xM1 static nonce

Support
1

So I cloned a card to the XM1, and now, even after performing “cwipe” - which performs successfully) , I get this message from the proxmark when scanning:

[#] 1 static nounce 01200145
[+] Static nonce: yes

If I try to restore a dump, I get lots of Auth errors.

[#] Cmd Error: 04
[#] Write block error
[+] isOk: 00

However, using mfoc and a Acr122u seems to work

Also, running “hf mf cload xxxxx-dump.eml” (rather than “hf mf restore 1”) seems to work (no errors, but it does not appear to be an identical clone as it doesn’t work at work)

What does “static nonce” even mean? And is there a way to remove it?

2

Paging @Equipter @Jirvin

3

In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks

So a static nonce would be a nonce that can’t be changed.

1 Like
4

Thanks for the explanation.
What I don’t understand, is how a gen1a card that has been wiped, and only contains FFFFFFFFFFFF as keys, still show a static nounce?

I thought the whole point with gen1a was that they could be fully altered? :roll_eyes:

5

static nonce just means the PRNG (pseudorandom number generator) is fixed at 01200145 it wont cause any issues for your tag and is just preprogrammed by whoever created the chip, you cant remove it its a hard built feature

1 Like
6

Thanks for the clarification. I thought it was something that was cloned onto the chip.

Alas that means the work program detects magic cards, if that is the only difference :expressionless:

With work card: all ok

signal-2021-03-29-092958
signal-2021-03-29-092958856×1600 90 KB

With flexM1: “the chip does not have any appropriate sector for this kind of card”

signal-2021-03-29-092923
signal-2021-03-29-092923856×1600 111 KB

7

Grab yourself a Gen2 Test card and try that sucker, there might be a solution for you yet buddy!!!

https://labs.ksec.co.uk/product/mifare-classic-compatible-1k-magic-uid-changeable-uid-gen2/

1 Like
8

Wife is not gonna cut out the flexM1 (so if a gen2 works, that’d be even worse, - knowing she got the wrong one😜

Anyway, next step is to sniff the reader I guess… - see what it actually tries to do (they authenticate/authorize the card every 24 hours)

1 Like
9

Worse than not knowing at all???

Raz the people want to know…
Correction, the people NEED to know

Donkey sad

:wink:

1 Like
10

Fine!

Screenshot_20210409-224136
Screenshot_20210409-2241361644×3840 501 KB

2 Likes
11

Excellent, now I can stop working on my secret project for you…

image
image721×425 49.7 KB

Gen2TestCardLudovico

4 Likes
12

I approve of that gif :joy:

2 Likes
13

@RazAquato Have you got your test card and hat a chance to actually test yet?

14

Nah.
Still not arrived, I’ll update as soon as it gets here

Edit: arrived!
Will test next week and post the results :slightly_smiling_face: