Dealing with MIFARE Classic 1k static encrypted nonces

This comes up now and again and has been sorted on the forum but I found a method that I feel is quite clear. I ran into this when playing with the SwitchBot Keypad. So, if you see this:

Follow these steps:

Put the tag on your proxmark and run the following command
hf 14a sniff
Scan the tag with the reader while its up against the proxmark. Let it register a few times for good meaure then press the button on the side of your proxmark to stop the sniff.

trace list -1 -t mf

Now that you’ve got a potential key, check it:
hf mf chk --1k -k <the key you sniffed, in this case: 3996CC3FD975>

If that checks out:
hf mf autopwn -k <the confirmed key: 3996CC3FD975>

Hopefully that helps.