Hardnested attack (mfoc) not workin/exiting
RickyVaughn99 opened this issue · comments
Dear community,
an actual installation works not well with a mifare classic card:
Found Mifare Classic 4k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 02
* UID size: single
* bit frame anticollision supported
UID (NFCID1): ** ** ** **
SAK (SEL_RES): 18
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 4K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 4K, Security level 1
* SmartMX with MIFARE 4K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [.x..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: ffffffffffff] -> [.x..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: a0a1a2a3a4a5] -> [/x..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: d3f7d3f7d3f7] -> [/x..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 000000000000] -> [/x..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: b0b1b2b3b4b5] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 4d3a99c351dd] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 1a982c7e459a] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: aabbccddeeff] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 714c5c886e97] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 587ee5f9350f] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: a0478cc39091] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 533cb6c723f6] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
[Key: 8fd0a4f256e9] -> [xx..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.....]
Sector 00 - Found Key A: a0a1a2a3a4a5 Found Key B: b0b1b2b3b4b5
Sector 01 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 02 - Unknown Key A Unknown Key B
Sector 03 - Unknown Key A Unknown Key B
Sector 04 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 05 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 06 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 07 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 08 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 09 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 10 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 11 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 12 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 13 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 14 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 16 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 17 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 18 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 19 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 20 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 21 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 22 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 23 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 24 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 25 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 26 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 27 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 28 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 29 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 30 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 31 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 32 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 33 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 34 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 35 - Unknown Key A Unknown Key B
Sector 36 - Unknown Key A Unknown Key B
Sector 37 - Unknown Key A Unknown Key B
Sector 38 - Unknown Key A Unknown Key B
Sector 39 - Unknown Key A Unknown Key B
Using sector 34 as an exploit sector
Card is not vulnerable to nested attack
Using AVX SIMD core.
time | trg | #nonces | Activity | expected to brute force
| | | | #states | time
-------------------------------------------------------------------------------------------------------------
0 | 0? | 0 | Start using 4 threads and AVX SIMD core | |
0 | 0? | 0 | Brute force benchmark: 213 million (2^27.7) keys/s | 140737488355328 | 8d
0 | 0? | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 8d mfoc: ERROR: Reader-answer transfer error, exiting..
Is there anything I can provide to solve that issue ?
Regards,
RV.
Hi,
what kind of RFID-Reader are you using?
I've had quite good results with a PN532 connect via USB-UART adapter.
Also, what OS and libnfc version are you running on?
And one last thing: are you running in a VM? (Virtualbox/Hyper-V... etc)
Also, if you want to include code in your post wrap in in triple backticks, like these: ```
Best regards,
Earthnuker
Hey Earthnuker,
thanx for the fast reply. I'm using a ACR122 via USB with Ubuntu 18.04.
No VM, libnfc version 1.7.1-4build1.
Hope that helps!
Best regards,
RV.
Update:
I studied the code of mfoc.c a little bit and it seems to me that the lines regarding the error message (1020 and 1089) are the same as in the original. As there are no nonces collected - is it possible that there is a hardware, i.e. driver problem ? What I'm wondering about is that the nested attack seemed to work ...