Table of Contents Mifare Cloning EM410x Cloning EM410x Known Passwords Downloads Jans MAC Debugging Debugging Make-Fehler unter (u.a.) Ubuntu Proxmark3 Dank Jan haben wir einen wir einen proxmark3, ein Proxmark3 easy und auch 2 Chameleons, Der RFID Koffer mit dem Zeugs, auch Karten etc. gibt es auf Anfrage bei mir Der Proxmark 3 easy hat momentan Probleme mit Legic Prime, muss noch debugt werden. Auf dem DL0MUC-Rechner ist die dazu passende Software installiert, Mus man mal ™ updaten. Mifare todo bei Jan Auf dem 34c3 haben wir damit mal weiter rumgespielt, hier noch ein paar Tips(Bin selber zu faul das immer wieder raus zu suchen) Welcher Kartentyp hf search Check für Standardkeys hf mf chk *1 ? Mifare Cloning Einen gültigen Key herausfinden proxmark3> hf mf mifare ------------------------------------------------------------------------- Executing command. Expected execution time: 25sec on average :-) Press the key on the proxmark3 device to abort both proxmark3 and client. ------------------------------------------------------------------------- ........................ uid(352c1f4c) nt(b30c6cee) par(ba92426af29a2a32) ks(0008090f0e0f070d) nr(00000000) |diff|{nr} |ks3|ks3^5|parity | +----+--------+---+-----+---------------+ | 00 |00000000| 0 | 5 |0,1,0,1,1,1,0,1| | 20 |00000020| 8 | d |0,1,0,0,1,0,0,1| | 40 |00000040| 9 | c |0,1,0,0,0,0,1,0| | 60 |00000060| f | a |0,1,0,1,0,1,1,0| | 80 |00000080| e | b |0,1,0,0,1,1,1,1| | a0 |000000a0| f | a |0,1,0,1,1,0,0,1| | c0 |000000c0| 7 | 2 |0,1,0,1,0,1,0,0| | e0 |000000e0| d | 8 |0,1,0,0,1,1,0,0| key_count:1 ------------------------------------------------------------------ Key found:e251a9da734d Found valid key:e251a9da734d proxmark3> Mit dem oben gefundenen Key, die ganzen restlichen Keys herausfinden (dauert ein bisschen) proxmark3> hf mf nested 1 0 A e251a9da734d d --block no:00 key type:00 key:e2 51 a9 da 73 4d etrans:0 Block shift=0 Testing known keys. Sector count=16 nested... ----------------------------------------------- uid:352c1f4c len=2 trgbl=0 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=8 trgkey=0 Found valid key:06930625f573 ----------------------------------------------- uid:352c1f4c len=2 trgbl=8 trgkey=1 Found valid key:9aeb465f44c9 ----------------------------------------------- uid:352c1f4c len=2 trgbl=12 trgkey=0 Found valid key:3ed2990cc0c3 ----------------------------------------------- uid:352c1f4c len=2 trgbl=12 trgkey=1 Found valid key:f9e3c2b9421a ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=1 Found valid key:f18ea2dcca6f ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=1 Found valid key:6f259862ef91 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=1 Found valid key:d412a41ecb09 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=44 trgkey=0 Found valid key:d271ff53eeda ----------------------------------------------- uid:352c1f4c len=2 trgbl=44 trgkey=1 Found valid key:b6ca78eabb2a ----------------------------------------------- uid:352c1f4c len=2 trgbl=48 trgkey=0 Found valid key:cb87a64088e7 ----------------------------------------------- uid:352c1f4c len=2 trgbl=48 trgkey=1 Found valid key:0653bf2b8701 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=1 Found valid key:541550280d7e ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=60 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=60 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=0 trgkey=1 Found valid key:322c9cbbe53f ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=0 Found valid key:9c8c07c9f190 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=0 Found valid key:5ed4f3654421 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=0 Found valid key:9dec238a9214 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=1 Found valid key:bd451e445aed ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=0 