This is an old revision of the document!
Dank Jan haben wir einen wir einen proxmark3, welcher aktuell (Stand: 10.02.2014) auf Version 844 läuft.
Auf dem Laborrechner ist die entsprechende Software installiert, welche benötigt wird um mit dem Proxmark zu kommunizieren.
Mifare Cloning
- Einen gültigen Key herausfinden
proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average :-)
Press the key on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
........................
uid(352c1f4c) nt(b30c6cee) par(ba92426af29a2a32) ks(0008090f0e0f070d) nr(00000000)
|diff|{nr} |ks3|ks3^5|parity |
+----+--------+---+-----+---------------+
| 00 |00000000| 0 | 5 |0,1,0,1,1,1,0,1|
| 20 |00000020| 8 | d |0,1,0,0,1,0,0,1|
| 40 |00000040| 9 | c |0,1,0,0,0,0,1,0|
| 60 |00000060| f | a |0,1,0,1,0,1,1,0|
| 80 |00000080| e | b |0,1,0,0,1,1,1,1|
| a0 |000000a0| f | a |0,1,0,1,1,0,0,1|
| c0 |000000c0| 7 | 2 |0,1,0,1,0,1,0,0|
| e0 |000000e0| d | 8 |0,1,0,0,1,1,0,0|
key_count:1
------------------------------------------------------------------
Key found:e251a9da734d
Found valid key:e251a9da734d
proxmark3>
- Mit dem oben gefundenen Key, die ganzen restlichen Keys herausfinden (dauert ein bisschen)
proxmark3> hf mf nested 1 0 A e251a9da734d d
--block no:00 key type:00 key:e2 51 a9 da 73 4d etrans:0
Block shift=0
Testing known keys. Sector count=16
nested...
-----------------------------------------------
uid:352c1f4c len=2 trgbl=0 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=8 trgkey=0
Found valid key:06930625f573
-----------------------------------------------
uid:352c1f4c len=2 trgbl=8 trgkey=1
Found valid key:9aeb465f44c9
-----------------------------------------------
uid:352c1f4c len=2 trgbl=12 trgkey=0
Found valid key:3ed2990cc0c3
-----------------------------------------------
uid:352c1f4c len=2 trgbl=12 trgkey=1
Found valid key:f9e3c2b9421a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=1
Found valid key:f18ea2dcca6f
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=1
Found valid key:6f259862ef91
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=1
Found valid key:d412a41ecb09
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=44 trgkey=0
Found valid key:d271ff53eeda
-----------------------------------------------
uid:352c1f4c len=2 trgbl=44 trgkey=1
Found valid key:b6ca78eabb2a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=48 trgkey=0
Found valid key:cb87a64088e7
-----------------------------------------------
uid:352c1f4c len=2 trgbl=48 trgkey=1
Found valid key:0653bf2b8701
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=1
Found valid key:541550280d7e
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=60 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=60 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=0 trgkey=1
Found valid key:322c9cbbe53f
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=0
Found valid key:9c8c07c9f190
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=16 trgkey=0
Found valid key:5ed4f3654421
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=0
Found valid key:9dec238a9214
-----------------------------------------------
uid:352c1f4c len=2 trgbl=40 trgkey=1
Found valid key:bd451e445aed
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=0
Found valid key:472a6f5519ad
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=20 trgkey=0
Found valid key:cfea5408a6da
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=32 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
-----------------------------------------------
uid:352c1f4c len=2 trgbl=52 trgkey=0
Found valid key:a6d80a83ded6
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=28 trgkey=0
Found valid key:f0bf64a6bf6a
-----------------------------------------------
uid:352c1f4c len=2 trgbl=36 trgkey=0
Found valid key:8f0e6a510598
-----------------------------------------------
uid:352c1f4c len=2 trgbl=56 trgkey=1
Found valid key:f3be399eba7b
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=24 trgkey=1
Found valid key:59039bbc5f20
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
-----------------------------------------------
uid:352c1f4c len=2 trgbl=4 trgkey=1
Found valid key:5a6041c9f9fc
Time in nested: 37,380 (0,603 sec per key)
-----------------------------------------------
Iterations count: 62
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| e251a9da734d | 1 | 322c9cbbe53f | 1 |
|001| 9c8c07c9f190 | 1 | 5a6041c9f9fc | 1 |
|002| 06930625f573 | 1 | 9aeb465f44c9 | 1 |
|003| 3ed2990cc0c3 | 1 | f9e3c2b9421a | 1 |
|004| 5ed4f3654421 | 1 | f18ea2dcca6f | 1 |
|005| cfea5408a6da | 1 | 6f259862ef91 | 1 |
|006| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|007| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|008| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|009| 8f0e6a510598 | 1 | d412a41ecb09 | 1 |
|010| 9dec238a9214 | 1 | bd451e445aed | 1 |
|011| d271ff53eeda | 1 | b6ca78eabb2a | 1 |
|012| cb87a64088e7 | 1 | 0653bf2b8701 | 1 |
|013| a6d80a83ded6 | 1 | 541550280d7e | 1 |
|014| 472a6f5519ad | 1 | f3be399eba7b | 1 |
|015| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 |
|---|----------------|---|----------------|---|
Printing keys to bynary file dumpkeys.bin...
proxmark3>
- Den Inhalt der Karte unter Zuhilfenahme der gefunden Keys dumpen
proxmark3> hf mf dump |-----------------------------------------| |------ Reading sector access bits...-----| |-----------------------------------------| #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED |-----------------------------------------| |----- Dumping all blocks to file... -----| |-----------------------------------------| #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' proxmark3>
- Den entstandenen Dump ins eml-Format konvertieren (PM3-Scripts sind am Ende der Seite in den Downloads)
user@host:~$ ./pm3_bin2eml.py dumpdata.bin dumpdata.eml
- Das eml-File in eine “Magic Chinese Guy”-Karte laden (diese vorher natürlich auf den proxmark legen!)
proxmark3> hf mf cload dumpdata Loaded from file: dumpdata.eml proxmark3>
- Fertig
Downloads
- prox.rar (Quelle: http://www.fuzzysecurity.com/)
- Proxmark-Firmware/Client, etc.: https://code.google.com/p/proxmark3/wiki/Linux
Debugging
Make-Fehler unter (u.a.) Ubuntu
Im client/Makefile dashier ändern:
CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc