During HiTB CTF one of the challenges were to decode a Mifare clasic handshake and find the encrypted message based on a communication trace.
Fair and Lovely
This seems like a communication log. Can you figure out the message?
Flag is HITB{}.
tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(401):50 00 57 cd [1100] c[1100] tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(402):61 04 09 24 [0011] c[0011] TAG(403):01 20 01 45 [0000] c[0000] RDR(404):95 bd 19 bf 44 cf ed e7 [00011101] c[11001111]! RDR(405):50 00 57 cd [1100] c[1100] tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(406):50 00 57 cd [1100] c[1100] tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(407):60 04 d1 3d [1010] c[1010] TAG(408):01 20 01 45 [0000] c[0000] RDR(409):87 0e ae 12 d6 bd b0 b0 [01111011] c[10010100]! TAG(410):64 d9 7b c8 [1101] c[0010]! RDR(411):6d 9b 68 02 [1110] c[0000]! TAG(412):81 98 8a fe [0111] c[1000]! RDR(413):4b fc fe 56 16 29 f9 0c [11101101] c[11010011]! TAG(414):31 11 63 75 [1101] c[0110]! RDR(415):20 08 88 29 [1001] c[0010]! tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(416):50 00 57 cd [1100] c[1100] tag select uid:e0 b8 e4 06 atqa:0x0004 sak:0x08 RDR(417):60 04 d1 3d [1010] c[1010] TAG(418):01 20 01 45 [0000] c[0000] RDR(419):71 6b b7 2c ef f2 e3 73 [10000100] c[10100000]! TAG(420):d9 33 64 2b [1010] c[0101]! RDR(421):b3 3f c0 5c [0000] c[0111]! TAG(422):36 e3 9b 35 c6 4a 9d 4a 98 cb fb 8b bc 6b 40 a1 7c 1c [000001001100100101] c[100110000001000000]! RDR(423):fa 34 69 50 [0101] c[1011]! TAG(424):6c f3 e6 79 90 f2 7b 33 9c e6 66 d0 f7 6c 08 5d 9b 4e [100101011110110111] c[110010111010010001]! RDR(425):92 0a 09 3a [1011] c[0111]! TAG(426):1d 34 3d 4b cd 69 e2 43 bc d3 06 5c d1 69 ac dd 94 9e [100001010110010011] c[100101100011111100]! RDR(427):7d 24 19 98 [0011] c[1100]! TAG(428):ff ec cb cd 6d 4e ac 26 e3 fe ce 4b e3 d6 3b a8 41 dd [100010011011010010] c[100001100001000011]! RDR(429):7a 71 fb 86 [1010] c[0100]! TAG(430):8f 45 47 f7 [1111] c[0010]! RDR(431):cf fd 5e 00 13 48 be e5 [00001011] c[10010110]! TAG(432):2c 68 9e 43 [0010] c[0000]! RDR(433):80 82 b2 da [1000] c[0110]! TAG(434):0d [0] c[0] RDR(435):50 00 57 cd [1100] c[1100]
For key recovery we can use the mfkey64 command with the CARD_UID, NT, NR, AR and AT parameter.
CARD_UID : Card unique identifier
NT: Nonce TAG
NR: Nonce Reader
AR:
AT:
mfkey64[CARD_UID] [NT] [NR] [AR] [AT]
root@kali:~/proxmark3/tools/mfkey# ./mfkey64 e0b8e406 01200145 716bb72c eff2e373 d933642b b33fc05c 36e39b35c64a9d4a98cbfb8bbc6b40a17c1c fa346950 6cf3e67990f27b339ce666d0f76c085d9b4e
MIFARE Classic key recovery - based 64 bits of keystream
Recover key from only one complete authentication!
Recovering key for:
uid: e0b8e406
nt: 01200145
{nr}: 716bb72c
{ar}: eff2e373
{at}: d933642b
{enc0}: b33fc05c
{enc1}: 36e39b35c64a9d4a98cbfb8bbc6b40a17c1c
{enc2}: fa346950
{enc3}: 6cf3e67990f27b339ce666d0f76c085d9b4e
LFSR succesors of the tag challenge:
nt': 63e5bca7
nt'': 993730bd
Keystream used to generate {ar} and {at}:
ks2: 8c175fd4
ks3: 40045496
Decrypted communication:
{dec0}: 300426ee
{dec1}: 6d69663472335f793075663472335f66107e
{dec2}: 3005afff
{dec3}: 7265656634723300000000000000000091f3
Found Key: [ffffffffffff]
Use Python to decode the dec1 and dec3 reponse from HEX to ascii.
"6d69663472335f793075663472335f6672656566347233000000000000000000".decode('hex')
'mif4r3_y0uf4r3_freef4r3\x00\x00\x00\x00\x00\x00\x00\x00\x00'
