When running mfoc-hardnested with the -F (force hardnested) flag and a file of known keys (-f), the attack successfully starts and identifies an exploit sector. However, the attack table shows that it collects exactly one nonce, then moves to the "Apply bit flip properties" status, where it hangs indefinitely. It does not appear to collect any further nonces, which are necessary for the attack to succeed.
Steps to reproduce the behavior:
Have a MIFARE Classic 1k tag where at least one sector's keys are known.
Create a keys.txt file containing the known keys
Run the command: ./mfoc-hardnested -f keys.txt -F -O dump.mfd
Observe the attack table.
Expected behavior
I would expect the program to continue collecting multiple nonces from the target sector (e.g., 30-40+ nonces) to gather enough information before attempting to crack the key. It should not stop at one nonce and hang. (at least I think so)
Actual behavior The program starts, finds the known keys, selects an exploit sector (sector 01 in this case), and begins the hardnested attack. It collects one nonce, then the status changes to "Apply bit flip properties". No further nonces are collected, and the program makes no further progress, hanging until manually interrupted with ^C.
Console Log
./mfoc-hardnested -f keys.txt -F -O dump.mfd
The custom key [...snip...] has been added to the default keys
The custom key [...snip...] has been added to the default keys
ATS len = -20
Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): f0 2e 88 d0
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:
Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: [...snip...]] -> [//..............]
[Key: [...snip...]] -> [xx..............]
[Key: ffffffffffff] -> [xx..............]
[Key: a0a1a2a3a4a5] -> [xx..............]
[Key: d3f7d3f7d3f7] -> [xx..............]
[Key: 000000000000] -> [xx..............]
[Key: b0b1b2b3b4b5] -> [xx..............]
[Key: 4d3a99c351dd] -> [xx..............]
[Key: 1a982c7e459a] -> [xx..............]
[Key: aabbccddeeff] -> [xx..............]
[Key: 714c5c886e97] -> [xx..............]
[Key: 587ee5f9350f] -> [xx..............]
[Key: a0478cc39091] -> [xx..............]
[Key: 533cb6c723f6] -> [xx..............]
[Key: 8fd0a4f256e9] -> [xx..............]
Sector 00 - Found Key A: [...snip...] Found Key B: [...snip...]
Sector 01 - Found Key A: [...snip...] Found Key B: [...snip...]
Sector 02 - Unknown Key A Unknown Key B
Sector 03 - Unknown Key A Unknown Key B
... (sectors 4-15 truncated) ...
Using sector 01 as an exploit sector
Using AVX512F SIMD core.
time | trg | #nonces | Activity | expected to brute force
| | |
| #states | time
-------------------------------------------------------------------------------------------------------------
0 | 2A | 0 | Start using 12 threads and AVX512F SIMD core | |
0 | 2A | 0 | Brute force benchmark: 4114 million (2^31.9) keys/s | 140737488355328 | 10h
0 | 2A | 0 | Using 235 precalculated bitflip state tables | 140737488355328 | 10h
37 | 2A | 1 | Apply bit flip properties | 140737488355328 | 10h ^C
Environment:
mfoc-hardnested version: [latest]
OS: [Arch Linux]
NFC Reader: [ACR122U]
When running mfoc-hardnested with the -F (force hardnested) flag and a file of known keys (-f), the attack successfully starts and identifies an exploit sector. However, the attack table shows that it collects exactly one nonce, then moves to the "Apply bit flip properties" status, where it hangs indefinitely. It does not appear to collect any further nonces, which are necessary for the attack to succeed.
Steps to reproduce the behavior:
Have a MIFARE Classic 1k tag where at least one sector's keys are known.
Create a keys.txt file containing the known keys
Run the command: ./mfoc-hardnested -f keys.txt -F -O dump.mfd
Observe the attack table.
Expected behavior
I would expect the program to continue collecting multiple nonces from the target sector (e.g., 30-40+ nonces) to gather enough information before attempting to crack the key. It should not stop at one nonce and hang. (at least I think so)
Actual behavior The program starts, finds the known keys, selects an exploit sector (sector 01 in this case), and begins the hardnested attack. It collects one nonce, then the status changes to "Apply bit flip properties". No further nonces are collected, and the program makes no further progress, hanging until manually interrupted with ^C.
Console Log
Environment:
mfoc-hardnested version: [latest]
OS: [Arch Linux]
NFC Reader: [ACR122U]