nfc-tools / mfoc-hardnested Goto Github PK

View Code? Open in Web Editor NEW

192.0 192.0 31.0 3.43 MB

A fork of mfoc integrating hardnested code from the proxmark

License: GNU General Public License v2.0

Makefile 0.04% M4 0.23% C 99.03% C++ 0.68% Roff 0.02% Dockerfile 0.01%

mfoc-hardnested's People

Contributors

Stargazers

Watchers

mfoc-hardnested's Issues

No NFC device found.

I compiled mfoc-hardnested on an Apple M1, connected to a USB PN532. When I run mfoc-hardnested, it prints out "No NFC device found" and exits. I have libnfc 1.8.0 installed, and running nfc-scan-device gives me

nfc-scan-device uses libnfc 1.8.0
1 NFC device(s) found:
- pn532:
    pn532_uart:/dev/tty.usbserial-0001

What is the problem here?

Thanks

Question regarding usage

Hi,

At first my apologies, but I do not know where to ask this question. I am trying (just for the fun of it) to get the keys of a Mifare card. Other cards can be accessed quite easily, but there's one with some issues. Could anyone point out how to handle this one?

mfoc-hardnested exits after a few seconds, giving various error messages:

mfoc-hardnested: ERROR: while requesting encrypted tag-nonce
mfoc-hardnested: ERROR: Reader-answer transfer error, exiting
Error while requesting plain tag-nonce, -20
mfoc-hardnested: ERROR: while requesting encrypted tag-nonce

Number of probes: 5000
Tolerance number: 5000
The custom key 0x000000000000 has been added to the default keys
Found Mifare Classic 4k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  02  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 21  38  19  0d  
      SAK (SEL_RES): 18  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 4K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 4K, Security level 1
* SmartMX with MIFARE 4K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: 000000000000] -> [xxxxxxxxxxxxxxxxxxxxxx..................]

Sector 00 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 01 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 02 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 03 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 04 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 05 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 06 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 07 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 08 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 09 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 10 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 11 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 12 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 13 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 14 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 15 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 16 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 17 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 18 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 19 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 20 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 21 - Found   Key A: 000000000000 Found   Key B: 000000000000
Sector 22 - Unknown Key A               Unknown Key B
Sector 23 - Unknown Key A               Unknown Key B
Sector 24 - Unknown Key A               Unknown Key B
Sector 25 - Unknown Key A               Unknown Key B
Sector 26 - Unknown Key A               Unknown Key B
Sector 27 - Unknown Key A               Unknown Key B
Sector 28 - Unknown Key A               Unknown Key B
Sector 29 - Unknown Key A               Unknown Key B
Sector 30 - Unknown Key A               Unknown Key B
Sector 31 - Unknown Key A               Unknown Key B
Sector 32 - Unknown Key A               Unknown Key B
Sector 33 - Unknown Key A               Unknown Key B
Sector 34 - Unknown Key A               Unknown Key B
Sector 35 - Unknown Key A               Unknown Key B
Sector 36 - Unknown Key A               Unknown Key B
Sector 37 - Unknown Key A               Unknown Key B
Sector 38 - Unknown Key A               Unknown Key B
Sector 39 - Unknown Key A               Unknown Key B


Using sector 21 as an exploit sector

Mode: d, Auth command:	60  57  cf  5d  
19  28  4b  30  
	{Ar}:	5a  1e  0e! 36  58  09! 92  55! 
	{At}:	eb  33! 7f! 3e  
Authentication completed.

Nested Auth number: 0
	{AuthEnc}:	75  6a  c0! 40! 0b  00! 00! 00! 
	{AuthEnResp}:	9f  d0  09  6e  
Card is not vulnerable to nested attack

Using AVX2 SIMD core.          


          
 time    | trg | #nonces | Activity                                                | expected to brute force          
         |     |         |                                                         | #states         | time           
-------------------------------------------------------------------------------------------------------------          
       0 | 22A |       0 | Start using 16 threads and AVX2 SIMD core               |                 |          
       0 | 22A |       0 | Brute force benchmark: 3000 million (2^31.5) keys/s     | 140737488355328 |   13h          
       1 | 22A |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   13h          
Mode: h, Auth command:	60  54  54  6f  
fe  d6  79  7c  
	{Ar}:	c3! af! c5  c2  19  bc  40  4e  
	{At}:	91! e5  23! ac! 
Authentication completed.


