Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved magic detection #2223

Merged
merged 1 commit into from
Dec 30, 2023
Merged

Improved magic detection #2223

merged 1 commit into from
Dec 30, 2023

Conversation

nvx
Copy link
Contributor

@nvx nvx commented Dec 30, 2023
edited
Loading

Magic detection no longer stops when a single type is found as cards may support multiple types of magic, so all detected types will be reported now.
GDM/USCUID chips are now detected when GDM magic auth is disabled but magic WUP (40 or 20) is enabled.
Gen2/CUID/DirectWrite is now detected when default keys and ACLs are used by attempting to write to block 0 but aborting before actually completing the write.

Some example hf 14a info output

CUID chip (factory defaults, default keys/etc)
Before:

[+]  UID: F1 E6 A9 30
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection: weak
[#] Auth error
[#] Auth error
[?] Hint: try `hf mf` commands

Now:

[+]  UID: F1 E6 A9 30
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Magic capabilities : Gen 2 / CUID
[+] Prng detection: weak
[#] Auth error
[#] Auth error
[?] Hint: try `hf mf` commands

USCUID/GDM ZUID chip
Before:

[+]  UID: 24 D8 2D 19
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Magic capabilities : Gen 1a
[+] Prng detection: weak
[#] Auth error
[#] Auth error
[?] Hint: try `hf mf` commands

Now:

[+]  UID: 24 D8 2D 19
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Magic capabilities : Gen 1a
[+] Magic capabilities : Gen 4 GDM / USCUID (Gen1 Magic Wakeup)
[+] Prng detection: weak
[#] Auth error
[#] Auth error
[?] Hint: try `hf mf` commands

Bonus, GDM/USCUID chip with a bunch of things enabled:

[+]  UID: 0A F5 3D 18
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Magic capabilities : Gen 2 / CUID
[+] Magic capabilities : Gen 4 GDM / USCUID (Magic Auth)
[+] Magic capabilities : Gen 4 GDM / USCUID (Alt Magic Wakeup)
[+] Prng detection: weak
[#] Auth error
[#] Auth error
[?] Hint: try `hf mf` commands

@nvx
Copy link
Contributor Author

nvx commented Dec 30, 2023

Actually that Gen2 being out of order is bugging me and I just noticed astyle did some silly things, going to fix those up and force push

@nvx nvx force-pushed the feature/gdm_magic_wakeup_detection branch 3 times, most recently from ba18388 to 6db684b Compare December 30, 2023 09:43
@nvx
Copy link
Contributor Author

nvx commented Dec 30, 2023

There, that looks nicer

@nvx
Improved magic detection
8f577ad 
Magic detection no longer stops when a single type is found as cards may support multiple types of magic, so all detected types will be reported now.
GDM/USCUID chips are now detected when GDM magic auth is disabled but magic WUP (40 or 20) is enabled.
Gen2/CUID/DirectWrite is now detected when default keys and ACLs are used by attempting to write to block 0 but aborting before actually completing the write.
@nvx nvx force-pushed the feature/gdm_magic_wakeup_detection branch from 6db684b to 8f577ad Compare December 30, 2023 09:53
@iceman1001 iceman1001 merged commit 27b9259 into RfidResearchGroup:master Dec 30, 2023
12 checks passed
@iceman1001
Copy link
Collaborator

Nice improvement,

Its almost like we should move it to the new hf mf info command instead.

@nvx
Copy link
Contributor Author

nvx commented Dec 30, 2023

Its almost like we should move it to the new hf mf info command instead.

It shows up there too :D

[usb] pm3 --> hf mf info

[=] --- ISO14443-a Information ---------------------
[+]  UID: A0 AE E9 9F
[+] ATQA: 00 04
[+]  SAK: 08 [2]

[=] --- Magic Tag Information
[+] Magic capabilities : Gen 1a
[+] Magic capabilities : Gen 4 GDM / USCUID (Gen1 Magic Wakeup)

[=] --- Keys Information
[+] loaded 59 keys from hardcoded default array
[+] Sector 0 key A... FFFFFFFFFFFF
[+] Sector 0 key B... FFFFFFFFFFFF
[+] Block 0.......... A0 AE E9 9F 78 08 04 00 62 63 64 65 66 67 68 69

[=] --- RNG Information
[+] Prng... weak

@nvx nvx deleted the feature/gdm_magic_wakeup_detection branch December 30, 2023 10:46
@iceman1001
Copy link
Collaborator

yeah, but remove it from 14a info...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nvx @iceman1001