sum(a8) = 176) | 1366196096 | 2s
[=] 27 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 1366190464 | 2s
[=] 27 | 2421 | (4. guess: Sum(a8) = 144) | 1639314560 | 3s
[=] 27 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 1639302144 | 3s
[=] 27 | 2421 | (5. guess: Sum(a8) = 160) | 1915817728 | 3s
[=] 28 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 1915817728 | 3s
[=] 28 | 2421 | (6. guess: Sum(a8) = 192) | 2538548480 | 4s
[=] 28 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 2538546176 | 4s
[=] 28 | 2421 | (7. guess: Sum(a8) = 136) | 3514929152 | 6s
[=] 29 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 3514932480 | 6s
[=] 29 | 2421 | (8. guess: Sum(a8) = 200) | 5112785920 | 9s
[=] 29 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 5112780800 | 9s
[=] 29 | 2421 | (9. guess: Sum(a8) = 152) | 8961154048 | 16s
[=] 30 | 2421 | Apply Sum(a8) and all bytes bitflip properties | 8961154048 | 16s
[=] 30 | 2421 | Brute force phase completed. Key found: XXXXXXXX | 0 | 0sAlso, as discussed over discord, It does not seem to be a PM3 rdv4 vs. PM3 Easy. The issue is probably with the system. I was able to crack that key using the same PM3 rdv4 on another arch device.
ikarus23
commented
2 days ago OK, got some other news. I start to believe that the issue is with AVX512, like you expected. I have not Issues recovering the keys using the PM3 rdv4 on a system that has only AVX2. But I get the issue mentioned in the initial post on an system with AVX512.
Another quick test I did: I used a kali vm on the system with AVX512. Maybe the AVX512 feature is not exposed to the vm, because inside the vm everything is working fine with hardnested.
Hi. I have (temporary) access to genuine MIFARE Classic EV1 tag. I tried to recover the keys using the hardnested method and noticed something strange: It works on the PM3 Easy but it does NOT work on the PM3 rdv4.
PM3 rdv4:
PM3 Easy:
I've tried a lot for the PM3 rdv4. Repeated over 10 times, changed the card position, changed the distance between card an PM3, etc., but it always pauses at
(Ignoring Sum(a8) properties)for some seconds and then fails.Since it is so reproducible for this card, I think it might be a bug. Is something preventing the PM3 rdv4 from entering the brute force phase? I'm on arch using the latest code from the repo.