Error: Static encrypted nonce detected. Aborted

Techiziod · April 19, 2026, 8:17am

I am trying to get all the keys from a MF 1k, but I keep running into “Error: Static encrypted nonce detected. Aborted“

    MCU....... AT91SAM7S512 Rev A
    Memory.... 512 KB ( 68% used )

    Client.... Iceman/master/v4.17511 2023-11-13 10:19:09
    Bootrom... Iceman/master/v4.17511-suspect 2023-11-13 10:19:09 
    OS........ Iceman/master/v4.17511-suspect 2023-11-13 10:19:09 
    Target.... device / fw mismatch

[usb] pm3 --> hf mf autopwn
[!] ⚠️  no known key was supplied, key recovery might fail
[+] loaded 56 keys from hardcoded default array
[=] running strategy 1
[=] ...
[=] Chunk 6.9s | found 10/32 keys (56)
[=] running strategy 2
[=] ...
[=] Chunk 6.7s | found 10/32 keys (56)
[+] target sector   0 key type A -- found valid key [ A0A1A2A3A4A5 ] (used for nested / hardnested attack)
[+] target sector   2 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector   3 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   3 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   4 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   4 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  14 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  14 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  15 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  15 key type B -- found valid key [ FFFFFFFFFFFF ]
[-] ⛔ Tag isn't vulnerable to Nested Attack (PRNG is probably not predictable).
[-] ⛔ Nested attack failed --> try hardnested
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time 
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 16 threads and AVX2 SIMD core               |                 |
[=]        0 |       0 | Brute force benchmark: 2400 million (2^31.2) keys/s     | 140737488355328 |   16h
[=]        1 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 874 ms                | 140737488355328 |   16h
[=]        1 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   16h

[!!] 🚨 Error: Static encrypted nonce detected. Aborted


[+] found keys:

[+] -----+-----+--------------+---+--------------+----
[+]  Sec | Blk | key A        |res| key B        |res
[+] -----+-----+--------------+---+--------------+----
[+]  000 | 003 | A0A1A2A3A4A5 | D | ------------ | 0
[+]  001 | 007 | ------------ | 0 | ------------ | 0
[+]  002 | 011 | A0A1A2A3A4A5 | D | ------------ | 0
[+]  003 | 015 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  004 | 019 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  005 | 023 | ------------ | 0 | ------------ | 0
[+]  006 | 027 | ------------ | 0 | ------------ | 0
[+]  007 | 031 | ------------ | 0 | ------------ | 0
[+]  008 | 035 | ------------ | 0 | ------------ | 0
[+]  009 | 039 | ------------ | 0 | ------------ | 0
[+]  010 | 043 | ------------ | 0 | ------------ | 0
[+]  011 | 047 | ------------ | 0 | ------------ | 0
[+]  012 | 051 | ------------ | 0 | ------------ | 0
[+]  013 | 055 | ------------ | 0 | ------------ | 0
[+]  014 | 059 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  015 | 063 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] -----+-----+--------------+---+--------------+----
[=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA  )
[?] MAD key detected. Try `hf mf mad` for more details

[usb] pm3 --> hf mf mad
[=] Authentication ( ok )
[#] Auth error

[=] --- MIFARE App Directory Information ----------------
[=] -----------------------------------------------------

[=] ------------ MAD v1 details -------------
[+] Card publisher sector 0x01

[=] ---------------- Listing ----------------
[=]  00 MAD v1
[=]  01 [9051] Access control - Hotel lodging system [DORMA/KABA]
[=]  02 [9051] continuation
[=]  03 [0000] free
[=]  04 [0000] free
[=]  05 [0000] free
[=]  06 [0000] free
[=]  07 [0000] free
[=]  08 [0000] free
[=]  09 [0000] free
[=]  10 [0000] free
[=]  11 [0000] free
[=]  12 [0000] free
[=]  13 [0000] free
[=]  14 [0000] free
[=]  15 [0000] free

I was eventually able to get more keys from mfc_default_keys, but I am still missing some.

