crypto1_bs
crypto1_bs copied to clipboard
aczid
No solution found :( while previously it did find one for this card
Hi all,
I've been playing around with NFC cards for a bit and managed to get the keys for a specific card of mine using miLazyCracker: https://github.com/nfc-tools/miLazyCracker/
However, after trying exactly the same attack again on exactly the same NFC card the crypto1_bs tool keeps showing me the message No solution found :(
My log:
Collected 5052 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5064 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5075 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5086 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5098 nonces... leftover complexity 222377702350 (~2^37.69) -
initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking... 99.95%
No solution found :(
MFOC not possible, detected hardened Mifare Classic
Trying HardNested Attack...
libnfc_crypto1_crack ffffffffffff 60 B 4 B mfc_4db3582c_foundKeys.txt
Found tag with uid 4db3582c, collecting nonces for key B of block 4 (sector 1) using known key B ffffffffffff for block 60 (sector 15)
Collected 3543 nonces... leftover complexity 222377702350 (~2^37.69) - initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking... 37.33%
And this is basically the loop where it gets stuck in. What could be the problem here?
A workaround for this issue is to start bruteforcing when there's still a lot more complexity left. (somewhere around ~2^42.xxx). It then took a whole night of bruteforcing but it did manage to crack the key.
I think this is not the right solution though.
It's true that the craptev1 library doesn't always find a solution, and a workaround is to start the cracker with fewer nonces (a less well-determined system) just like you did. I believe the improved (GPL) implementation that is part of proxmark3 has tweaked the approach to avoid this situation. I'm hoping somebody will take the time to lift it into a libnfc tool.
With the included .py scripts, it's possible to convert the .txt created by my tool to the .bin format used by the proxmark3 project and to use its host code to crack it. No actual proxmark3 device is required. I'm afraid that's the best suggestion I can give you.
Hi,
Here some attempts to port the tool from proxmark3: https://github.com/vk496/cropto1_bs
Tried on Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
Hello, world!
Using AVX2 SIMD core.
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 4 threads and AVX2 SIMD core | |
0 | 0 | Brute force benchmark: 120 million (2^26,8) keys/s | 140737488355328 | 14d
0 | 0 | Using 0 precalculated bitflip state tables | 140737488355328 | 14d
2 | 0 | Simulating key ddf16ef5882e, cuid 5032b647 ... | 140737488355328 | 14d
2 | 512 | Apply bit flip properties | 140737488355328 | 14d
2 | 1016 | Apply bit flip properties | 140737488355328 | 14d
3 | 2025 | Apply Sum property. Sum(a0) = 160 | 545934278656 | 76min
3 | 2522 | Apply bit flip properties | 425602908160 | 59min
3 | 3008 | Apply bit flip properties | 411571159040 | 57min
3 | 3504 | Apply bit flip properties | 400525623296 | 56min
3 | 3991 | Apply bit flip properties | 395753291776 | 55min
3 | 4475 | Apply bit flip properties | 394422452224 | 55min
3 | 4947 | Apply bit flip properties | 392266022912 | 54min
3 | 5426 | Apply bit flip properties | 389971083264 | 54min
3 | 5902 | Apply bit flip properties | 225476575232 | 31min
4 | 6375 | Apply bit flip properties | 331080335360 | 46min
4 | 6828 | Apply bit flip properties | 297783984128 | 41min
4 | 7288 | Apply bit flip properties | 267721441280 | 37min
4 | 7748 | Apply bit flip properties | 196560551936 | 27min
4 | 8193 | Apply bit flip properties | 140487049216 | 20min
4 | 8634 | Apply bit flip properties | 128584802304 | 18min
4 | 9076 | Apply bit flip properties | 139814567936 | 19min
5 | 9510 | Apply bit flip properties | 151039918080 | 21min
5 | 9955 | Apply bit flip properties | 145253875712 | 20min
5 | 10387 | Apply bit flip properties | 145253875712 | 20min
5 | 10823 | Apply bit flip properties | 135245537280 | 19min
5 | 11243 | Apply bit flip properties | 123080974336 | 17min
5 | 11660 | Apply bit flip properties | 123080974336 | 17min
6 | 12064 | Apply bit flip properties | 121158918144 | 17min
6 | 12476 | Apply bit flip properties | 119553794048 | 17min
6 | 12895 | Apply bit flip properties | 120810610688 | 17min
6 | 13298 | Apply bit flip properties | 122345545728 | 17min
6 | 13712 | Apply bit flip properties | 118929686528 | 17min
6 | 13712 | (1. guess: Sum(a8) = 224) | 118929686528 | 17min
34 | 13712 | Apply Sum(a8) and all bytes bitflip properties | 118929686528 | 17min
34 | 13712 | (Test: Key found) | 0 | 0s
56 | 13712 | Brute force phase completed. Key found: ddf16ef5882e | 0 | 0s
Would like to integrate libnfc, and after, into this repo :)
Salu2
Hey, isn't this using way more nonces though then the current implementation? (Usually it starts bruteforcing at around 3000-4000 nonces)
Hi,
I made some progress with https://github.com/vk496/cropto1_bs. Right now is possible to use it with libnfc readers.
