New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hf mf autopwn failed to dump with key B #960
Comments
I would think your card has a bad coupling with the device, so you need to find a better spot where you don't get all the failed selects and auths. Those failed ones is most likely the cause to your partial dump. |
You are right for the better spot (small patch tags could be tricky), selects and auths errors are due to that. I think it is not the reason because with perfect coupling i have the same issue: the
|
good good, at least one cause is gone and only the B key. |
Sectors 10 to 14 have the same access rights and the same keys:
|
Alright, something to work with. set accessrights and run autopwnHere I set block 7 to same access rights as yours.
Autopwn in action
As expected, keyA fails and the keyB works. Only difference now is that your keyB was found be hardnested. And since you filtered it out, I can't see if its used correct. |
Yes the correct keys are inside partial dumps ! When i try it with a gen 1a card with the same random B key on 4 sectors it works fine but the key was found by nested not hardnested:
Maybe it is related to hardnested found keys, i will try it all my 'hardnested' card. |
It seem to related to the hardnesteded recovery. |
OK i've tried it with a 'real' card (a blank mifare plus)
it is blank:
it fails the same way:
|
i tried the release v4.9237 and it works fine !
The dumps are fine. |
ok, the timeout is 2 sec, so the card might be dumping, but client timesout. Try changing these two timesout to 4000 instead and see if that solves your problem |
No it doesn't:
|
Bugger, lets enable some debug output
|
I've tried ecfill command, it fails the same way:
Let's enable debug: [usb] pm3 --> hw dbg 2
|
It looks like fast dump tries to read sector 0 ! it fails because it tries to read the wrong sectors with key B. |
you need the emulator mem to have keys first.
And yes, ecfill tries to read sector 0 to x, it doesn't keep track of which sectors / blocks already read. |
|
pull latest, flash and test |
|
Now its the nested auth,. |
If you comment out line 1977 and forward, armsrc/mifarecmd.c fct MifareECardLoad
|
|
It fails reading all sectors except 0,3 and 15 now.
|
There has been some fixes for hardnested, try pulling latest and see if this issue still persist |
Unfortunately, the issue still persist. |
Ping! |
Pong ! Still have the issue with
Works well with |
yeah, so the dump command handles it with A/B, now autopwn should do the say... |
I think this issue has been sorted. Would you mind pulling latest / compile / flash and test ? |
The issue is still there :( |
What is your output current run, and a dump of the card you use to test? |
The output is exactly the same #960 (comment) . If you want the dump i can send it to you, just tell me where. |
you on discord? mifare channel, pm me, or here. |
it is quite impossible you have the same output using the latest source, "Auth nested error" doesn't exist in the code anymore. |
Issue fixed with latest. |
Describe the bug
hf mf autopwn
failed to dump with key B:hf mf dump
works well.To Reproduce
Steps to reproduce the behavior:
hf mf autopwn
fast dump reported back failure w KEY B
and the partial dumpshf mf dump
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: