Last Block Zeroing Access Conditions in Dump File
jason-phillips opened this issue · comments
When using the hardnested branch with a 1K mifare card, it successfully finds the keys, but the saved dump has zeroed the last block's access conditions. When copying the dump to a blank card, it results in zeroing the access conditions on the new card, making the last block of the card unrecoverable.
Command used:
mfoc -O file.dmp
Last two blocks of the file.dmp:
0000:0380 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:0390 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:03A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:03B0 | 2A 2C 13 CC 24 2A FF 07 80 69 FF FF FF FF FF FF | *,.Ì$*ÿ..iÿÿÿÿÿÿ
0000:03C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:03D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:03E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0000:03F0 | 2A 2C 13 CC 24 2A 00 00 00 00 FF FF FF FF FF FF | ,.Ì$....ÿÿÿÿÿÿ
Expected last line:
0000:03F0 | 2A 2C 13 CC 24 2A FF 07 80 69 FF FF FF FF FF FF | *,.Ì$*ÿ..iÿÿÿÿÿÿ
As you can see the access conditions (FF 07 80 69) are zero'd out.
This has happened on multiple source cards
Hello,
I tried to reproduce your problem without success (neither 1k or 4k cards).
Could you please share your dump (the correct one) and the full mfoc command you use (to replicate the access patterns with the same data).
Also, the output of nfc-list -v
would be useful.
Salu2
Answering by email will show the attached files. I think you need upload them through Github Web.
Also, the nfc-list -v
should be done with the NFC tag and the reader.
Salu2
Ah, my bad. Hopefully this works better. Attempting to attache files here.
card-dumps.zip
Output with card:
$ nfc-list -v
nfc-list uses libnfc 1.7.1
NFC device: ACS / ACR122U PICC Interface opened
1 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 42 d6 7c 6d
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
0 Felica (212 kbps) passive target(s) found.
0 Felica (424 kbps) passive target(s) found.
0 ISO14443B passive target(s) found.
0 ISO14443B' passive target(s) found.
0 ISO14443B-2 ST SRx passive target(s) found.
0 ISO14443B-2 ASK CTx passive target(s) found.
0 Jewel passive target(s) found.
Hi,
The project moved to https://github.com/nfc-tools/mfoc-hardnested
If you feel that this problem should still be solved, reopen the issue there please. Thank you :)