Proxmark 3
Try Hard Security Group
Kuashiria Mifumo ya RFID kwa Proxmark3
Jambo la kwanza unahitaji kufanya ni kuwa na Proxmark3 na kufunga programu na utegemezi wakes.
Kuashiria MIFARE Classic 1KB
Ina sehemu 16, kila moja ina blocks 4 na kila block ina 16B. UID iko katika sehemu 0 block 0 (na haiwezi kubadilishwa). Ili kufikia kila sehemu unahitaji funguo 2 (A na B) ambazo zimehifadhiwa katika block 3 ya kila sehemu (sehemu trailer). Sehemu trailer pia inahifadhi bit za ufikiaji ambazo zinatoa ruhusa za kusoma na kuandika kwenye kila block kwa kutumia funguo 2. Funguo 2 ni muhimu kutoa ruhusa za kusoma ikiwa unajua ya kwanza na kuandika ikiwa unajua ya pili (kwa mfano).
Mashambulizi kadhaa yanaweza kufanywa
The Proxmark3 allows to perform other actions like eavesdropping a Tag to Reader communication to try to find sensitive data. In this card you could just sniff the communication with and calculate the used key because the cryptographic operations used are weak and knowing the plain and cipher text you can calculate it (mfkey64
tool).
Raw Commands
Mifumo ya IoT wakati mwingine hutumia nonbranded or noncommercial tags. Katika kesi hii, unaweza kutumia Proxmark3 kutuma raw commands to the tags.
Kwa habari hii unaweza kujaribu kutafuta taarifa kuhusu kadi na kuhusu njia ya kuwasiliana nayo. Proxmark3 inaruhusu kutuma amri za moja kwa moja kama: hf 14a raw -p -b 7 26
Scripts
Programu ya Proxmark3 inakuja na orodha iliyopakiwa awali ya scripts za automatisering ambazo unaweza kutumia kufanya kazi rahisi. Ili kupata orodha kamili, tumia amri ya script list
. Kisha, tumia amri ya script run
, ikifuatiwa na jina la script:
You can create a script to fuzz tag readers, so copying the data of a valid card just write a Lua script that randomize one or more random bytes and check if the reader crashes with any iteration.
Jaribu Hard Security Group
Last updated