search

aczid / crypto1_bs

Bitsliced Crypto-1 brute-forcer
200 stars 78 forks source link

Correct key not recognized #36

Closed vk496 closed 5 years ago

vk496 commented 5 years ago

Hello,

First, thanks for the great work! Would like to see a GPU version of this soon :smile:

I opening the issue because I receive message error when try to use a valid key. Used ACR122u

mfoc test

$ mfoc -O test.bin -k fb4a22820e43
The custom key 0xfb4a22820e43 has been added to the default keys
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): xx  xx  xx  xx  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: fb4a22820e43] -> [.../............]
[Key: ffffffffffff] -> [.../............]
[Key: a0a1a2a3a4a5] -> [.../............]
[Key: d3f7d3f7d3f7] -> [.../............]
[Key: 000000000000] -> [.../............]
[Key: b0b1b2b3b4b5] -> [.../............]
[Key: 4d3a99c351dd] -> [.../............]
[Key: 1a982c7e459a] -> [.../............]
[Key: aabbccddeeff] -> [.../............]
[Key: 714c5c886e97] -> [.../............]
[Key: 587ee5f9350f] -> [.../............]
[Key: a0478cc39091] -> [.../............]
[Key: 533cb6c723f6] -> [.../............]
[Key: 8fd0a4f256e9] -> [.../............]

Sector 00 - Unknown Key A               Unknown Key B
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Found   Key A: fb4a22820e43 Unknown Key B
Sector 04 - Unknown Key A               Unknown Key B
Sector 05 - Unknown Key A               Unknown Key B
Sector 06 - Unknown Key A               Unknown Key B
Sector 07 - Unknown Key A               Unknown Key B
Sector 08 - Unknown Key A               Unknown Key B
Sector 09 - Unknown Key A               Unknown Key B
Sector 10 - Unknown Key A               Unknown Key B
Sector 11 - Unknown Key A               Unknown Key B
Sector 12 - Unknown Key A               Unknown Key B
Sector 13 - Unknown Key A               Unknown Key B
Sector 14 - Unknown Key A               Unknown Key B
Sector 15 - Unknown Key A               Unknown Key B

Using sector 03 as an exploit sector
PRNG is not vulnerable to nested attack

mfcuk test

$ mfcuk -C -V 3:A:fb4a22820e43 -v 3
mfcuk - 0.3.8
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, zveriu@gmail.com, http://andreicostin.com

INFO: Connected to NFC reader: ACS ACR122U 00 00 / ACR122U214

INITIAL ACTIONS MATRIX - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector  |    Key A  |ACTS | RESL    |    Key B  |ACTS | RESL
---------------------------------------------------------------------
0   |  000000000000 | . . | . . |  000000000000 | . . | . .
1   |  000000000000 | . . | . . |  000000000000 | . . | . .
2   |  000000000000 | . . | . . |  000000000000 | . . | . .
3   |  fb4a22820e43 | V . | . . |  000000000000 | . . | . .
4   |  000000000000 | . . | . . |  000000000000 | . . | . .
5   |  000000000000 | . . | . . |  000000000000 | . . | . .
6   |  000000000000 | . . | . . |  000000000000 | . . | . .
7   |  000000000000 | . . | . . |  000000000000 | . . | . .
8   |  000000000000 | . . | . . |  000000000000 | . . | . .
9   |  000000000000 | . . | . . |  000000000000 | . . | . .
10  |  000000000000 | . . | . . |  000000000000 | . . | . .
11  |  000000000000 | . . | . . |  000000000000 | . . | . .
12  |  000000000000 | . . | . . |  000000000000 | . . | . .
13  |  000000000000 | . . | . . |  000000000000 | . . | . .
14  |  000000000000 | . . | . . |  000000000000 | . . | . .
15  |  000000000000 | . . | . . |  000000000000 | . . | . .

VERIFY: 
    Key A sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f
    Key B sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f

ACTION RESULTS MATRIX AFTER VERIFY - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector  |    Key A  |ACTS | RESL    |    Key B  |ACTS | RESL
---------------------------------------------------------------------
0   |  000000000000 | . . | . . |  000000000000 | . . | . .
1   |  000000000000 | . . | . . |  000000000000 | . . | . .
2   |  000000000000 | . . | . . |  000000000000 | . . | . .
3   |  fb4a22820e43 | V . | V . |  000000000000 | . . | . .
4   |  000000000000 | . . | . . |  000000000000 | . . | . .
5   |  000000000000 | . . | . . |  000000000000 | . . | . .
6   |  000000000000 | . . | . . |  000000000000 | . . | . .
7   |  000000000000 | . . | . . |  000000000000 | . . | . .
8   |  000000000000 | . . | . . |  000000000000 | . . | . .
9   |  000000000000 | . . | . . |  000000000000 | . . | . .
10  |  000000000000 | . . | . . |  000000000000 | . . | . .
11  |  000000000000 | . . | . . |  000000000000 | . . | . .
12  |  000000000000 | . . | . . |  000000000000 | . . | . .
13  |  000000000000 | . . | . . |  000000000000 | . . | . .
14  |  000000000000 | . . | . . |  000000000000 | . . | . .
15  |  000000000000 | . . | . . |  000000000000 | . . | . .

RECOVER:  0 1 2 3 4 5 6 7 8 9 a b c d e f

ACTION RESULTS MATRIX AFTER RECOVER - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector  |    Key A  |ACTS | RESL    |    Key B  |ACTS | RESL
---------------------------------------------------------------------
0   |  000000000000 | . . | . . |  000000000000 | . . | . .
1   |  000000000000 | . . | . . |  000000000000 | . . | . .
2   |  000000000000 | . . | . . |  000000000000 | . . | . .
3   |  fb4a22820e43 | V . | V . |  000000000000 | . . | . .
4   |  000000000000 | . . | . . |  000000000000 | . . | . .
5   |  000000000000 | . . | . . |  000000000000 | . . | . .
6   |  000000000000 | . . | . . |  000000000000 | . . | . .
7   |  000000000000 | . . | . . |  000000000000 | . . | . .
8   |  000000000000 | . . | . . |  000000000000 | . . | . .
9   |  000000000000 | . . | . . |  000000000000 | . . | . .
10  |  000000000000 | . . | . . |  000000000000 | . . | . .
11  |  000000000000 | . . | . . |  000000000000 | . . | . .
12  |  000000000000 | . . | . . |  000000000000 | . . | . .
13  |  000000000000 | . . | . . |  000000000000 | . . | . .
14  |  000000000000 | . . | . . |  000000000000 | . . | . .
15  |  000000000000 | . . | . . |  000000000000 | . . | . .

But when I try to use libnfc_crypto1_crack, get the error:

$ libnfc_crypto1_crack fb4a22820e43 3 A 0 B
Reader-answer transfer error, exiting.. fb4a22820e43 doesn't look like the right key A for block 3 (sector 0)

How can I provide more verbose logs?

BR

iceman1001 commented 5 years ago

.....doesn't look like the right key A for block 3 (sector 0)......

vk496 commented 5 years ago

Ups, you right!

blocks, no sectors....

Closing...