Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add instructions for building mfoc on Windows. #74

Open
DavidBerdik opened this issue Nov 6, 2019 · 44 comments
Open

Add instructions for building mfoc on Windows. #74

DavidBerdik opened this issue Nov 6, 2019 · 44 comments

Comments

@DavidBerdik
Copy link

The available documentation for mfoc details how to build it on *nix-based systems, but not Windows. Even if this project is not intended for Windows, I believe the project could still benefit from providing instructions for building for Windows for those who would like to try it.

Unfortunately, using a VM with USB passthrough is not possible, as the program does not work properly in a VM, and USB passthrough is apparently not supported by the Windows Subsystem for Linux for anything other than external drives and flash drives.

@xavave
Copy link

xavave commented Jan 10, 2020

Hi,
I've cross-compiled mfoc and nfc utils for windows 64 bits , you can find them on my blog:
http://legacy.averbouch.biz/libnfc-and-nfc-utils-binaries-on-windows-10/
https://blog.avxt.fr/libnfc-and-nfc-utils-binaries-on-windows-10/

@DavidBerdik
Copy link
Author

Hello @xavave,

Thank you so much for sharing this! This is wonderful! Do you by chance have any documentation on what you changed from the original Linux version? Or is it linked in your post and I just didn't see it? I ask because I would be interested in trying to maintain a Windows version that tries to keep up to date with changes applied to the Linux version. You certainly provide a wonderful starting point for doing just that.

@xavave
Copy link

xavave commented Jan 14, 2020

@DavidBerdik I used libnfc1.7.1 and mainly used tutorial here : https://github.com/peacepenguin/libnfc-unofficialbuilds
then I used mfoc hardnested source : https://github.com/vk496/mfoc/tree/hardnested

btw I've also cross-compiled libfreefare for windows 64, you can find binaries in attachment at the end of my post here :
nfc-tools/libfreefare#52 (post named : allow to cross-compile 32 and 64 bit dlls using MinGW)
new post on my blog too : http://legacy.averbouch.biz/en/how-to-cross-compile-libfreefare-examples-for-windows-with-msys2-mingw64/

and also a forked C# wrapper here : https://github.com/xavave/sharp-free-fare

I've just updated my post about mfoc here : http://legacy.averbouch.biz/libnfc-and-nfc-utils-binaries-on-windows-10/
I've simply changed this in mfoc code for hardnested branch version:
image

@DavidBerdik
Copy link
Author

DavidBerdik commented Jan 17, 2020

Excellent! Thanks for sharing! I played with the prebuilt binaries a bit last weekend, and everything worked fine except for mfoc_hardnested.exe which was crashing with the following error.

image

Installing MINGW from the Chocolatey repo (https://chocolatey.org/packages/mingw) fixed the problem. I found that I could get the program to work on a machine without MINGW installed by copying the DLL mentioned in the error from the MINGW installation from a machine that has it and dropping it in the same directory as the executable.

TL;DR - If mfoc_hardnested.exe crashes with an error about not being found, download the attached zip file and extract the DLL contained in it to the same folder as mfoc_hardnested.exe.

libwinpthread-1.zip

@DavidBerdik
Copy link
Author

DavidBerdik commented Jan 19, 2020

After further experimentation, I am not sure that the mfcuk prebuilt binary that you provide works properly. I've had it running an attack on a card for several hours now, and it doesn't look like it's making any progress. I've broken this same card in the past using the same reader (ACR122U) using mfcuk on Ubuntu and it's worked, so I do not really know what to make of this.

Last chunk of output as of this post:

-----------------------------------------------------
Let me entertain you!
    uid: b2588311
   type: 08
    key: 000000000000
  block: 03
diff Nt: 19905
   hit4: 0
  auths: 19905
-----------------------------------------------------

My command to start running the attack was mfcuk_keyrecovery_darkside.exe -C -R -1:A -s 250 -S 250 -v 3 -o mfcuk-dump.

Any suggestions @xavave?

@xavave
Copy link

xavave commented Jan 19, 2020

@DavidBerdik Did you use exactly the same command parameters when it worked on Ubuntu ?
Which source code/version did you use to compile mfcuk on Ubuntu ?
I've just recompiled a fresh version from latest mfcuk code (https://github.com/nfc-tools/mfcuk) (attached). Could you test with it please ?
mfcuk_keyrecovery_darkside_win64.zip
EDIT: I've just also recompiled DrSkottky version (https://github.com/DrSchottky/mfcuk) so you can compare them :
mfcuk_keyrecovery_darkside_DrSkottky_Win64.zip

@DavidBerdik
Copy link
Author

DavidBerdik commented Jan 19, 2020

@xavave Yes, I used exactly the same command parameters when testing on Ubuntu. I can say that with absolute confidence because I copied the command off to a text file for future use when testing on Ubuntu.

