Hello! I successfully compiled libnfc_crypto1_crack.exe, but when I try to use it, it writes "No NFC device connection". What should be done? Drivers stand, reader ACR122U

Hello! As I understood from this topic #15, it turned out to compile under Windows and it works with standard drivers, without libusb.
How to do it? How to fix MinGW errors, for example alarm (1); signal (SIGALRM, notify_status_offline)?

The tool doesn't work on older CPUs without AVX support. It always gives me this error: illegal instruction (core dumped) after collecting nonces. The CPUs I use do support SSE/SSE2 and SSSE3/SSE4_1/SSE4_2. Do I need to run a custom command in order to use SSE instruction set? The command I run is: ./libnfc_crypto1_crack c1e51c63b8f5 4 A 60 B.

Hi! I have some code to enhance mfoc in mind, and I plan to use this new algorithm but it should be machine-independent (as I need to compile it into an Intel Quark CPU for my undergraduate thesis). Do you think this is a good idea?

Thank you for this hard work! :)

Hi

The website http://crapto1.netgarage.org seems to be offline.
Is there any other way to get these files?

thx

I am on Mac OS M1 Ventura 13.1 and I have a segmentation fault error when the program begins to crack:

Found tag with uid 143944e5, collecting nonces for key B of block 4 (sector 1) using known key A a0a1a2a3a4a5 for block 0 (sector 0)
There is 1795 nonces in file 0x143944e5_004B.txt, appending
Collected 1927 nonces... leftover complexity 9348885905408 (~2^43.09) - press enter to start brute-force phase
Collected 1939 nonces... leftover complexity 9348885905408 (~2^43.09) - initializing brute-force phase...
Starting 8 threads to test 9348885905408 states using 64-way bitslicing
Cracking... 0.00%zsh: segmentation fault ./libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B

i have builded the Make file with either -mcpu=apple-m1 or -mcpu=apple-a14 but same result, seg fault.

If you need more information, just tell me what to do and I will post results here.

I'm kind of guessning this part in the patch file will make a out-of-bounds error, if the thread_count is bigger than the default value 4.

    pthread_t threads[thread_count];
    thread_count = sysconf(_SC_NPROCESSORS_CONF);

this row inside crypto1_bs.h

define VECTOR_SIZE (MAX_BITSLICES/8)

typedef unsigned int attribute((aligned(VECTOR_SIZE))) attribute((vector_size(VECTOR_SIZE))) bitslice_value_t;

Gives troubles on a gcc4.4.0 env.
::start snippet::
In file included from nonce2key/crypto1_bs.c:25:
nonce2key/crypto1_bs.h:25: error: alignment of array elements is greater than element size
make[1]: *** [obj/nonce2key/crypto1_bs.o] Error 1
make[1]: Leaving directory `/pm3/client'
make: *** [client/all] Error 2

Great work with this implementation.
I'm looking at it an wonder if this bitsliced imp of crypto1 can be used as the default imp instead of blapost's version?

When running the libnfc_crypto1_crack program on a Mifare Classic tag with UID starting with 0, the filename is truncated: instead of "0x0fffffff_000A.txt" it is "0xfffffff_000A.txt". For consistency and better integration with other programs, the UID should always be printed in full length.

This is not really an issue with the project, but I do run into issues :D
I am trying to implement my own collector, but I can't seem to understand the input-file format used for neither the txt nor the bin version. Maybe you could help me out a little?
I was mostly focused on the txt-format. My initial guess was that the hex values in each line are the bytes of the encrypted nonce in order of time. So the first byte received by the reader is the first byte in the line. I was also assuming that the ! is present if the parity bit corresponding to that byte was 0.
Trying my own input-file, I ended up with a Segfault due to the search space ending up with a size of 0.
I've now tried countless different formats, switching le to be and reordering the bytes, flipping the parity and so one. None of it seems to work. 🤷
Is there some kind of magic encoding going on or was my assumption correct and it's just my code being flawed in another way (could very much be the case btw)?
Thanks for this cool project! I learned a lot about bitslicing! Thanks :)

Hi you've done a great work recently. Currently im using ACR122U and cracking a mifare 4k card using libnfc_crypto1_crack , Can you help to implement your latest work " http://www.proxmark.org/forum/viewtopic.php?id=4873 " into this ? and can you help to do a automated to command line to crack all the sectors by inputting one key ?