       2 | 22A |       1 | Apply bit flip properties                               | 140737488355328 |   13h          
Mode: h, Auth command:	60  54  54  6f  
0c  e5  a0  7a  
	{Ar}:	16  9b  49! 5a! 80  6a! 5f! b9! 
	{At}:	17! 13! 84  13! 
Authentication completed.

       2 | 22A |       2 | Apply bit flip properties                               | 140737488355328 |   13h          
Mode: h, Auth command:	60  54  54  6f  
b8  65  68  bb  
	{Ar}:	b8  b6! b0  fb! fb  ba! 21! 8a! 
	{At}:	aa  ed! e8! c6! 
Authentication completed.

       2 | 22A |       3 | Apply bit flip properties                               | 140737488355328 |   13h          
Mode: h, Auth command:	60  54  54  6f  
95  ad  ff  d4  
	{Ar}:	08  15  ef  09! 80! 83  9c! 20! 
	{At}:	3b! 6e  06  47! 
Authentication completed.

       2 | 22A |       4 | Apply bit flip properties                               | 140737488355328 |   13h          
Mode: h, Auth command:	60  54  54  6f  
a7  b9  d1  af  
	{Ar}:	f4! 86  05  fc! 69! 6f! 4a! d6! 
mfoc-hardnested: ERROR: Reader-answer transfer error, exiting..

TravisCI support

@doegox could you please enable TravisCI for this repo? I don't have enough rights to do it.

Br,
Valentín :)

Any plans for GPU (CUDA) support

mfoc-hardnested-dump fails when rewriting back to card

Hi everyone

I successfully extracted the contents of a MIFARE classic card using mfoc-hardnested using
mfoc-hardnested -f keys.txt -O extractedcard.mfd over an USB Adafruit PN532 Breakout Board:

# ./mfoc-hardnested -f keys.txt -O extractedcard.mfd 
ATS len = -20
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 6d  02  b6  62  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
...
...

However, when trying to write the dump back to the card using
nfc-mfclassic w a extractedcard.mfd extractedcard.mfd, the process fails with

root@nfc:/home/to# LIBNFC_LOG_LEVEL=3 nfc-mfclassic w a extractedcard.mfd extractedcard.mfd
NFC reader: Adafruit PN532 Breakout opened
Found MIFARE Classic card:
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): 6d  02  b6  62  
      SAK (SEL_RES): 08  
RATS support: no
Guessing size: seems to be a 1024-byte card
Writing 63 blocks |Failure to write to data block 1
xroot@nfc:/home/to#

and the card remains unaltered. I'm using a fresh Kali linux and an uptodate libnfc (1.8.0).

Am I correct using nfc-mfclassic to write the dump back or should I use another program (since it identifies as a MIFARE Plus)?

Does anyone have an idea what the problem might be?
Thanks!

Key-reuse check algorithm re-checks already known keys for each new sector key found

Excerpt of the problem:

Sector 38 - Unknown Key A               Unknown Key B
Sector 39 - Found   Key A: 000000000000 Found   Key B: 000000000000

...

     266 | 22A |    1907 | Brute force phase completed. Key found: 72de9a8d5256    |               0 |    0s          
Checking for key reuse...
[Key: 000000000000] -> [xxxxxxxxxxxxxxxxxxxxxx/................x]
[Key: 72de9a8d5256] -> [xxxxxxxxxxxxxxxxxxxxxx/..........

This is not the smart way to do it, and also it appears the code hangs there. :-(

I would expect the key-reuse check to only test the newly found key, and keep its earlier sector key results.

Segmentation Fault when cracking

A segmentation fault will occur when starting to crack the card with mfoc-hardnested.
I notice from the README that this repo uses similar techniques from https://github.com/vk496/mfoc. The code from that repo also raises segmentation fault: 11, so I included the excerpt of the run output from the code from that repo at the end of this issue, too. In case it helps. It fails around Apply bit flip properties step.

