Giter Club home page Giter Club logo

Comments (3)

aczid avatar aczid commented on May 29, 2024

The attack can't work with a constant nonce. There is a thread about this problem here.

from crypto1_bs.

xtigmh avatar xtigmh commented on May 29, 2024

Thanks! If nt is constant, then nt and [nt] in nested auth is also known, maybe another attack will work!
samples:nt=0x01200145, [nt]=0x8190c7dc

Start End Src Data (! denotes parity error, ' denotes short bytes) CRC Annotation 
      0 |        992 | Rdr | 52'                                                             |     | WUPA
   2228 |       4596 | Tag | 04  00                                                          |     | 
   7040 |       9504 | Rdr | 93  20                                                          |     | ANTICOLL
  10676 |      16564 | Tag | b9  4f  da  14  38                                              |     | 
  19072 |      29600 | Rdr | 93  70  b9  4f  da  14  38  7d  c1                              |  ok | SELECT_UID
  30772 |      34292 | Tag | 08  b6  dd                                                      |     | 
  35968 |      40672 | Rdr | 60  00  f5  7b                                                  |  ok | AUTH-A(0)
  42676 |      47412 | Tag | 01  20  01  45                                                  |     | 
  57088 |      66464 | Rdr | f3! 48  21! 0c  a8! cb  46  c7                                  | !crc| ?
  67636 |      72372 | Tag | a1! c1! 4f! cf!                                                 |     | 
  78208 |      82912 | Rdr | 57  77  38  1e                                                  | !crc| ?
  84916 |      89652 | Tag | 81! 90! c7! dc                                                  |     | 
  90880 |      92128 | Rdr | 00                                                              |     | ?
 106496 |     107488 | Rdr | 52'                                                             |     | WUPA
 108724 |     111092 | Tag | 04  00                                                          |     | 
 113664 |     124192 | Rdr | 93  70  b9  4f  da  14  38  7d  c1                              |  ok | SELECT_UID
 125364 |     128884 | Tag | 08  b6  dd                                                      |     | 
 130560 |     135264 | Rdr | 60  00  f5  7b                                                  |  ok | AUTH-A(0)
 137268 |     142004 | Tag | 01  20  01  45                                                  |     | 
 151680 |     161056 | Rdr | f3! 48  21! 0c  a8! cb  46  c7                                  | !crc| ?
 162228 |     166964 | Tag | a1! c1! 4f! cf!                                                 |     | 
 172800 |     177504 | Rdr | 57  77  38  1e                                                  | !crc| ?
 179508 |     184244 | Tag | 81! 90! c7! dc                                                  |     | 
 185472 |     186720 | Rdr | 00                                                              |     | ?
 201088 |     202080 | Rdr | 52'                                                             |     | WUPA

from crypto1_bs.

xtigmh avatar xtigmh commented on May 29, 2024

I study this card, the nonce is constant, there are only 2 nonces for all sector, distance is 160,so we only can get 32bit keystream.But nested auth attack needs 64 bit keystream.If only know 32 bits keystream,the candidate keys is between 2^15~2^17.Online bruteforce is also avaiable in 4 hours.
Has any idea to speedup?
proxmark3> hf mf nested o 0 a ffffffffffff 4 a
--nested. sectors: 1, block no: 0, key type:A, eml:n, dmp=n checktimeout=471 us
--target block no: 4, target key type:A
uid:295ad814 trgbl=4 trgkey=0
nt=7eef3586, ks1=ffff93b7
statelist[0].len=155091
after intersection:
statelist[0].len=155091
i=155090
Found valid key:ffffffffffff

from crypto1_bs.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.