Mifare cracking
![mifare cracking mifare cracking](https://img.mysku-st.ru/uploads/images/03/40/13/2016/06/21/1a183e.jpg)
Ġ0002f0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ0002b0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000270: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000230: ffff ffff ffff ff07 8069 ffff ffff ffff.
![mifare cracking mifare cracking](https://image.slidesharecdn.com/hackingrfidslides-141104164935-conversion-gate02/95/hacking-rfid-billing-schemes-for-fun-and-free-rides-37-638.jpg)
Ġ0001f0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ0001b0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000170: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000130: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ0000f0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ0000b0: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000070: ffff ffff ffff ff07 8069 ffff ffff ffff. Ġ000030: ffff ffff ffff ff07 8069 ffff ffff ffff. A thing which I didn’t understand until I read the source code, was that this command reads the keys from dumpkeys.bin.Ġ000000: 92c0 456b 7c88 0400 c08e 1c96 4960 2612. Ġ0000b0: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ0000a0: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000090: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000080: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000070: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000060: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000050: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000040: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000030: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000020: ffff ffff ffff ffff ffff ffff ffff ffff. Ġ000010: ffff ffff ffff ffff ffff ffff ffff ffff. Printing keys to bynary file dumpkeys.bin.Ġ000000: ffff ffff ffff ffff ffff ffff ffff ffff. |015| ffffffffffff | 1 | ffffffffffff | 1 | |014| ffffffffffff | 1 | ffffffffffff | 1 | |013| ffffffffffff | 1 | ffffffffffff | 1 | |012| ffffffffffff | 1 | ffffffffffff | 1 | |011| ffffffffffff | 1 | ffffffffffff | 1 | |010| ffffffffffff | 1 | ffffffffffff | 1 |
![mifare cracking mifare cracking](http://1.bp.blogspot.com/-AcWzqJyLY08/UYeK2O9CgrI/AAAAAAAAANE/c5FvCuQDgdw/s1600/copy2uid-001.jpg)
|009| ffffffffffff | 1 | ffffffffffff | 1 | |008| ffffffffffff | 1 | ffffffffffff | 1 | |007| ffffffffffff | 1 | ffffffffffff | 1 | |006| ffffffffffff | 1 | ffffffffffff | 1 | |005| ffffffffffff | 1 | ffffffffffff | 1 | |004| ffffffffffff | 1 | ffffffffffff | 1 | |003| ffffffffffff | 1 | ffffffffffff | 1 | |002| ffffffffffff | 1 | ffffffffffff | 1 | |001| ffffffffffff | 1 | ffffffffffff | 1 | |000| ffffffffffff | 1 | ffffffffffff | 1 | block no:00 key type:00 key:ff ff ff ff ff ff etrans:0 Proxmark3> hf mf nested 1 0 A FFFFFFFFFFFF d Using this, we can proceed with a nested attack.
![mifare cracking mifare cracking](https://guillaumeplayground.net/wp-content/uploads/2017/11/mifare_classic_trace.png)
Press the key on the proxmark3 device to abort both proxmark3 and client. Expected execution time: 25sec on average :-)