Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to read 2 Sectors on MiFare Classic 1k #97

Open
White-waluigi opened this issue Mar 31, 2024 · 0 comments
Open

Unable to read 2 Sectors on MiFare Classic 1k #97

White-waluigi opened this issue Mar 31, 2024 · 0 comments

Comments

@White-waluigi
Copy link

White-waluigi commented Mar 31, 2024
edited
Loading

I have a MiFare Classic 1k card that I would like to read out. Unfortunately, mfoc seems unable to read out 2 sectors. I have already tried mfoc-hardneseted, but with the same result. The card seems to yield a Key A and a Key B but they cannot be used to access sector 01 and 02. What does this mean? Does the card use a nonstandard Key and therefore mfoc can't crack it? Is it a later revision with vulnerabilities patched out? I am using a PN532 on a raspberry pi. I am using the latest version of libnfc compiled from the repo, same with mfoc


user@raspberrypi:~/lav $ mfoc -P 500 -O cardtocopy2.dmp
Found Mifare Classic 1k tag                     
ISO/IEC 14443A (106 kbps) target:               
    ATQA (SENS_RES): 00  04                     
* UID size: single                              
* bit frame anticollision supported             
       UID (NFCID1): aa  86  67  d3             
      SAK (SEL_RES): 08                         
* Not compliant with ISO/IEC 14443-4            
* Not compliant with ISO/IEC 18092              
                                                
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K                             
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation              
Other possible matches based on ATQA & SAK values:
                                                
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [\..\\\\\\\\\\\\.]       
[Key: a0a1a2a3a4a5] -> [x..\\\\\\\\\\\\/]       
[Key: d3f7d3f7d3f7] -> [x..\\\\\\\\\\\\/]       
[Key: 000000000000] -> [x..\\\\\\\\\\\\/]       
[Key: b0b1b2b3b4b5] -> [x..\\\\\\\\\\\\/]       
[Key: 4d3a99c351dd] -> [x..\\\\\\\\\\\\/]       
[Key: 1a982c7e459a] -> [x..\\\\\\\\\\\\/]       
[Key: aabbccddeeff] -> [x..\\\\\\\\\\\\/]       
[Key: 714c5c886e97] -> [x..\\\\\\\\\\\\/]       
[Key: 587ee5f9350f] -> [x..\\\\\\\\\\\\/]       
[Key: a0478cc39091] -> [x..\\\\\\\\\\\\/]       
[Key: 533cb6c723f6] -> [x..\\\\\\\\\\\\/]       
[Key: 8fd0a4f256e9] -> [x..\\\\\\\\\\\\/]       
                                                
Sector 00 - Found   Key A: a0a1a2a3a4a5 Found   Key B: ffffffffffff
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Unknown Key A               Found   Key B: ffffffffffff
Sector 04 - Unknown Key A               Found   Key B: ffffffffffff
Sector 05 - Unknown Key A               Found   Key B: ffffffffffff
Sector 06 - Unknown Key A               Found   Key B: ffffffffffff
Sector 07 - Unknown Key A               Found   Key B: ffffffffffff
Sector 08 - Unknown Key A               Found   Key B: ffffffffffff
Sector 09 - Unknown Key A               Found   Key B: ffffffffffff
Sector 10 - Unknown Key A               Found   Key B: ffffffffffff
Sector 11 - Unknown Key A               Found   Key B: ffffffffffff
Sector 12 - Unknown Key A               Found   Key B: ffffffffffff
Sector 13 - Unknown Key A               Found   Key B: ffffffffffff
Sector 14 - Unknown Key A               Found   Key B: ffffffffffff
Sector 15 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
                                                
                                                
Using sector 00 as an exploit sector            
Sector: 1, type A, probe 0, distance 8425 ..... 
Sector: 1, type A, probe 1, distance 8425 ..... 
Sector: 1, type A, probe 2, distance 8007 ..... 
  Found Key: A [a49193834877]                   
  Data read with Key A revealed Key B: [000000000000] - checking Auth: Failed!
Sector: 2, type A                               
  Data read with Key A revealed Key B: [000000000000] - checking Auth: Failed!
  Found Key: A [a49193834877]                   
Sector: 3, type A, probe 0, distance 7995 ..... 
  Found Key: A [8e1ebc1ba61e]                   
Sector: 4, type A, probe 0, distance 8011 ..... 
  Found Key: A [ba333d2adef0]                   
Sector: 5, type A, probe 0, distance 8453 ..... 
Sector: 5, type A, probe 1, distance 8447 ..... 
Sector: 5, type A, probe 2, distance 8009 ..... 
Sector: 5, type A, probe 3, distance 8433 .....
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@White-waluigi