Platform & OS:
MacOS Catalina 10.15.5
CPU Intel i7-9750H
Ram 16GB

Configure & build using:

autoreconf -is
./configure
make && sudo make install

./configure output

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
./configure: line 2914: AX_CFLAGS_WARN_ALL: command not found
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking for pkg-config... /usr/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libnfc >= 1.7.0... yes
checking for liblzma... yes
checking build system type... x86_64-apple-darwin19.5.0
checking host system type... x86_64-apple-darwin19.5.0
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... -D_THREAD_SAFE
checking for PTHREAD_PRIO_INHERIT... yes
checking for log in -lm... yes
checking for inline... inline
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for stdbool.h that conforms to C99... yes
checking for _Bool... yes
checking for size_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible realloc... yes
checking for memset... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands

make output:

/Library/Developer/CommandLineTools/usr/bin/make  all-recursive
Making all in src
  CC       crapto1.o
  CC       crypto1.o
  CC       mfoc.o
  CC       mifare.o
  CC       nfc-utils.o
  CC       parity.o
  CC       hardnested/hardnested_cpu_dispatch.o
  CC       hardnested/hardnested_bruteforce.o
  CC       hardnested/tables.o
  CC       cmdhfmfhard.o
  CC       util.o
  CC       util_posix.o
  CC       ui.o
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_SSE2.o hardnested/hardnested_bf_core_SSE2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX.o hardnested/hardnested_bf_core_AVX.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX2.o hardnested/hardnested_bf_core_AVX2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bf_core_AVX512.o hardnested/hardnested_bf_core_AVX512.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_SSE2.o hardnested/hardnested_bitarray_core_SSE2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX.o hardnested/hardnested_bitarray_core_AVX.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX2.o hardnested/hardnested_bitarray_core_AVX2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bitarray_core_AVX512.o hardnested/hardnested_bitarray_core_AVX512.c
  CCLD     mfoc-hardnested

mfoc run output from https://github.com/vk496/mfoc.

Sector 11 - Unknown Key A               Found   Key B: ffffffffffff
Sector 12 - Unknown Key A               Found   Key B: ffffffffffff
Sector 13 - Unknown Key A               Found   Key B: ffffffffffff
Sector 14 - Unknown Key A               Found   Key B: ffffffffffff
Sector 15 - Unknown Key A               Found   Key B: ffffffffffff


Using sector 15 as an exploit sector
Card is not vulnerable to nested attack

Using AVX2 SIMD core.



 time    | trg | #nonces | Activity                                                | expected to brute force
         |     |         |                                                         | #states         | time
-------------------------------------------------------------------------------------------------------------
       0 |  0? |       0 | Start using 12 threads and AVX2 SIMD core               |                 |
       0 |  0? |       0 | Brute force benchmark: 317 million (2^28.2) keys/s      | 140737488355328 |    5d
       0 |  0? |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    5d
       4 |  0A |      18 | Apply bit flip properties                               |  54228122861568 |    2d          
zsh: segmentation fault  mfoc -O circle.card

make failure

Kali Info:

└─# uname -a 2 ⨯ Linux kali 5.14.0-kali4-amd64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux


libnfc-bin/kali-rolling,now 1.8.0-2 amd64 [installed]
  Near Field Communication (NFC) binaries

libnfc-dev/kali-rolling,now 1.8.0-2 amd64 [installed]
  Near Field Communication (NFC) library (development files)

libnfc-examples/kali-rolling,now 1.8.0-2 amd64 [installed]
  Near Field Communication (NFC) examples

libnfc-pn53x-examples/kali-rolling,now 1.8.0-2 amd64 [installed]
  Near Field Communication (NFC) examples for PN53x chips only

libnfc6/kali-rolling,now 1.8.0-2 amd64 [installed,automatic]
  Near Field Communication (NFC) library

mfcuk/kali-rolling,now 0.3.8+git20180720-2 amd64 [installed]
  MiFare Classic Universal toolKit

here is the full output of my build as instructed in the README. Any assistance would be most appreciated. Thanks!

──(root💀kali)-[/home/kali/mfoc]
└─# autoreconf -is
src/Makefile.am:42: warning: '%'-style pattern rules are a GNU make extension
src/Makefile.am:45: warning: '%'-style pattern rules are a GNU make extension
src/Makefile.am:48: warning: '%'-style pattern rules are a GNU make extension
src/Makefile.am:51: warning: '%'-style pattern rules are a GNU make extension
src/Makefile.am:54: warning: '%'-style pattern rules are a GNU make extension
src/Makefile.am:57: warning: '%'-style pattern rules are a GNU make extension
                                                                                                                                                   
┌──(root💀kali)-[/home/kali/mfoc]
└─# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
./configure: line 3263: AX_CFLAGS_WARN_ALL: command not found
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libnfc >= 1.7.0... yes
checking for liblzma... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for the pthreads library -lpthreads... no
checking whether pthreads work without any flags... no
checking whether pthreads work with -Kthread... no
checking whether pthreads work with -kthread... no
checking for the pthreads library -llthread... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for log in -lm... yes
checking for inline... inline
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for _Bool... yes
checking for stdbool.h that conforms to C99... yes
checking for size_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for GNU libc compatible malloc... yes
checking for GNU libc compatible realloc... yes
checking for memset... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: executing depfiles commands
                                                                                                                                                   