[usb] pm3 --> hf mf auto --1k -f mfc_default_keys
[!] ⚠️  no known key was supplied, key recovery might fail
[+] loaded 56 keys from hardcoded default array
[+] loaded 1688 keys from dictionary file /usr/local/Cellar/proxmark3/4.17511/bin/../share/proxmark3/dictionaries/mfc_default_keys.dic
[+] loaded 1688 keys from dictionary
[=] running strategy 1
[=] .....
[=] Chunk 10.1s | found 10/32 keys (85)
[=] Chunk 0.6s | found 10/32 keys (85)
[=] Chunk 0.6s | found 10/32 keys (85)
[=] ...
[=] Chunk 7.7s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 1.0s | found 29/32 keys (85)
[=] Chunk 0.6s | found 29/32 keys (44)
[=] running strategy 2
[=] ....
[=] Chunk 9.9s | found 10/32 keys (85)
[=] ....
[=] Chunk 9.6s | found 10/32 keys (85)
[=] ....
[=] Chunk 9.6s | found 10/32 keys (85)
[=] ...
[=] Chunk 7.7s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 1.4s | found 29/32 keys (85)
[=] Chunk 0.8s | found 29/32 keys (44)
[+] target sector   0 key type A -- found valid key [ A0A1A2A3A4A5 ] (used for nested / hardnested attack)
[+] target sector   0 key type B -- found valid key [ 0D258FE90296 ]
[+] target sector   2 key type A -- found valid key [ A0A1A2A3A4A5 ]
[+] target sector   3 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   3 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   4 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   4 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector   5 key type A -- found valid key [ EEB420209D0C ]
[+] target sector   5 key type B -- found valid key [ EEB420209D0C ]
[+] target sector   6 key type A -- found valid key [ 911E52FD7CE4 ]
[+] target sector   6 key type B -- found valid key [ 911E52FD7CE4 ]
[+] target sector   7 key type A -- found valid key [ 752FBB5B7B45 ]
[+] target sector   7 key type B -- found valid key [ 752FBB5B7B45 ]
[+] target sector   8 key type A -- found valid key [ 66B03ACA6EE9 ]
[+] target sector   8 key type B -- found valid key [ 66B03ACA6EE9 ]
[+] target sector   9 key type A -- found valid key [ 48734389EDC3 ]
[+] target sector   9 key type B -- found valid key [ 48734389EDC3 ]
[+] target sector  10 key type A -- found valid key [ 17193709ADF4 ]
[+] target sector  10 key type B -- found valid key [ 17193709ADF4 ]
[+] target sector  11 key type A -- found valid key [ 1ACC3189578C ]
[+] target sector  11 key type B -- found valid key [ 1ACC3189578C ]
[+] target sector  12 key type A -- found valid key [ C2B7EC7D4EB1 ]
[+] target sector  12 key type B -- found valid key [ C2B7EC7D4EB1 ]
[+] target sector  13 key type A -- found valid key [ 369A4663ACD2 ]
[+] target sector  13 key type B -- found valid key [ 369A4663ACD2 ]
[+] target sector  14 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  14 key type B -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  15 key type A -- found valid key [ FFFFFFFFFFFF ]
[+] target sector  15 key type B -- found valid key [ FFFFFFFFFFFF ]
[-] ⛔ Tag isn't vulnerable to Nested Attack (PRNG is probably not predictable).
[-] ⛔ Nested attack failed --> try hardnested
[=] Hardnested attack starting...
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]          |         |                                                         | Expected to brute force
[=]  Time    | #nonces | Activity                                                | #states         | time 
[=] ---------+---------+---------------------------------------------------------+-----------------+-------
[=]        0 |       0 | Start using 16 threads and AVX2 SIMD core               |                 |
[=]        0 |       0 | Brute force benchmark: 2410 million (2^31.2) keys/s     | 140737488355328 |   16h
[=]        1 |       0 | Loaded 0 RAW / 351 LZ4 / 0 BZ2 in 898 ms                | 140737488355328 |   16h
[=]        1 |       0 | Using 239 precalculated bitflip state tables            | 140737488355328 |   16h

