Hello all,
I am trying to get the dump info of a G+D Mifare Classic EV1 1k for possible cloning purposes if a 7-byte UID magic injectable implant is ever made. Here is the card details:
[usb] pm3 --> hf search
[|] Searching for ISO14443-A tag...
[+] UID: (7-byte UID)
[+] ATQA: 00 44
[+] SAK: 08 [2]
[+] MANUFACTURER: NXP Semiconductors Germany
[+] Possible types:
[+] MIFARE Classic 1K CL2
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection: hard
[=]
[=] --- Tag Signature
[=] IC signature public key name: NXP Mifare Classic MFC1C14_x
[=] IC signature public key value: 044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF
[=] Elliptic curve parameters: NID_secp128r1
[=] TAG IC Signature: 067DE177A402139DA35228ADFFCB9F4A0AE1AA166079830AEADEBEF8F492E7B1
[+] Signature verification: successful
[?] Hint: try `hf mf` commands
[+] Valid ISO 14443-A tag found
The first problem comes when I try autopwn:
[usb] pm3 --> hf mf autopwn
[!] iso14443a card select failed
[usb] pm3 --> hf mf autopwn
[!] no known key was supplied, key recovery might fail
[+] loaded 23 keys from hardcoded default array
[=] running strategy 1
[=] Chunk 0.5s | found 0/32 keys (23)
[=] running strategy 2
[=] ..
[=] Chunk 5.0s | found 0/32 keys (23)
[-] No usable key was found!
I believe the problem is that the card doesn’t use any default/common keys in any sectors. I confirmed this with hf mf chk:
[usb] pm3 --> hf mf chk
[=] No key specified, trying default keys
[ 0] ffffffffffff
[ 1] 000000000000
[ 2] a0a1a2a3a4a5
.........
[22] 96a301bce267
[=] Start check for keys...
[=] .................................
[=] time in checkkeys 9 seconds
[=] testing to read key B...
[+] found keys:
[+] |-----|----------------|---|----------------|---|
[+] | Sec | key A |res| key B |res|
[+] |-----|----------------|---|----------------|---|
[+] | 000 | ------------ | 0 | ------------ | 0 |
[+] | 001 | ------------ | 0 | ------------ | 0 |
[+] | 002 | ------------ | 0 | ------------ | 0 |
[+] | 003 | ------------ | 0 | ------------ | 0 |
[+] | 004 | ------------ | 0 | ------------ | 0 |
[+] | 005 | ------------ | 0 | ------------ | 0 |
[+] | 006 | ------------ | 0 | ------------ | 0 |
[+] | 007 | ------------ | 0 | ------------ | 0 |
[+] | 008 | ------------ | 0 | ------------ | 0 |
[+] | 009 | ------------ | 0 | ------------ | 0 |
[+] | 010 | ------------ | 0 | ------------ | 0 |
[+] | 011 | ------------ | 0 | ------------ | 0 |
[+] | 012 | ------------ | 0 | ------------ | 0 |
[+] | 013 | ------------ | 0 | ------------ | 0 |
[+] | 014 | ------------ | 0 | ------------ | 0 |
[+] | 015 | ------------ | 0 | ------------ | 0 |
[+] |-----|----------------|---|----------------|---|
[+] ( 0:Failed / 1:Success )
So no valid keys were found. Am I now stuck since I have no keys to work nested attacks off of? I assume it would be pointless, but is there a way to try and bruteforce one of the keys to then start nested attacks off of? Any help would be appreciated, Thanks.