┌──(root💀kali)-[/home/kali/mfoc]
└─# make && sudo make install
make  all-recursive
make[1]: Entering directory '/home/kali/mfoc'
Making all in src
make[2]: Entering directory '/home/kali/mfoc/src'
  CC       crapto1.o
  CC       crypto1.o
  CC       mfoc.o
  CC       mifare.o
  CC       nfc-utils.o
  CC       parity.o
  CC       hardnested/hardnested_bruteforce.o
  CC       hardnested/tables.o
  CC       cmdhfmfhard.o
  CC       util.o
  CC       util_posix.o
  CC       ui.o
gcc  -O3 -std=c99 -mno-mmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_NOSIMD.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mno-mmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_NOSIMD.o hardnested/hardnested_bitarray_core.c
gcc  -O3 -std=c99 -mmmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_MMX.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_SSE2.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX2.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bf_core_AVX512.o hardnested/hardnested_bf_core.c
gcc  -O3 -std=c99 -mmmx -mno-sse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_MMX.o hardnested/hardnested_bitarray_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_SSE2.o hardnested/hardnested_bitarray_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX.o hardnested/hardnested_bitarray_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX2.o hardnested/hardnested_bitarray_core.c
gcc  -O3 -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bitarray_core_AVX512.o hardnested/hardnested_bitarray_core.c
  CCLD     mfoc
/usr/bin/ld: hardnested/hardnested_bruteforce.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bruteforce.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/tables.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/tables.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: cmdhfmfhard.o:(.bss+0x120): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: cmdhfmfhard.o:(.bss+0x100): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_NOSIMD.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_NOSIMD.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_MMX.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_MMX.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_SSE2.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_SSE2.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX2.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX2.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX512.o:(.bss+0x0): multiple definition of `r'; mfoc.o:(.bss+0x20): first defined here
/usr/bin/ld: hardnested/hardnested_bf_core_AVX512.o:(.bss+0x20): multiple definition of `t'; mfoc.o:(.bss+0x40): first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:434: mfoc] Error 1
make[2]: Leaving directory '/home/kali/mfoc/src'
make[1]: *** [Makefile:375: all-recursive] Error 1
make[1]: Leaving directory '/home/kali/mfoc'
make: *** [Makefile:316: all] Error 2'

Incorrect work (looping in sector 33) with Mifare 4k cards

The application works great with 1k or 2k cards.
It doesn't work correctly with 4k cards.
The 4k card consists of 32 sectors with a size of 64 bytes (4 blocks), and 8 sectors with a size of 256 bytes (16 blocks).
When application working with a 4k card, the application successfully search keys for sectors 0-31 (the size of each sector is 64 bytes), but as soon as the key search reaches 32 sectors (the sector size is 256 bytes), the key search gets stuck in sector 33. The key search will not go beyond 33 sectors. See log bellow.

600 | 33B |    1677 | (6. guess: Sum(a8) = 112)                               |     94903107584 | 14min   
 619 | 33B |    1677 | Apply Sum(a8) and all bytes bitflip properties          |     65121910784 | 10min  
 625 | 33B |    1677 | Brute force phase:  12.28%                              |     64877424640 | 10min  
 631 | 33B |    1677 | Brute force phase:  36.33%                              |     64398696448 | 10min  
 639 | 33B |    1677 | Brute force phase:  65.61%                              |     63815827456 | 10min  
 644 | 33B |    1677 | Brute force phase:  86.58%                              |     63398297600 | 10min  
 647 | 33B |    1677 | (7. guess: Sum(a8) = 120)                               |     86009774080 | 13min  
 659 | 33B |    1677 | Apply Sum(a8) and all bytes bitflip properties          |     49862168576 |  8min  
 679 | 33B |    1677 | Brute force phase:  25.35%                              |     49128714240 |  7min  
 688 | 33B |    1677 | Brute force phase completed. Key found: bbbbbbbbbb32    |               0 |    0s

Checking for key reuse...
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]
[Key: ************] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx///x///]

