Closed andrei-cb closed 6 years ago
looks like your client fails... Do you have enough ram memory in your computer?
Yes...
andrei@genisys ~ neofetch
██████████████████ ████████ andrei@genisys
██████████████████ ████████ --------------
██████████████████ ████████ OS: Manjaro Linux x86_64
██████████████████ ████████ Host: 2325BA3 ThinkPad X230
████████ ████████ Kernel: 4.14.27-1-MANJARO
████████ ████████ ████████ Uptime: 1 hour, 9 mins
████████ ████████ ████████ Packages: 917
████████ ████████ ████████ Shell: zsh 5.4.2
████████ ████████ ████████ DE: GNOME
████████ ████████ ████████ Theme: Arc-Maia-Dark [GTK2/3]
████████ ████████ ████████ Icons: Papirus-Adapta-Maia [GTK2/3]
████████ ████████ ████████ Terminal: terminator
████████ ████████ ████████ CPU: Intel i5-3320M (4) @ 3.300GHz
████████ ████████ ████████ GPU: Intel Ivybridge Mobile
Memory: 1058MiB / 7680MiB
file client/proxmark3 client/proxmark3: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=5384b74ebf8d6fc3ad47697e47c037abf7219b70, with debug_info, not stripped
Tried on a Windows system with 16GB as well. It looks like it happens after aplying bit flip properties for the 4th time on both systems.
So... I added some quick printfs in the code and it fails here (function acquire_nonces):
if (!initialize) {
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
if (nonce_file_write) {
fclose(fnonces);
}
return 1;
}
Should I try to increase the timeout?
UPDATE: Increasing the timeout to 20000 solved my problem. I get the "Waiting for a response from the proxmark" for each time after applying bit flip properties but it works out in the end.
Any idea why it takes so long to respond after the first 4 tries?
Here's the output with the new timeout:
0 | 0 | Start using 4 threads and AVX SIMD core | |
0 | 0 | Brute force benchmark: 213 million (2^27.7) keys/s | 140737488355328 | 8d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 8d
5 | 111 | Apply bit flip properties | 12413634560 | 58s
7 | 223 | Apply bit flip properties | 3027186688 | 14s
10 | 335 | Apply bit flip properties | 2290738688 | 11s
13 | 447 | Apply bit flip properties | 1891632768 | 9s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
17 | 557 | Apply bit flip properties | 1095594496 | 5s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
23 | 667 | Apply bit flip properties | 888209408 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
29 | 777 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
35 | 887 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
42 | 997 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
51 | 1108 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
60 | 1217 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
70 | 1328 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
81 | 1435 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
93 | 1544 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
106 | 1653 | Apply bit flip properties | 821945920 | 4s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
121 | 1762 | Apply Sum property. Sum(a0) = 112 | 49279484 | 0s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
134 | 1868 | Apply bit flip properties | 49279484 | 0s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
149 | 1976 | Apply bit flip properties | 49279484 | 0s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
166 | 2083 | Apply bit flip properties | 49279484 | 0s
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
183 | 2083 | (1. guess: Sum(a8) = 256) | 49279484 | 0s
183 | 2083 | Apply Sum(a8) and all bytes bitflip properties | 49279484 | 0s
183 | 2083 | Brute force phase completed. Key found: xxxxxxxxxxxx | 0 | 0s
I also get in dmesg some weird messages: [ 7185.487934] usb 1-1.2: new full-speed USB device number 28 using ehci-pci [ 7190.724576] usb 1-1.2: device descriptor read/64, error -110 [ 7195.982749] cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device [ 7405.397347] usb 1-1.2: USB disconnect, device number 28 [ 7406.087318] usb 1-1.2: new full-speed USB device number 29 using ehci-pci [ 7411.307296] usb 1-1.2: device descriptor read/64, error -110 [ 7416.569052] cdc_acm 1-1.2:1.0: ttyACM1: USB ACM device [ 7446.017666] usb 1-1.2: USB disconnect, device number 29 [ 7447.333963] suspend_common(): ehci_suspend+0x0/0xd0 [ehci_hcd] returns -16 [ 7447.563939] usb 1-1.2: new full-speed USB device number 30 using ehci-pci [ 7452.693923] usb 1-1.2: device descriptor read/64, error -110 [ 7457.955676] cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device
ok, so your nonce collecting is hurting. Try the -s -ss parameters to enable the "slow" aquisition and see if that helps.
Don't forget to have some distance between antenna and tag.
I tried with slow acquisition and some distance between tag and antenna, no success :( I'll try downgrading to "minor Sweet Lemon" release and see how that goes.
hm.. are your udev/rules ok?
I just ran "make udev" before compiling the repository. That's everything I have to do, right?
that should do the trick. Could also be a bad device... where did you buy it from?
I bought it from a seller on Ebay UK. It says "ELECHOUSE" on it but I'm not sure if that's actually the manufacturer. Everything else works really well.
try switching over to offical latest source. if it has the same problem there,...
do the flash in one swoop,
client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
So.... I think I forgot to reboot after the "make udev" =) Anyway, I rebooted, compiled the "minor Sweet Lemon" release and it is now working!
Thank you so much for all the help! :)
UPDATE: So I just recompiled and flashed the master and the issue is still there.... So I guess it's an actual issue, not a problem with the device.
"flashed the master"? Do you mean you went back and flashed latest iceman? or did you mean you took latest offical repo?
I flashed 2 releases:
I got minor Sweet Lemon from here: https://github.com/iceman1001/proxmark3/releases/tag/ice_v3.1.0 By master I meant "Iceman master branch", sorry :D
ok, would you mind flashing latest source from offical pm3 and test?
Sure. I'll let you know when it's done. (probably tomorrow, but I'll try to get it done sooner)
I tested the official pm3 and it works. You can find below details of each image:
Official (working):
qt5ct: using qt5ct plugin
Prox/RFID mark3 RFID instrument
bootrom: iceman// 2018-04-10 21:28:25
os: master/v3.0.1-361-ge069547-suspect 2018-04-10 19:50:54
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 196805 bytes (75%). Free: 65339 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
Iceman fork (not working):
qt5ct: using qt5ct plugin
Proxmark3 RFID instrument
[ ARM ]
bootrom: iceman// 2018-04-10 21:28:25
os: iceman/master/ice_v3.1.0-787-g192aa9ab-dirty-unclean 2018-04-10 22:56:59
[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2017/11/10 at 19:24:16
[ Hardware ]
--= uC: AT91SAM7S256 Rev D
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 256K bytes, Used: 234412 bytes (89%) Free: 27732 bytes (11%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
I tested a bunch of commits and it seems the latest commit is causing this problem. (The SmartCard commit)
Edit: In SMART_CARD_EnableClock function, the issue is resolved if the following line is commented: AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
I'm not really sure what this does :( I mean it probably enables the clock as the function name says, but I don't know why something like this would happen.
I guess the smartcard module shouldn't be always enabled?
nice, that part of the code is under construction, but I pushed some changes meanwhile in order for the hardnest to work. It works during my tests at least.
Just tested your latest commits and hardnested is working. Any tips where I should get some knowledge about all this stuff? (embedded stuff)
My knowledge of embedded C is somewhat limited. (simple C is pretty good :D)
Thanks!
to read up on embedded stuff? I suggest you use your google-foo and start from there. Download the datasheet for the embedded device you want use and see if there is any sample code ...
When I'm trying to bruteforce a card, I get the following errors on my Proxmark3 Easy V3. Any idea what's happening?