piątek, 7 czerwca 2024

Proxmark 3 Easy - Dostęp do zabezpieczonej karty Mifare, PRNG Hard

W tym poście chciałbym opisać sposób w jaki można uzyskać dane do sektora z karty Mifare Classic EV1. 


Przejdę przez te same komendy, które zostały wywołane w poprzednim poście

Na samym początku odczyt karty: 

  1. [usb] pm3 --> hf search
  2. [|] Searching for ISO14443-A tag...
  3. [+]  UID: 22 B5 8E 4B
  4. [+] ATQA: 00 04
  5. [+]  SAK: 08 [2]
  6. [+] Possible types:
  7. [+]    MIFARE Classic 1K
  8. [=] proprietary non iso14443-4 card found, RATS not supported
  9. [+] Prng detection: hard
  10. [=]
  11. [=] --- Tag Signature
  12. [=]  IC signature public key name: NXP Mifare Classic MFC1C14_x
  13. [=] IC signature public key value: 044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF
  14. [=]     Elliptic curve parameters: NID_secp128r1
  15. [=]              TAG IC Signature: 637E51E40DD32249A9793FB1F3661BA986D809C7186271D93E7768F1451F7CF2
  16. [+]        Signature verification: successful
  17. [?] Hint: try `hf mf` commands

Jak widać powyżej karta ma PRNG detection jako hard. 

Odczytujemy dane dla sektora 9:

  1. [usb] pm3 --> hf mf rdsc -s 9
  2.  
  3. [=]   # | sector 09 / 0x09                                | ascii
  4. [=] ----+-------------------------------------------------+-----------------
  5. [=]  36 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
  6. [=]  37 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
  7. [=]  38 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
  8. [=]  39 | 00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF | .........i......

Prawdopodobnie dane dla klucza A są ustawiona na zero, ponieważ jego używa domyślnie do odczytania danych. Tak naprawdę wartość tego klucza to nie 000000000000 tylko FFFFFFFFFFFF. 

Teraz programuje dane na karcie oraz wprowadzam klucz:

  1. [usb] pm3 --> hf mf wrbl --blk 36 -d 000102030405060708090a0b0c0d0e0f
  2. [=] Writing block no 36, key A - FFFFFFFFFFFF
  3. [=] data: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  4. [+] Write ( ok )
  5. [?] try `hf mf rdbl` to verify
  6.  
  7. READ BLOCK
  8. [usb] pm3 --> hf mf rdbl --blk 36
  9.  
  10. [=]   # | sector 09 / 0x09                                | ascii
  11. [=] ----+-------------------------------------------------+-----------------
  12. [=]  36 | 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ................

  1. [usb] pm3 --> hf mf wrbl --blk 39 -d 7302F49034A3FF078069349402648902
  2. [=] Sector trailer (ST) write detected
  3. [+] ST passed checks, continuing...
  4. [=] Writing block no 39, key A - FFFFFFFFFFFF
  5. [=] data: 73 02 F4 90 34 A3 FF 07 80 69 34 94 02 64 89 02
  6. [+] Write ( ok )
  7. [?] try `hf mf rdbl` to verify
  8.  
  9. [usb] pm3 --> hf mf rdbl --blk 36 -k 7302F49034A3
  10.  
  11. [=]   # | sector 09 / 0x09                                | ascii
  12. [=] ----+-------------------------------------------------+-----------------
  13. [=]  36 | 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ................

Jak widać dane zostały wpisane do bloku 36. Klucze do sektora 9 zostały wpisane w bloku 39. Klucz A to 7302F49034A3.

Teraz można sprawdzić czy uda się uzyskać klucz z karty:

Najpierw sprawdzamy czy klucz jest wśród standardowych kluczy. 

  1. [usb] pm3 --> hf mf chk
  2. [+] loaded 56 keys from hardcoded default array
  3. [=] Start check for keys...
  4. [=] .................................
  5. [=] time in checkkeys 3 seconds
  6.  
  7. [=] testing to read key B...
  8.  
  9. [+] found keys:
  10.  
  11. [+] -----+-----+--------------+---+--------------+----
  12. [+]  Sec | Blk | key A        |res| key B        |res
  13. [+] -----+-----+--------------+---+--------------+----
  14. [+]  000 | 003 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  15. [+]  001 | 007 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  16. [+]  002 | 011 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  17. [+]  003 | 015 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  18. [+]  004 | 019 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  19. [+]  005 | 023 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  20. [+]  006 | 027 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  21. [+]  007 | 031 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  22. [+]  008 | 035 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  23. [+]  009 | 039 | ------------ | 0 | ------------ | 0
  24. [+]  010 | 043 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  25. [+]  011 | 047 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  26. [+]  012 | 051 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  27. [+]  013 | 055 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  28. [+]  014 | 059 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  29. [+]  015 | 063 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  30. [+] -----+-----+--------------+---+--------------+----
  31. [+] ( 0:Failed / 1:Success )

Rozszerzamy bazę kluczy:

