So I cloned a card to the
XM1, and now, even after performing “cwipe” - which performs successfully) , I get this message from the proxmark when scanning:
[#] 1 static nounce 01200145
[+] Static nonce: yes
If I try to restore a dump, I get lots of Auth errors.
[#] Cmd Error: 04
[#] Write block error
[+] isOk: 00
However, using mfoc and a
Acr122u seems to work
Also, running “hf mf cload xxxxx-dump.eml” (rather than “hf mf restore 1”)
seems to work (no errors, but it does not appear to be an identical clone as it doesn’t work at work)
What does “static nonce” even mean? And is there a way to remove it?
In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks
So a static nonce would be a nonce that can’t be changed.
Thanks for the explanation.
What I don’t understand, is how a gen1a card that has been wiped, and only contains FFFFFFFFFFFF as keys, still show a static nounce?
I thought the whole point with gen1a was that they could be fully altered?
static nonce just means the PRNG (pseudorandom number generator) is fixed at 01200145 it wont cause any issues for your tag and is just preprogrammed by whoever created the chip, you cant remove it its a hard built feature
Thanks for the clarification. I thought it was something that was cloned onto the chip.
Alas that means the work program detects magic cards, if that is the only difference
With work card: all ok
With flexM1: “the chip does not have any appropriate sector for this kind of card”
Grab yourself a Gen2 Test card and try that sucker, there might be a solution for you yet buddy!!!
Wife is not gonna cut out the flexM1 (so if a gen2 works, that’d be even worse, - knowing she got the wrong one😜
Anyway, next step is to sniff the reader I guess… - see what it actually tries to do (they authenticate/authorize the card every 24 hours)
Worse than not knowing at all???
Raz the people want to know…
Correction, the people NEED to know
Excellent, now I can stop working on my secret project for you…
@RazAquato Have you got your test card and hat a chance to actually test yet?
Still not arrived, I’ll update as soon as it gets here
Will test next week and post the results