search

amheydari / proxmark3

Automatically exported from code.google.com/p/proxmark3
GNU General Public License v2.0
0 stars 0 forks source link

first 2 bytes of the keys are zeroed in "hf mf nested" output #39

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Run "hf mf nested 1 0 a ffffffffffff" on a card whose first sector is locked 
with ffffffffffff key a, other sectors locked with other keys

What is the expected output? What do you see instead?
expected output:
Found valid key:4b6a3719d32a
actual output:
Found valid key:00003719d32a
the first 2 bytes are zeroed

Also the summary at the end of the command is wrong:
|---|----------------|-------|----------------|-------------|
|sec|key A           |res    |key B           |res          |
|---|----------------|-------|----------------|-------------|
|000|  0000ffffffff  | 65535 |  000000000001  | -85167063   |
|001|  0000197dc50f  | 15200 |  000000000001  | 704548052   |
|002|  000019fae87c  | 53575 |  000000000001  | 922793753   |
|003|  000099d627ff  | 1819  |  000000000001  | 924439338   |
|004|  0000a471d423  | 65064 |  000000000001  | -1801225694 |
|005|  00002a9fc954  | 41598 |  000000000001  | 414542648   |
|006|  000018b850ca  | 48236 |  000000000001  | 715074929   |
|007|  00009e1c64d3  | 8090  |  000000000001  | -1696862380 |
|008|  00004315ab29  | 22157 |  000000000001  | 398629738   |
|009|  0000111d4326  | 6234  |  000000000001  | 875735394   |
|010|  000073f70fd5  | 2493  |  000000000001  | -1956914071 |
|011|  0000c9b383ad  | 11080 |  000000000001  | 613525088   |
|012|  0000b91c6705  | 22056 |  000000000001  | 1652553483  |
|013|  0000315a1980  | 56244 |  000000000001  | -1954200790 |
|014|  00002491a6fa  | 13765 |  000000000001  | -1491499758 |
|015|  000064c71145  | 53413 |  000000000001  | 2034906379  |
|---|----------------|-------|----------------|-------------|

What version of the product are you using? On what operating system?
WinXp 32 bit, r604 compiled with ProxSpace-20100226-r390.7z, clean except for 
CROSS ?= arm-eabi- in the makefile.

Please provide any additional information below.
The bug also happened with "hf mf mifare", the key displayed missed the first 2 
bytes. I will run the command again later and add the exact output to this bug.
If saving the keys with "hf mf nested 1 0 a ffffffffffff d" the key file 
contains the *right* key, the bug only seem to impact the display, the 
algorithm gathers the right keys.

Original issue reported on code.google.com by marc.ven...@gmail.com on 28 Jul 2012 at 8:25

GoogleCodeExporter commented 9 years ago 
Here is the output of "hf mf mifare". The key found is not valid, most probably 
because the first 2 bytes were zeroed.

proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. It may take up to 30 min.
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
................................................................................
...........

isOk:01

uid(bebcfd1e) nt(4d097d02) par(000000006a32a25a) ks(00000000b29a1a02)

#db# COMMAND mifare FINISHED

|diff|{nr}    |ks3|ks3^5|parity         |
+----+--------+---+-----+---------------+
| 00 |00000000| a |  f  |0,1,0,0,1,1,0,1|
| 20 |00000020| 3 |  6  |0,1,0,1,1,0,0,1|
| 40 |00000040| c |  9  |0,1,0,1,1,0,0,0|
| 60 |00000060| 0 |  5  |0,1,0,0,0,0,0,0|
| 80 |00000080| 4 |  1  |0,1,0,1,0,1,1,0|
| a0 |000000a0| d |  8  |0,1,0,0,1,1,0,0|
| c0 |000000c0| c |  9  |0,1,0,0,0,1,0,1|
| e0 |000000e0| d |  8  |0,1,0,1,1,0,1,0|
------------------------------------------------------------------
Key found:0000713a030d

Found valid key:0000713a030d

Original comment by marc.ven...@gmail.com on 28 Jul 2012 at 8:34

GoogleCodeExporter commented 9 years ago 
Fixed replacing all the instances of %012llx by %012I64x in printf functions.
The root cause is described in http://www.mingw.org/wiki/FAQ:
Q: Why doesn't %ll work with printf? How do I print a long long value?
A: You should use %I64 instead of %ll when using msvcrt.

Original comment by marc.ven...@gmail.com on 30 Jul 2012 at 12:21

GoogleCodeExporter commented 9 years ago 
Could it have something to do with this? 
https://code.google.com/p/proxmark3/issues/detail?id=43

Original comment by martin.holst on 7 May 2013 at 7:02

GoogleCodeExporter commented 9 years ago 
It does not have anything to do with 
https://code.google.com/p/proxmark3/issues/detail?id=43: the fix for this issue 
is to replace every occurrence of %012llx by %012I64x.

I developed a fix for this issue but I never got SVN access granted. I am no 
longer developing under Win32.

Original comment by marc.ven...@gmail.com on 7 May 2013 at 10:15

GoogleCodeExporter commented 9 years ago 
Afaik, the source code works well since at least few hundred commits back (as 
of writing, code is at r848). I'll assume this is fixed and close it. Please 
reopen if that's not the case.

Original comment by martin.holst on 27 Feb 2014 at 6:26