Hi:
I have tried to compile your project with MINGW and have solved all the compilation warnings and errors, but the final project still does not work and the program stuck in the crack process.
In Ubuntu, the program is very easy to use.
Sincerely hope that you can out of a windows version of the project, very grateful to you.

Can write crypto1_bs for collected nonces for android ?

Hi all,

I've been playing around with NFC cards for a bit and managed to get the keys for a specific card of mine using miLazyCracker: https://github.com/nfc-tools/miLazyCracker/

However, after trying exactly the same attack again on exactly the same NFC card the crypto1_bs tool keeps showing me the message No solution found :(

My log:

Collected 5052 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5064 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5075 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5086 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5098 nonces... leftover complexity 222377702350 (~2^37.69) -
initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking...  99.95%
No solution found :(
MFOC not possible, detected hardened Mifare Classic
Trying HardNested Attack...
libnfc_crypto1_crack ffffffffffff 60 B 4 B mfc_4db3582c_foundKeys.txt
Found tag with uid 4db3582c, collecting nonces for key B of block 4 (sector 1) using known key B ffffffffffff for block 60 (sector 15)
Collected 3543 nonces... leftover complexity 222377702350 (~2^37.69) - initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking...  37.33%

And this is basically the loop where it gets stuck in. What could be the problem here?

Hi, I have this problem that is not solved anywhere else, can someone help me please?

Sector 00 - Found   Key A: a0a1a2a3a4a5 Unknown Key B
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Unknown Key A               Unknown Key B
Sector 04 - Unknown Key A               Unknown Key B


Using sector 00 as an exploit sector
Card is not vulnerable to nested attack
MFOC not possible, detected hardened Mifare Classic
Trying HardNested Attack...
libnfc_crypto1_crack a5a4a3a2a1a0 0 A 16 B mfc_3e631e85_foundKeys.txt
Reader-answer transfer error, exiting.. a5a4a3a2a1a0 doesn't look like the right key A for block 0 (sector 0)

Compiling with -mpopcnt enabled by default makes program terminate with SIGILL if the cpu has not sse4/popcnt support.

I'm using an ACR122U device on my raspberry pi, and when I run nfc-list, it recognises the nfc reader fine.
However when I run libnfc_crypto1_crack, it gives me an error of libnfc.driver.pn532_uart, pn54x_check_communication error. I've freed the uart on my raspi-config, so I wasn't sure what it could be..

Thanks in advance

I want to compile your project libnfc_crypto1_crack.
But i get error: not found #include < nfc/nfc.h >.
How this fixed and compile your project ?
Do I understand correctly that your program can without proksmarka, without sniffing, hackьmifare classic emulated?
I will appreciate if you send me a compiled program

Hello,
The compilation fails on a GCC10 system.