  1. [usb] pm3 --> hf mf chk -a --tblk 36 -f mfc_default_keys.dic
  2. [+] loaded 56 keys from hardcoded default array
  3. [+] loaded 1688 keys from dictionary file D:\Proxmark3\proxmark\ProxSpace-master\ProxSpace-master\pm3\proxmark3\client\dictionaries/mfc_default_keys.dic
  4. [+] loaded 1688 keys from dictionary
  5. [=] Start check for keys...
  6. [=] ......................
  7. [=] time in checkkeys 12 seconds
  8.  
  9. [=] testing to read key B...
  10.  
  11. [+] found keys:
  12.  
  13. [+] -----+-----+--------------+---+--------------+----
  14. [+]  Sec | Blk | key A        |res| key B        |res
  15. [+] -----+-----+--------------+---+--------------+----
  16. [+]  000 | 003 | ------------ | 0 | ------------ | 0
  17. [+]  001 | 007 | ------------ | 0 | ------------ | 0
  18. [+]  002 | 011 | ------------ | 0 | ------------ | 0
  19. [+]  003 | 015 | ------------ | 0 | ------------ | 0
  20. [+]  004 | 019 | ------------ | 0 | ------------ | 0
  21. [+]  005 | 023 | ------------ | 0 | ------------ | 0
  22. [+]  006 | 027 | ------------ | 0 | ------------ | 0
  23. [+]  007 | 031 | ------------ | 0 | ------------ | 0
  24. [+]  008 | 035 | ------------ | 0 | ------------ | 0
  25. [+]  009 | 039 | ------------ | 0 | ------------ | 0
  26. [+]  010 | 043 | ------------ | 0 | ------------ | 0
  27. [+]  011 | 047 | ------------ | 0 | ------------ | 0
  28. [+]  012 | 051 | ------------ | 0 | ------------ | 0
  29. [+]  013 | 055 | ------------ | 0 | ------------ | 0
  30. [+]  014 | 059 | ------------ | 0 | ------------ | 0
  31. [+]  015 | 063 | ------------ | 0 | ------------ | 0
  32. [+] -----+-----+--------------+---+--------------+----
  33. [+] ( 0:Failed / 1:Success )

Dalej nie ma żadnych wyników dotyczących sektora 9. 

  1. [usb] pm3 --> hf mf fchk
  2. [+] loaded 56 keys from hardcoded default array
  3. [=] Running strategy 1
  4. [=] Chunk 0.9s | found 30/32 keys (56)
  5. [=] Running strategy 2
  6. [=] Chunk 0.9s | found 30/32 keys (56)
  7. [=] time in checkkeys (fast) 1.9s
  8.  
  9.  
  10. [+] found keys:
  11.  
  12. [+] -----+-----+--------------+---+--------------+----
  13. [+]  Sec | Blk | key A        |res| key B        |res
  14. [+] -----+-----+--------------+---+--------------+----
  15. [+]  000 | 003 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  16. [+]  001 | 007 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  17. [+]  002 | 011 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  18. [+]  003 | 015 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  19. [+]  004 | 019 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  20. [+]  005 | 023 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  21. [+]  006 | 027 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  22. [+]  007 | 031 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  23. [+]  008 | 035 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  24. [+]  009 | 039 | ------------ | 0 | ------------ | 0
  25. [+]  010 | 043 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  26. [+]  011 | 047 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  27. [+]  012 | 051 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  28. [+]  013 | 055 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  29. [+]  014 | 059 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  30. [+]  015 | 063 | FFFFFFFFFFFF | 1 | FFFFFFFFFFFF | 1
  31. [+] -----+-----+--------------+---+--------------+----
  32. [+] ( 0:Failed / 1:Success )

Teraz sprawdzę darskside oraz nestedattack:

  1. [usb] pm3 --> hf mf nested --1k --blk 36 -a -k FFFFFFFFFFFF
  2. [+] Testing known keys. Sector count 16
  3. [=] Chunk 1.0s | found 30/32 keys (57)
  4. [+] Time to check 56 known keys: 1 seconds
  5.  
  6. [+] enter nested key recovery
  7. [-] Tag isn't vulnerable to Nested Attack (PRNG is not predictable)
  8.  
  9. [usb] pm3 --> hf mf darkside
  10. [=] Expected execution time is about 25seconds on average
  11. [=] Press pm3-button to abort
  12.  
  13. [=] Running darkside .[-] card is not vulnerable to Darkside attack (its random number generator is not predictable)

Ponieważ PRNG jest hard, to nie ma możliwości przeprowadzenia żadnego z tych ataków. 

