Help, MIFARE GEN2 1K kEY

Hello, I’m new here, so if I’m talking nonsense, I’m sorry.

I’m not able to extract the keys (B), I don’t even have access to other cards and none.

C:\Users\rrt\Downloads\rrt\V0.2.8-win64-rrg_other-v4.16717>pm3
[=] Session log C:\Users\rrt\Downloads\rrt\V0.2.8-win64-rrg_other-v4.16717\client\/.proxmark3/logs/log_20250820.txt
[+] loaded from JSON file C:\Users\rrt\Downloads\rrt\V0.2.8-win64-rrg_other-v4.16717\client\/.proxmark3/preferences.json
[=] Using UART port COM7
[=] Communicating with PM3 over USB-CDC


  8888888b.  888b     d888  .d8888b.
  888   Y88b 8888b   d8888 d88P  Y88b
  888    888 88888b.d88888      .d88P
  888   d88P 888Y88888P888     8888"
  8888888P"  888 Y888P 888      "Y8b.
  888        888  Y8P  888 888    888
  888        888   "   888 Y88b  d88P
  888        888       888  "Y8888P"    [  ]


  [ Proxmark3 RFID instrument ]

    MCU....... AT91SAM7S512 Rev A
    Memory.... 512 KB ( 60% used )

    Client.... Iceman/master/v4.16717-9-gadfebd651 2023-06-26 21:52:22
    Bootrom... Iceman/master/v4.16717-9-gadfebd651 2023-06-26 21:52:08
    OS........ Iceman/master/v4.16717-9-gadfebd651 2023-06-26 21:52:14
    Target.... PM3 GENERIC

[=] hf search
[-] Searching for ISO14443-A tag…
[+] UID: 99 B5 10 02
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[#] 1 static nonce 009080a2
[+] Static nonce: yes
[#] Auth error
[?] Hint: try hf mf commands

[+] found keys:

[+] -----±----±-------------±–±-------------±—
[+] Sec | Blk | key A |res| key B |res
[+] -----±----±-------------±–±-------------±—
[+] 000 | 003 | 7B296F353C6B | U | ------------ | 0
[+] 001 | 007 | 3FA7217EC575 | C | ------------ | 0
[+] 002 | 011 | 3FA7217EC575 | C | ------------ | 0
[+] 003 | 015 | 6074E191C303 | C | ------------ | 0
[+] 004 | 019 | 6074E191C304 | C | ------------ | 0
[+] 005 | 023 | 05F40B31D9AF | C | ------------ | 0
[+] 006 | 027 | 6074E191C306 | C | ------------ | 0
[+] 007 | 031 | 6074E191C307 | C | ------------ | 0
[+] 008 | 035 | 6074E191C308 | C | ------------ | 0
[+] 009 | 039 | 6074E191C309 | C | ------------ | 0
[+] 010 | 043 | 6074E191C30A | C | ------------ | 0
[+] 011 | 047 | 3FA7217EC575 | C | ------------ | 0
[+] 012 | 051 | 6074E191C30C | C | ------------ | 0
[+] 013 | 055 | 6074E191C30D | C | ------------ | 0
[+] 014 | 059 | 6074E191C30E | C | ------------ | 0
[+] 015 | 063 | 05F40B31D9AF | C | ------------ | 0
[+] -----±----±-------------±–±-------------±—
[=] ( D:Dictionary / S:darkSide / U:User / R:Reused / N:Nested / H:Hardnested / C:statiCnested / A:keyA )

[usb] pm3 → hf mf autopwn -s 0 -a -k 7B296F353C6B -f known_keys.dic
[=] target sector 0 key type A – using valid key [ 7B296F353C6B ] (used for nested / hardnested attack)
[+] loaded 32 keys from dictionary file known_keys.dic
[=] running strategy 1
[=] ..
[=] Chunk 5.1s | found 4/32 keys (32)
[=] running strategy 2
[=] ..
[=] Chunk 4.9s | found 4/32 keys (32)
[+] target sector 1 key type A – found valid key [ 3FA7217EC575 ]
[+] target sector 2 key type A – found valid key [ 3FA7217EC575 ]
[+] target sector 11 key type A – found valid key [ 3FA7217EC575 ]
[-] Tag isn’t vulnerable to Nested Attack (PRNG is probably not predictable).
[-] Nested attack failed → try hardnested
[=] Hardnested attack starting…
[=] ---------±--------±--------------------------------------------------------±----------------±------
[=] | | | Expected to brute force
[=] Time | #nonces | Activity | #states | time
[=] ---------±--------±--------------------------------------------------------±----------------±------
[=] 0 | 0 | Start using 4 threads and AVX2 SIMD core | |
[=] 0 | 0 | Brute force benchmark: 415 million (2^28.6) keys/s | 140737488355328 | 4d
[=] 17 | 0 | Using 239 precalculated bitflip state tables | 140737488355328 | 4d

[!!] Error: Static encrypted nonce detected. Aborted

It’s possible this is a secured late model Mifare Plus or Mifare Classic EV1 with “fixed” crypto-1 and RNG.. but the first thing I notice is the firmware date of your Proxmark and client is June 2023. I would highly suggest pulling down the most recent source, compiling it, and flashing your proxmark3.

Because this firmware version is so old, I suspect you are on a prebuilt binary.. possibly on OSX (mac)?

old firmware/client like Amal is saying.
and static nonce detected, which you will need to run the python script instead to recover all data.

but that is nicely reported on latest source….

Here you go

thanks

to clarify:

make -j == use all available cores to parallel compile.

make -j4 == use 4 cores to parallel compile.

If you have a 4 core CPU or more you can specify using -j8, -j6 etc, but 99.9% of the common use case is do not specify the number of cores.

The make all is from earlier Makefile’s when we didn’t rebuild it. Today running make implies make all

To conclude:

use: make -j

for the fastest build time using the maximum number of available cores on your system.

Personally: make clean; make -j

sirs,
I’ve been trying to update for two days and I can’t, step by step.

pm31345×900 146 KB

in your ./bashrc file consider adding to the end of it, something like

# qt.qpa.plugin: Could not load the Qt platform plugin "xcb"
#export QT_QPA_PLATFORM="offscreen"
export QT_QPA_PLATFORM="xcb"

I haven’t run into your specific windows missing message before but I figure its close enough and you can do some google searching based upon it.