1 (edited by momosnipy 2015-10-22 15:37:01)

Topic: Mfcuk on Mifare Plus

Hi,

I gave myself a challenge, hack my coffee machine card (the one at my office).
I really thought the security would be weak for that kind of mifare, I might be wrong.

I install a fresh ubuntu, tools needed (libnfc 1.7.0 withdriver acr122_usb, mfcuk 0.3.8, mfoc 0.10.7).
I bought a acr122u reader (ACR122U-A9) with chip PN532 v1.6)

Well, my problem is i can't use the attack with mfoc (i tried with a lot of probes, but no success).
Most of the blocks are with default keys, but some are not (the useful of course wink ).

./mfoc -P 3000 -O coffee.dmp
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): 20  XX  XX  XX  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [xxxxxxxx.......x]
[Key: a0a1a2a3a4a5] -> [xxxxxxxx///////x]
[Key: d3f7d3f7d3f7] -> [xxxxxxxx///////x]
[Key: 000000000000] -> [xxxxxxxx///////x]
[Key: b0b1b2b3b4b5] -> [xxxxxxxx///////x]
[Key: 4d3a99c351dd] -> [xxxxxxxx///////x]
[Key: 1a982c7e459a] -> [xxxxxxxx///////x]
[Key: aabbccddeeff] -> [xxxxxxxx///////x]
[Key: 714c5c886e97] -> [xxxxxxxx///////x]
[Key: 587ee5f9350f] -> [xxxxxxxx///////x]
[Key: a0478cc39091] -> [xxxxxxxx///////x]
[Key: 533cb6c723f6] -> [xxxxxxxx///////x]
[Key: 8fd0a4f256e9] -> [xxxxxxxx///////x]

Sector 00 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 01 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 02 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 03 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 04 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 05 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 06 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 07 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff
Sector 08 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 09 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 10 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 11 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 12 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 13 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 14 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 15 - Found   Key A: ffffffffffff Found   Key B: ffffffffffff


Using sector 00 as an exploit sector
Sector: 8, type B, probe 0, distance 35292 .....

I let it more than 1000 probes...


I tried to find one specific key on a specific block (the 8 one) with unknown key using mfcuk instead of mfoc, but still no success.
I had always diff Nt = auths with mfcuk, and i read somewhere that it could mean the key was using a fixed prng which is almost impossible to hack by now.

So I tried, just to be sure,  to find a basic key with mfcuk (block 0 for example which is FFFFFFFFFFFF).

./mfcuk -C  -R 0:A -s 300 -S 300 -v 3

mfcuk - 0.3.8
Mifare Classic DarkSide Key Recovery Tool - 0.3

INFO: Connected to NFC reader: ACS / ACR122U PICC Interface



INITIAL ACTIONS MATRIX - UID 20 XX XX XX - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector    |    Key A    |ACTS | RESL    |    Key B    |ACTS | RESL
---------------------------------------------------------------------
0    |  000000000000    | . R | . .    |  000000000000    | . . | . .
1    |  000000000000    | . . | . .    |  000000000000    | . . | . .
2    |  000000000000    | . . | . .    |  000000000000    | . . | . .
3    |  000000000000    | . . | . .    |  000000000000    | . . | . .
4    |  000000000000    | . . | . .    |  000000000000    | . . | . .
5    |  000000000000    | . . | . .    |  000000000000    | . . | . .
6    |  000000000000    | . . | . .    |  000000000000    | . . | . .
7    |  000000000000    | . . | . .    |  000000000000    | . . | . .
8    |  000000000000    | . . | . .    |  000000000000    | . . | . .
9    |  000000000000    | . . | . .    |  000000000000    | . . | . .
10    |  000000000000    | . . | . .    |  000000000000    | . . | . .
11    |  000000000000    | . . | . .    |  000000000000    | . . | . .
12    |  000000000000    | . . | . .    |  000000000000    | . . | . .
13    |  000000000000    | . . | . .    |  000000000000    | . . | . .
14    |  000000000000    | . . | . .    |  000000000000    | . . | . .
15    |  000000000000    | . . | . .    |  000000000000    | . . | . .


VERIFY: 
    Key A sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f
    Key B sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f


ACTION RESULTS MATRIX AFTER VERIFY - UID 20 XX XX XX - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector    |    Key A    |ACTS | RESL    |    Key B    |ACTS | RESL
---------------------------------------------------------------------
0    |  000000000000    | . R | . .    |  000000000000    | . . | . .
1    |  000000000000    | . . | . .    |  000000000000    | . . | . .
2    |  000000000000    | . . | . .    |  000000000000    | . . | . .
3    |  000000000000    | . . | . .    |  000000000000    | . . | . .
4    |  000000000000    | . . | . .    |  000000000000    | . . | . .
5    |  000000000000    | . . | . .    |  000000000000    | . . | . .
6    |  000000000000    | . . | . .    |  000000000000    | . . | . .
7    |  000000000000    | . . | . .    |  000000000000    | . . | . .
8    |  000000000000    | . . | . .    |  000000000000    | . . | . .
9    |  000000000000    | . . | . .    |  000000000000    | . . | . .
10    |  000000000000    | . . | . .    |  000000000000    | . . | . .
11    |  000000000000    | . . | . .    |  000000000000    | . . | . .
12    |  000000000000    | . . | . .    |  000000000000    | . . | . .
13    |  000000000000    | . . | . .    |  000000000000    | . . | . .
14    |  000000000000    | . . | . .    |  000000000000    | . . | . .
15    |  000000000000    | . . | . .    |  000000000000    | . . | . .


RECOVER:  0
-----------------------------------------------------
Let me entertain you!
    uid: 204e1ca5
   type: 08
    key: 000000000000
  block: 03
diff Nt: 0
  auths: 0
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 204e1ca5
   type: 08
    key: 000000000000
  block: 03
diff Nt: 1
  auths: 1
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 204e1ca5
   type: 08
    key: 000000000000
  block: 03
diff Nt: 2
  auths: 2

-----------------------------------------------------
Let me entertain you!
    uid: 204e1ca5
   type: 08
    key: 000000000000
  block: 03
diff Nt: 168
  auths: 168

But once again, i got no results. And that, i don't understand why mfcuk can't find a static basic authentication key.

If you have any idea, or if you just think it's normal and i just can't hack this key, thanks.

Re: Mfcuk on Mifare Plus

Well, I'll answer to myself.

I tried mfoc with another key with unknown keys and it worked fine!
So I really think the problem is coming from the key which a a pretty good security.

If you heard anything about cracking these keys with prng (without proxmark wink), don't hesitate to share!

Thanks!

Re: Mfcuk on Mifare Plus

I've been having a similar issue myself. What was your solution, to pass in one of the already found keys from mfoc using the -k option?

e.g.

./mfoc -P 3000 -O coffee.dmp -k a0a1a2a3a4a5

Re: Mfcuk on Mifare Plus

Hi,

To add default keys in mfoc, I prefer add them directly in mfoc.c.
You just have to respect the format:     {0x4a, 0x63, 0x52, 0x68, 0x46, 0x77}
Then you remake and reinstall mfoc.