Atak typu hardnested, jest duzo bardziej skuteczny w odzyskaniu klucza z karty:

  1. pm3 --> hf mf hardnested --tblk 36 --ta
  2. [=] MIFARE Classic EV1 card detected
  3. [=] Target block no  36, target key type: A, known target key: 000000000000 (not set)
  4. [=] File action: none, Slow: No, Tests: 0
  5. [=] Hardnested attack starting...
  6. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  7. [=]          |         |                                                         | Expected to brute force
  8. [=]  Time    | #nonces | Activity                                                | #states         | time
  9. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  10. [=]        0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |
  11. [=]        0 |       0 | Brute force benchmark: 1412 million (2^30.4) keys/s     | 140737488355328 |   28h
  12. [=]        3 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 2757 ms               | 140737488355328 |   28h
  13. [=]        3 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   28h
  14. [=]        6 |     112 | Apply bit flip properties                               |    103272620032 |   73s
  15. [=]        7 |     223 | Apply bit flip properties                               |     26049955840 |   18s
  16. [=]        8 |     335 | Apply bit flip properties                               |     25908549632 |   18s
  17. [=]        9 |     445 | Apply bit flip properties                               |     23665225728 |   17s
  18. [=]       10 |     556 | Apply bit flip properties                               |     23594504192 |   17s
  19. [=]       10 |     667 | Apply bit flip properties                               |     23594504192 |   17s
  20. [=]       11 |     777 | Apply bit flip properties                               |     23594504192 |   17s
  21. [=]       11 |     888 | Apply bit flip properties                               |     23594504192 |   17s
  22. [=]       12 |    1000 | Apply bit flip properties                               |     23594504192 |   17s
  23. [=]       13 |    1110 | Apply bit flip properties                               |     23594504192 |   17s
  24. [=]       15 |    1220 | Apply Sum property. Sum(a0) = 160                       |       755536256 |    1s
  25. [=]       15 |    1330 | Apply bit flip properties                               |      1134987392 |    1s
  26. [=]       16 |    1439 | Apply bit flip properties                               |      1134987392 |    1s
  27. [=]       17 |    1550 | Apply bit flip properties                               |      1259224832 |    1s
  28. [=]       18 |    1659 | Apply bit flip properties                               |      1259224832 |    1s
  29. [=]       19 |    1768 | Apply bit flip properties                               |      1045011584 |    1s
  30. [=]       19 |    1768 | (1. guess: Sum(a8) = 192)                               |      1045011584 |    1s
  31. [=]       20 |    1768 | Apply Sum(a8) and all bytes bitflip properties          |      1045011584 |    1s
  32. [=]       20 |    1768 | (2. guess: Sum(a8) = 128)                               |      1476470272 |    1s
  33. [=]       22 |    1768 | Apply Sum(a8) and all bytes bitflip properties          |      1096956032 |    1s
  34. [=]       23 |    1768 | (3. guess: Sum(a8) = 160)                               |      1175331200 |    1s
  35. [=]       24 |    1768 | Apply Sum(a8) and all bytes bitflip properties          |      1160005248 |    1s
  36. [=]       24 |    1768 | (4. guess: Sum(a8) = 144)                               |      1836183552 |    1s
  37. [=]       25 |    1768 | Apply Sum(a8) and all bytes bitflip properties          |      1771113856 |    1s
  38. [=]       25 |    1768 | (5. guess: Sum(a8) = 136)                               |      2639051520 |    2s
  39. [=]       26 |    1768 | Apply Sum(a8) and all bytes bitflip properties          |      2581978624 |    2s
  40. [=]       27 |    1768 | Brute force phase completed.  Key found: 7302F49034A3   |               0 |    0s

Atak typu hardnested poradził sobie z odzyskaniem klucza do karty.

Wobec tego nie udało się uzyskać klucza atakiem darkside bądź nested. Natomiast wyciągnięcie klucza wykorzystując hardnested było bardzo szybkie. 

W takim wypadku jedynym sensownym rozwiązaniem, gdy już chcemy zostać przy kartach mifare, będzie zabezpieczenie każdego sektora karty osobnymi kluczami. Taki zabieg pozwoli maksymalnie utrudnić odczyt danych, natomiast do tego celu nie potrzebujemy kart z PRNG hard (jeśli chodzi o chip MFC1C14_X) .  

Sprawdzę teraz zabezpieczenie każdego sektora kluczami.

Wgrywam klucze do setorów, sektor 9 jest już zabezpieczony więc go pomijam:

  1. hf mf wrbl --blk 3 -d DA99871DC5E4FF0780697BC6E7BFE085
  2. hf mf wrbl --blk 7 -d 94F906BEF571FF0780694ECD92B8C45D
  3. hf mf wrbl --blk 11 -d DD523D494104FF0780699F893FA140C4
  4. hf mf wrbl --blk 15 -d 27C844CD770CFF0780691BF96012B2A3
  5. hf mf wrbl --blk 19 -d 44CD1CA09AB5FF078069C8AE2B84F86F
  6. hf mf wrbl --blk 23 -d 77715642F5A5FF078069C9125E6EE40B
  7. hf mf wrbl --blk 27 -d A5736B7EFE59FF078069E2C3C6E8D31E
  8. hf mf wrbl --blk 31 -d F4D48B525BDAFF078069CD4220FA191A
  9. hf mf wrbl --blk 35 -d 8C02CD5E7E05FF0780696664BE32FD1A
  10. hf mf wrbl --blk 43 -d A5474F99C4AEFF078069B407BDD1B160
  11. hf mf wrbl --blk 47 -d 042DDB3277B5FF078069C87A09035983
  12. hf mf wrbl --blk 51 -d 13E76046FC18FF078069997B77CEE136
  13. hf mf wrbl --blk 55 -d FEF7587DE5EEFF07806950687863A3B9
  14. hf mf wrbl --blk 59 -d 34B537834116FF07806935AFC49A5EAB
  15. hf mf wrbl --blk 63 -d 2967C9FD23B3FF078069F89E24602439

