Closed Man-of-Wood closed 8 years ago
iceman1001
commented
8 years ago I think you don't understand the hardnested attack but getting keys is the keyissue (pun) I suggest sniffing the traffic between valid reader/tag, or default keys. Otherwise you are out of luck.
Man-of-Wood
commented
8 years ago My apologies if I'm not getting what you're saying, I'm fairly new to crypto stuff. I'm trying to get some practical examples to go with the 2 papers I read about this.
I'm talking about libnfc_crypto1_crack being able to get all keys for every block when you have at least one key. Now say I have a card where I don't know any key and no default keys are used.
How would I go about obtaining a key to at least one block so I can get the rest with libnfc_crypto1_crack. I understand that 'the Darkside' attack was used for this, which is implemented by mfcuk. But with the latest build of mfcuk not being able to crack weaker cards (bug) I haven't been able to get this to work.
So basically I'm asking if there is another way about doing this.
iceman1001
commented
8 years ago No, I quote
I suggest sniffing the traffic between valid reader/tag, or default keys. Otherwise you are out of luck.
Man-of-Wood
commented
8 years ago Alright thanks.
aczid
commented
8 years ago I agree with @iceman1001, if you have no working keys, there is not much these tools can do for you. It's outside the scope of the research in the paper. Having a known key is a realistic assumption because NXP recommends this for the Mifare Application Directory (MAD). Having said that, my bitsliced crypto-1 code could be used to make a faster brute-forcer - I've ran some tests but concluded it wouldn't be feasible in practice. Brute forcing the whole 2^48 bit thing will take approximately 130 hours assuming about 600M keys can be checked per second (brand new 2 core skylake i7 with AVX2). Of course you could find a result much sooner.
iceman1001
commented
8 years ago @aczid when will you make a GPU based solver ? ;)
aczid
commented
8 years ago @iceman1001 This brand new Skylake has a real gpu next to it... :) It might happen, but no promises.
iceman1001
commented
8 years ago make me happy, bro!
Hi Aczid,
I'm getting great results using this repo, grats on the work it's very impressive. Times are between 5 minutes and a few hours per block.
Using this however is all based on knowing at least one key to get the rest of the blocks. Is there anything you are using or could recommend to get keys from 1K cards without knowing any key. Mfcuk hasn't been updated in ages and is broken with the current libnfc.
Any advice?