[!!] 🚨 Error: Static encrypted nonce detected. Aborted


[+] found keys:

[+] -----+-----+--------------+---+--------------+----
[+]  Sec | Blk | key A        |res| key B        |res
[+] -----+-----+--------------+---+--------------+----
[+]  000 | 003 | A0A1A2A3A4A5 | D | 0D258FE90296 | D
[+]  001 | 007 | ------------ | 0 | ------------ | 0
[+]  002 | 011 | A0A1A2A3A4A5 | D | ------------ | 0
[+]  003 | 015 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  004 | 019 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  005 | 023 | EEB420209D0C | D | EEB420209D0C | D
[+]  006 | 027 | 911E52FD7CE4 | D | 911E52FD7CE4 | D
[+]  007 | 031 | 752FBB5B7B45 | D | 752FBB5B7B45 | D
[+]  008 | 035 | 66B03ACA6EE9 | D | 66B03ACA6EE9 | D
[+]  009 | 039 | 48734389EDC3 | D | 48734389EDC3 | D
[+]  010 | 043 | 17193709ADF4 | D | 17193709ADF4 | D
[+]  011 | 047 | 1ACC3189578C | D | 1ACC3189578C | D
[+]  012 | 051 | C2B7EC7D4EB1 | D | C2B7EC7D4EB1 | D
[+]  013 | 055 | 369A4663ACD2 | D | 369A4663ACD2 | D
[+]  014 | 059 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+]  015 | 063 | FFFFFFFFFFFF | D | FFFFFFFFFFFF | D
[+] -----+-----+--------------+---+--------------+----
[=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA  )
[?] MAD key detected. Try `hf mf mad` for more details

I tried sniffing between the card and the reader, but I didn’t see any keys like others here have had luck with. I also don’t really know what I’m looking at, as I’m pretty new to this.

[usb] pm3 --> hf mf list
[=] downloading tracelog data from device
[+] Recorded activity (trace len = 1324 bytes)
[=] start = start of start frame end = end of frame. src = source of transfer
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)