Poniżej przejdę przez wszystkie ataki wprowadzane wcześniej:

Sprawdzanie domyślnymi kluczami

  1. [usb] pm3 --> hf mf chk
  2. [+] loaded 56 keys from hardcoded default array
  3. [=] Start check for keys...
  4. [=] .................................
  5. [=] time in checkkeys 15 seconds
  6.  
  7. [=] testing to read key B...
  8.  
  9. [+] found keys:
  10.  
  11. [+] -----+-----+--------------+---+--------------+----
  12. [+]  Sec | Blk | key A        |res| key B        |res
  13. [+] -----+-----+--------------+---+--------------+----
  14. [+]  000 | 003 | ------------ | 0 | ------------ | 0
  15. [+]  001 | 007 | ------------ | 0 | ------------ | 0
  16. [+]  002 | 011 | ------------ | 0 | ------------ | 0
  17. [+]  003 | 015 | ------------ | 0 | ------------ | 0
  18. [+]  004 | 019 | ------------ | 0 | ------------ | 0
  19. [+]  005 | 023 | ------------ | 0 | ------------ | 0
  20. [+]  006 | 027 | ------------ | 0 | ------------ | 0
  21. [+]  007 | 031 | ------------ | 0 | ------------ | 0
  22. [+]  008 | 035 | ------------ | 0 | ------------ | 0
  23. [+]  009 | 039 | ------------ | 0 | ------------ | 0
  24. [+]  010 | 043 | ------------ | 0 | ------------ | 0
  25. [+]  011 | 047 | ------------ | 0 | ------------ | 0
  26. [+]  012 | 051 | ------------ | 0 | ------------ | 0
  27. [+]  013 | 055 | ------------ | 0 | ------------ | 0
  28. [+]  014 | 059 | ------------ | 0 | ------------ | 0
  29. [+]  015 | 063 | ------------ | 0 | ------------ | 0
  30. [+] -----+-----+--------------+---+--------------+----
  31. [+] ( 0:Failed / 1:Success )

Bruteforce z  rozszerzoną bazą kluczy na jeden z sektorów:

  1. [usb] pm3 --> hf mf chk -a --tblk 19 -f mfc_default_keys.dic
  2. [+] loaded 56 keys from hardcoded default array
  3. [+] loaded 1688 keys from dictionary file D:\Proxmark3\proxmark\ProxSpace-master\ProxSpace-master\pm3\proxmark3\client\dictionaries/mfc_default_keys.dic
  4. [+] loaded 1688 keys from dictionary
  5. [=] Start check for keys...
  6. [=] ......................
  7. [=] time in checkkeys 12 seconds
  8.  
  9. [=] testing to read key B...
  10.  
  11. [+] found keys:
  12.  
  13. [+] -----+-----+--------------+---+--------------+----
  14. [+]  Sec | Blk | key A        |res| key B        |res
  15. [+] -----+-----+--------------+---+--------------+----
  16. [+]  000 | 003 | ------------ | 0 | ------------ | 0
  17. [+]  001 | 007 | ------------ | 0 | ------------ | 0
  18. [+]  002 | 011 | ------------ | 0 | ------------ | 0
  19. [+]  003 | 015 | ------------ | 0 | ------------ | 0
  20. [+]  004 | 019 | ------------ | 0 | ------------ | 0
  21. [+] -----+-----+--------------+---+--------------+----
  22. [+] ( 0:Failed / 1:Success )

Na wszystkie sektory:

  1. [usb] pm3 --> hf mf chk -a -f mfc_default_keys.dic
  2. [+] loaded 56 keys from hardcoded default array
  3. [+] loaded 1688 keys from dictionary file D:\Proxmark3\proxmark\ProxSpace-master\ProxSpace-master\pm3\proxmark3\client\dictionaries/mfc_default_keys.dic
  4. [+] loaded 1688 keys from dictionary
  5. [=] Start check for keys...
  6. [=] .................................................................................................................................................................................................................................................................................................................................................
  7. [=] time in checkkeys 197 seconds
  8.  
  9. [=] testing to read key B...
  10.  
  11. [+] found keys:
  12.  
  13. [+] -----+-----+--------------+---+--------------+----
  14. [+]  Sec | Blk | key A        |res| key B        |res
  15. [+] -----+-----+--------------+---+--------------+----
  16. [+]  000 | 003 | ------------ | 0 | ------------ | 0
  17. [+]  001 | 007 | ------------ | 0 | ------------ | 0
  18. [+]  002 | 011 | ------------ | 0 | ------------ | 0
  19. [+]  003 | 015 | ------------ | 0 | ------------ | 0
  20. [+]  004 | 019 | ------------ | 0 | ------------ | 0
  21. [+]  005 | 023 | ------------ | 0 | ------------ | 0
  22. [+]  006 | 027 | ------------ | 0 | ------------ | 0
  23. [+]  007 | 031 | ------------ | 0 | ------------ | 0
  24. [+]  008 | 035 | ------------ | 0 | ------------ | 0
  25. [+]  009 | 039 | ------------ | 0 | ------------ | 0
  26. [+]  010 | 043 | ------------ | 0 | ------------ | 0
  27. [+]  011 | 047 | ------------ | 0 | ------------ | 0
  28. [+]  012 | 051 | ------------ | 0 | ------------ | 0
  29. [+]  013 | 055 | ------------ | 0 | ------------ | 0
  30. [+]  014 | 059 | ------------ | 0 | ------------ | 0
  31. [+]  015 | 063 | ------------ | 0 | ------------ | 0
  32. [+] -----+-----+--------------+---+--------------+----
  33. [+] ( 0:Failed / 1:Success )

Ten atak najłatwiej przeprowadzić z wykorzystaniem telefonu komórkowego i ogólnie dostępnych aplikacji. Z tego powodu uważam, że karty mifare przygotowywane dla nowego systemu (oczywiście jeśli nie można użyć czegoś lepszego) należy sprawdzać pod podatnością na tego typu atak. Najprościej przez wykorzystanie aplikacji Mifare Classic Tool z ich bazą kluczy. 

Kolejna metoda sprawdzania klucza:

  1. [usb] pm3 --> hf mf fchk
  2. [+] loaded 56 keys from hardcoded default array
  3. [=] Running strategy 1
  4. [=] Chunk 0.8s | found 0/32 keys (56)
  5. [=] Running strategy 2
  6. [=] ....
  7. [=] Chunk 9.6s | found 0/32 keys (56)
  8. [=] time in checkkeys (fast) 10.4s
  9.  
  10. [!] No keys found

Nested attack nie może zostać przeprowadzony ponieważ nie znamy żadnego klucza do karty. 

Darkside attack taże nie może zostać wykonany:

  1. [usb] pm3 --> hf mf darkside
  2. [=] Expected execution time is about 25seconds on average
  3. [=] Press pm3-button to abort
  4.  
  5. [=] Running darkside .[-] card is not vulnerable to Darkside attack (its random number generator is not predictable)

Hardnested:

  1. [usb] pm3 --> hf mf hardnested --tblk 36 --ta
  2. [=] MIFARE Classic EV1 card detected
  3. [=] Target block no  36, target key type: A, known target key: 000000000000 (not set)
  4. [=] File action: none, Slow: No, Tests: 0
  5. [=] Hardnested attack starting...
  6. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  7. [=]          |         |                                                         | Expected to brute force
  8. [=]  Time    | #nonces | Activity                                                | #states         | time
  9. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  10. [=]        0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |
  11. [=]        0 |       0 | Brute force benchmark: 1303 million (2^30.3) keys/s     | 140737488355328 |   30h
  12. [=]        4 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 3457 ms               | 140737488355328 |   30h
  13. [=]        4 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   30h
  14. [=]        7 |     112 | Apply bit flip properties                               |    198402670592 |  3min
  15. [=]        8 |     224 | Apply bit flip properties                               |     34690666496 |   27s
  16. [=]        9 |     335 | Apply bit flip properties                               |     24261009408 |   19s
  17. [=]        9 |     447 | Apply bit flip properties                               |     24261009408 |   19s
  18. [=]       10 |     558 | Apply bit flip properties                               |     23594504192 |   18s
  19. [=]       11 |     670 | Apply bit flip properties                               |     23594504192 |   18s
  20. [=]       12 |     780 | Apply bit flip properties                               |     23594504192 |   18s
  21. [=]       12 |     892 | Apply bit flip properties                               |     23594504192 |   18s
  22. [=]       13 |    1004 | Apply bit flip properties                               |     23594504192 |   18s
  23. [=]       14 |    1115 | Apply bit flip properties                               |     23594504192 |   18s
  24. [=]       15 |    1224 | Apply bit flip properties                               |     23594504192 |   18s
  25. [=]       16 |    1336 | Apply bit flip properties                               |     23594504192 |   18s
  26. [=]       17 |    1444 | Apply bit flip properties                               |     23594504192 |   18s
  27. [=]       17 |    1550 | Apply bit flip properties                               |     23594504192 |   18s
  28. [=]       18 |    1657 | Apply bit flip properties                               |     23594504192 |   18s
  29. [=]       19 |    1766 | Apply bit flip properties                               |     23594504192 |   18s
  30. [=]       20 |    1875 | Apply bit flip properties                               |     23594504192 |   18s
  31. [=]       22 |    1979 | Apply Sum property. Sum(a0) = 160                       |       660372672 |    1s
  32. [=]       22 |    2088 | Apply bit flip properties                               |       660372672 |    1s
  33. [=]       23 |    2197 | Apply bit flip properties                               |       660372672 |    1s
  34. [=]       24 |    2304 | Apply bit flip properties                               |       672420032 |    1s
  35. [=]       25 |    2414 | Apply bit flip properties                               |       531998400 |    0s
  36. [=]       26 |    2414 | (1. guess: Sum(a8) = 64)                                |       531998400 |    0s
  37. [=]       26 |    2414 | Apply Sum(a8) and all bytes bitflip properties          |       430526272 |    0s
  38. [=]       26 |    2414 | (2. guess: Sum(a8) = 32)                                |       812436288 |    1s
  39. [=]       26 |    2414 | Apply Sum(a8) and all bytes bitflip properties          |       812437376 |    1s
  40. [=]       26 |    2414 | (3. guess: Sum(a8) = 96)                                |      1145080064 |    1s
  41. [=]       27 |    2414 | Apply Sum(a8) and all bytes bitflip properties          |      1103420800 |    1s
  42. [=]       28 |    2414 | (4. guess: Sum(a8) = 128)                               |      1735073408 |    1s
  43. [=]       31 |    2414 | Apply Sum(a8) and all bytes bitflip properties          |      1305985536 |    1s
  44. [=]       32 |    2414 | Brute force phase completed.  Key found: 7302F49034A3   |               0 |    0s