/usr/bin/ld: /tmp/ccqmPvUe.o:(.bss+0x20): multiple definition of `bs_ones'; /tmp/ccK3OYTd.o:(.bss+0x4b160): first defined here
/usr/bin/ld: /tmp/ccqmPvUe.o:(.bss+0x0): multiple definition of `bs_zeroes'; /tmp/ccK3OYTd.o:(.bss+0x4b140): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x0): multiple definition of `bitsliced_rollback_byte'; /tmp/ccK3OYTd.o:(.bss+0x20): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x4b110): multiple definition of `keys_found'; /tmp/ccK3OYTd.o:(.bss+0x4b130): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x4b140): multiple definition of `bs_ones'; /tmp/ccK3OYTd.o:(.bss+0x4b160): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x4b108): multiple definition of `total_states_tested'; /tmp/ccK3OYTd.o:(.bss+0x4b128): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x25900): multiple definition of `bitsliced_encrypted_nonces'; /tmp/ccK3OYTd.o:(.bss+0x25920): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x4b120): multiple definition of `bs_zeroes'; /tmp/ccK3OYTd.o:(.bss+0x4b140): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x100): multiple definition of `bitsliced_encrypted_parity_bits'; /tmp/ccK3OYTd.o:(.bss+0x120): first defined here
/usr/bin/ld: /tmp/ccSgNOxe.o:(.bss+0x4b100): multiple definition of `total_states'; /tmp/ccK3OYTd.o:(.bss+0x4b120): first defined here
collect2: error: ld returned 1 exit status
make: *** [Makefile:20: solve_bs] Error 1

The fix (not sure if it's correct) is to add a -Wl,--allow-multiple-definition linker option

Hi Aczid,

I'm getting great results using this repo, grats on the work it's very impressive.
Times are between 5 minutes and a few hours per block.

Using this however is all based on knowing at least one key to get the rest of the blocks.
Is there anything you are using or could recommend to get keys from 1K cards without knowing any key. Mfcuk hasn't been updated in ages and is broken with the current libnfc.

Any advice?

Some mifare card always send the same nt, so we can't crack this card?
libnfc_crypto1_crack will never stop for this type of card.
Here is contents of nonces.bin gathered by Proxmark3:
B94FDA1404008190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC228190C7DC8190C7DC22……

When I use brute for crack sector 5(for example), I can get the key, but this key will be not for selected sector 5, It can be for sector 2,3,4. When I crack sector 3, I can get key for sector 5, not for sector 3.
Also, when I use true key for sector 5 for cracking another sector, brute can say, that this key is not for selected sector O.o

hi in windows 10 64bit I have this error: nfc/nfc.h: No such file or directory in Qt creator, I have configure generate and build it. can you help me?

I'm trying to recover the keys for a NFC tag, and have found the B key for all blocks of the device (works fine with mfoc, does not complain etc.), but as soon as I insert them into libnfc_crypto1_crack, as

libnfc_crypto1_crack <key> 60 B 60 A

I get the following error

Reader-answer transfer error, exiting.. <key> doesn't look like the right key B for block 60 (sector 15)

And as stated, mfoc reads using the B key without complaining at all!

Any ideas or suggestions?

hi !

Despite that OSX compatibility issue which has been fixed by @unkernet, I still can't build properly this source :-(

I'm on a Mac M1 with Ventura 13.0 and this is the error I get when I execute the "make" command:

make
gcc -std=gnu99 -O3 -march=native solve_bs.c readnonces.c crypto1_bs.c crypto1_bs_crack.c crapto1-v3.3/crapto1.c crapto1-v3.3/crypto1.c -I crapto1-v3.3/ craptev1-v1.1/craptev1.c -I craptev1-v1.1/ -o solve_bs -lpthread -lm
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
clang: error: the clang compiler does not support '-march=native'
make: *** [solve_bs] Error

i have tried all others -march options, but same results.

any idea ?

thank you for your time.

I'm getting this error using libnfc_crypto1_crack :

# ./libnfc_crypto1_crack b0b1b2b3b4b5 0 B 1 BFound tag with uid fbfed8c2, collecting nonces for key B of block 1 using known key B 0000ffffffff for block 0
Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answer transfer error, exiting..Reader-answeCollected 0 nonces... ...

I think that the problem is known key parameter is not correctly read from program args.
I have tested with both ACR122U and SCL3711 readers but same result.
(compiled with libnfc 1.7.1 under kali linux)

Hi,

I was able to compile all three tools, but when I use "./solve_bs" the key is truncated and the first 2 byte is zeroed.