Sector 00 - Found Key A: aaaaaaaaaa00 Found Key B: bbbbbbbbbb00
Sector 01 - Found Key A: aaaaaaaaaa01 Found Key B: bbbbbbbbbb01
Sector 02 - Found Key A: aaaaaaaaaa02 Found Key B: bbbbbbbbbb02
Sector 03 - Found Key A: aaaaaaaaaa03 Found Key B: bbbbbbbbbb03
Sector 04 - Found Key A: aaaaaaaaaa04 Found Key B: bbbbbbbbbb04
Sector 05 - Found Key A: aaaaaaaaaa05 Found Key B: bbbbbbbbbb05
Sector 06 - Found Key A: aaaaaaaaaa06 Found Key B: bbbbbbbbbb06
Sector 07 - Found Key A: aaaaaaaaaa07 Found Key B: bbbbbbbbbb07
Sector 08 - Found Key A: aaaaaaaaaa08 Found Key B: bbbbbbbbbb08
Sector 09 - Found Key A: aaaaaaaaaa09 Found Key B: bbbbbbbbbb09
Sector 10 - Found Key A: aaaaaaaaaa10 Found Key B: bbbbbbbbbb10
Sector 11 - Found Key A: aaaaaaaaaa11 Found Key B: bbbbbbbbbb11
Sector 12 - Found Key A: aaaaaaaaaa12 Found Key B: bbbbbbbbbb12
Sector 13 - Found Key A: aaaaaaaaaa13 Found Key B: bbbbbbbbbb13
Sector 14 - Found Key A: aaaaaaaaaa14 Found Key B: bbbbbbbbbb14
Sector 15 - Found Key A: aaaaaaaaaa15 Found Key B: bbbbbbbbbb15
Sector 16 - Found Key A: aaaaaaaaaa16 Found Key B: bbbbbbbbbb16
Sector 17 - Found Key A: aaaaaaaaaa17 Found Key B: bbbbbbbbbb17
Sector 18 - Found Key A: aaaaaaaaaa18 Found Key B: bbbbbbbbbb18
Sector 19 - Found Key A: aaaaaaaaaa19 Found Key B: bbbbbbbbbb19
Sector 20 - Found Key A: aaaaaaaaaa20 Found Key B: bbbbbbbbbb20
Sector 21 - Found Key A: aaaaaaaaaa21 Found Key B: bbbbbbbbbb21
Sector 22 - Found Key A: aaaaaaaaaa22 Found Key B: bbbbbbbbbb22
Sector 23 - Found Key A: aaaaaaaaaa23 Found Key B: bbbbbbbbbb23
Sector 24 - Found Key A: aaaaaaaaaa24 Found Key B: bbbbbbbbbb24
Sector 25 - Found Key A: aaaaaaaaaa25 Found Key B: bbbbbbbbbb25
Sector 26 - Found Key A: aaaaaaaaaa26 Found Key B: bbbbbbbbbb26
Sector 27 - Found Key A: aaaaaaaaaa27 Found Key B: bbbbbbbbbb27
Sector 28 - Found Key A: aaaaaaaaaa28 Found Key B: bbbbbbbbbb28
Sector 29 - Found Key A: aaaaaaaaaa29 Found Key B: bbbbbbbbbb29
Sector 30 - Found Key A: aaaaaaaaaa30 Found Key B: bbbbbbbbbb30
Sector 31 - Found Key A: aaaaaaaaaa31 Found Key B: bbbbbbbbbb31
Sector 32 - Found Key A: aaaaaaaaaa32 Found Key B: bbbbbbbbbb32
Sector 33 - Found Key A: aaaaaaaaaa33 Unknown Key B
Sector 34 - Found Key A: aaaaaaaaaa34 Unknown Key B
Sector 35 - Found Key A: aaaaaaaaaa35 Unknown Key B
Sector 36 - Found Key A: aaaaaaaaaa36 Found Key B: bbbbbbbbbb32 <<< wrong!!!
Sector 37 - Found Key A: aaaaaaaaaa37 Unknown Key B
Sector 38 - Found Key A: aaaaaaaaaa38 Unknown Key B
Sector 39 - Found Key A: aaaaaaaaaa39 Unknown Key B

Using sector 36 as an exploit sector

Mode: d, Auth command: 60 cf 0e 45
fc 7f d0 c7
{Ar}: bb 9a! 07! 28! 54! 26 3c ed!
{At}: 52! 91 c8! b1
Authentication completed.