Found valid key:472a6f5519ad ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 Found valid key:cfea5408a6da ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 Found valid key:a6d80a83ded6 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 Found valid key:8f0e6a510598 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 Found valid key:f3be399eba7b ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 Found valid key:5a6041c9f9fc Time in nested: 37,380 (0,603 sec per key) ----------------------------------------------- Iterations count: 62 |---|----------------|---|----------------|---| |sec|key A |res|key B |res| |---|----------------|---|----------------|---| |000| e251a9da734d | 1 | 322c9cbbe53f | 1 | |001| 9c8c07c9f190 | 1 | 5a6041c9f9fc | 1 | |002| 06930625f573 | 1 | 9aeb465f44c9 | 1 | |003| 3ed2990cc0c3 | 1 | f9e3c2b9421a | 1 | |004| 5ed4f3654421 | 1 | f18ea2dcca6f | 1 | |005| cfea5408a6da | 1 | 6f259862ef91 | 1 | |006| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |007| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |008| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |009| 8f0e6a510598 | 1 | d412a41ecb09 | 1 | |010| 9dec238a9214 | 1 | bd451e445aed | 1 | |011| d271ff53eeda | 1 | b6ca78eabb2a | 1 | |012| cb87a64088e7 | 1 | 0653bf2b8701 | 1 | |013| a6d80a83ded6 | 1 | 541550280d7e | 1 | |014| 472a6f5519ad | 1 | f3be399eba7b | 1 | |015| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |---|----------------|---|----------------|---| Printing keys to bynary file dumpkeys.bin... proxmark3> Den Inhalt der Karte unter Zuhilfenahme der gefunden Keys dumpen proxmark3> hf mf dump |-----------------------------------------| |------ Reading sector access bits...-----| |-----------------------------------------| #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED |-----------------------------------------| |----- Dumping all blocks to file... -----| |-----------------------------------------| #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' proxmark3> Den entstandenen Dump ins eml-Format konvertieren (PM3-Scripts sind am Ende der Seite in den Downloads) user@host:~$ ./pm3_bin2eml.py dumpdata.bin dumpdata.eml Das eml-File in eine “Magic Chinese Guy”-Karte laden (diese vorher natürlich auf den proxmark legen!) proxmark3> hf mf cload dumpdata Loaded from file: dumpdata.eml proxmark3> Fertig EM410x Cloning Karte auslesen proxmark3> lf em4x em410xwatch #db# buffer samples: d1 cd c5 c0 ba b7 b2 af ... Reading 16000 samples Done! Auto-detected clock rate: 64 EM410x Tag ID: 0101160061 Unique Tag ID: 0808860068 proxmark3> UID (hier: EM410x Tag ID) auf Blankokarte (T5555 oder T55x7) schreiben proxmark3> lf em4x em410xwrite 0101160061 1 Writing T55x7 tag with UID 0x0101160061 (clock rate: 64) #db# Started writing T55x7 tag ... #db# Clock rate: 64 #db# Tag T55x7 written with 0xff806018d8003060 Fertig EM410x Known Passwords 0x512436480x000D8787 lf t55xx writeblockPWD 00148041 0 51243648 Downloads prox.rar (Quelle: http://www.fuzzysecurity.com/) Proxmark-Firmware/Client, etc.: https://code.google.com/p/proxmark3/wiki/Linux Jans MAC Debugging Homebrew Install (Im Terminal Fenster starten) /usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)” * Proxmark Install brew tap proxmark/proxmark3 brew install proxmark3 Momentan kaputt (Stand 15.1.2018) dann mit diesem Parameter Installieren. brew install --HEAD proxmark3 * TTY Port heraus finden (proxmark3 vorher anschließen) ls /dev/cu* * Starten (usbmodem21 wars bei mir, entsprechend anpassen) proxmark3 /dev/cu.usbmodem21 * Alle proxmark Befehle laufen ab hier ganz normal Debugging Make-Fehler unter (u.a.) Ubuntu Im client/Makefile dashier ändern: CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc proxmark.txt Last modified: 2021/04/18 12:35(external edit)