No solution found :( while previously it did find one for this card

[devedse]

Hi all,

I've been playing around with NFC cards for a bit and managed to get the keys for a specific card of mine using miLazyCracker: https://github.com/nfc-tools/miLazyCracker/

However, after trying exactly the same attack again on exactly the same NFC card the crypto1_bs tool keeps showing me the message No solution found :(

My log:

Collected 5052 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5064 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5075 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5086 nonces... leftover complexity 8151629441024 (~2^42.89) - press en
Collected 5098 nonces... leftover complexity 222377702350 (~2^37.69) -
initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking...  99.95%
No solution found :(
MFOC not possible, detected hardened Mifare Classic
Trying HardNested Attack...
libnfc_crypto1_crack ffffffffffff 60 B 4 B mfc_4db3582c_foundKeys.txt
Found tag with uid 4db3582c, collecting nonces for key B of block 4 (sector 1) using known key B ffffffffffff for block 60 (sector 15)
Collected 3543 nonces... leftover complexity 222377702350 (~2^37.69) - initializing brute-force phase...
Starting 8 threads to test 222377702350 states using 128-way bitslicing
Cracking...  37.33%

And this is basically the loop where it gets stuck in. What could be the problem here?

[devedse]

A workaround for this issue is to start bruteforcing when there's still a lot more complexity left. (somewhere around ~2^42.xxx). It then took a whole night of bruteforcing but it did manage to crack the key.

I think this is not the right solution though.

[aczid]

It's true that the craptev1 library doesn't always find a solution, and a workaround is to start the cracker with fewer nonces (a less well-determined system) just like you did.
I believe the improved (GPL) implementation that is part of proxmark3 has tweaked the approach to avoid this situation. I'm hoping somebody will take the time to lift it into a libnfc tool.

With the included .py scripts, it's possible to convert the .txt created by my tool to the .bin format used by the proxmark3 project and to use its host code to crack it. No actual proxmark3 device is required.
I'm afraid that's the best suggestion I can give you.

[devedse]

You've got an URL to where the proxmark code exists?

[aczid]

Here you go https://github.com/Proxmark/proxmark3

[vk496]

Hi,

Here some attempts to port the tool from proxmark3: https://github.com/vk496/cropto1_bs

Tried on Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz

Hello, world!
Using AVX2 SIMD core.          
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second          