./solve_bs 0xcafec0de.txt 0xcafec0de
Initializing BS crypto-1
Using 64-bit bitslices
Bitslicing rollback byte: 1f...
Bitslicing nonces...
Starting 6 threads to test 1418412964 states
Found key: **0000**61003333
Tested 3523606116 states

when I use ./solve_piwi_bs or ./solve_piwi the key is correctly recovered.

do you have and idea of why ?

Best regards

Hi, i use kali linux with libnfc preinstalled, when i try to compile crypto1_bs i get this error:

libnfc_crypto1_crack.c:292:21: fatal error: nfc/nfc.h: No such file or directory
compilation terminated.
Makefile:12: recipe for target 'all' failed

What can i do?

Thanks

Hello,

First, thanks for the great work! Would like to see a GPU version of this soon 😄

I opening the issue because I receive message error when try to use a valid key. Used ACR122u

mfoc test

$ mfoc -O test.bin -k fb4a22820e43
The custom key 0xfb4a22820e43 has been added to the default keys
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
       UID (NFCID1): xx  xx  xx  xx  
      SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: fb4a22820e43] -> [.../............]
[Key: ffffffffffff] -> [.../............]
[Key: a0a1a2a3a4a5] -> [.../............]
[Key: d3f7d3f7d3f7] -> [.../............]
[Key: 000000000000] -> [.../............]
[Key: b0b1b2b3b4b5] -> [.../............]
[Key: 4d3a99c351dd] -> [.../............]
[Key: 1a982c7e459a] -> [.../............]
[Key: aabbccddeeff] -> [.../............]
[Key: 714c5c886e97] -> [.../............]
[Key: 587ee5f9350f] -> [.../............]
[Key: a0478cc39091] -> [.../............]
[Key: 533cb6c723f6] -> [.../............]
[Key: 8fd0a4f256e9] -> [.../............]

Sector 00 - Unknown Key A               Unknown Key B
Sector 01 - Unknown Key A               Unknown Key B
Sector 02 - Unknown Key A               Unknown Key B
Sector 03 - Found   Key A: fb4a22820e43 Unknown Key B
Sector 04 - Unknown Key A               Unknown Key B
Sector 05 - Unknown Key A               Unknown Key B
Sector 06 - Unknown Key A               Unknown Key B
Sector 07 - Unknown Key A               Unknown Key B
Sector 08 - Unknown Key A               Unknown Key B
Sector 09 - Unknown Key A               Unknown Key B
Sector 10 - Unknown Key A               Unknown Key B
Sector 11 - Unknown Key A               Unknown Key B
Sector 12 - Unknown Key A               Unknown Key B
Sector 13 - Unknown Key A               Unknown Key B
Sector 14 - Unknown Key A               Unknown Key B
Sector 15 - Unknown Key A               Unknown Key B


Using sector 03 as an exploit sector
PRNG is not vulnerable to nested attack

mfcuk test

$ mfcuk -C -V 3:A:fb4a22820e43 -v 3
mfcuk - 0.3.8
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, [email protected], http://andreicostin.com


INFO: Connected to NFC reader: ACS ACR122U 00 00 / ACR122U214



INITIAL ACTIONS MATRIX - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector	|    Key A	|ACTS | RESL	|    Key B	|ACTS | RESL
---------------------------------------------------------------------
0	|  000000000000	| . . | . .	|  000000000000	| . . | . .
1	|  000000000000	| . . | . .	|  000000000000	| . . | . .
2	|  000000000000	| . . | . .	|  000000000000	| . . | . .
3	|  fb4a22820e43	| V . | . .	|  000000000000	| . . | . .
4	|  000000000000	| . . | . .	|  000000000000	| . . | . .
5	|  000000000000	| . . | . .	|  000000000000	| . . | . .
6	|  000000000000	| . . | . .	|  000000000000	| . . | . .
7	|  000000000000	| . . | . .	|  000000000000	| . . | . .
8	|  000000000000	| . . | . .	|  000000000000	| . . | . .
9	|  000000000000	| . . | . .	|  000000000000	| . . | . .
10	|  000000000000	| . . | . .	|  000000000000	| . . | . .
11	|  000000000000	| . . | . .	|  000000000000	| . . | . .
12	|  000000000000	| . . | . .	|  000000000000	| . . | . .
13	|  000000000000	| . . | . .	|  000000000000	| . . | . .
14	|  000000000000	| . . | . .	|  000000000000	| . . | . .
15	|  000000000000	| . . | . .	|  000000000000	| . . | . .