      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
          0 |        992 | Rdr |52(7)                                                                    |     | WUPA
   98312388 |   98312580 | Tag |01(0)                                                                    |     | 
   98361204 |   98367028 | Tag |42  9f  bf  e0  82                                                       |     | 
   98430564 |   98434084 | Tag |08  b6  dd                                                               |  ok | 
   98536900 |   98557700 | Tag |73! 67! a4! 39  9b! b7  0c! 6f! c5! 93  7e  a2  b7  fe! 3e! 56! 6d! 71   |  !! | 
   98616756 |   98637620 | Tag |a9! 81  5a  4c  1f  1f! 3a! 03! df! 62! d0  97! 78! 87! 6d! 4a! 8f! 92   |  !! | 
   98843268 |   98849092 | Tag |42  9f  bf  e0  82                                                       |     | 
   99073748 |   99078420 | Tag |56  29  63  9f                                                           |  !! | 
   99090404 |   99095140 | Tag |25  bb! 62! ae                                                           |  !! | 
   99142340 |   99144580 | Tag |96! fd                                                                   |     | 
   99203380 |   99224180 | Tag |bd  17! 45  8f  69! 3e! 4f! a7  7e  fd  b4! cd  52! f8! 0c  67! 51! 2c   |  !! | 
   99282852 |   99303716 | Tag |f9! fb! dc  cf  9c  3f! d3! ed! 92  a6  dd  f2  16! 72  e2  0d! e5  6f   |  !! | 
   99721460 |   99742260 | Tag |3a  69  2c  a1! b2! c0  61  98! 3f  41! 9e  ed! 98  35! f7  72  a9  88   |  !! | 
   99801188 |   99821988 | Tag |87! d3  e6! fd! 56! 70! 28  ea  73  32! 5e! e1  1d  f1  71! 42  e6! 8c   |  !! | 
  100058932 |  100063668 | Tag |f0! 2d  4b! 4e                                                           |  !! | 
  100077188 |  100077380 | Tag |01(0)                                                                    |     | 
  100109364 |  100130164 | Tag |e5! cc! fb  b3  4d! 53! 95  39! 73! 51! 74  1a! c2! b4! 2b! 81! d0  83   |  !! | 
  172894164 |  172895508 | Tag |ff  01                                                                   |     | 
  172942196 |  172948020 | Tag |42  9f  bf  e0  82                                                       |     | 
  173011556 |  173015076 | Tag |08  b6  dd                                                               |  ok | 
  173083860 |  173088532 | Tag |92! 88! cf  b5                                                           |  !! | 
  173116500 |  173137300 | Tag |c0! 14  a8  ea! 37  e8  62! d2  e8! c3! 17  3a! 7f  db! db  c8  ad  8e   |  !! | 
  173196084 |  173216884 | Tag |bb! ff! 6f  74! 69  58! 1c! 42  f6! 75! c6! ad  73! a0  b8  70! d9! c6   |  !! | 
  173375972 |  173378340 | Tag |04  00                                                                   |     | 
  173425220 |  173431044 | Tag |42  9f  bf  e0  82                                                       |     | 
  173655460 |  173660132 | Tag |87  dd  ba  e7                                                           |  !! | 
  173704980 |  173725844 | Tag |56  b0  e1! e9! 1e! 53  fc! 8a  8b  d2! 5a! 13  a3  fa! d3! 2a! 1e  88   |  !! | 
  173784324 |  173805124 | Tag |b2! 9e! e2! f1! 74! ca! 92! 07! 75  2c  9a  8a  ca  06! 39! f6! 8a! f2   |  !! | 
  173863908 |  173884708 | Tag |9e  2d  34  df  c9  b7  2e  43! 5d  a2  9c  60! 64  cd! 72! 3a! 1a  25   |  !! | 
  174304628 |  174304948 | Tag |03(1)                                                                    |     | 
  174381604 |  174402404 | Tag |92  8f  cc  a9  aa  6f! db! 65! df! 53! 3d! cd  84! 16! da  72! ab  13   |  !! | 
  174643268 |  174643460 | Tag |01(0)                                                                    |     | 
  174655748 |  174660420 | Tag |16! e5! 40  25                                                           |  !! | 
  174689268 |  174710068 | Tag |09  a6! c1! 32! ce  3b  17! 7c  1b  6f! 73  b1! 73  a1! 62! ee  8b! 27   |  !! | 
  244083380 |  244085364 | Tag |00! 20                                                                   |     | 
  244132020 |  244132276 | Tag |00(1)                                                                    |     | 