          
 time    | #nonces | Activity                                                | expected to brute force          
         |         |                                                         | #states         | time           
------------------------------------------------------------------------------------------------------          
       0 |       0 | Start using 4 threads and AVX2 SIMD core                |                 |          
       0 |       0 | Brute force benchmark: 120 million (2^26,8) keys/s      | 140737488355328 |   14d          
       0 |       0 | Using 0 precalculated bitflip state tables              | 140737488355328 |   14d          
       2 |       0 | Simulating key ddf16ef5882e, cuid 5032b647 ...          | 140737488355328 |   14d          
       2 |     512 | Apply bit flip properties                               | 140737488355328 |   14d          
       2 |    1016 | Apply bit flip properties                               | 140737488355328 |   14d          
       3 |    2025 | Apply Sum property. Sum(a0) = 160                       |    545934278656 | 76min          
       3 |    2522 | Apply bit flip properties                               |    425602908160 | 59min          
       3 |    3008 | Apply bit flip properties                               |    411571159040 | 57min          
       3 |    3504 | Apply bit flip properties                               |    400525623296 | 56min          
       3 |    3991 | Apply bit flip properties                               |    395753291776 | 55min          
       3 |    4475 | Apply bit flip properties                               |    394422452224 | 55min          
       3 |    4947 | Apply bit flip properties                               |    392266022912 | 54min          
       3 |    5426 | Apply bit flip properties                               |    389971083264 | 54min          
       3 |    5902 | Apply bit flip properties                               |    225476575232 | 31min          
       4 |    6375 | Apply bit flip properties                               |    331080335360 | 46min          
       4 |    6828 | Apply bit flip properties                               |    297783984128 | 41min          
       4 |    7288 | Apply bit flip properties                               |    267721441280 | 37min          
       4 |    7748 | Apply bit flip properties                               |    196560551936 | 27min          
       4 |    8193 | Apply bit flip properties                               |    140487049216 | 20min          
       4 |    8634 | Apply bit flip properties                               |    128584802304 | 18min          
       4 |    9076 | Apply bit flip properties                               |    139814567936 | 19min          
       5 |    9510 | Apply bit flip properties                               |    151039918080 | 21min          
       5 |    9955 | Apply bit flip properties                               |    145253875712 | 20min          
       5 |   10387 | Apply bit flip properties                               |    145253875712 | 20min          
       5 |   10823 | Apply bit flip properties                               |    135245537280 | 19min          
       5 |   11243 | Apply bit flip properties                               |    123080974336 | 17min          
       5 |   11660 | Apply bit flip properties                               |    123080974336 | 17min          
       6 |   12064 | Apply bit flip properties                               |    121158918144 | 17min          
       6 |   12476 | Apply bit flip properties                               |    119553794048 | 17min          
       6 |   12895 | Apply bit flip properties                               |    120810610688 | 17min          
       6 |   13298 | Apply bit flip properties                               |    122345545728 | 17min          
       6 |   13712 | Apply bit flip properties                               |    118929686528 | 17min          
       6 |   13712 | (1. guess: Sum(a8) = 224)                               |    118929686528 | 17min          
      34 |   13712 | Apply Sum(a8) and all bytes bitflip properties          |    118929686528 | 17min          
      34 |   13712 | (Test: Key found)                                       |               0 |    0s          
      56 |   13712 | Brute force phase completed. Key found: ddf16ef5882e    |               0 |    0s

Would like to integrate libnfc, and after, into this repo :)

Salu2

[devedse]

Hey, isn't this using way more nonces though then the current implementation? (Usually it starts bruteforcing at around 3000-4000 nonces)

[vk496]

Nop, is only a simulation

[vk496]

Hi,

I made some progress with https://github.com/vk496/cropto1_bs. Right now is possible to use it with libnfc readers.

$ ./cropto1_bs 001122334455 0 A 20 B
Hello, world!
Using AVX2 SIMD core.          
Couldn't read benchmark data. Assuming brute force rate of 120000000 states per second          


