1 Topic by donny007x (edited by donny007x 2010-10-07 13:19:27)

  • Registered: 2010-10-07
  • Posts: 3

Topic: Troubles when using MFOC

Hi,

I just started to use libnfc and mfoc with my ACS ACR122U-A2NR and ran into a problem, it all goes fine but after it says "Using sector 00 as an exploit sector" I get the error "!Error: Tag has been removed", what is going wrong?, I saw some topics about incompatible firmware, if that's the case, how do i up/downgrade it?

I am using Ubuntu 10.10 amd64 with libnfc, pcscd and mfoc.

After I get the error I must re-plug the reader in order to get it working again, it appears to be frozen after the error.

I really want to use this software, I hope you guys can help me out with this.

  • rconty
  • Administrator
  • Offline
  • Registered: 2009-04-22
  • Posts: 773

Re: Troubles when using MFOC

donny007x wrote:

what is going wrong?

At this stage, I dunno smile

donny007x wrote:

I saw some topics about incompatible firmware, if that's the case, how do i up/downgrade it?

Are your device works fine with libnfc (try it with nfc-list example)

donny007x wrote:

I am using Ubuntu 10.10 amd64 with libnfc, pcscd and mfoc.

Please add libnfc and mfoc versions: did you pick them from subversion repo or did you dowload an archive, if so which one ?

donny007x wrote:

After I get the error I must re-plug the reader in order to get it working again, it appears to be frozen after the error.

Humm, this kind of problem sometimes comes from pcscd with this kind of device (ACR122*).
You can try to stop pcscd daemon and run it foreground in debug mode to see if you have some problems at this level.

sudo service pcscd stop && sudo pcscd -f -d
Romuald Conty

3 Reply by donny007x (edited by donny007x 2010-10-07 19:17:09)

  • Registered: 2010-10-07
  • Posts: 3

Re: Troubles when using MFOC

Thanks for your quick answer,

I am using Mfoc 0.09 and Libnfc 1.3.9, both compiled from source, downloaded from the google code project pages (nfc-tools mfoc-0.09.tar.gz, Libnfc libnfc-1.3.9.tar.gz)

Pcscd startup in debug mode (all seems to go fine):

00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug
00000419 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready.
00117189 hotplug_libusb.c:477:HPAddHotPluggable() Adding USB device: 002:018
00000031 readerfactory.c:1024:RFInitializeReader() Attempting startup of ACS ACR122U PICC Interface 00 00 using /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00000223 readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
00000037 ifdhandler.c:1532:init_driver() Driver version: 1.3.11
00000413 ifdhandler.c:1545:init_driver() LogLevel: 0x0003
00000355 ifdhandler.c:1565:init_driver() DriverOptions: 0x0000
00000011 ifdhandler.c:82:IFDHCreateChannelByName() lun: 0, device: usb:072f/2200:libusb:002:018
00000594 ccid_usb.c:285:OpenUSBByName() Manufacturer: Ludovic Rousseau (ludovic.rousseau@free.fr)
00000355 ccid_usb.c:295:OpenUSBByName() ProductString: Generic CCID driver
00000346 ccid_usb.c:301:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
00040307 ccid_usb.c:501:OpenUSBByName() Found Vendor/Product: 072F/2200 (ACS ACR122U PICC Interface)
00000013 ccid_usb.c:503:OpenUSBByName() Using USB bus/device: 002/018
00000400 ccid_usb.c:893:get_data_rates() IFD does not support GET_DATA_RATES request: Success
00003080 ifdhandler.c:364:IFDHGetCapabilities() tag: 0xFB0, usb:072f/2200:libusb:002:018 (lun: 0)
00000018 readerfactory.c:249:RFAddReader() Using the pcscd polling thread
00000712 ifdhandler.c:364:IFDHGetCapabilities() tag: 0xFAE, usb:072f/2200:libusb:002:018 (lun: 0)
00000017 ifdhandler.c:418:IFDHGetCapabilities() Reader supports 1 slot(s)
00000026 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active polling instead.
00000012 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling forced every 1 second(s)
00001094 ifdhandler.c:1043:IFDHPowerICC() action: PowerUp, usb:072f/2200:libusb:002:018 (lun: 0)
00001048 Card ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 01 00 00 00 00 6A

