valgrind / gdb cmdhfmfhard.c

[iceman1001]

With @matrix latest changes, I started to get some crashes. Thanks for the tip on using valgrind. Out of the box it doesn't work because the pm3 client is compiled with -o3. Change that to -o1 and you can use valgrind better. Hook it up with GDB, and when running the 'hf mf hardnested' command it now breaks as seen below. My first guess is that the comment made by @piwi,
"// use logarithms to avoid overflow with huge factorials (double type can only hold 170!)"

Program received signal SIGILL, Illegal instruction.
[Switching to Thread 5740]
p_hypergeometric (N=N@entry=256, K=K@entry=32, n=n@entry=4, k=k@entry=0) at cmdhfmfhard.c:264
264         return exp(log_result);
(gdb) 

[matrix]

@18688994688, another version is up

https://github.com/matrix/proxmark3/commit/bd8249afeccb0478d8dbbfb49ed68c6306182f1f

could you retest it ? Thanks

[osysltd]

@matrix FYI I was able to recover with pm3 easy hw the most hardened sector key with your commit, looks stable and functional. Thank you!

[iceman1001]

I've pushed @matrix latest commit.

I'm getting some "no response from proxmark" after success/fail of key retrival. I wonder if the device is still collecting nonces during all time.

[iceman1001]

As seen here: http://pastebin.com/sxR6up1P First time fails, client doesnt continue, second attempt is successful. The number of good bytes increases very fast. pre-mod by matrix it needed to collect a lot of nonces.

[matrix]

Hi @iceman, there're some bugs not related to my mods, like "no response for proxmark", "2^-inf", etc... Please handle as different issue on github/forum :) Thanks

On Monday, November 7, 2016, Iceman notifications@github.com wrote:

I've pushed @matrix https://github.com/matrix latest commit.

I'm getting some "no response from proxmark" after success/fail of key retrival. I wonder if the device is still collecting nonces during all time.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/iceman1001/proxmark3/issues/48#issuecomment-258797045, or mute the thread https://github.com/notifications/unsubscribe-auth/AOqywc2Nr5530dhtKubEdeyzs0pMGCtgks5q7vrNgaJpZM4KgakK .

[iceman1001]

Sure, however the restart for collecting the next 5000 nonces I still see as problem with your mod.

The exit strategies from hardnested code, could be seen as a consequence from changing the accuire_nonces calls with your mod. Still this current issue has a lot of different problems related to older hardware and hardnested in general (as that code wasnt released either) and I agree this issue should be closed to make things more straightforward.

I'm guessing we get some feedback from @18688994688 @osysltd soon enough.

[matrix]

Yes, you see the same problem with my mods because I'm not solve this bug with any of my mods. That's a bug with "green" proxmark, if you test it by hard reset before my mods you still see it ! I will be happy if one day I can try my mods in a "stable" version of proxmark for understand better what I need change and what no ... It's very difficult now understand if my mods are goods or not :|

On Monday, November 7, 2016, Iceman notifications@github.com wrote:

Sure, however the restart for collecting the next 5000 nonces I still see as problem with your mod.

The exit strategies from hardnested code, could be seen as a consequence from changing the accuire_nonces calls with your mod. Still this current issue has a lot of different problems related to older hardware and hardnested in general (as that code wasnt released either) and I agree this issue should be closed to make things more straightforward.

I'm guessing we get some feedback from @18688994688 https://github.com/18688994688 @osysltd https://github.com/osysltd soon enough.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/iceman1001/proxmark3/issues/48#issuecomment-258802308, or mute the thread https://github.com/notifications/unsubscribe-auth/AOqywZvdVKAgHTt17VKU776ddnO73MP9ks5q7wAqgaJpZM4KgakK .

[GreatMichaelLee]

@matrix @iceman1001 I tried the latest push, 2 problems there 1) don't know why the efficiency looks like not good, run one hour with 600K + acquire only got into guessing numbers 2 and 2) the acquiring nonce try give up and hw lost response, see below screensnap:

Acquired 593600 nonces (22156 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 594048 nonces (22159 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 594608 nonces (22164 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 595056 nonces (22164 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 595504 nonces (22165 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 596064 nonces (22175 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 596512 nonces (22180 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 597072 nonces (22193 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Acquired 597520 nonces (22193 / 25000 with distinct bytes 0 and 1). Number of bytes with probability for correctly guessed Sum(a8) > 95.0%: 2 Waiting for a response from the proxmark... Don't forget to cancel its operation first by pressing on the button Error: No response from Proxmark.

pm3 -->

[matrix]

Hi @18688994688, You have acquired a lot of nonces (597520) but very few with distinct bytes 0 and 1. Seems an hardware error related problem. Try tuning the proxmark with your card before run the attack (hw tune and/or hf tune). Let me know

[osysltd]

@iceman1001 @18688994688 @matrix per my findings, hardened sectors pass well until out of memory exception comes. There are still couple of sectors being constantly welcomed by the exception (RDV2\Easy, different sector\keys).

