Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Too me,if you compile mfoc with keys,you win a lot of time.
I dont use mfcuk now,because is very heavy.
Nevertheless,mfoc is during one minute only!!
developing the future!
- *dudux
- Member
- Offline
- adam@algroup.co.uk
- New member
- Offline
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Hi Andrei,
Thanks for the great tool - I've been testing it over the weekend while I've been working on libnfc, and I've got a couple of comments for your next release...
You've got two sections between "TEST" comments where you disconnect and re-connect in case the reader "hangs"... I don't think you need these - I took them out of my version and it's run hundreds of times without a problem...
Having said that, you need to be careful to disconnect after use with USB devices such as the pn531 or pn533 as they will be left in an unusable state (and will hang on next connection) if your program exits without disconnecting - for this reason you may want to try and trap CTL-C and do a cleanup before exiting... If you want to try it with USB devices, get the latest SVN revision (currently r235) which supports them quite reliably.
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
adam@algroup.co.uk wrote:
Hi Andrei,
Thanks for the great tool - I've been testing it over the weekend while I've been working on libnfc, and I've got a couple of comments for your next release...
[MM], I am glad to see that is a useful tool and the community can benefit from it and push it further.
BTW, thanks for the twits as well 
adam@algroup.co.uk wrote:
You've got two sections between "TEST" comments where you disconnect and re-connect in case the reader "hangs"... I don't think you need these - I took them out of my version and it's run hundreds of times without a problem...
Having said that, you need to be careful to disconnect after use with USB devices such as the pn531 or pn533 as they will be left in an unusable state (and will hang on next connection) if your program exits without disconnecting - for this reason you may want to try and trap CTL-C and do a cleanup before exiting... If you want to try it with USB devices, get the latest SVN revision (currently r235) which supports them quite reliably.
I've taken a note on these comments and will incorporate in future releases (there are talks of integrating the MFOC from nethemba with DarkSide tool. maybe MICMD will jump into the toolkit).
The current priority for me is a PoC for Mifare Classic SoftTag full emulation:
http://code.google.com/p/tk-libnfc-crap … gEmulation
Appreciate everyone's comments and feedback!
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Hello,
I've had problems compiling under Fedora 12. Could somebody help me? Details can be found here: http://code.google.com/p/tk-libnfc-crap … etail?id=3
I think it's due to a recent version of libnfc...
Thank you!
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
I solved the problem after compiling libnfc-1.2.1 from source and removing libnfc-1.3.1 fedora package. By the way, minor tweaks should be done in order to make it compile under Fedora 12.
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Is there a libnfc-1.3.1 version of this app available?
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Last revision (r34) from svn is up to date with lastest libnfc release.
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
wachutunai wrote:
Last revision (r34) from svn is up to date with lastest libnfc release.
All google code-links here returns 403. Is this project moved to another location?
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
me too...i cant access http://code.google.com/p/tk-libnfc-crapto1/ . Anything wrong?
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Project moved to http://code.google.com/p/mfcuk/
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Hello,
I have downloaded the latest version of the Key Recovery Tool. I try to use the precomiled binaries in Win XP Prof.
I have installed the latest version of libusb for windows.
I have an ACR122U-WB-R.
I place an Mifare Classic 1k on it. The Key A for Sector 0 is 0xFFFFFFFFFFFF.
So I start the program with mfcuk_keyrecovery_darkside_win32.exe -V 0:A:FFFFFFFFFFFF
Then the screen prints:
MFCUK - MiFare Classic Universal toolKit - 0.1
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, zveriu@gmail.com, http://andreicostin.com
INFO: Connected to NFC reader: ACR122U203 - PN532 v1.4 (0x07)
VERIFY:
Key A sectors: 0 ERROR: tag was removed or cannot be selected
ERROR: AUTH sector 0, block 3, key ffffffffffff, key-type 0x60, error code 0x00
1 2 3 4 5 6 7 8 9 a b c d e f
Key B sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f
RECOVER: 0 1 2 3 4 5 6 7 8 9 a b c d e f
What ma I doing wrong ?
Thank you very much for your help - Thanks a lot
Best regards
Ela1983
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Hi Ela, I just downloaded and built mfcuk and had the same problem. I got it working by commenting out the call to nfc_initiator_select_tag at mfcuk_keyrecovery_darkside.c:1464-1467. This is the failing call, and if you take a look you'll note that nfc_initiator_select_tag has already been called successfully by mfcuk_darkside_select_tag, which is itself called from line 1337 (nice line number too!). This gets the verify command to work, and seems to also allow key recovery to run. I haven't had a chance to investigate this further to determine the underlying reason for the two calls to nfc_initiator_select_tag.
- Eric
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Is there anyway to use this tool with an Omnikey Cardman 5321?
I'm only interested in the key, not a dump of the data. The key is stored on our reader, and as far as I can tell there is no way to recover it from the reader. So we would like to extract the key from on of the cards, because you can update the Cardman's keys (so we're actually interested in duplicating the reader, not the card)
Re: Mifare Classic Key Recovery tool - "Dark Side" Attack
Hi, did a build of the MFCUK from the svn trunk and compiled fine on linux x64 (ubuntu 10.04) with libnfc 1.3.4
odd problem though, when trying to do anything I get:
MFCUK - MiFare Classic Universal toolKit - 0.1
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, zveriu@gmail.com, http://andreicostin.com
WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_skgt.mfd'
WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_ratb.mfd'
WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_oyster.mfd'
Segmentation faultI'm guessing there's just something wrong with the directory or I need some files? I really don't know, there's not a lot of documentation surrounding the MFCUK usage. Anyone would can give a simple explanation of MFCUK usage or the darkside attack (is it the same as the exploit used by MFOC?) in general it would be cool thanks?
---- some time later....
My bad, didn't know you need to run MFCUK inside the /src/bin directory to be able to use the files specified above as i did a make install I typically ran it from the root directory of the trunk
Last edited by Sly (2010-07-15 14:18:37)