github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

bit of doc...

Browse source
This commit is contained in:
Philippe Teuwen 2024-07-30 17:18:31 +02:00
commit 78510f33a0
4 changed files with 45 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tools/mf_fudan_rf08s/rf08s_nested.c
View file

@ -1,3 +1,13 @@
// Reused Keys Nested Attack against Fudan FM11RF08S tags
//
// Attack conditions:
// * Know a first key, to be able to activate the nested authentication protocol
// * The card must reuse some keys across several sectors. Or several cards of an infrastructure share the same key
//
// Strategy:
// * Find all possible key candidates for one reference sector, and check on-the-fly if they are compatible with any other sector we want to compare with
//
// Doegox, 2024
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>

11
tools/mf_fudan_rf08s/rf08s_nested_known.c
View file

@ -1,3 +1,14 @@
// Backdoored Nested Attack against Fudan FM11RF08S tags
//
// Attack conditions:
// * Backdoor
//
// Strategy:
// * Use backdoor on the targeted sector to get the clear static nested nT
// * Enumerate key candidates based on clear and encrypted nT
// * Use the resulting dictionary to bruteforce the key
//
// Doegox, 2024
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>

13
tools/mf_fudan_rf08s/rf08s_nested_known_collision.c
View file

@ -1,3 +1,16 @@
// Faster Backdoored Nested Attack against Fudan FM11RF08S tags
//
// Attack conditions:
// * Backdoor
// * keyA and keyB are different for the targeted sector
//
// Strategy:
// * Use backdoor on the targeted sector to get the clear static nested nT for keyA and for keyB
// * Generate 2 lists of key candidates based on clear and encrypted nT
// * Search couples of keyA/keyB satisfying some obscure relationship
// * Use the resulting dictionary to bruteforce the keyA (and rf08s_nested_known_match for keyB)
//
// Doegox, 2024
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>

11
tools/mf_fudan_rf08s/rf08s_nested_known_match.c
View file

@ -1,3 +1,14 @@
// Faster Backdoored Nested Attack against Fudan FM11RF08S tags, part 2
//
// Attack conditions:
// * Backdoor
// * keyA and keyB are different for the targeted sector
//
// Strategy:
// * Use f08s_nested_known_collision to crack keyA
// * If keyB not readable, find keyB in its dictionary based on the obscure relationship between keyA, keyB and their nT
//
// Doegox, 2024
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>