Nested Auth number: 0
{AuthEnc}: 28! d4 20 6b! 00! 01 00! 01
{AuthEnResp}: 3c! ec 61 27!
Card is not vulnerable to nested attack

Using SSE2 SIMD core.

time | trg | #nonces | Activity | expected to brute force

     |     |         |                                                         | #states         | time

   0 | 33B |       0 | Start using 2 threads and SSE2 SIMD core                |                 |        


   0 | 33B |       0 | Brute force benchmark: 111 million (2^26.7) keys/s      | 140737488355328 |   15d  

    
   3 | 33B |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   15d

Mode: h, Auth command: 60 c0 f9 bd
e9 05 ba 3d
{Ar}: 0c a8! 08 07! 79 6c! 1a! 6a!
{At}: 84! 4d be cd
Authentication completed.

   9 | 33B |       1 | Apply bit flip properties                               | 140737488355328 |   15d

Mode: h, Auth command: 60 c0 f9 bd
ab 66 a5 c0
{Ar}: 48! 65! d7! 95! 02 ef! 4c 26!
{At}: 0b 26 b4! 6f
Authentication completed.

   9 | 33B |       2 | Apply bit flip properties                               | 140737488355328 |   15d

Mode: h, Auth command: 60 c0 f9 bd
31 54 14 e3
{Ar}: 20 5b e3! 6c fd! 4d! ca! 2c!
{At}: 19! c9 53! 40!
Authentication completed.`

Keys file is ignored

It seems to be ignoring the specified keys file. This is on Windows:
keys.txt is taken from https://raw.githubusercontent.com/flipperdevices/flipperzero-firmware/dev/assets/resources/nfc/assets/mf_classic_dict.nfc

The custom key 0x000000000000 has been added to the default keys
ATS 0C0C757780|02C1052130
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  44
* UID size: double
* bit frame anticollision supported
       UID (NFCID1): 04  6f  4e  e2  49  67  80
      SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: 000000000000] -> [................]
[Key: ffffffffffff] -> [................]
[Key: a0a1a2a3a4a5] -> [................]
[Key: d3f7d3f7d3f7] -> [................]
[Key: 000000000000] -> [................]
[Key: b0b1b2b3b4b5] -> [................]
[Key: 4d3a99c351dd] -> [................]
[Key: 1a982c7e459a] -> [................]
[Key: aabbccddeeff] -> [................]
[Key: 714c5c886e97] -> [................]
[Key: 587ee5f9350f] -> [................]
[Key: a0478cc39091] -> [................]
[Key: 533cb6c723f6] -> [................]
[Key: 8fd0a4f256e9] -> [................]

Sector 00 - Unknown Key A               Unknown Key B
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Unknown Key A               Unknown Key B
Sector 04 - Unknown Key A               Unknown Key B
Sector 05 - Unknown Key A               Unknown Key B
Sector 06 - Unknown Key A               Unknown Key B
Sector 07 - Unknown Key A               Unknown Key B
Sector 08 - Unknown Key A               Unknown Key B
Sector 09 - Unknown Key A               Unknown Key B
Sector 10 - Unknown Key A               Unknown Key B
Sector 11 - Unknown Key A               Unknown Key B
Sector 12 - Unknown Key A               Unknown Key B
Sector 13 - Unknown Key A               Unknown Key B
Sector 14 - Unknown Key A               Unknown Key B
Sector 15 - Unknown Key A               Unknown Key B
ERROR:

No sector encrypted with the default key has been found, exiting..```

Infinite loop to 1 nonces

Install not working

Hi,

I came here because miLazyCracker did not work when installing and this has almost the same issue. I must be doing something wrong, please help me out.

┌──(root💀kali)-[/home/kali/mfoc-hardnested-master] └─# autoreconf -vis autoreconf: export WARNINGS= autoreconf: Entering directory '.' autoreconf: configure.ac: not using Gettext autoreconf: running: aclocal autoreconf: configure.ac: tracing autoreconf: configure.ac: not using Libtool autoreconf: configure.ac: not using Intltool autoreconf: configure.ac: not using Gtkdoc autoreconf: running: /usr/bin/autoconf configure.ac:19: error: possibly undefined macro: AC_MSG_ERROR If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: error: /usr/bin/autoconf failed with exit status: 1

nfc-tools / mfoc-hardnested Goto Github PK

mfoc-hardnested's People

Contributors

Stargazers

Watchers

Forkers

mfoc-hardnested's Issues

Recommend Projects

Recommend Topics

Recommend Org