Atak hardnested wygenerował klucz, natomiast nie jest ok poprawny. Wykonywałem go kilkukrotnie dla różnych sektorów z podobnym skutkiem. Natomiast po zmianie parametrów komendy i odczycie danych z sektora 0 w formacie hf mf hardnested -s udało się odzyskać pierwszy klucz. Ten atak prawdopodobnie najlepiej sprawdzi się dla sektora 0.

  1. [usb] pm3 --> hf mf hardnested -s
  2. [=] MIFARE Classic EV1 card detected
  3. [=] Target block no   0, target key type: A, known target key: 000000000000 (not set)
  4. [=] File action: none, Slow: Yes, Tests: 0
  5. [=] Hardnested attack starting...
  6. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  7. [=]          |         |                                                         | Expected to brute force
  8. [=]  Time    | #nonces | Activity                                                | #states         | time
  9. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  10. [=]        0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |
  11. [=]        0 |       0 | Brute force benchmark: 1047 million (2^30.0) keys/s     | 140737488355328 |    2d
  12. [=]        4 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 3773 ms               | 140737488355328 |    2d
  13. [=]        4 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |    2d
  14. [=]        8 |     112 | Apply bit flip properties                               |    812346310656 | 13min
  15. [=]        9 |     224 | Apply bit flip properties                               |    577737392128 |  9min
  16. [=]       10 |     336 | Apply bit flip properties                               |    502984081408 |  8min
  17. [=]       10 |     448 | Apply bit flip properties                               |    497112612864 |  8min
  18. [=]       11 |     559 | Apply bit flip properties                               |    497112612864 |  8min
  19. [=]       12 |     671 | Apply bit flip properties                               |    497112612864 |  8min
  20. [=]       13 |     779 | Apply bit flip properties                               |    497112612864 |  8min
  21. [=]       13 |     888 | Apply bit flip properties                               |    497112612864 |  8min
  22. [=]       14 |     997 | Apply bit flip properties                               |    497112612864 |  8min
  23. [=]       15 |    1108 | Apply bit flip properties                               |    497112612864 |  8min
  24. [=]       16 |    1219 | Apply bit flip properties                               |    497112612864 |  8min
  25. [=]       17 |    1328 | Apply bit flip properties                               |    497112612864 |  8min
  26. [=]       18 |    1436 | Apply bit flip properties                               |    497112612864 |  8min
  27. [=]       19 |    1546 | Apply bit flip properties                               |    497112612864 |  8min
  28. [=]       20 |    1654 | Apply bit flip properties                               |    497112612864 |  8min
  29. [=]       20 |    1766 | Apply bit flip properties                               |    497112612864 |  8min
  30. [=]       21 |    1873 | Apply bit flip properties                               |    497112612864 |  8min
  31. [=]       22 |    1984 | Apply bit flip properties                               |    497112612864 |  8min
  32. [=]       23 |    2093 | Apply bit flip properties                               |    497112612864 |  8min
  33. [=]       24 |    2202 | Apply bit flip properties                               |    497112612864 |  8min
  34. [=]       27 |    2308 | Apply Sum property. Sum(a0) = 160                       |      3373896448 |    3s
  35. [=]       27 |    2416 | Apply bit flip properties                               |      2925571072 |    3s
  36. [=]       28 |    2523 | Apply bit flip properties                               |      2925571072 |    3s
  37. [=]       29 |    2628 | Apply bit flip properties                               |      2925571072 |    3s
  38. [=]       30 |    2628 | (1. guess: Sum(a8) = 256)                               |      2925571072 |    3s
  39. [=]       30 |    2628 | Apply Sum(a8) and all bytes bitflip properties          |      1048487936 |    1s
  40. [=]       30 |    2628 | Brute force phase completed.  Key found: DA99871DC5E4   |               0 |    0s

Jak widać atakowany był blok 0, klucz A. Odczytany klucz to DA99871DC5E4. 