Pcscd in debug mode, output while running mfoc -O test.dump, this is the point where it all goes wrong:

(A lot of activity and information)
.....
00000006 ifdhandler.c:1170:IFDHTransmitToICC() usb:072f/2200:libusb:002:020 (lun: 0)
00006520 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000015 winscard.c:1651:SCardTransmit() Send Protocol: T=1
00000006 ifdhandler.c:1170:IFDHTransmitToICC() usb:072f/2200:libusb:002:020 (lun: 0)
01692081 eventhandler.c:361:EHStatusHandlerThread() Card Removed From ACS ACR122U PICC Interface 00 00
00146063 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000111 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000094 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000101 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000095 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000071 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00000045 winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT_EXTENDED received by client 6
00001900 winscard_msg_srv.c:306:SHMProcessEventsContext() Client has disappeared: 6
00000022 winscard_svc.c:146:ContextThread() Client die: 6
00000005 winscard.c:253:SCardReleaseContext() Releasing Context: 16993300
00000007 winscard.c:884:SCardDisconnect() Active Contexts: -1

I am not a total newb with Linux, but I have no idea what to do with this, tag is on it, reader says its not...

EDIT: After changing the distance option to 4 (-T) it got through and got all the 16 A keys, and 3 of the B keys, after that it stops and gives a "nfc_initiator_transceive_bytes: Input/output error"....

EDIT2: To speed up the process I hardcoded the found A and B keys into mfoc, now it starts cracking B keys, but after 2 keys it gives a "Reader-answer transfer error, exiting.." error....

EDIT3: Now I got 9 B keys, but mfoc crashed again with the "Tag has been removed error",

EDIT(where was I?), and we got a new error: "nfc_configure: Input/output error"....

Last edit: After trying 400 times. recompiling 12 times, facepalming 2 times and throwing the tag around I got the keys, FINALLY!

Its buggy, but the algorithm works well.

EDIT: when trying another tag it did 30 keys without a hitch, but then another new error appeared "Error requesting encrypted tag-nonce".

  • flos
  • New member
  • Offline
  • Registered: 2010-11-11
  • Posts: 1

Re: Troubles when using MFOC

Well got the same problem here :  various errors
Seems that mfoc is hitting the library/hardware a bit to hard

Ubuntu 10.10 32bits
nfc-list use libnfc 1.3.9 (r609)
Connected to NFC reader: ACS ACR122U PICC Interface 00 00 / ACR122U207 - PN532 v1.6 (0x07)

I have no clue, how to get it stable
@donny007x how did you got it stable ?

5 Reply by valentijn (edited by valentijn 2010-11-24 16:18:43)

  • Registered: 2010-11-24
  • Posts: 4

Re: Troubles when using MFOC

ACR122U207 - PN532 v1.6 (0x07) here as well.

Walking through the code, the problem seems to starts right after this call:
  mf_enhanced_auth(e_sector, 0, t, r, &d, pk, 'd', dumpKeysA); // AUTH + Get Distances mode

The strange thing is, that afterwards, the reader simply seems unstable: depending on additional nanosleep() calls that I add, the reader will block sooner or later: it seems the "mf_configure" will generally return correctly (i.e. show a green light on the reader), while the mf_anticollision() call would change the light on the reader to red immediately - and block further communications, even nfc-list does not connect to the reader anymore.

Also, why are these "nfc_configure" (and mf_configure) statements all over the source? It looks like the whole mf_enhanced_auth section has the reader one configuration; but mfoc keeps setting the configuration to the default with this mf_configure() function; then to set it to different values immediately. Is that really necessary?

Would it be possible to completely re-establish the connection with the device, i.e. rerun mf_init, mf_configure and mf_select_tag every time? Or would that be too time consuming?

  • Registered: 2010-11-24
  • Posts: 4

Re: Troubles when using MFOC

Revised source here: http://valentijn.sessink.nl/?p=259

  • rconty
  • Administrator
  • Offline
  • Registered: 2009-04-22
  • Posts: 773

Re: Troubles when using MFOC

Updated revisited source available here:
http://code.google.com/p/nfc-tools/issues/detail?id=56

Feedbacks are more than welcome.

Romuald Conty