AloneLiberty
f7991cbf7c
Update FlipC link
|
2 лет назад | |
|---|---|---|
| assets | 2 лет назад | |
| lib | 2 лет назад | |
| scenes | 2 лет назад | |
| FAQ.md | 2 лет назад | |
| LICENSE.md | 2 лет назад | |
| README.md | 2 лет назад | |
| TODO.md | 2 лет назад | |
| application.fam | 2 лет назад | |
| mifare_nested.c | 2 лет назад | |
| mifare_nested.h | 2 лет назад | |
| mifare_nested_i.h | 2 лет назад | |
| mifare_nested_worker.c | 2 лет назад | |
| mifare_nested_worker.h | 2 лет назад | |
| mifare_nested_worker_i.h | 2 лет назад |
README.md
Mifare Nested Attacks for Flipper Zero
Ported nested attacks from proxmark3 (Iceman fork)
Download
Currently supported attacks
- nested attack
- static nested attack
Warning
App is still in early development, so there may be bugs. Your Flipper Zero may randomly crash/froze. Please create issue if you find any bugs (one bug = one issue).
Disclaimer
The app provided for personal use only. Developer does not take responsibility for any loss or damage caused by the misuse of this app. In addition, the app developer does not guarantee the performance or compatibility of the app with all tags, and cannot be held liable for any damage caused to your tags/Flipper Zero as a result of using the app. By using this app you confirm that the tag belongs to you, you have permission to preform the attack and you agree to hold the app developer harmless from any and all claims, damages, or losses that may arise from its use.
I need your help!
To successfuly recover keys from nested attack we need to correctly predict PRNG value. But we have a problem with that. Due to lack of my knowlege of Flipper Zero NFC HAL, PRNG can jump by quite large values (not like Proxmark3). So app is trying to find a delay where PRNG can be predicted accurately enough. This is not the best option, because we have to try to recover a bunch of unnecessary keys, which takes a lot of time and RAM and also spend a lot of time on timings. I don't know how to fix it.
UPD: Chameleon Ultra devs faced same issue. They seems to use same method: nested.c (better know from the beginning of development...)
How to use it?
This guide assumes that you have already installed the app.
To recover keys from card you first need to collect nonces.
That's what this app was created for. App can't recover keys on Flipper Zero (yet). You need to use external device (PC) to recover keys. You can't use Mfkey32 on your phone with this app.
Save tag after scanning (you must have found at least one key). This action will create key cache that app will use for authorization on tag.
Run "Nested attack" from app menu
Wait until calibration complete
If the calibration passed and nonce collection began, you are very lucky and the tag is vulnerable. If not, you cannot use this app to recover keys from this tag.
Calibration can take a lot of time. If the calibration takes longer than 10 minutes, it is better to see the logs. Some static encrypted nonce tags may lead to inifnity calibration loop.
Wait until "Nonces collected!"
Recover keys via desktop script
Run "Check found keys" in app menu
When all keys are checked, they will be added to your user key dictonary. You can rescan your tag now.
If not all keys found - run Nested attack again.
FAQ
For frequently asked questions, please refer to the FAQ.md file.
Contacts
Telegram: @libertydev