Po wywołaniu wyżej wspomnianej komendy polecenia hf mf hardnested --tblk 50 -ta, zaczęły generować poprawne klucze. Wynika to z tego, że po odczycie kart Proxmark generuje pliku -dump.* z danymi z karty. Podczas kolejnych ataków pobiera sobie z nich dane,. przez co ataki na inne sektory zaczynają być skuteczne.

  1. [usb] pm3 --> hf mf rdbl --blk 0 -k DA99871DC5E4
  2.  
  3. [=]   # | sector 00 / 0x00                                | ascii
  4. [=] ----+-------------------------------------------------+-----------------
  5. [=]   0 | 22 B5 8E 4B 52 88 04 00 C8 17 00 20 00 00 00 18 | "..KR...... ....
  6.  
  7. [usb] pm3 --> hf mf hardnested --tblk 50 --ta
  8. [=] MIFARE Classic EV1 card detected
  9. [=] Target block no  50, target key type: A, known target key: 000000000000 (not set)
  10. [=] File action: none, Slow: No, Tests: 0
  11. [=] Hardnested attack starting...
  12. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  13. [=]          |         |                                                         | Expected to brute force
  14. [=]  Time    | #nonces | Activity                                                | #states         | time
  15. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  16. [=]        0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |
  17. [=]        0 |       0 | Brute force benchmark: 1263 million (2^30.2) keys/s     | 140737488355328 |   31h
  18. [=]        3 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 2755 ms               | 140737488355328 |   31h
  19. [=]        3 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   31h
  20. [=]        6 |     112 | Apply bit flip properties                               |     27266465792 |   22s
  21. [=]        7 |     224 | Apply bit flip properties                               |      4431189504 |    4s
  22. [=]        8 |     336 | Apply bit flip properties                               |      1083295104 |    1s
  23. [=]        9 |     446 | Apply bit flip properties                               |       751736960 |    1s
  24. [=]       10 |     558 | Apply bit flip properties                               |       614879296 |    0s
  25. [=]       10 |     670 | Apply bit flip properties                               |       614879296 |    0s
  26. [=]       11 |     782 | Apply bit flip properties                               |       614879296 |    0s
  27. [=]       12 |     891 | Apply bit flip properties                               |       614879296 |    0s
  28. [=]       12 |    1002 | Apply bit flip properties                               |       614879296 |    0s
  29. [=]       13 |    1110 | Apply bit flip properties                               |       614879296 |    0s
  30. [=]       15 |    1221 | Apply Sum property. Sum(a0) = 120                       |        55341064 |    0s
  31. [=]       15 |    1221 | (Ignoring Sum(a8) properties)                           |        55341064 |    0s
  32. [=]       15 |    1221 | Brute force phase completed.  Key found: 13E76046FC18   |               0 |    0s

W związku z tym, że jest to karta z PRNG hard. To odzyskanie wszystkich kluczy należy wykonać komendą hardnested lub autopwn. W przypadku kart z PRNG weak, odzyskanie pozostałych kluczy  może być przeprowadzone komendą nested, gdzie jedną komendą odczytamy całą kartę. 

Gdy już udało się zdobyć jeden z kluczy, to wywołam komendę autopwn, wykonuje ona kilka strategii pozwalających na uzyskanie kluczy między innymi wielokrotne wywołanie komendy hardnested. Dzięki temu nie musimy wielokrotnie wywoływać tej komendy ręcznie.