          
 time    | #nonces | Activity                                                | expected to brute force          
         |         |                                                         | #states         | time           
------------------------------------------------------------------------------------------------------          
       0 |       0 | Start using 4 threads and AVX2 SIMD core                |                 |          
       0 |       0 | Brute force benchmark: 120 million (2^26.8) keys/s      | 140737488355328 |   14d          
       1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   14d          
       3 |       1 | Apply bit flip properties                               | 140737488355328 |   14d          
       3 |       2 | Apply bit flip properties                               | 140737488355328 |   14d          
       3 |       3 | Apply bit flip properties                               | 140737488355328 |   14d          
       3 |       4 | Apply bit flip properties                               | 127543080386560 |   12d          
       4 |       5 | Apply bit flip properties                               | 125959638351872 |   12d          
       4 |       6 | Apply bit flip properties                               | 112771144351744 |   11d          
       4 |       7 | Apply bit flip properties                               | 102814034427904 |   10d          
       4 |       8 | Apply bit flip properties                               | 102814034427904 |   10d          
       4 |       9 | Apply bit flip properties                               | 102814034427904 |   10d          
       4 |      10 | Apply bit flip properties                               |  53722788921344 |    5d          
       4 |      11 | Apply bit flip properties                               |  53722788921344 |    5d          
       4 |      12 | Apply bit flip properties                               |  50847748718592 |    5d          
       4 |      13 | Apply bit flip properties                               |  50847748718592 |    5d          
       4 |      14 | Apply bit flip properties                               |  44694402760704 |    4d          
       5 |      15 | Apply bit flip properties                               |  44694402760704 |    4d          
       5 |      16 | Apply bit flip properties                               |  44694402760704 |    4d          
       5 |      17 | Apply bit flip properties                               |  44419201892352 |    4d          
       5 |      18 | Apply bit flip properties                               |  35674354876416 |    3d          
       5 |      19 | Apply bit flip properties                               |  29673314582528 |    3d          
       5 |      20 | Apply bit flip properties                               |  21800077492224 |    2d          
       5 |      21 | Apply bit flip properties                               |   5771871911936 |   13h          
       5 |      22 | Apply bit flip properties                               |   5771871911936 |   13h          
       5 |      23 | Apply bit flip properties                               |   3934981193728 |    9h          
       5 |      24 | Apply bit flip properties                               |   3934981193728 |    9h          
       5 |      25 | Apply bit flip properties                               |   3934981193728 |    9h          
       6 |      26 | Apply bit flip properties                               |   3934981193728 |    9h          
..............................    
     171 |    1640 | Apply bit flip properties                               |     37733543936 |  5min          
     171 |    1640 | Apply bit flip properties                               |     37733543936 |  5min          
     171 |    1641 | Apply bit flip properties                               |     37733543936 |  5min          
     172 |    1642 | Apply bit flip properties                               |     37733543936 |  5min          
     172 |    1643 | Apply bit flip properties                               |     37733543936 |  5min          
     173 |    1644 | Apply Sum property. Sum(a0) = 128                       |      5758310400 |   48s          
     173 |    1645 | Apply bit flip properties                               |      5758310400 |   48s          
     174 |    1646 | Apply bit flip properties                               |      5758310400 |   48s          
     174 |    1647 | Apply bit flip properties                               |      5758310400 |   48s          
     174 |    1647 | (1. guess: Sum(a8) = 256)                               |      5758310400 |   48s          
     175 |    1647 | Apply Sum(a8) and all bytes bitflip properties          |      5758282240 |   48s          
     176 |    1647 | Brute force phase completed. Key found: xxxxxxxxxxxx    |               0 |    0s          
test

After cleaning the code, I think it would be better idea to integrate the functionality directly into https://github.com/nfc-tools/mfoc

[devedse]

That's very cool!!! Would love to see this integrated within Mfoc :)

[vk496]

Hello again!

I have successfully integrated hardnested attack into mfoc.

https://github.com/vk496/mfoc/tree/hardnested

Is not ready yet to be merged into the official project, but is already working :)

Salu2

[devedse]

How would you call it?

[vk496]

How would you call it?

I'm more interested in integrate the mod into official project instead of forking a new one. Missing only some makefile code to support arm builds and the mod should be merged nfc-tools/mfoc#60

[ghost]

Hello How to recovered the 2 missing files crapto1 and craptev1 because bra does not answer is what someone can send them to me?
IcoderX@protonmail.ch

[aczid]

@vk496 has created an updated version of mfoc which applies the hardnested attack, please start using this tool. https://github.com/vk496/mfoc/tree/hardnested
I've tested the tool and it works fine (but could still be faster). Thank you @vk496!

[devedse]

Has it already been merged to MFOC master?

[aczid]

No, but the PR has been submitted there since last year.
nfc-tools/mfoc#60

[MichaelNec]

@aczid I encountered the same problem as him, I would like to ask you how to use your py to convert txt to bin, and do not connect devices in PM3

[MichaelNec]

@vk496 I compiled it https://github.com/vk496/cropto1_ BS, but prompted no NFC device connection, want to ask how to use offline

[vk496]

https://github.com/nfc-tools/mfoc-hardnested

[MichaelNec]

@vk496 For example, I want to run a file password named 1234.bin, how should I operate, thank you again