  244202004 |  244205012 | Tag |c0! ab! 1d                                                               |  !! | 
  244257540 |  244261828 | Tag |2a  26  d9  2f                                                           |  !! | 
  244274276 |  244274852 | Tag |0f(3)                                                                    |     | 
  244307844 |  244328708 | Tag |04  0c! 41! cc  dd! 9e  b7  e4! 0f! 3d  c1  07  fb  4b! 11! 1b  1a! f9   |  !! | 
  244388196 |  244408484 | Tag |69  a6! 1d! 58  92  22  69! 1d  d5! 2f! 6d! a5  e9! 5d  12! 45! df  1b   |  !! | 
  244614212 |  244620036 | Tag |42  9f  bf  e0  82                                                       |     | 
  244685860 |  244687972 | Tag |ad  77!                                                                  |     | 
  244844692 |  244849364 | Tag |ca  d8  27  eb                                                           |  !! | 
  244894740 |  244915540 | Tag |8b! 0f  7e! db! 05  bc! ba! fb  bd  20! 8d! 49  1f! 2e! e7  fc! b9  69   |  !! | 
  244983156 |  244995124 | Tag |a2! 2d! ee  0b! 0f  9b! 29! 0e  f0  79  04                               |  !! | 
  245054324 |  245067636 | Tag |e6! a1! ea! d1! 04! 28  0e! 01! 04! 88  d7  03                           |  !! | 
  245492548 |  245506500 | Tag |05! 4d  69  6a  10! e7! 07  1c  ec! 07! b8! 17                           |  !! | 
  245572148 |  245589684 | Tag |83  71! b0  04! a8! 95  20  63  9c! d1! 88! 15  85  69! 4c  00           |  !! | 
  245829780 |  245834516 | Tag |f0! 2d  4b! 4e                                                           |  !! | 
  245846676 |  245851092 | Tag |f9  8d! 6e  44                                                           |  !! | 
  245880836 |  245893380 | Tag |2a  5d! da  e3  51  68  83! d0  04  56  16                               |  !! | 
  317016052 |  317021876 | Tag |42  9f  bf  e0  82                                                       |     | 
  317141956 |  317145732 | Tag |c2  22  ed  02                                                           |  !! | 
  317158596 |  317162436 | Tag |83  8c  b1! 01                                                           |  !! | 
  317191988 |  317212596 | Tag |05! a4! e8! 36! eb! 95! 8d! ba! 8b  80  8f  8b  51  b7  a8  9c! 1c! 1a   |  !! | 
  317271604 |  317292404 | Tag |13  ef! 38  0f! 29  4f  4d  9a  16! 34! fe! be  f6  16  3f  84! 08! fc   |  !! | 
  317449524 |  317451508 | Tag |00! 20                                                                   |     | 
  317498132 |  317503956 | Tag |42  9f  bf  e0  82                                                       |     | 
  317568724 |  317568916 | Tag |01(0)                                                                    |     | 
  317725552 |  317725968 | Rdr |00(2)                                                                    |     | 
  317728612 |  317733284 | Tag |95  32  f6  c9                                                           |  !! | 
  317745252 |  317749924 | Tag |3f  2d  c9  77                                                           |  !! | 
  317778660 |  317799460 | Tag |20  cd  a9! fb  ab! 20! a8  10  83! e8! e2  2e! 2d! c9  84! d1  1a  5f   |  !! | 
  317858276 |  317861284 | Tag |21! 26  1f                                                               |  !! | 
  317938260 |  317942612 | Tag |69  1f! 50! 1c                                                           |  !! | 
  318373520 |  318374448 | Rdr |0f(6)                                                                    |     | 
  318376196 |  318396996 | Tag |f6! 98  4b! 87  54  c4  72  27! 1a! 99  bf  8b  2d  a8  15  82  87  14   |  !! | 
  318451328 |  318454752 | Rdr |c9  03! f3                                                               |  !! | 
  318455924 |  318476788 | Tag |c9  78! 8e! 9a! e9  88! a7  7f  cb  fa  82  45  76  ca  b8  ed! f9! 71   |  !! | 
  318713684 |  318718420 | Tag |f0! 2d  4b! 4e                                                           |  !! | 
  318730324 |  318734996 | Tag |5d! 85! e4  e0                                                           |  !! | 
  318764116 |  318784916 | Tag |18! 77  ea  dd! 25  db! 21  33  e6! 55! 59! 4f  4b! 31  15  97! c3! 0d   |  !! |