VERIFY: 
	Key A sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f
	Key B sectors: 0 1 2 3 4 5 6 7 8 9 a b c d e f


ACTION RESULTS MATRIX AFTER VERIFY - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector	|    Key A	|ACTS | RESL	|    Key B	|ACTS | RESL
---------------------------------------------------------------------
0	|  000000000000	| . . | . .	|  000000000000	| . . | . .
1	|  000000000000	| . . | . .	|  000000000000	| . . | . .
2	|  000000000000	| . . | . .	|  000000000000	| . . | . .
3	|  fb4a22820e43	| V . | V .	|  000000000000	| . . | . .
4	|  000000000000	| . . | . .	|  000000000000	| . . | . .
5	|  000000000000	| . . | . .	|  000000000000	| . . | . .
6	|  000000000000	| . . | . .	|  000000000000	| . . | . .
7	|  000000000000	| . . | . .	|  000000000000	| . . | . .
8	|  000000000000	| . . | . .	|  000000000000	| . . | . .
9	|  000000000000	| . . | . .	|  000000000000	| . . | . .
10	|  000000000000	| . . | . .	|  000000000000	| . . | . .
11	|  000000000000	| . . | . .	|  000000000000	| . . | . .
12	|  000000000000	| . . | . .	|  000000000000	| . . | . .
13	|  000000000000	| . . | . .	|  000000000000	| . . | . .
14	|  000000000000	| . . | . .	|  000000000000	| . . | . .
15	|  000000000000	| . . | . .	|  000000000000	| . . | . .


RECOVER:  0 1 2 3 4 5 6 7 8 9 a b c d e f


ACTION RESULTS MATRIX AFTER RECOVER - UID xx xx xx xx - TYPE 0x08 (MC1K)
---------------------------------------------------------------------
Sector	|    Key A	|ACTS | RESL	|    Key B	|ACTS | RESL
---------------------------------------------------------------------
0	|  000000000000	| . . | . .	|  000000000000	| . . | . .
1	|  000000000000	| . . | . .	|  000000000000	| . . | . .
2	|  000000000000	| . . | . .	|  000000000000	| . . | . .
3	|  fb4a22820e43	| V . | V .	|  000000000000	| . . | . .
4	|  000000000000	| . . | . .	|  000000000000	| . . | . .
5	|  000000000000	| . . | . .	|  000000000000	| . . | . .
6	|  000000000000	| . . | . .	|  000000000000	| . . | . .
7	|  000000000000	| . . | . .	|  000000000000	| . . | . .
8	|  000000000000	| . . | . .	|  000000000000	| . . | . .
9	|  000000000000	| . . | . .	|  000000000000	| . . | . .
10	|  000000000000	| . . | . .	|  000000000000	| . . | . .
11	|  000000000000	| . . | . .	|  000000000000	| . . | . .
12	|  000000000000	| . . | . .	|  000000000000	| . . | . .
13	|  000000000000	| . . | . .	|  000000000000	| . . | . .
14	|  000000000000	| . . | . .	|  000000000000	| . . | . .
15	|  000000000000	| . . | . .	|  000000000000	| . . | . .

But when I try to use libnfc_crypto1_crack, get the error:

$ libnfc_crypto1_crack fb4a22820e43 3 A 0 B
Reader-answer transfer error, exiting.. fb4a22820e43 doesn't look like the right key A for block 3 (sector 0)

How can I provide more verbose logs?

