mfcuk icon indicating copy to clipboard operation
mfcuk copied to clipboard

Published 20 hours ago verified publisher icon nfc-tools

Diff Nt and Auth always equal

Open alexislg2 opened this issue 6 years ago • 10 comments

Hello, I am running mfcuk on a single key from a single sector. It is running for long time but what is surprising to me is that I always get Diff Nt and Auth equals:

Let me entertain you! uid: type: 08 key: 000000000000 block: 03 diff Nt: 5936 auths: 5936

I tried with many different timeouts (including 250/250). Result is the same. Any idea?

alexislg2 avatar Nov 01 '17 14:11 alexislg2

Hi, I'm having the same problem here. After a long time running it starts to give errors when diff Nt reachs 65535. I'm using a chinese pn532 board, and I've tried all interfaces (uart, i2c and spi). I've tried in my computer and also in a raspberry pi. I have also tried several combinations mfcuk and libnfc, always happening the same.

Does any one else have the same problem?

boanerxe avatar Nov 09 '17 07:11 boanerxe

Hi, I have the same problem. I think some manufacturer fix the flaw on their chips. I don't known how they fix the flaw, any idea ?

vwcity avatar Nov 09 '17 08:11 vwcity

I think your card is MIFARE Plus, this type of card is compatible with MIFARE Classic and the security flaw are fixed.

vwcity avatar Nov 10 '17 15:11 vwcity

Exactly! I reached that conclusion yesterday. It is still possible to discover A and B keys trying a hardnesting attack. That can be done using the tool libnfc_crypto1_crack, or more easily (and automated) using miLazyCracker, which can be found in this github repository.

boanerxe avatar Nov 10 '17 16:11 boanerxe

Hello, I have the exact same problem you describe :

-----------------------------------------------------
Let me entertain you!
    uid: 
   type: 08
    key: 000000000000
  block: 03
diff Nt: 15
  auths: 15
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 
   type: 08
    key: 000000000000
  block: 03
diff Nt: 16
  auths: 16
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 
   type: 08
    key: 000000000000
  block: 03
diff Nt: 17
  auths: 17
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 
   type: 08
    key: 000000000000
  block: 03
diff Nt: 18
  auths: 18
-----------------------------------------------------

-----------------------------------------------------
Let me entertain you!
    uid: 
   type: 08
    key: 000000000000
  block: 03
diff Nt: 19
  auths: 19
-----------------------------------------------------

I let mfcuk run for a few hours without any results. I tried multiple systems (Archlinux, Debian and Ubuntu) with multiples commits with always the same problem.

Did you find any fix or way to get a key from the card ?

Thanks

M-Gregoire avatar Jun 01 '18 10:06 M-Gregoire

@boanerxe I was wondering if you ended up trying that solution or got past this? I am having the same issue right now

snallapa avatar Dec 04 '21 21:12 snallapa

@snallapa @boanerxe I'm having the same issue anyone solved it?

tavgar avatar Jul 23 '22 19:07 tavgar

@tavgar its been a while since I touched some of this. off the top of my head I believe it meant that card vulnerability was fixed by the manufacturer. I believe after that I was able to still get data off my card as others already found keys for it. I was never able to get closer using mfcuk (some of this may be wrong as it’s from my memory. i’ll try to check later and see what I did)

snallapa avatar Jul 23 '22 19:07 snallapa

@snallapa Got some keys using mfoc-hardnested but it gets stuck in an infinite loop at sector 33

tavgar avatar Jul 23 '22 19:07 tavgar

@tavgar hmm yeah I never ran into that

snallapa avatar Jul 25 '22 14:07 snallapa