search

timmerk / mfoc

Automatically exported from code.google.com/p/mfoc
GNU General Public License v2.0
1 stars 0 forks source link

MFOC doesnt work on certain types of Mifare classic card. #11

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I am on MFOC 0.10.7 on libnfc 1.7.1.

I have tried with other cards and there is no problem retrieving the keys under 
5 minutes. However this card seems to be taking a long time.

The card is a mifare classic 1K but the manufacturer is unknown.

There are 13 other sectors using the default keys of a1a2a3a4a5a6/b1b2b3b4b5b6.

Is it possible that mifare classic cards has been patched? or is there any 
suggestions to retrieve the keys of this particular card.

On a side note, may I ask if there is any way to get mfoc to exploit other 
sectors instead of 0? Maybe there's a chance.

mac-1320:src user$ mfoc -P 8000 -O dump
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  44  
* UID size: double
* bit frame anticollision supported
       UID (NFCID1): 2f  f0  b8  be  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [..x.............]
[Key: a0a1a2a3a4a5] -> [..x.////////////]
[Key: d3f7d3f7d3f7] -> [..x.////////////]
[Key: 000000000000] -> [..x.////////////]
[Key: b0b1b2b3b4b5] -> [..x.xxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [..x.xxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [..x.xxxxxxxxxxxx]
[Key: aabbccddeeff] -> [..x.xxxxxxxxxxxx]
[Key: 714c5c886e97] -> [..x.xxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [..x.xxxxxxxxxxxx]
[Key: a0478cc39091] -> [..x.xxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [..x.xxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [..x.xxxxxxxxxxxx]

Sector 00 -  UNKNOWN_KEY [A]  Sector 00 -  UNKNOWN_KEY [B]  
Sector 01 -  UNKNOWN_KEY [A]  Sector 01 -  UNKNOWN_KEY [B]  
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  FOUND_KEY   [B]  
Sector 03 -  UNKNOWN_KEY [A]  Sector 03 -  UNKNOWN_KEY [B]  
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  FOUND_KEY   [B]  
Sector 05 -  FOUND_KEY   [A]  Sector 05 -  FOUND_KEY   [B]  
Sector 06 -  FOUND_KEY   [A]  Sector 06 -  FOUND_KEY   [B]  
Sector 07 -  FOUND_KEY   [A]  Sector 07 -  FOUND_KEY   [B]  
Sector 08 -  FOUND_KEY   [A]  Sector 08 -  FOUND_KEY   [B]  
Sector 09 -  FOUND_KEY   [A]  Sector 09 -  FOUND_KEY   [B]  
Sector 10 -  FOUND_KEY   [A]  Sector 10 -  FOUND_KEY   [B]  
Sector 11 -  FOUND_KEY   [A]  Sector 11 -  FOUND_KEY   [B]  
Sector 12 -  FOUND_KEY   [A]  Sector 12 -  FOUND_KEY   [B]  
Sector 13 -  FOUND_KEY   [A]  Sector 13 -  FOUND_KEY   [B]  
Sector 14 -  FOUND_KEY   [A]  Sector 14 -  FOUND_KEY   [B]  
Sector 15 -  FOUND_KEY   [A]  Sector 15 -  FOUND_KEY   [B]  

Using sector 02 as an exploit sector
Sector: 0, type A, probe 0, distance 24267 .....
Sector: 0, type A, probe 1, distance 38049 .....
Sector: 0, type A, probe 2, distance 35545 .....
Sector: 0, type A, probe 3, distance 39176 .....
Sector: 0, type A, probe 4, distance 23788 .....

...

Sector: 0, type A, probe 1898, distance 24569 .....

The mfoc has been running for 3 hours but to no avail.

Original issue reported on code.google.com by maxz1...@gmail.com on 23 Mar 2014 at 11:06

GoogleCodeExporter commented 9 years ago 
I could have a similar problem.

ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 40  e8  2c  1f  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [x\xxxxxxxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [x\xxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [x\xxxxxxxxxxxxxx]
[Key: 000000000000] -> [x\xxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [x\xxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [x\xxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [x\xxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [x\xxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [x\xxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [x\xxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [x\xxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [x\xxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [x\xxxxxxxxxxxxxx]

Sector 00 -  FOUND_KEY   [A]  Sector 00 -  FOUND_KEY   [B]  
Sector 01 -  UNKNOWN_KEY [A]  Sector 01 -  FOUND_KEY   [B]  
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  FOUND_KEY   [B]  
Sector 03 -  FOUND_KEY   [A]  Sector 03 -  FOUND_KEY   [B]  
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  FOUND_KEY   [B]  
Sector 05 -  FOUND_KEY   [A]  Sector 05 -  FOUND_KEY   [B]  
Sector 06 -  FOUND_KEY   [A]  Sector 06 -  FOUND_KEY   [B]  
Sector 07 -  FOUND_KEY   [A]  Sector 07 -  FOUND_KEY   [B]  
Sector 08 -  FOUND_KEY   [A]  Sector 08 -  FOUND_KEY   [B]  
Sector 09 -  FOUND_KEY   [A]  Sector 09 -  FOUND_KEY   [B]  
Sector 10 -  FOUND_KEY   [A]  Sector 10 -  FOUND_KEY   [B]  
Sector 11 -  FOUND_KEY   [A]  Sector 11 -  FOUND_KEY   [B]  
Sector 12 -  FOUND_KEY   [A]  Sector 12 -  FOUND_KEY   [B]  
Sector 13 -  FOUND_KEY   [A]  Sector 13 -  FOUND_KEY   [B]  
Sector 14 -  FOUND_KEY   [A]  Sector 14 -  FOUND_KEY   [B]  
Sector 15 -  FOUND_KEY   [A]  Sector 15 -  FOUND_KEY   [B]  

Using sector 00 as an exploit sector
Sector: 1, type A, probe 0, distance 35029 .....
Sector: 1, type A, probe 1, distance 28911 .....
Sector: 1, type A, probe 2, distance 31888 .....
Sector: 1, type A, probe 3, distance 24325 .....
Sector: 1, type A, probe 4, distance 33525 .....
...
Sector: 1, type A, probe 1616, distance 41175 .....
Sector: 1, type A, probe 1617, distance 38282 .....
Sector: 1, type A, probe 1618, distance 36207 .....
Sector: 1, type A, probe 1619, distance 41301 .....

Original comment by joost.va...@gmail.com on 4 Jul 2014 at 9:11

GoogleCodeExporter commented 9 years ago 
Same issue for me :
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 70  3a  06  df  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [................]
[Key: a0a1a2a3a4a5] -> [////////////////]
[Key: d3f7d3f7d3f7] -> [////////////////]
[Key: 000000000000] -> [////////////////]
[Key: b0b1b2b3b4b5] -> [x/////xxxxxxxxxx]
[Key: 4d3a99c351dd] -> [x/////xxxxxxxxxx]
[Key: 1a982c7e459a] -> [x/////xxxxxxxxxx]
[Key: aabbccddeeff] -> [x/////xxxxxxxxxx]
[Key: 714c5c886e97] -> [x/////xxxxxxxxxx]
[Key: 587ee5f9350f] -> [x/////xxxxxxxxxx]
[Key: a0478cc39091] -> [x/////xxxxxxxxxx]
[Key: 533cb6c723f6] -> [x/////xxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [x/////xxxxxxxxxx]

Sector 00 -  FOUND_KEY   [A]  Sector 00 -  FOUND_KEY   [B]  
Sector 01 -  FOUND_KEY   [A]  Sector 01 -  UNKNOWN_KEY [B]  
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  UNKNOWN_KEY [B]  
Sector 03 -  FOUND_KEY   [A]  Sector 03 -  UNKNOWN_KEY [B]  
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  UNKNOWN_KEY [B]  
Sector 05 -  FOUND_KEY   [A]  Sector 05 -  UNKNOWN_KEY [B]  
Sector 06 -  FOUND_KEY   [A]  Sector 06 -  FOUND_KEY   [B]  
Sector 07 -  FOUND_KEY   [A]  Sector 07 -  FOUND_KEY   [B]  
Sector 08 -  FOUND_KEY   [A]  Sector 08 -  FOUND_KEY   [B]  
Sector 09 -  FOUND_KEY   [A]  Sector 09 -  FOUND_KEY   [B]  
Sector 10 -  FOUND_KEY   [A]  Sector 10 -  FOUND_KEY   [B]  
Sector 11 -  FOUND_KEY   [A]  Sector 11 -  FOUND_KEY   [B]  
Sector 12 -  FOUND_KEY   [A]  Sector 12 -  FOUND_KEY   [B]  
Sector 13 -  FOUND_KEY   [A]  Sector 13 -  FOUND_KEY   [B]  
Sector 14 -  FOUND_KEY   [A]  Sector 14 -  FOUND_KEY   [B]  
Sector 15 -  FOUND_KEY   [A]  Sector 15 -  FOUND_KEY   [B]  