BR

I've been playing with libnfc_crypto1_crack but have been having some problems. For some reason regardless of which key I try to recover, solver I use, or rfid card I'm using the recovered key is always 0xffffffffffff which is not the correct key. (E.g. authentication fails with 0xffffffffffff but works with 0xa0a1a2a3a4a5.)

This happens both when I try recovering Key A and Key B for various sectors.
I've also tried collecting anywhere between 1800 nonces up to 8,000 nonces.
I've tried 2 different cards (one hardened and one not).
I've tried both solver_bs and the craptev1-v1.0 solver (threshold 85).

Any idea what's going on here?

I cant compile your project becouse crapto1.netgarage.org is offline.
pls can you send me CRAPTEV1 and CRAPTO1 libraries.
My mail is [email protected]
Thanks

$ make
gcc -std=gnu99 -O3 -march=native solve_bs.c crypto1_bs.c crypto1_bs_crack.c crapto1-v3.3/crapto1.c crapto1-v3.3/crypto1.c -I crapto1-v3.3/ craptev1-v1.1/craptev1.c -I craptev1-v1.1/ -o solve_bs -lpthread -lm -Wl,--allow-multiple-definition
solve_bs.c:7:10: fatal error: craptev1.h: No such file or directory
7 | #include "craptev1.h"
| ^~~~~~~~~~~~
compilation terminated.
In file included from crypto1_bs_crack.c:29:
crypto1_bs_crack.h:5:10: fatal error: craptev1.h: No such file or directory
5 | #include "craptev1.h"
| ^~~~~~~~~~~~

Hi @aczid, first of all thanks for your work. I am trying to build crypto1_bs but it gives me a 404 not found error when make tries to get the crapto1 and craptev1 packages. I went to the website you included in the makefile, under the get_ calls, and it gives me again 404 not found.
I searched a lot but i don't know where to find those two, do you have something like a link to another mirror or else? Thanks in advance
Mattia

crypto1 cracks my keys just fine however when I feed one into mfoc it fails with the following message:
mfoc: ERROR: No success, maybe you should increase the probes

I have tried both an A and a B key.

I just need one cracked key right?

The card is an sle66 emulating a MiFare Classic 4k.

Hello,

I don't succeed getting the keys from a new mifare card. I guess it's a new Hardnested one.
I Have two very similar mifare tags. One about 5/6 years old and a new 2016 one.
I've compiled everything on Ubuntu 16.04 x64 (no VM) using an ACR22U102.

The old tag is vulnerable to mfoc an retrieve keys with 1-4 probes.
The new one is not vunarable to mfoc (2000+ probes) neither to mfcuk (8+ hours )

So I tried libnfc_crypto1_crack on the new key but I always get:
Found key: b0b1b2b3b4b5
Which, obviously, isn't a working key.
b0b1b2b3b4b5 is the key of the others sector, but not for the sector I'm targeting.
(a0a1a2a3a4a5 is the A key for all sector)
I've tried different sector and key for attack vector, but I've always get the same result.

As a curiosity I've tried libnfc_crypto1_crack with the old tag and I get the same result.

Any idea why I'm getting this kind of results ?

If it helps here is the nonce for the old tag:
0xaae32f78_002B.txt
Correct B key for sector 2 is 89 38 22 5d 43 8f

The new tag:
0xae38b587_012B.txt
0xae38b587_013B.txt

I have compiled code on Kali (x86) system.
At first I've got errors with "asm". I changed "asm" -> "_ _ asm _ _", "-opt=c99" -> "-opt=gnu99". Both allow to finish compilation successfully, but on program run I get "Illegal instruction" error.
I have no available x64 machine right now. Is it possible to fix this?

P.S.
Also I've tried to compile on Kali (arm) on my Samsung Galaxy S5 via Linux Deploy application.
It works well for collecting nonces, but system is too slow for solving keys. Also it displays there percentage beyond 100%.

UPD:
It seems "Illegal instruction" occurs when pthread_join is called. May be the reason is much deeper...