1 Topic by sine

(57 replies, posted in NXP MIFARE Classic)

Hello,

we have implemented and released our open source implementation of "offline nested" attack, tested on Mac OS X and Linux. You can try it here http://www.nethemba.com/mfoc.tar.bz2

Feel free to provide any feedback, ideas and bug reports. Thanks.

Go to forum: NXP MIFARE Classic

2 Reply by sine

(11 replies, posted in NXP MIFARE Classic)

Hello, finally I can recover the key with nonce distances, but I want also to reduce nonces with 3 parity bits.

In Wirelessly.Pickpocketing.a.Mifare.Classic.Card-IEEE.2009.pdf there is Theorem 3.3, and I should compare xor(nt0-8) with {p0}^{nt8}^1, xor(nt8-16) with {p1}^{nt16}^1 and xor(nt16-24) with {p2}^{nt24}^1.

{Nt}:       48! 92! e6! 62 
{P}  00  01  01  00  (this is print_hex(abtRxPar,4) from {Nt} tag challange);

Enc_nt  0x4892e662
Nt         0xb73d815c

01234567890123456789012345678901 ---------
01001000100100101110011001100010 ENC_NT
10110111001111011000000101011100 NT
-------------------------------------------------------
NT ^0-8, ^8-16, ^16-24        {P} ^ {Nt8,16,24} ^ 1   
101101110                = 0  { 0 ^ 1 ^ 1 } = 0
001111011                = 0  { 1 ^ 1 ^ 1 } = 1
100000010                = 0  { 1 ^ 0 ^ 1 } = 0

Please, could you explain me what's wrong? Thanks.

Go to forum: NXP MIFARE Classic

3 Reply by sine

(11 replies, posted in NXP MIFARE Classic)

Hello, I am trying to write implementation for nested authentication attack. I try this:
1) Get the nonce (Nt) from tag, nt = swap_endian32(abtRx);
2) After sending {Nr}{Ar}, obtaining {At} and the successfully authentication, I decrypted {At}, which was Suc3(Nt)

Trying nested auth attack...
uid_tag: fa247164
        Auth:    60  00  f5  7b 
        Nt:    fb  47  c5  94 
        {Ar}:    71! 90! 9d! 28! 0c! 25  48  17 
        {At}:    0d! c7! cf! bd 

Authentication Succesful

        At:    59  51  ae  7d 
        Suc3:    59  51  ae  7d 
        {Auth}:    d0  28  40  76 
        {Nt'}:    6f! 8f  6b! 17!
        Nt':    4d! 38  37! 5c!

3) I am trying to find the distance from first Nt and Nt' this way (nt_first is Nt nt_last is Nt'):
    nt_first = swap_endian32(abtRx);
    nt_last = swap_endian32(abtRx);
    i=0;
    while (nt_first != nt_last) {
        nt_first = prng_successor(nt_first, 32);
        i++;
    }   
    printf("\nDistance: %d\n", i); 

4) After about an hour of running the "while" cycle a didn't get answer. Does anybody have an idea what I am doing wrong? The theorem for counting the distance is from "Wirelessly.Pickpocketing.a.Mifare.Classic.Card-IEEE.2009.pdf"

Thanks very much.

Go to forum: NXP MIFARE Classic