I wasn’t able to find any advice beyond this point in any other posts, and I don’t really know where to go from here. Do I need to brute force the remaining keys? If so, how do I even do that? Any help is appreciated. Thank you guys.

Aoxhwjfoavdlhsvfpzha · April 19, 2026, 8:27am

Techiziod:

Client.... Iceman/master/v4.17511 2023-11-13 10:19:09
    Bootrom... Iceman/master/v4.17511-suspect 2023-11-13 10:19:09 
    OS........ Iceman/master/v4.17511-suspect 2023-11-13 10:19:09 
    Target.... device / fw mismatch

It looks like you’re using an outdated client

It also looks like your Proxmark isn’t flashed to match it, that device / fw mismatch is a sign of doom

I would try updating to a current client, I can’t say specifically, but I reckon the crack-y ability has gotten better

Techiziod · April 19, 2026, 9:38am

Good catch. I updated my firmware to v4.21611.

    MCU....... AT91SAM7S512 Rev A
    Memory.... 512 KB ( 82% used )

    Client.... Iceman/master/v4.21611 2026-04-14 10:19:30
    Bootrom... Iceman/master/v4.21611-suspect 2026-04-14 10:19:30 389522379
    OS........ Iceman/master/v4.21611-suspect 2026-04-14 10:19:30 389522379

Unfortunately, after the first 2 steps I still don’t have those last 3 keys. Still no keys from sniffing either, but at least it gives me more annotations.

[usb] pm3 --> hf mf list
[+] Recorded activity ( 1492 bytes )
[=] start = start of start frame. end = end of frame. src = source of transfer.
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)

