There is 2^48 possible MIFARE Classic keys so bruteforce would effectively take forever. A faster attack is, for instance, the offline nested attack (see here for an implementation). However, this attack only works if you know at least one key of the card. This is an Android NFC-App for reading, writing, analyzing, etc. MIFARE® Classic RFID-Tags. Re: Mifare Classic Offline Cracker Friend 'm with same problem, says there is no key in the sector. But when I put another card it works normally. I'm using ubuntu 4.14 lts libnfc 1.6.0 mfoc 0.10.6.
The darkside attack (for weak mifare) can be processed with a low cost hardware like the ARC122U, with mfcuk/mfoc over the libnfc.
Nowadays, this attack is not covering a lot of Mifare classic card anymore. The Proxmark is the best choice.For the Proxmark3, the weak PRNG method is easy to find but the sniff/hardnested method for hard PRNG is more tricky.
1. First Of All – Try Generic Keys…
like this somekeys.txt, took from Mifare Classic Tool (android)
If you are lucky, you have a key… need to check now against B.
If you don’t have B, jump to the “Crack others keys” of each section 2.If you have B, you have all the keys A/B and you can jump to section 3.
2. Method For Weak
Crack others keys
2. Method For Hard
Sniff
The fun part… you have to fix the card to the proxmark3 (duct tape) connected to a laptop and set the proxmark3 in sniff mode.If you have a y-usb cable, you can also power the proxmark3 with an usb power pack and connect it back to your desktop to get the traces.The best way to sniff all the transaction is to put the proxmark3 between the card and the reader.Push it against the reader, well aligned… and repeat it 3-4 times to get at least one good sniffed transaction.
Mifare Classic protocol
Trace example
Check key against A/B
You can possibly bypass next step if the key is the same on A/B.
Crack others keys
replace 60 with the numeric value of the Hexadecimal between double parenthesis in the example – ours is ‘3C’.
Keys to dumpkeys.bin (perl):
Run it and you get a proper dumpkeys.bin to run ‘hf mf dump’ which relies on it.
3. From Keys To Write
Verify:
Dump the card to dumpdata.bin
Prepare .eml
Load in blank Magic/Chinese card
Mifare Classic Offline Cracker Free
Non-authentic MIFARE® products, including counterfeit ICs and cloned smart cards, pose a significant risk to everyone involved, from manufacturers and suppliers to end customers and consumers.
Using the latest MIFARE products helps to reduce this risk as they ensure proper ISO compliance including secure and trusted production and quality review processes. They add additional security features like the support of NXP’s Originality Check. Jointly with our Premium Partner AdvanIDe, NXP offers the NXP Originality Checker Reader, a tool that can help to verify the authenticity of an NXP IC, by simply tapping it to a special reader that is connected to your desktop PC.
After running an extensive set of checks, both in the reader itself as well as with an online service provided by NXP, you can receive the information whether an IC has been produced by NXP or not.
Products supported:
Mifare Classic Offline Cracker Game
- MIFARE Classic®
- MIFARE® DESFire®
- MIFARE Plus®
- MIFARE Ultralight®
- NTAG®
- ICODE® SLIX 2
The Originality Checker Reader is available through the AdvanIDe website, and it consists of 1 Reader with USB interface with SAMs. Please contact our Premium Partner AdvanIDe if you are interested in the NXP Originality Checker Reader.
For further support, please write an email to originalitychecker.support@nxp.com to get more information about the NXP Originality Checker Reader and the necessary software. Please note that you must be an active user of NXP DocStore and have an NDA signed with NXP to be eligible to use the Reader and the Software. Once you have the Software installed and activated, updates to the PC Application and to the Reader Firmware will be downloaded automatically.