Using sector 00 as an exploit sector
Sector: 1, type B, probe 0, distance 21652 .....
Sector: 1, type B, probe 1, distance 31633 .....
Sector: 1, type B, probe 2, distance 37318 .....
...

And no key retrieval... 
Did you found any fix/tips to find the key ?

Original comment by spawnrider on 11 Jul 2014 at 12:01

GoogleCodeExporter commented 9 years ago 
Hi,

Any update on this issue ?

Original comment by spawnrider on 12 Aug 2014 at 1:17

GoogleCodeExporter commented 9 years ago 
Tha same problem for me too. I have ran about 3.000 Probes and NOTHING until 
now.

Come on guys, anyone have resolved it? :/

Original comment by Borb...@gmail.com on 15 Oct 2014 at 6:51

GoogleCodeExporter commented 9 years ago 
Same problem here.. 
In my case it's a 7 bytes UID card

mfoc -O mifarecard.dump -P 1500 -T 4
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  44  
* UID size: double
* bit frame anticollision supported
       UID (NFCID1): 04  ca  0c  72  cf  2b  90  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [xxxxx...........]
[Key: a0a1a2a3a4a5] -> [xxxxx...........]
[Key: d3f7d3f7d3f7] -> [xxxxx...........]
[Key: 000000000000] -> [xxxxx...........]
[Key: b0b1b2b3b4b5] -> [xxxxx...........]
[Key: 4d3a99c351dd] -> [xxxxx...........]
[Key: 1a982c7e459a] -> [xxxxx...........]
[Key: aabbccddeeff] -> [xxxxx...........]
[Key: 714c5c886e97] -> [xxxxx...........]
[Key: 587ee5f9350f] -> [xxxxx...........]
[Key: a0478cc39091] -> [xxxxx...........]
[Key: 533cb6c723f6] -> [xxxxx...........]
[Key: 8fd0a4f256e9] -> [xxxxx...........]

Sector 00 -  FOUND_KEY   [A]  Sector 00 -  FOUND_KEY   [B]  
Sector 01 -  FOUND_KEY   [A]  Sector 01 -  FOUND_KEY   [B]  
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  FOUND_KEY   [B]  
Sector 03 -  FOUND_KEY   [A]  Sector 03 -  FOUND_KEY   [B]  
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  FOUND_KEY   [B]  
Sector 05 -  UNKNOWN_KEY [A]  Sector 05 -  UNKNOWN_KEY [B]  
Sector 06 -  UNKNOWN_KEY [A]  Sector 06 -  UNKNOWN_KEY [B]  
Sector 07 -  UNKNOWN_KEY [A]  Sector 07 -  UNKNOWN_KEY [B]  
Sector 08 -  UNKNOWN_KEY [A]  Sector 08 -  UNKNOWN_KEY [B]  
Sector 09 -  UNKNOWN_KEY [A]  Sector 09 -  UNKNOWN_KEY [B]  
Sector 10 -  UNKNOWN_KEY [A]  Sector 10 -  UNKNOWN_KEY [B]  
Sector 11 -  UNKNOWN_KEY [A]  Sector 11 -  UNKNOWN_KEY [B]  
Sector 12 -  UNKNOWN_KEY [A]  Sector 12 -  UNKNOWN_KEY [B]  
Sector 13 -  UNKNOWN_KEY [A]  Sector 13 -  UNKNOWN_KEY [B]  
Sector 14 -  UNKNOWN_KEY [A]  Sector 14 -  UNKNOWN_KEY [B]  
Sector 15 -  UNKNOWN_KEY [A]  Sector 15 -  UNKNOWN_KEY [B]  

Using sector 00 as an exploit sector
Sector: 5, type A, probe 0, distance 33359 .....
Sector: 5, type A, probe 1, distance 39318 .....
Sector: 5, type A, probe 2, distance 30364 .....
Sector: 5, type A, probe 3, distance 20115 .....
Sector: 5, type A, probe 4, distance 44699 .....
Sector: 5, type A, probe 5, distance 32928 .....
Sector: 5, type A, probe 6, distance 27700 .....
Sector: 5, type A, probe 7, distance 50797 .....
Sector: 5, type A, probe 8, distance 28976 .....
Sector: 5, type A, probe 9, distance 25543 .....
Sector: 5, type A, probe 10, distance 29278 ..... 
...

Original comment by noudje1...@gmail.com on 21 Nov 2014 at 1:01

GoogleCodeExporter commented 9 years ago 
I've the same problem with an canteen card. Is it possible that this card is a 
"plus" version of the mifare classic card? But I thought that there are no 
mifare plus cards available with 1kb of memory.

ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): f2  df  e2  dd
      SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [xxxxxxxxx....xxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxx....xxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxx....xxx]
[Key: 000000000000] -> [xxxxxxxxx....xxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxx\\\\xxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxx\\\\xxx]
[Key: 1a982c7e459a] -> [xxxxxxxxx\\\\xxx]
[Key: aabbccddeeff] -> [xxxxxxxxx\\\\xxx]
[Key: 714c5c886e97] -> [xxxxxxxxx\\\\xxx]
[Key: 587ee5f9350f] -> [xxxxxxxxx\\\\xxx]
[Key: a0478cc39091] -> [xxxxxxxxx\\\\xxx]
[Key: 533cb6c723f6] -> [xxxxxxxxx\\\\xxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxx\\\\xxx]

Sector 00 -  FOUND_KEY   [A]  Sector 00 -  FOUND_KEY   [B]
Sector 01 -  FOUND_KEY   [A]  Sector 01 -  FOUND_KEY   [B]
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  FOUND_KEY   [B]
Sector 03 -  FOUND_KEY   [A]  Sector 03 -  FOUND_KEY   [B]
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  FOUND_KEY   [B]
Sector 05 -  FOUND_KEY   [A]  Sector 05 -  FOUND_KEY   [B]
Sector 06 -  FOUND_KEY   [A]  Sector 06 -  FOUND_KEY   [B]
Sector 07 -  FOUND_KEY   [A]  Sector 07 -  FOUND_KEY   [B]
Sector 08 -  FOUND_KEY   [A]  Sector 08 -  FOUND_KEY   [B]
Sector 09 -  UNKNOWN_KEY [A]  Sector 09 -  FOUND_KEY   [B]
Sector 10 -  UNKNOWN_KEY [A]  Sector 10 -  FOUND_KEY   [B]
Sector 11 -  UNKNOWN_KEY [A]  Sector 11 -  FOUND_KEY   [B]
Sector 12 -  UNKNOWN_KEY [A]  Sector 12 -  FOUND_KEY   [B]
Sector 13 -  FOUND_KEY   [A]  Sector 13 -  FOUND_KEY   [B]
Sector 14 -  FOUND_KEY   [A]  Sector 14 -  FOUND_KEY   [B]
Sector 15 -  FOUND_KEY   [A]  Sector 15 -  FOUND_KEY   [B]

Using sector 00 as an exploit sector
Sector: 9, type A, probe 0, distance 35259 .....
Sector: 9, type A, probe 1, distance 24873 .....
Sector: 9, type A, probe 2, distance 46546 .....
Sector: 9, type A, probe 3, distance 38165 .....
Sector: 9, type A, probe 4, distance 38649 .....
Sector: 9, type A, probe 5, distance 40566 .....
Sector: 9, type A, probe 6, distance 46797 .....
Sector: 9, type A, probe 7, distance 42466 .....
Sector: 9, type A, probe 8, distance 25620 .....
Sector: 9, type A, probe 9, distance 39589 .....
Sector: 9, type A, probe 10, distance 36912 .....

Original comment by samsung....@googlemail.com on 22 Nov 2014 at 5:09

GoogleCodeExporter commented 9 years ago 
I have the same problem MFOC cannot recover keys on (mifare classic 1k) card =/

root@mifare:~/mifare# mfoc -P 100000 -O 111.mfd -k 111111111111 -k 111111111111 
-k 111111111111 ......
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
....
....
....
The custom key 0x111111111111 has been added to the default keys
The custom key 0x111111111111 has been added to the default keys
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 11  11  11  11  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: 111111111111] -> [./..............]
[Key: 111111111111] -> [.//.............]
[Key: 111111111111] -> [.////...........]
[Key: 111111111111] -> [./////..........]
[Key: 111111111111] -> [./////.../......]
[Key: 111111111111] -> [./////...//.....]
[Key: 111111111111] -> [./////...///....]
[Key: 111111111111] -> [.x////...///....]
[Key: 111111111111] -> [.xx///...///....]
[Key: 111111111111] -> [.xxxx/...///....]
[Key: 111111111111] -> [.xxxxx...///....]
[Key: 111111111111] -> [.xxxxx...x//....]
[Key: 111111111111] -> [.xxxxx...xx/....]
[Key: ffffffffffff] -> [xxxxxxxxxxx/xxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxx/xxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxx/xxxx]
[Key: 000000000000] -> [xxxxxxxxxxx/xxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxx/xxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxx/xxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxx/xxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxx/xxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxx/xxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxx/xxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxx/xxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxx/xxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxx/xxxx]

Sector 00 -  FOUND_KEY   [A]  Sector 00 -  FOUND_KEY   [B]  
Sector 01 -  FOUND_KEY   [A]  Sector 01 -  FOUND_KEY   [B]  
Sector 02 -  FOUND_KEY   [A]  Sector 02 -  FOUND_KEY   [B]  
Sector 03 -  FOUND_KEY   [A]  Sector 03 -  FOUND_KEY   [B]  
Sector 04 -  FOUND_KEY   [A]  Sector 04 -  FOUND_KEY   [B]  
Sector 05 -  FOUND_KEY   [A]  Sector 05 -  FOUND_KEY   [B]  
Sector 06 -  FOUND_KEY   [A]  Sector 06 -  FOUND_KEY   [B]  
Sector 07 -  FOUND_KEY   [A]  Sector 07 -  FOUND_KEY   [B]  
Sector 08 -  FOUND_KEY   [A]  Sector 08 -  FOUND_KEY   [B]  
Sector 09 -  FOUND_KEY   [A]  Sector 09 -  FOUND_KEY   [B]  
Sector 10 -  FOUND_KEY   [A]  Sector 10 -  FOUND_KEY   [B]  
Sector 11 -  FOUND_KEY   [A]  Sector 11 -  UNKNOWN_KEY [B]  
Sector 12 -  FOUND_KEY   [A]  Sector 12 -  FOUND_KEY   [B]  
Sector 13 -  FOUND_KEY   [A]  Sector 13 -  FOUND_KEY   [B]  
Sector 14 -  FOUND_KEY   [A]  Sector 14 -  FOUND_KEY   [B]  
Sector 15 -  FOUND_KEY   [A]  Sector 15 -  FOUND_KEY   [B]  

Using sector 00 as an exploit sector
Sector: 11, type B, probe 0, distance 27992 .....
Sector: 11, type B, probe 1, distance 31535 .....
Sector: 11, type B, probe 2, distance 44903 .....
....
....
....
Sector: 11, type B, probe 30707, distance 31067 .....
Sector: 11, type B, probe 30708, distance 44328 .....
Sector: 11, type B, probe 30709, distance 35697 .....
Sector: 11, type B, probe 30710, distance 29793 .....
Sector: 11, type B, probe 30711, distance 41959 .....
Sector: 11, type B, probe 30712, distance 21826 .....
Sector: 11, type B, probe 30713, distance 42576 .....
Sector: 11, type B, probe 30714, distance 24317 .....

5 days after still nothing ... 
Can somebody tell me how to recover last key on sector 11:B ???

Original comment by architec...@gmail.com on 12 Feb 2015 at 6:01