      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
          0 |        992 | Rdr |52(7)                                                                    |     | WUPA
  100004896 |  100005888 | Rdr |52(7)                                                                    |     | WUPA
  100007124 |  100009492 | Tag |04  00                                                                   |     | 
  100052496 |  100054960 | Rdr |93  20                                                                   |     | ANTICOLL
  100056132 |  100061956 | Tag |42  9F  BF  E0  82                                                       |     | 
  100113792 |  100124320 | Rdr |93  70  42  9F  BF  E0  82  06  DC                                       |  ok | SELECT_UID
  100125492 |  100129012 | Tag |08  B6  DD                                                               |  ok | 
  100174832 |  100179536 | Rdr |60  00  F5  7B                                                           |  ok | AUTH-A(0)
  100181172 |  100185844 | Tag |55  30  C8  7B                                                           |     | AUTH: nt (lfsr16 index 26117)
  100196272 |  100196624 | Rdr |02(2)                                                                    |     | 
  100197796 |  100202468 | Tag |E7  C6  C8  D8                                                           |  !! | 
  100231700 |  100252500 | Tag |BB! 80  31  F2! DF! 15! 8C! 5C! 41! 2D  74  22! B1  C6  52! 18  DA! 2F   |  !! | 
  100309392 |  100309808 | Rdr |01(2)                                                                    |     | 
  100311684 |  100332548 | Tag |C3! 5F  8E  12  1A! D6  F3  C0  68! B2  40! B2! CD  19! 94! 86! F7  AD   |  !! | 
  100385856 |  100390624 | Rdr |46  35  AF  3C                                                           |  !! | 
  100489188 |  100491556 | Tag |04  00                                                                   |     | 
  100538196 |  100544020 | Tag |42  9F  BF  E0  82                                                       |     | 
  100608452 |  100611972 | Tag |08  B6  DD                                                               |  ok | 
  100768676 |  100773348 | Tag |32  F6  C9  FA                                                           |  !! | 
  100774768 |  100784080 | Rdr |33! 73  DB  76! FD  3C! 51! 7D                                           |  !! | 
  100785332 |  100790004 | Tag |77! CA! 5A  1D                                                           |  !! | 
  100812768 |  100817472 | Rdr |AF! 0C! C3! 0F                                                           |  !! | 
  100818708 |  100839508 | Tag |89  17! 53! 79! 06! BF  15! 0D  37  CF  19  5B! 9C  12! 37! 7A  AB! 9A   |  !! | 
  100892368 |  100897072 | Rdr |DA! 5D  DE  3B                                                           |  !! | PPS - CID=a
  100898308 |  100919172 | Tag |B9! AD  5B! AE! F4  D4! 62  DC  DE! 3E! 41  F2  F2! 5A! 5B! 63  33  28   |  !! | 
  100977780 |  100998580 | Tag |1C! FA  56  A4! EE! 2E  1C  02  94! 39! B4  7E! 38! 2E! 35  95  F7  33   |  !! | 
  101416372 |  101437236 | Tag |5E  DC! AC  10  FB  E0! 05  D5  B6! 05! 9C! AF! 86  91! AE! 5F! 8E! EF   |  !! | 
  101490160 |  101494864 | Rdr |99  74! AC  21                                                           |  !! | 
  101496100 |  101516964 | Tag |A0! 3F! 0C! 2E  BC  18! D3! 68  57! A7  95! 7A  84! 74  76! 81  CA! A3   |  !! | 
  101753860 |  101758596 | Tag |F0! 2D  4B! 4E                                                           |  !! | 
  101759952 |  101769328 | Rdr |DF  6E! 83  29! 28! D3! 5A  2B                                           |  !! | 
  101770500 |  101775236 | Tag |D7! F6  E8  72                                                           |  !! | 
  101798464 |  101803232 | Rdr |2D! 76! 76! 5A                                                           |  !! | 
  101804404 |  101825204 | Tag |70! 74! A1! 06  1E  E8  C6! EA! 4A  7E  BC! 90! 85! E0! 6E  8F! 07! 56   |  !! | 
  193231908 |  193234276 | Tag |04  00                                                                   |     | 
  193280916 |  193286740 | Tag |42  9F  BF  E0  82                                                       |     | 
  193338704 |  193349232 | Rdr |93  70  42  9F  BF  E0  82  06  DC                                       |  ok | SELECT_UID
  193350404 |  193353924 | Tag |08  B6  DD                                                               |  ok | 
  193406068 |  193410740 | Tag |55  30  C8  7B                                                           |  !! | 
  193412160 |  193421536 | Rdr |AC! 2D! 36! 40! E6  C8  80! 23                                           |  !! | ?
  193422708 |  193427380 | Tag |C9! B9  5B  5E                                                           |  !! | 
  193450672 |  193455440 | Rdr |73! A1  61! 43                                                           |  !! | 
  193456612 |  193477476 | Tag |F1! 23! B8! 52! 9B  24  2E! 49  BD  C8! AE  81  D0  BB  88  68  ED! 4A   |  !! | 
  193536596 |  193557396 | Tag |9C  CA! 73  37! E2! 53  1A! 6E! 26! 86! 4E! B5! 14  D0! 8A! 52  E4  8A   |  !! | 
  193714084 |  193716452 | Tag |04  00                                                                   |     | 
  193763092 |  193768916 | Tag |42  9F  BF  E0  82                                                       |     | 
  193833332 |  193836852 | Tag |08  B6  DD                                                               |  ok | 
  193993556 |  193998228 | Tag |5B  A5  8C  7D                                                           |  !! | 