  1. [usb] pm3 --> hf mf autopwn -s 0 -a -k DA99871DC5E4
  2. [=] MIFARE Classic EV1 card detected
  3. [=] [0] key DA 99 87 1D C5 E4
  4. [+] loaded 1 keys supplied by user
  5. [+] loaded 56 keys from hardcoded default array
  6. [=] running strategy 1
  7. [=] .....
  8. [=] Chunk 10.1s | found 6/36 keys (57)
  9. [=] running strategy 2
  10. [=] ....
  11. [=] Chunk 9.8s | found 6/36 keys (57)
  12. [+] target sector   0 key type A -- found valid key [ DA99871DC5E4 ]
  13. [+] target sector   0 key type B -- found valid key [ 7BC6E7BFE085 ]
  14. [+] target sector  16 key type A -- found valid key [ 5C8FF9990DA2 ]
  15. [+] target sector  16 key type B -- found valid key [ D01AFEEB890A ]
  16. [+] target sector  17 key type A -- found valid key [ 75CCB59C9BED ]
  17. [+] target sector  17 key type B -- found valid key [ 4B791BEA7BCC ]
  18. [=] Hardnested attack starting...
  19. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  20. [=]          |         |                                                         | Expected to brute force
  21. [=]  Time    | #nonces | Activity                                                | #states         | time
  22. [=] ---------+---------+---------------------------------------------------------+-----------------+-------
  23. [=]        0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |
  24. [=]        0 |       0 | Brute force benchmark: 1236 million (2^30.2) keys/s     | 140737488355328 |   32h
  25. [=]        3 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 2769 ms               | 140737488355328 |   32h
  26. [=]        3 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   32h
  27. [=]        6 |     112 | Apply bit flip properties                               |   1135988178944 | 15min
  28. [=]        7 |     224 | Apply bit flip properties                               |    564137230336 |  8min
  29. [=]        8 |     335 | Apply bit flip properties                               |    518060703744 |  7min
  30. [=]        9 |     447 | Apply bit flip properties                               |    497112612864 |  7min
  31. [=]       10 |     558 | Apply bit flip properties                               |    497112612864 |  7min
  32. [=]       11 |     668 | Apply bit flip properties                               |    497112612864 |  7min
  33. [=]       11 |     780 | Apply bit flip properties                               |    497112612864 |  7min
  34. [=]       12 |     892 | Apply bit flip properties                               |    497112612864 |  7min
  35. [=]       13 |    1001 | Apply bit flip properties                               |    497112612864 |  7min
  36. [=]       13 |    1111 | Apply bit flip properties                               |    497112612864 |  7min
  37. [=]       14 |    1221 | Apply bit flip properties                               |    497112612864 |  7min
  38. [=]       15 |    1332 | Apply bit flip properties                               |    497112612864 |  7min
  39. [=]       16 |    1442 | Apply bit flip properties                               |    497112612864 |  7min
  40. [=]       19 |    1548 | Apply Sum property. Sum(a0) = 96                        |     17865103360 |   14s
  41. [=]       19 |    1659 | Apply bit flip properties                               |     17865103360 |   14s
  42. [=]       20 |    1767 | Apply bit flip properties                               |      9474600960 |    8s
  43. [=]       21 |    1877 | Apply bit flip properties                               |     10344664064 |    8s
  44. [=]       22 |    1989 | Apply bit flip properties                               |     10508108800 |    9s
  45. [=]       23 |    2097 | Apply bit flip properties                               |     10508108800 |    9s
  46. [=]       24 |    2207 | Apply bit flip properties                               |     10188015616 |    8s
  47. [=]       24 |    2207 | (1. guess: Sum(a8) = 128)                               |     10188015616 |    8s
  48. [=]       30 |    2207 | Apply Sum(a8) and all bytes bitflip properties          |      6385345024 |    5s
  49. [=]       35 |    2207 | Brute force phase:  77.64%                              |      4309856256 |    3s
  50. [=]       36 |    2207 | (2. guess: Sum(a8) = 136)                               |     15732122624 |   13s
  51. [=]       39 |    2207 | Apply Sum(a8) and all bytes bitflip properties          |     14707302400 |   12s
  52. [=]       39 |    2207 | Brute force phase completed.  Key found: 94F906BEF571   |               0 |    0s
  53. [+] target sector   1 key type A -- found valid key [ 94F906BEF571 ]
  54. [+] target sector   1 key type B -- found valid key [ 4ECD92B8C45D ]
  55. //...
  56. //...
  57. //...
  58. [+] found keys:
  59.  
  60. [+] -----+-----+--------------+---+--------------+----
  61. [+]  Sec | Blk | key A        |res| key B        |res
  62. [+] -----+-----+--------------+---+--------------+----
  63. [+]  000 | 003 | DA99871DC5E4 | D | 7BC6E7BFE085 | D
  64. [+]  001 | 007 | 94F906BEF571 | H | 4ECD92B8C45D | A
  65. [+]  002 | 011 | DD523D494104 | H | 9F893FA140C4 | A
  66. [+]  003 | 015 | 27C844CD770C | H | 1BF96012B2A3 | A
  67. [+]  004 | 019 | 44CD1CA09AB5 | H | C8AE2B84F86F | A
  68. [+]  005 | 023 | 77715642F5A5 | H | C9125E6EE40B | A
  69. [+]  006 | 027 | A5736B7EFE59 | H | E2C3C6E8D31E | A
  70. [+]  007 | 031 | F4D48B525BDA | H | CD4220FA191A | A
  71. [+]  008 | 035 | 8C02CD5E7E05 | H | 6664BE32FD1A | A
  72. [+]  009 | 039 | 7302F49034A3 | H | 349402648902 | A
  73. [+]  010 | 043 | A5474F99C4AE | H | B407BDD1B160 | A
  74. [+]  011 | 047 | 042DDB3277B5 | H | C87A09035983 | A
  75. [+]  012 | 051 | 13E76046FC18 | H | 997B77CEE136 | A
  76. [+]  013 | 055 | FEF7587DE5EE | H | 50687863A3B9 | A
  77. [+]  014 | 059 | 34B537834116 | H | 35AFC49A5EAB | A
  78. [+]  015 | 063 | 2967C9FD23B3 | H | F89E24602439 | A
  79. [+]  016 | 067 | 5C8FF9990DA2 | D | D01AFEEB890A | D
  80. [+]  017 | 071 | 75CCB59C9BED | D | 4B791BEA7BCC | D
  81. [+] -----+-----+--------------+---+--------------+----
  82. [=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA  )

Jak widać udało się uzyskać wszystkie klucze do sektorów.
Autor: o
Etykiety: ,