mfoc
mfoc copied to clipboard
nfc-tools
Task failed successfully *Windows XP sound*
While the title is just a bad pun, the problem is an error which throws successfully. I already searched the internet. The only thing I found was another issue which didn't have an answer (but was closed). So here is my output:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 02
* UID size: single
* bit frame anticollision supported
UID (NFCID1): ## ## ## ## <-- censored
SAK (SEL_RES): 38
* Compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
ATS: 78 80 70 02 45 50 41 00 00 00 00 70 97 07 57 00 00 01 2c
* Max Frame Size accepted by PICC: 256 bytes
* Bit Rate Capability:
* Same bitrate in both directions mandatory
* Frame Waiting Time: 38.66 ms
* No Start-up Frame Guard Time required
* Node Address not supported
* Card IDentifier supported
* Historical bytes Tk: 45 50 41 00 00 00 00 70 97 07 57 00 00 01 2c
* Proprietary format
Fingerprinting based on MIFARE type Identification Procedure:
* SmartMX with MIFARE 4K emulation
Other possible matches based on ATQA & SAK values:
* MFC 4K emulated by Nokia 6212 Classic
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 000000000000] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
Sector 00 - FOUND_KEY [A] Sector 00 - FOUND_KEY [B]
Sector 01 - FOUND_KEY [A] Sector 01 - FOUND_KEY [B]
Sector 02 - FOUND_KEY [A] Sector 02 - FOUND_KEY [B]
Sector 03 - FOUND_KEY [A] Sector 03 - FOUND_KEY [B]
Sector 04 - FOUND_KEY [A] Sector 04 - FOUND_KEY [B]
Sector 05 - FOUND_KEY [A] Sector 05 - FOUND_KEY [B]
Sector 06 - FOUND_KEY [A] Sector 06 - FOUND_KEY [B]
Sector 07 - FOUND_KEY [A] Sector 07 - FOUND_KEY [B]
Sector 08 - FOUND_KEY [A] Sector 08 - FOUND_KEY [B]
Sector 09 - FOUND_KEY [A] Sector 09 - FOUND_KEY [B]
Sector 10 - FOUND_KEY [A] Sector 10 - FOUND_KEY [B]
Sector 11 - FOUND_KEY [A] Sector 11 - FOUND_KEY [B]
Sector 12 - FOUND_KEY [A] Sector 12 - FOUND_KEY [B]
Sector 13 - FOUND_KEY [A] Sector 13 - FOUND_KEY [B]
Sector 14 - FOUND_KEY [A] Sector 14 - FOUND_KEY [B]
Sector 15 - FOUND_KEY [A] Sector 15 - FOUND_KEY [B]
Sector 16 - FOUND_KEY [A] Sector 16 - FOUND_KEY [B]
Sector 17 - FOUND_KEY [A] Sector 17 - FOUND_KEY [B]
Sector 18 - FOUND_KEY [A] Sector 18 - FOUND_KEY [B]
Sector 19 - FOUND_KEY [A] Sector 19 - FOUND_KEY [B]
Sector 20 - FOUND_KEY [A] Sector 20 - FOUND_KEY [B]
Sector 21 - FOUND_KEY [A] Sector 21 - FOUND_KEY [B]
Sector 22 - FOUND_KEY [A] Sector 22 - FOUND_KEY [B]
Sector 23 - FOUND_KEY [A] Sector 23 - FOUND_KEY [B]
Sector 24 - FOUND_KEY [A] Sector 24 - FOUND_KEY [B]
Sector 25 - FOUND_KEY [A] Sector 25 - FOUND_KEY [B]
Sector 26 - FOUND_KEY [A] Sector 26 - FOUND_KEY [B]
Sector 27 - FOUND_KEY [A] Sector 27 - FOUND_KEY [B]
Sector 28 - FOUND_KEY [A] Sector 28 - FOUND_KEY [B]
Sector 29 - FOUND_KEY [A] Sector 29 - FOUND_KEY [B]
Sector 30 - FOUND_KEY [A] Sector 30 - FOUND_KEY [B]
Sector 31 - FOUND_KEY [A] Sector 31 - FOUND_KEY [B]
Sector 32 - FOUND_KEY [A] Sector 32 - FOUND_KEY [B]
Sector 33 - FOUND_KEY [A] Sector 33 - FOUND_KEY [B]
Sector 34 - FOUND_KEY [A] Sector 34 - FOUND_KEY [B]
Sector 35 - FOUND_KEY [A] Sector 35 - FOUND_KEY [B]
Sector 36 - FOUND_KEY [A] Sector 36 - FOUND_KEY [B]
Sector 37 - FOUND_KEY [A] Sector 37 - FOUND_KEY [B]
Sector 38 - FOUND_KEY [A] Sector 38 - FOUND_KEY [B]
Sector 39 - FOUND_KEY [A] Sector 39 - FOUND_KEY [B]
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
nfc_initiator_mifare_cmd: Success <-- task failed "successfully"
At first this looks very promising but in fact there is an error. I did try to map the contents with the help of "Mifare Classic Tool" which actually suceeded in decrypting a few sectors. Now the question: How can MFOC tell me that all sectors got the default keys, when MCT uses the same list and tells me that a few sectors could not be decrypted?
Okay I checked the source code... It seems like the error is thrown in line 476 in mfoc.c but I don't know how the "Success" came here.
Maybe it helps: this card is a smartcard with the "atrust-acos" OS
I've emulated a MIFARE SMART 4K tag using command proxmark3> hf mf sim *4 u 1FCE788E then I've put my ACR122U on the proxmark and ran mfoc in debug mode in visual studio and could reproduce a maybe similar issue:
I think the error is in this part of code .. I tried to comment in code all gotoerror from line 663 to 712 when code reaches the error at "nfc_initiator_mifare_cmd"
and the tag dump was saved (good 4K size) but it was just full of 00 :-/ My knowledge isn't good enough to understand why it fails now
proxmark3 emulating a 4K card and ACR122U reading:
@tacticalDevC as your error indicates "success" maybe you can try to comment this code in mfoc.c
--> //nfc_perror(r.pdi, "nfc_initiator_mifare_cmd");
//goto error;
and then recompile mfoc