noproto / FlipperMfkey

MFKey for the Flipper Zero 🐬
GNU General Public License v3.0
253 stars 10 forks source link

Issues retriving nonce from more difficult reader #9

Closed aheagel closed 1 year ago

aheagel commented 1 year ago

Im apologizing in advance as I dont know how to make this a feature request.

Im trying to clone some hotel room mifare classic 1k keys managed by Vingcard without any success as I'm not able to retrive all the keys using dictionary attack nor nested attack.

When it comes to the reader attack the reader seems to need to authenticate sector 0 before going onto the other sector thus using mfkey32 only yield sector 0 key A and no other keys.

I belive this is because mfkey32 only emulate the uid to try tricking the reader to give out the nonce for the keys. But with the vingcards system this doesnt seem to fool it to give the nonce for the other sectors.

After using mfkey32 I always get the same key for sector 0 over and over again and none other. Using the cloned card (uncompleted one) with a readable sector 0 seems to make the reader unresponsive (it doesnt blink green nor red) which I belive it to be stuck in a loop as we havent cloned sector 1 yet but it passed the authentication for sector 0.

Im therefore wondering if it is possible to emulate the partialy cloned card instead of only its uid.

Im sorry if I got any terminology wrong in advanced.

noproto commented 1 year ago

Hello! Thanks for submitting an issue to the project. Mfkey32 is a program to crack keys in nonces, it does not collect the nonces. Your questions would be most appropriately directed to https://github.com/flipperdevices/flipperzero-firmware or the Flipper Zero official Discord, which has scrollback regarding Vingcard.

For some general troubleshooting steps:

  1. Reboot your Flipper, which seems to help with Vingcard reader attacks
  2. Ensure the reader/card is specifically Mifare Classic, and not DESFire or Ultralight

Good luck!