Philippe Teuwen
Philippe Teuwen
Quick tests:, trying all combinations of hf felica auth1 01 [0000|0001|0100] 01 [8b00|020b|0b02|12fc|fc12|88b4|b488] [FFFFFFFFFFFFFFFF|FFFFFFFFFFFFFFFFFFFFFFFF] RC-S833 & RC-S915 ``` hf felica auth1 ... [+] Client Received 22 octets [+] 00 00...
In https://www.commoncriteriaportal.org/files/epfiles/CRP165.pdf their 3DES is defined as "Triple DES operation. A 3DES encryption uses two keys in an EncryptDecrypt-Encrypt sequence."
> Or did I made a wrong assumption there? Yes FFFFFFFF is 4 bytes in hex :D
RC-S833 & RC-S915: Now I always get an answer, no matter the key ``` [usb] pm3 --> hf felica auth1 01 0000 01 FFFF 11223344556677881122334455667788 =] Used last known IDm....
Yes the responses seem abnormally long to me, and we get answers no matter what's the key or the service code.
I confirm on my RC-S833: SC 0000 and FFFF give answer, not the other values I tried (8b00 your example, 020b|0b02 taginfo PSC, 12fc|fc12 old NFC SC?, 88b4|b488 newer NFC...
yes normally it always writes correctly, but there are issues reading back with some modulations. E.g. if you change only block0 to a stable one (e.g. biphase, middle rate), you'll...
Yeah actually the FFFFFFFF is a corner case because you'll encounter it only when forcing a single block read (or emulating all FF UID, a bit pointless). The only way...
There are apparently at least two types of supercard: * https://github.com/nfc-tools/nfc-supercard * working with I think https://web.archive.org/web/20190204031026/http://www.xfpga.com/html_products/super-mifare-cracker-card-1k-115.html * https://github.com/netscylla/super-card/blob/master/libnfc-1.7.1/utils/nfc-super.c * see https://www.netscylla.com/blog/2018/05/17/cracking-mifare-with-the-super-card.html Codes to deal with these cards are different,...
yes indeed, btw pm3 needs to see many attempts (AUTH-A) before it breaks the key, 2 is never enough, sometimes I need 8 attempts. Strange. (and I see all attempts...