$ ./cropto1_bs 001122334455 0 A 20 B
Hello, world!
Using AVX2 SIMD core.
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second
time | #nonces | Activity | expected to brute force
| | | #states | time
------------------------------------------------------------------------------------------------------
0 | 0 | Start using 4 threads and AVX2 SIMD core | |
0 | 0 | Brute force benchmark: 120 million (2^26.8) keys/s | 140737488355328 | 14d
1 | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 14d
3 | 1 | Apply bit flip properties | 140737488355328 | 14d
3 | 2 | Apply bit flip properties | 140737488355328 | 14d
3 | 3 | Apply bit flip properties | 140737488355328 | 14d
3 | 4 | Apply bit flip properties | 127543080386560 | 12d
4 | 5 | Apply bit flip properties | 125959638351872 | 12d
4 | 6 | Apply bit flip properties | 112771144351744 | 11d
4 | 7 | Apply bit flip properties | 102814034427904 | 10d
4 | 8 | Apply bit flip properties | 102814034427904 | 10d
4 | 9 | Apply bit flip properties | 102814034427904 | 10d
4 | 10 | Apply bit flip properties | 53722788921344 | 5d
4 | 11 | Apply bit flip properties | 53722788921344 | 5d
4 | 12 | Apply bit flip properties | 50847748718592 | 5d
4 | 13 | Apply bit flip properties | 50847748718592 | 5d
4 | 14 | Apply bit flip properties | 44694402760704 | 4d
5 | 15 | Apply bit flip properties | 44694402760704 | 4d
5 | 16 | Apply bit flip properties | 44694402760704 | 4d
5 | 17 | Apply bit flip properties | 44419201892352 | 4d
5 | 18 | Apply bit flip properties | 35674354876416 | 3d
5 | 19 | Apply bit flip properties | 29673314582528 | 3d
5 | 20 | Apply bit flip properties | 21800077492224 | 2d
5 | 21 | Apply bit flip properties | 5771871911936 | 13h
5 | 22 | Apply bit flip properties | 5771871911936 | 13h
5 | 23 | Apply bit flip properties | 3934981193728 | 9h
5 | 24 | Apply bit flip properties | 3934981193728 | 9h
5 | 25 | Apply bit flip properties | 3934981193728 | 9h
6 | 26 | Apply bit flip properties | 3934981193728 | 9h
..............................
171 | 1640 | Apply bit flip properties | 37733543936 | 5min
171 | 1640 | Apply bit flip properties | 37733543936 | 5min
171 | 1641 | Apply bit flip properties | 37733543936 | 5min
172 | 1642 | Apply bit flip properties | 37733543936 | 5min
172 | 1643 | Apply bit flip properties | 37733543936 | 5min
173 | 1644 | Apply Sum property. Sum(a0) = 128 | 5758310400 | 48s
173 | 1645 | Apply bit flip properties | 5758310400 | 48s
174 | 1646 | Apply bit flip properties | 5758310400 | 48s
174 | 1647 | Apply bit flip properties | 5758310400 | 48s
174 | 1647 | (1. guess: Sum(a8) = 256) | 5758310400 | 48s
175 | 1647 | Apply Sum(a8) and all bytes bitflip properties | 5758282240 | 48s
176 | 1647 | Brute force phase completed. Key found: xxxxxxxxxxxx | 0 | 0s
test
After cleaning the code, I think it would be better idea to integrate the functionality directly into https://github.com/nfc-tools/mfoc
Hello again!
I have successfully integrated hardnested attack into mfoc.
https://github.com/vk496/mfoc/tree/hardnested
Is not ready yet to be merged into the official project, but is already working :)
Salu2
How would you call it?
I'm more interested in integrate the mod into official project instead of forking a new one. Missing only some makefile code to support arm builds and the mod should be merged https://github.com/nfc-tools/mfoc/pull/60
Hello How to recovered the 2 missing files crapto1 and craptev1 because bra does not answer is what someone can send them to me? [email protected]
@vk496 has created an updated version of mfoc which applies the hardnested attack, please start using this tool. https://github.com/vk496/mfoc/tree/hardnested I've tested the tool and it works fine (but could still be faster). Thank you @vk496!
No, but the PR has been submitted there since last year. https://github.com/nfc-tools/mfoc/pull/60
@aczid I encountered the same problem as him, I would like to ask you how to use your py to convert txt to bin, and do not connect devices in PM3
@vk496 I compiled it https://github.com/vk496/cropto1_ BS, but prompted no NFC device connection, want to ask how to use offline
@vk496 For example, I want to run a file password named 1234.bin, how should I operate, thank you again