  194010212 |  194014884 | Tag |E8  0D  5E! 00                                                           |  !! | 
  194043604 |  194064468 | Tag |BE! 0F  EA! 8E! 51! FE! F0! 02! BC! DC  F4! 26  D9! 6A  74  BE  E8  DA   |  !! | 
  194123188 |  194143988 | Tag |D3! B3! E4  96  72! AC! 8A  2A  9C! 60! A4! 50! 02! 32  D3! 9B! 7B! E5   |  !! | 
  194200624 |  194201168 | Rdr |01(3)                                                                    |     | 
  194202660 |  194223524 | Tag |04  A3! AD  15! B0  22! 8D! B2  AD  34! FF  0C  01  B5  6B! 6B  EE! 3B   |  !! | 
  194635328 |  194640032 | Rdr |3A  09  81  41                                                           |  !! | READ RANGE (9-129)
  194641268 |  194662068 | Tag |61! 6D  C5  BC! CC! 8C  82! 3C! B2  ED  15! 8E  1D  48! F9! 14! 36  1E   |  !! | 
  194720996 |  194741796 | Tag |F0! 8B  4F  F0! 47! 46  69  88  3A! 08  B5  0C! 98! D1! 75! F3  36  EE   |  !! | 
  194978740 |  194983476 | Tag |F0! 2D  4B! 4E                                                           |  !! | 
  194995380 |  195000052 | Tag |01  9A  6E  DD                                                           |  !! | 
  195029156 |  195049956 | Tag |5D  F9! AB  DB  86! 88! D9! 99! 09! FA! ED  9E  1D  BE! 8F! 9C  D7  24   |  !! | 
  318661908 |  318664276 | Tag |04  00                                                                   |     | 
  318710900 |  318716724 | Tag |42  9F  BF  E0  82                                                       |     | 
  318768560 |  318779088 | Rdr |93  70  42  9F  BF  E0  82  06  DC                                       |  ok | SELECT_UID
  318780276 |  318783796 | Tag |08  B6  DD                                                               |  ok | 
  318829728 |  318834432 | Rdr |60  00  F5  7B                                                           |  ok | AUTH-A(0)
  318836068 |  318840804 | Tag |30  C8  7B  9D                                                           |     | AUTH: nt (lfsr16 index 26125)
  318852692 |  318857364 | Tag |03  94! C5! 51!                                                          |     | 
  318886596 |  318907460 | Tag |D7  79  87  B3! 0B  A2! 4C  11! A9  6A  1E! 8B  AE! 5C! 77  DC! D8  E9   |  !! | 
  318964544 |  318964832 | Rdr |00(1)                                                                    |     | 
  318966596 |  318977988 | Tag |38! 14  5A  28  60  A2  E1! 99! 09  2A                                   |  !! | 
  319040752 |  319045520 | Rdr |18  B0! 01  3F                                                           |  !! | 
  319099008 |  319100064 | Rdr |26(7)                                                                    |     | REQA
  319144640 |  319145632 | Rdr |52(7)                                                                    |     | WUPA
  319146884 |  319149252 | Tag |04  00                                                                   |     | 
  319195236 |  319201060 | Tag |42  9F  BF  E0  82                                                       |     | 
  319254176 |  319264704 | Rdr |93  70  42  9F  BF  E0  82  06  DC                                       |  ok | SELECT_UID
  319265892 |  319269412 | Tag |08  B6  DD                                                               |  ok | 
  319425332 |  319430004 | Tag |8C  F2  EA  47                                                           |  !! | 
  319441972 |  319446708 | Tag |70! 46! FF  E8                                                           |  !! | 
  319475508 |  319496372 | Tag |19  6F  44  42! 4F! 34  C5  03  BC! D2  D5! AC  2A! A8! 9C! DD! 43  95   |  !! | 
  319554196 |  319575060 | Tag |F9  67! A4! 16  D7  53! E0! BD  61  B8! C8  4D  97  4F! A6! 82  BF  D3   |  !! | 
  319628304 |  319628848 | Rdr |00(3)                                                                    |     | 
  319633684 |  319644564 | Tag |2C! 84  DE! CF! 7F! 71! C3! 1C  58  00                                   |  !! | 
  320072404 |  320093268 | Tag |C0! 7E  BE  24  EE! 08  50! 2A! E7! 06! 6A  46  7C! C8  2D  CF  7B! 83   |  !! | 
  320151364 |  320172164 | Tag |27  EE  03! 42  E8  D7! 41! 5F  5A! F4  0D  D0! 2D! AE! 58! F1  AF  66   |  !! | 
  320409108 |  320413844 | Tag |F0! 2D  4B! 4E                                                           |  !! | 
  320425748 |  320430420 | Tag |B4! 1A  CB! F8                                                           |  !! | 
  320459156 |  320479956 | Tag |A8  27  C4  99! 53! D5! AE! 4F  25! 6D! 60  02! 1A! 12  A2  1D  A7  FF   |  !! |

tac0s · April 20, 2026, 12:17am

It looks like sniff is incomplete. We shouldn’t see back to back reader or tag comms. Can we see a picture of your sniffing setup with the tag, pm3, and reader?

Techiziod · April 20, 2026, 5:36am

Here’s the setup, I have the proxmark between the reader and the key. I have ran it a few times and the output always looks about the same with multiple tag and reader comms back to back. Any tips to get a better read? Do I have to take the LF antenna off so there’s more space?

Aoxhwjfoavdlhsvfpzha · April 20, 2026, 5:38am

Just out of curiosity, what command are you running for the sniff exactly?

Techiziod · April 20, 2026, 5:46am

I’m using

hf 14a sniff

tac0s · April 20, 2026, 1:18pm

Nope.

Alright. Hotel lock. A field detector would be nice to see exactly where the antenna is. But also, what is you procedure? Run the command and then press the card + pm3 stack against the lock?

Techiziod · April 20, 2026, 6:29pm

Yeah pretty much. I hold the card and pm3 together, then run the command, then touch them both to the reader until it unlocks. I tried holding the pm3 to the reader first as well but results were about the same.