snoop mifare card and extract the key video
www.youtube.com/watch?v=kTvb7tjbSTI
2013年2月26日星期二
proxmark3:Some commands for MIFARE
proxmark3:Some commands for MIFARE
How can I read a card contents?
- 'hf mf rdbl 0 a ffffffffffff', where 0 - block number, a - key type, ffffffffffff - key
or:
- 'hf mf rdsc 0 a ffffffffffff', where 0 - sector number, a - key type, ffffffffffff - key
How can I write a block into a card?
- 'hf mf wrbl 0 a ffffffffffff 000102030405060708090a0b0c0d0e0f', where 0 - block number, a - key type, ffffffffffff - key,
000102030405060708090a0b0c0d0e0f - block data.
How can I break a card?
- 'hf mf mifare'
- if it dont found a key: 'hf mf mifare XXXXXXXX' , where XXXXXXXX - Nt from previous run
- 'hf mf nested 1 0 a FFFFFFFFFFFF', where 1 - card type MIFARE CLASSIC 1k, FFFFFFFFFFFF - key that found at previous step.
How to save emulator dump from a card
- 'hf mf mifare'
- if it dont found a key: 'hf mf mifare XXXXXXXX' , where XXXXXXXX - Nt from previous run
- 'hf mf nested 1 0 a FFFFFFFFFFFF t', where 1 - card type MIFARE CLASSIC 1k, FFFFFFFFFFFF - key that found at previous step.
- 'hf mf efill a FFFFFFFFFFFF'
- 'hf mf esave filename'
How to emulate a card
- 'hf mf mifare'
- if it dont found a key: 'hf mf mifare XXXXXXXX' , where XXXXXXXX - Nt from previous run
- 'hf mf nested 1 0 a FFFFFFFFFFFF t', where 1 - card type MIFARE CLASSIC 1k, FFFFFFFFFFFF - key that found at previous step.
- 'hf mf efill a FFFFFFFFFFFF'
- 'hf mf sim'
How to emulate a new card
- 'hf mf eclr'
- 'hf mf sim'
How to emulate a card with help of dump from file
- 'hf mf eload filename', where filename - dump's file name (<filename>.eml)
- 'hf mf sim'
How to have look at the emulator memory
- 'hf mf eget 00', where 00 - block number from 0 to 0x63. Each block contains 16 bytes of memory.
How to make changes into the emulator memory
- 'hf mf eset 01 000102030405060708090a0b0c0d0e0f',
where:
- 00 - block number from 0 to 0x63. Each block contains 16 bytes of memory.
- 000102030405060708090a0b0c0d0e0f - block data.
Proxmark3 Flashing the board
Proxmark3 Flashing the board
Once the driver is installed, you can move on to first flashing the new bootloader, then the "fullimage.elf" provided in the ZIP archive:
Once the driver is installed, you can move on to first flashing the new bootloader, then the "fullimage.elf" provided in the ZIP archive:
D:\Documents\Hobbies\RFID\Proxmark Firmware\Winter 2010 Release r419>flasher.exe -b bootrom.elfLoading ELF file 'bootrom.elf'... Loading usable ELF segments: 0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94 1: V 0x00200000 P 0x00100200 (0x0000175c->0x0000175c) [R X] @0x294 Waiting for Proxmark to appear on USB... Found. Entering bootloader... (Press and release the button only to abort) Waiting for Proxmark to reappear on USB... Found. Flashing... Writing segments for file: bootrom.elf 0x00100000..0x001001ff [0x200 / 2 blocks].. OK 0x00100200..0x0010195b [0x175c / 24 blocks]........................ OK Resetting hardware... All done. Have a nice day! D:\Documents\Hobbies\RFID\Proxmark Firmware\Winter 2010 Release r419>flasher.exe fullimage.elfLoading ELF file 'fullimage.elf'... Loading usable ELF segments: 0: V 0x00102000 P 0x00102000 (0x0000a4bc->0x0000a4bc) [R ] @0xb4 1: V 0x00110000 P 0x00110000 (0x000140b8->0x000140b8) [R X] @0xa570 2: V 0x00200000 P 0x001240b8 (0x00000004->0x00000004) [RW ] @0x1e628 Note: Extending previous segment from 0x140b8 to 0x140bc bytes Waiting for Proxmark to appear on USB... Found. Entering bootloader... (Press and release the button only to abort) Waiting for Proxmark to reappear on USB... Found. Flashing... Writing segments for file: fullimage.elf 0x00102000..0x0010c4bb [0xa4bc / 165 blocks]................................... ................................................................................ .................................................. OK 0x00110000..0x001240bb [0x140bc / 321 blocks].................................. ................................................................................ ................................................................................ ................................................................................ ............................................... OK Resetting hardware... All done. Have a nice day! D:\Documents\Hobbies\RFID\Proxmark Firmware\Winter 2010 Release r419>
From there on, you should not need to update the Bootloader upon new firmware releases - unless of course there is another large bootloader upgrade at a later stage!
caculate the match capacitance for a given antenna
caculate the match capacitance for a given antenna
here is a reader'antenna, it is a LC circuit, so we have the formula:
so, for 2.5mH antenna, the match capacitance is : 648pF.
for 1mH, the match capacitance is : 1.62nF
for 680uH, the match capacitance is:2.38nF
...
--------
gezhi electronic
www.xfpga.com or ebay shop
email: xfpga@hotmail.com
qq:1074079485
tel: +86-13113330725
Michael
compile libnfc for pn532 breakout board
compile libnfc for pn532 breakout board
$ wget http://libnfc.googlecode.com/files/libnfc-x.x.x.tar.gz $ tar -xvzf libnfc-x.x.x.tar.gz $ cd libnfc-x.x.x
Step 2: Configure libnfc for PN532 and UART*
$ ./configure --with-drivers=pn532_uart --enable-serial-autoprobe
*Note: libnfc can also be built in debug mode by adding '--enable-serial-autoprobe' (minus the single quotes) to the configure options
Step 3: Build and install libnfc
$ make clean $ make $ make install
Step 4: Check for installed devices
$ cd examples $ ./nfc-list
Step 5: all the commands on example and util directory
crack mifare key used proxmark3
crack mifare key used proxmark3
1. use hf mf chk to find default key.
2. use hf mf nested commands to crack all the keys, to use hf mf nested, we just need to know one sector' key, as found in the hf mf chk command.
3. use hf mf dump to dump the card.
now all is done, you can find dumpkeys.bin and dumpdata.bin two files in the proxmark3.exe directory, they are binary file. .
dumpdata.bin is the content of the mifare card
dumpkeys.bin is the keys of the mifare card, KeyA(0-15) KeyB(0-15)
2. use hf mf nested commands to crack all the keys, to use hf mf nested, we just need to know one sector' key, as found in the hf mf chk command.
3. use hf mf dump to dump the card.
now all is done, you can find dumpkeys.bin and dumpdata.bin two files in the proxmark3.exe directory, they are binary file. .
dumpdata.bin is the content of the mifare card
dumpkeys.bin is the keys of the mifare card, KeyA(0-15) KeyB(0-15)
--------
gezhi electronic
www.xfpga.com or ebay shop
email: xfpga@hotmail.com
qq:1074079485
tel: +86-13113330725
Michael
gezhi electronic
www.xfpga.com or ebay shop
email: xfpga@hotmail.com
qq:1074079485
tel: +86-13113330725
Michael
订阅:
博文 (Atom)