Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACR122U Authentication Failed #80

Open
pcamaril opened this issue Mar 20, 2020 · 0 comments
Open

ACR122U Authentication Failed #80

pcamaril opened this issue Mar 20, 2020 · 0 comments

Comments

@pcamaril
Copy link

lsusb

Bus 002 Device 010: ID 072f:2200 Advanced Card Systems, Ltd ACR122U

dmesg

...
[75772.616604] usb 2-1.6: USB disconnect, device number 9
[75777.432362] usb 2-1.6: new full-speed USB device number 10 using ehci-pci
[75777.543510] usb 2-1.6: New USB device found, idVendor=072f, idProduct=2200, bcdDevice= 2.14
[75777.543515] usb 2-1.6: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[75777.543519] usb 2-1.6: Product: RF1258V603 PICC Interface
[75777.543522] usb 2-1.6: Manufacturer: RFCARD

nfc-scan-device

nfc-scan-device uses libnfc 1.7.1
1 NFC device(s) found:

  • RFCARD / RF1258V603 PICC Interface:
    acr122_usb:002:010

sudo pcsc_scan

Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR122U PICC Interface 00 00

Fri Mar 20 19:55:50 2020
Reader 0: ACS ACR122U PICC Interface 00 00
Event number: 0
Card state: Card removed,

// Card in reader
-> This is issue number 1. PCSC_scan does not detect card on reader.

nfc-list

nfc-list uses libnfc 1.7.1
NFC device: RFCARD / RF1258V603 PICC Interface opened
3 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 04 00
UID (NFCID1): 77 e5 eb 59
SAK (SEL_RES): 08

ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 04 00
UID (NFCID1): 77 e5 eb 59
SAK (SEL_RES): 08

ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 04 00
UID (NFCID1): 77 e5 eb 59
SAK (SEL_RES): 08

mfoc -O dump.img

Found Mifare Classic 1k tag
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 04 00

  • UID size: single
  • bit frame anticollision not supported
    UID (NFCID1): 77 e5 eb 59
    SAK (SEL_RES): 08
  • Not compliant with ISO/IEC 14443-4
  • Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
Other possible matches based on ATQA & SAK values:

  • Unknown card, sorry

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '' B key found, 'x' both keys found
[Key: ffffffffffff] -> [...xxx/xxxxxxxxx]
[Key: a0a1a2a3a4a5] -> [/./xxx/xxxxxxxxx]
[Key: d3f7d3f7d3f7] -> [/./xxx/xxxxxxxxx]
[Key: 000000000000] -> [/./xxx/xxxxxxxxx]
[Key: b0b1b2b3b4b5] -> [/./xxx/xxxxxxxxx]
[Key: 4d3a99c351dd] -> [/./xxx/xxxxxxxxx]
[Key: 1a982c7e459a] -> [/./xxx/xxxxxxxxx]
[Key: aabbccddeeff] -> [/./xxx/xxxxxxxxx]
[Key: 714c5c886e97] -> [/./xxx/xxxxxxxxx]
[Key: 587ee5f9350f] -> [/./xxx/xxxxxxxxx]
[Key: a0478cc39091] -> [/./xxx/xxxxxxxxx]
[Key: 533cb6c723f6] -> [/./xxx/xxxxxxxxx]
[Key: 8fd0a4f256e9] -> [/./xxx/xxxxxxxxx]

Sector 00 - Found Key A: a0a1a2a3a4a5 Unknown Key B
Sector 01 - Unknown Key A Unknown Key B
Sector 02 - Found Key A: a0a1a2a3a4a5 Unknown Key B
Sector 03 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 04 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 05 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 06 - Found Key A: ffffffffffff Unknown Key B
Sector 07 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 08 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 09 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 10 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 11 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 12 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 13 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 14 - Found Key A: ffffffffffff Found Key B: ffffffffffff
Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff

Using sector 00 as an exploit sector
Sector: 1, type A, probe 0, distance 3092 .....
Sector: 1, type A, probe 1, distance 3044 .....
Sector: 1, type A, probe 2, distance 3040 .....
Sector: 1, type A, probe 3, distance 3068 .....
Sector: 1, type A, probe 4, distance 3058 .....
Sector: 1, type A, probe 5, distance 2912 .....
Sector: 1, type A, probe 6, distance 3010 .....
Sector: 1, type A, probe 7, distance 2996 .....
Sector: 1, type A, probe 8, distance 2938 .....
Sector: 1, type A, probe 9, distance 3086 .....
Sector: 1, type A, probe 10, distance 3026 .....
Sector: 1, type A, probe 11, distance 3008 .....
Sector: 1, type A, probe 12, distance 3010 .....
Sector: 1, type A, probe 13, distance 2946 .....
Sector: 1, type A, probe 14, distance 3060 .....
Sector: 1, type A, probe 15, distance 2960 .....
Sector: 1, type A, probe 16, distance 3048 .....
Sector: 1, type A, probe 17, distance 3062 .....
Sector: 1, type A, probe 18, distance 3042 .....
Sector: 1, type A, probe 19, distance 2982 .....
Sector: 1, type A, probe 20, distance 3064 .....
Sector: 1, type A, probe 21, distance 2834 .....
Sector: 1, type A, probe 22, distance 2934 .....
Found Key: A [7702e52a8b0c]
Data read with Key A revealed Key B: [000000000000] - checking Auth: Failed!
Sector: 0, type B, probe 0, distance 2936 .....
Sector: 0, type B, probe 1, distance 2834 .....
Sector: 0, type B, probe 2, distance 3012 .....
Sector: 0, type B, probe 3, distance 3072 .....
Sector: 0, type B, probe 4, distance 3128 .....
Sector: 0, type B, probe 5, distance 2862 .....
Sector: 0, type B, probe 6, distance 3034 .....
Found Key: B [b578f38a5c61]
Sector: 1, type B, probe 0, distance 3036 .....
Sector: 1, type B, probe 1, distance 3064 .....
Sector: 1, type B, probe 2, distance 3050 .....
Sector: 1, type B, probe 3, distance 2924 .....
Found Key: B [570fc559d7b4]
Sector: 2, type B, probe 0, distance 2940 .....
Sector: 2, type B, probe 1, distance 2934 .....
Sector: 2, type B, probe 2, distance 3026 .....
Sector: 2, type B, probe 3, distance 3032 .....
Sector: 2, type B, probe 4, distance 3026 .....
Sector: 2, type B, probe 5, distance 3094 .....
Sector: 2, type B, probe 6, distance 3026 .....
Sector: 2, type B, probe 7, distance 3028 .....
Sector: 2, type B, probe 8, distance 2990 .....
Sector: 2, type B, probe 9, distance 2842 .....
Sector: 2, type B, probe 10, distance 2934 .....
Sector: 2, type B, probe 11, distance 2962 .....
Sector: 2, type B, probe 12, distance 2938 .....
Sector: 2, type B, probe 13, distance 2994 .....
Sector: 2, type B, probe 14, distance 3072 .....
Sector: 2, type B, probe 15, distance 3078 .....
Sector: 2, type B, probe 16, distance 2950 .....
Sector: 2, type B, probe 17, distance 3102 .....
Sector: 2, type B, probe 18, distance 2966 .....
Sector: 2, type B, probe 19, distance 3096 .....
Sector: 2, type B, probe 20, distance 3152 .....
Sector: 2, type B, probe 21, distance 3112 .....
Sector: 2, type B, probe 22, distance 3070 .....
Sector: 2, type B, probe 23, distance 3020 .....
Found Key: B [0000014b5c31]
Sector: 6, type B, probe 0, distance 2936 .....
Sector: 6, type B, probe 1, distance 2888 .....
Sector: 6, type B, probe 2, distance 3076 .....
Sector: 6, type B, probe 3, distance 3092 .....
Sector: 6, type B, probe 4, distance 3118 .....
Sector: 6, type B, probe 5, distance 2930 .....
Sector: 6, type B, probe 6, distance 3174 .....
Sector: 6, type B, probe 7, distance 2922 .....
Sector: 6, type B, probe 8, distance 3140 .....
Sector: 6, type B, probe 9, distance 2936 .....
Sector: 6, type B, probe 10, distance 2964 .....
Sector: 6, type B, probe 11, distance 3164 .....
Sector: 6, type B, probe 12, distance 3102 .....
Sector: 6, type B, probe 13, distance 2960 .....
Sector: 6, type B, probe 14, distance 3056 .....
Sector: 6, type B, probe 15, distance 3122 .....
Sector: 6, type B, probe 16, distance 2996 .....
Sector: 6, type B, probe 17, distance 2950 .....
Sector: 6, type B, probe 18, distance 2998 .....
Sector: 6, type B, probe 19, distance 3078 .....
Sector: 6, type B, probe 20, distance 2912 .....
Sector: 6, type B, probe 21, distance 2868 .....
Sector: 6, type B, probe 22, distance 2938 .....
Sector: 6, type B, probe 23, distance 2834 .....
Found Key: B [96a301bce267]
Auth with all sectors succeeded, dumping keys to a file!
Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 61, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 60, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 59, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 58, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 57, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 56, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 55, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 54, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 53, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 52, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 51, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 50, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 49, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 48, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 47, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 46, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 45, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 44, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 43, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 42, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 41, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 40, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 39, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 38, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 37, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 36, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 35, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 34, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 33, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 32, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 31, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
Block 30, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 29, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 28, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Block 27, type A, key ffffffffffff :00 00 00 00 00 00 0f 00 ff 00 00 00 00 00 00 00
nfc_initiator_mifare_cmd: Mifare Authentication Failed
-> This is issue number 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant