mfoc
mfoc copied to clipboard
Published
20 hours ago •
nfc-tools
nfc-tools
Unable to read 2 Sectors on MiFare Classic 1k
I have a MiFare Classic 1k card that I would like to read out. Unfortunately, mfoc seems unable to read out 2 sectors. I have already tried mfoc-hardneseted, but with the same result. The card seems to yield a Key A and a Key B but they cannot be used to access sector 01 and 02. What does this mean? Does the card use a nonstandard Key and therefore mfoc can't crack it? Is it a later revision with vulnerabilities patched out? I am using a PN532 on a raspberry pi. I am using the latest version of libnfc compiled from the repo, same with mfoc
user@raspberrypi:~/lav $ mfoc -P 500 -O cardtocopy2.dmp
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): aa 86 67 d3
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [\..\\\\\\\\\\\\.]
[Key: a0a1a2a3a4a5] -> [x..\\\\\\\\\\\\/]
[Key: d3f7d3f7d3f7] -> [x..\\\\\\\\\\\\/]
[Key: 000000000000] -> [x..\\\\\\\\\\\\/]
[Key: b0b1b2b3b4b5] -> [x..\\\\\\\\\\\\/]
[Key: 4d3a99c351dd] -> [x..\\\\\\\\\\\\/]
[Key: 1a982c7e459a] -> [x..\\\\\\\\\\\\/]
[Key: aabbccddeeff] -> [x..\\\\\\\\\\\\/]
[Key: 714c5c886e97] -> [x..\\\\\\\\\\\\/]
[Key: 587ee5f9350f] -> [x..\\\\\\\\\\\\/]
[Key: a0478cc39091] -> [x..\\\\\\\\\\\\/]
[Key: 533cb6c723f6] -> [x..\\\\\\\\\\\\/]
[Key: 8fd0a4f256e9] -> [x..\\\\\\\\\\\\/]
Sector 00 - Found Key A: a0a1a2a3a4a5 Found Key B: ffffffffffff
Sector 01 - Unknown Key A Unknown Key B
Sector 02 - Unknown Key A Unknown Key B
Sector 03 - Unknown Key A Found Key B: ffffffffffff
Sector 04 - Unknown Key A Found Key B: ffffffffffff
Sector 05 - Unknown Key A Found Key B: ffffffffffff
Sector 06 - Unknown Key A Found Key B: ffffffffffff
Sector 07 - Unknown Key A Found Key B: ffffffffffff
Sector 08 - Unknown Key A Found Key B: ffffffffffff
Sector 09 - Unknown Key A Found Key B: ffffffffffff
Sector 10 - Unknown Key A Found Key B: ffffffffffff
Sector 11 - Unknown Key A Found Key B: ffffffffffff
Sector 12 - Unknown Key A Found Key B: ffffffffffff
Sector 13 - Unknown Key A Found Key B: ffffffffffff
Sector 14 - Unknown Key A Found Key B: ffffffffffff
Sector 15 - Found Key A: a0a1a2a3a4a5 Unknown Key B
Using sector 00 as an exploit sector
Sector: 1, type A, probe 0, distance 8425 .....
Sector: 1, type A, probe 1, distance 8425 .....
Sector: 1, type A, probe 2, distance 8007 .....
Found Key: A [a49193834877]
Data read with Key A revealed Key B: [000000000000] - checking Auth: Failed!
Sector: 2, type A
Data read with Key A revealed Key B: [000000000000] - checking Auth: Failed!
Found Key: A [a49193834877]
Sector: 3, type A, probe 0, distance 7995 .....
Found Key: A [8e1ebc1ba61e]
Sector: 4, type A, probe 0, distance 8011 .....
Found Key: A [ba333d2adef0]
Sector: 5, type A, probe 0, distance 8453 .....
Sector: 5, type A, probe 1, distance 8447 .....
Sector: 5, type A, probe 2, distance 8009 .....
Sector: 5, type A, probe 3, distance 8433 .....