In the initial @aczid implementation long process of collecting nonces result in almost complete guarantee to get the key. I also remember some discussions on the forums about the key 'vulnerability' to the attack mentioned by @pwpiwi. So in short words to have good probability we need to make a good nonce analysis imho

[matrix]

Hi @osysltd, interesting, could you paste here the link to the forum discussion about this vuln? Thanks :)

[osysltd]

Hi @matrix, Should be somewhere out here http://www.proxmark.org/forum/viewtopic.php?id=2120 or outside in the other threads. You're always welcome!

[matrix]

Ok but I think the best place to request this type of ennancement is a new thread in the proxmark forum.

[matrix]

https://github.com/matrix/proxmark3/commit/e0828439bfebdcf16595e7cda76e40e21f4feeb6

[GreatMichaelLee]

hi @matrix what does e082843 fix?

[matrix]

Hi, I get one only valgrind error now and the candidates now it's evaluated only if num_goods_first_bytes > 0. Could you test it?

On Tuesday, November 8, 2016, Lasersword notifications@github.com wrote:

hi @matrix https://github.com/matrix what does e082843 https://github.com/iceman1001/proxmark3/commit/e0828439bfebdcf16595e7cda76e40e21f4feeb6 fix?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/iceman1001/proxmark3/issues/48#issuecomment-259060411, or mute the thread https://github.com/notifications/unsubscribe-auth/AOqywXoJ2ZylmN3yxFHRna5bfuuRWIV7ks5q8BykgaJpZM4KgakK .

[osysltd]

Hi @matrix Great enhancement, Works very stable, got the hardest key solved with your changes.

[pwpiwi]

@18688994688: you don't try hardnested with an old Mifare Classic card, don't you?

[GreatMichaelLee]

@pwpiwi what do you mean to old mifare classic card? does it mean to vulnerable for dark side attack card?

[iceman1001]

I've open another issue, for something strange that happens in the aquire_nonces function.

[osysltd]

@18688994688, yes. Old is also fairly easy guessed by nested.

[GreatMichaelLee]

@osysltd Yes, I understood, I am just trying if the old Mifare card could be hardnested or not, however, it could go into getting good bytes number to 4 or 5 stage after one hour running while a sudden 'death' coming up which the client prompts 'Error: No response from Proxmark.'(log pasted above) then stop working, this is reproducible and I just wondering what cause this. if this 'no response' issue not happen, the old mifare card could also be hardnested to resolve a key if give it enough hours even it is slowly?

[pwpiwi]

No, the old card cannot be hardnested. You can easily see the reason: it doesn't give you enough different nonces because of its broken PRNG.

[GreatMichaelLee]

OK, I think so, I do this is just to test the program stabilization(e.g, long run w/o any memory leak) as it will not get any key result and keep running and running, but looks like it will exit with non response after about one hour (up to 500K acquiring), don't know this is related to the code or the hw.

[pwpiwi]

What's your hardest key? I came across this one: b9d644b49dfe. Might be useful to collect a few test cases.

Gesendet mit AquaMail für Android http://www.aqua-mail.com

Am 8. November 2016 1:05:29 nachm. schrieb Osys notifications@github.com:

Hi @matrix Great enhancement, Works very stable, got the hardest key solved with your changes.

You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/iceman1001/proxmark3/issues/48#issuecomment-259119683

[osysltd]

Dear @pwpiwi I would like to share it privately for obvious reasons, please could you share means of direct communication with you?

[pwpiwi]

You can send to prolocobup@throwam.com

Gesendet mit AquaMail für Android http://www.aqua-mail.com

Am 9. November 2016 9:07:14 vorm. schrieb Osys notifications@github.com:

Dear @pwpiwi I would like to share it privately for obvious reasons, please could you share means of direct communication with you?

You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/iceman1001/proxmark3/issues/48#issuecomment-259354995

[osysltd]

Dear @pwpiwi, done!

[pwpiwi]

Received. How long does it take for you to crack these? And mine?

Gesendet mit AquaMail für Android http://www.aqua-mail.com

Am 9. November 2016 1:43:15 nachm. schrieb Osys notifications@github.com:

Dear @pwpiwi, done!

You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/iceman1001/proxmark3/issues/48#issuecomment-259406094

[osysltd]

Your's haven't tested, but mine hardest key took about a day with testing different known sectors\keys ending up finally with good bytes about 250 and the key was guessed.

