Usage guide

Let me clarify right away, not all tags can be recovered with this application (tag = your card / fob).

It is necessary to have at least 1 key, without this you can't (you can use Detect Reader to get it). It is desirable to read FAQ.

Install compiled application, or compile it from sources yourself. You can install app via FlipC (Install button), or put .fap into /ext/apps/nfc/ folder (SD card). You will also need a PC with Linux/macOS/Windows.

1. Scan your tag and find at least 1 key.

2. (MUST) Save the dump (More -> Save -> any name). Now you can delete it, because we only need the key cache created when you save the dump.

3. Switch to the installed application Flipper (Mifare) Nested and choose Nested attack, the application will automatically select the attack for your tag (Static Nested or regular)

4. Apply the tag. Calibration will start, preferably put everything on the table and not touch anything.

5. Let's break down what can happen during calibration:

First: Static encrypted nonce.

Alas, you can't recover keys from this tag. There's nothing you can do about it, it's just bad luck.

Second: Calibration will take more time

You don't have to worry about it yet, it's just that the application is picking up the delay. It can take quite a long time, the algorithm is quite crooked. If it hangs like this for more than 10 minutes you may try to restart it. If after a few restarts it still hangs, you should look at the logs.

Third: Collecting nonces

You are lucky, the tag is vulnerable and authorization attempts are being collected, wait for the message "Nonces collected!".

6. Install the script to recover the keys on the PC. We need Python 3 installed (64 bit, version 3.8 or higher).

If you do it on Windows, I suggest that you choose "Add Python to PATH", it will give you less problems later.

👉 You should run commands directly in terminal, not into Python interpreter (where input starts with >>>)!

Run in terminal, depends on how Python is installed:

python -m pip install FlipperNested

Or, if the python on your system is called python3:

python3 -m pip install FlipperNested

or, if Windows and you have not added Python to the PATH:

py -m pip install FlipperNested.

7. Start the key recovery:

Connect Flipper Zero to the PC, make sure you close any applications that might interfere (qFlipper / lab.flipper.net / ./fbt cli).

Run FlipperNested (either python -m FlipperNested or py -m FlipperNested) in the terminal.

8. Key recovery. The script will go through all the files (you can collect from several tags at once, you don't have to look for keys every time after collecting them) and start looking for keys.

At start it may ask Please select depth of check. I advise to choose only option 3, it is better to wait longer (if your PC allows of course). If you want to monitor the key recovery process in this case, you can add an argument --progress: FlipperNested --progress.

Magic happens ... keys from the tag are found. This can take a very long time. So we make tea, drink and watch. As the script worked, back to Flipper Zero (you shouldn't disconnect it whole time).

9. Checking for Found Keys. The script will find potential keys, there may be much more of them than of the real ones, so they are checked on the tag before adding them to the dictionary.

Go to the main application menu and run Check found keys. Attach the tag you are searching for. The check of potential keys will start, the application will write the correct keys to the user dictionary and show how many new keys have been added.

11. Scan the tag again (through the NFC app). You can safely skip the system dictionary (if you ran it before). If not all the keys were found, run the Nested attack again.