[GreatMichaelLee]

@iceman1001 @matrix I've tested a hardended token with iceman's 71ac327 and matrix' e082843(v3) both can crack the key A in very short time (about 2-3 min), however these two got the different behavior on cracking key B. let me explain on the following: pre-condition is this token will some time prompts auth error or time out, I select ignore it as it maybe the card quality problem like response time performance problem in a stressing attack(my hw tune and hf tune has no problem) and interleave printing the good bits number guessed log between those errors log on screen, the different for these two commits are , for iceman's version, once the program think the good bits number is good enough and try to start the brute force thread, and in the meantime there happen to an auth error encountered, iceman's code will immediately run into a dead loop with continously printing "db # authentication error" very fast and cannot go back to run into starting thread any more, but matrix's code works fine and started the thread for calculating the key. this is just carried out from my observation, and I am not sure this is a certain pattern or not. also, I didn't compare your guys code, just FYI and if you have interesting to analysis whether there is any logic hole there. btw: it takes~1300s to crack key B by using matrix v3 code, and thanks, it works the key out and so great!

[matrix]

Nice :) If you put the card to the right distance from antenna all the errors/timeout message disappear.

Thanks for testing ;)

On Wed, 9 Nov 2016 at 16:45 Lasersword notifications@github.com wrote:

@iceman1001 https://github.com/iceman1001 @matrix https://github.com/matrix I've tested a hardended token with iceman's 71ac327 https://github.com/iceman1001/proxmark3/commit/71ac327ba817983ded9f6b68f49a645d7d418e7a and matrix' e082843 https://github.com/iceman1001/proxmark3/commit/e0828439bfebdcf16595e7cda76e40e21f4feeb6(v3) both can crack the key A, however these two got the different behavior on cracking key B. let me explain on the following: pre-condition is this token will some time prompts auth error or time out, I select ignore it as it maybe the card quality problem(my hw tune and hf tune has no problem) and interleave printing the good bits number guessed between those errors on screen, the different is , once the program think the good bits number is good enough to start the brute force thread, once there is an auth error happening, iceman's code will immediately run into a dead loop with continously printing "db # authentication error" and not run into starting thread any more, but matrix's code works fine. this is just carried out from my observation, and I am not sure this is a certain pattern or not. also, I didnt compare your guys code, just FYI and if you have interesting to analysis if there is any logic hole there. btw: it used ~1300s to crack key B by using matrix v3 code, and thanks, it works the key out and so great!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/iceman1001/proxmark3/issues/48#issuecomment-259446103, or mute the thread https://github.com/notifications/unsubscribe-auth/AOqywcRee_cA9fUivLL9LM3P3YbAcn77ks5q8eqdgaJpZM4KgakK .

[GreatMichaelLee]

shouldn't it be the token more closer to antenna more better for RF communication? why need a 'distance' to keep away from the 'errror/time out'? don't understand the tricky, anybody can elaborate? :)

[iceman1001]

There are posts on the forum explaining this.

[osysltd]

@18688994688 per my findings, Easy hw version stopped throwing timeouts when @iceman1001 applied change to disable the tracelogging on device side during nonce acquiring. Hope this helps.

[GreatMichaelLee]

Looks like this bug could be resolved? I tried matrix V5, it works perfect! if @iceman1001 could pull this commit?

[iceman1001]

I don't know, the previous v4 does a better job on one of my "hard" keys.

This key: 26940b21ff5d

[matrix]

@iceman1001 retry from my last commit, it's not v5

On Tue, 15 Nov 2016 at 11:29 Iceman notifications@github.com wrote:

I don't know, the previous v4 does a better job on one of my "hard" keys.

This key: 26940b21ff5d

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/iceman1001/proxmark3/issues/48#issuecomment-260605170, or mute the thread https://github.com/notifications/unsubscribe-auth/AOqywf5CGBQfCJkdiP80Eqw7KOqy7DRIks5q-Yl3gaJpZM4KgakK .

[iceman1001]

It looks good with @matrix commits, I'm fiddleing with finding a "good" estimate when to call the brute_force. @matrix calls it every 5000nonces now. But on simple keys (if thats what we call them) already around 2000-3000 nonces is enough to be successfull. The number of good first bytes goes high very fast. Still its a guess. On my test tag, I've gotten down to 18seconds finding a key.

[matrix]

Hi @iceman1001, I think the same before finding another tag to test. Some tags release a sufficient number of good bytes more slowly, so I chose a middle ground to obtain a good performance results in both cases.

@pwpiwi there're others improvement we can do in the analysis of the nonces collected ? if the keyspace can be reduced would be great :)

[iceman1001]

I'm closing this one, @matrix mods works nice now with hardnested.