As for which version I used, I am not sure because I did not compile from source. I installed it using apt.

I will try testing now and let you know how it goes.

Edit: When I start running the attack, I always get 3 warnings in the console. Perhaps they are of some importance?

mfcuk_keyrecovery_darkside - 0.3.8
Mifare Classic DarkSide Key Recovery Tool - 0.3
by Andrei Costin, zveriu@gmail.com, http://andreicostin.com - compiled on windows 64 by xavave

WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_skgt.mfd'
WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_ratb.mfd'
WARN: cannot open template file './data/tmpls_fingerprints/mfcuk_tmpl_oyster.mfd'

@xavave
Copy link

xavave commented Jan 19, 2020

@DavidBerdik I’m not sure the warnings make a difference.
I think you can remove these warnings by unzipping attached file data.zip in mfcuk.exe folder:
data.zip
folder structure should be like this:
|__mfcuk.exe
|data
______|_tmpls_fingerprints
_____________|__mfcuk_tmpl_oyster.mfd
_____________|_mfcuk_tmpl_ratb.mfd
_____________|_mfcuk_tmpl_skgt.mfd
Btw I saw an old “official” windows version here:
https://github.com/nfc-tools/mfcuk/releases/tag/windows
Does this old version works better ?
Update :
my compiled 'DrSkottky' version was not working, I've recompiled it:
mfcuk_keyrecovery_darkside_drSkottky.zip
Can you send me a dump of the card you've successfully dumped on Ubuntu ? (in PM on my mail ?) so I could test it too please ?

@DavidBerdik
Copy link
Author

@xavave Unfortunately, none of the mfcuk variations you have made available seem to work for me. As for sharing the dump of my card, I can (it's only an old hotel room key, so there aren't any security concerns), but you may have to wait a while. The hard drive in the laptop that I used to do this on died a month or two ago. That hard drive had the only copy of the card dump that I made, and I haven't had a chance to do anything about the laptop, and as you likely know, using USB pass-through to an Ubuntu VM does not cooperate with the ACR122U.

@xavave
Copy link

xavave commented Jan 20, 2020

@DavidBerdik on my laptop When I test my mfcuk I can see different « diff nt » and « auth » values. So I don’t understand the problem for now. I can wait for your dump, no problem. Thank you

@xavave
Copy link

xavave commented Jan 24, 2020

@DavidBerdik I tried also mfcuk on linux but I get the same results : same count of auths and diff nt , maybe the issue comes with the reader ACR122U-A9 or, the tag used for test is protected too much ? I have no clue for now --> nfc-tools/mfcuk#50

@DavidBerdik
Copy link
Author

DavidBerdik commented Jan 25, 2020

@xavave I expect that I will have time to play with this a little tomorrow. I will try to take a dump of it on Linux and post it here. I remember the last time I cracked the card, I used mfcuk to crack all of the A keys which took a great deal of time. I hadn't realized at the time that you only need one of the A keys to derive the rest. Hopefully that will speed things up a bit.

What reader are you using? ACR122U as well?

@DavidBerdik
Copy link
Author

@xavave An update for you: I am trying to crack the card on my Linux laptop right now, and it's doing the same thing. I know it worked before so I'm going to try to just let it run its course. I'm at about 37,000 auths right now.

@xavave
Copy link

xavave commented Jan 26, 2020

@DavidBerdik do you use exactly the same card reader than before ?

@DavidBerdik
Copy link
Author

@xavave Yep! Same card reader and same card. I woke up this morning to find that mfcuk had crashed, so I am trying again with a different card but the same reader.

@DavidBerdik
Copy link
Author

@xavave Have you had any luck? I have been trying with another, different card now for several days and it's doing the same thing. I have also cracked this card before successfully.

@xavave
Copy link

xavave commented Jan 31, 2020

@DavidBerdik I didn't try again, but you are saying that on linux and, on windows mfcuk doesn't work ? and on linux it was working previously ? I have no clue, or mfcuk has been upgraded meanwhile and has new bugs ? on some tags mfcuk seems to work on my windows (« diff nt » and « auth » are different), and on some other tags, it doesn't ((« diff nt » and « auth » are different)

@DavidBerdik
Copy link
Author

@xavave I finally managed to get a key by setting -R 2:A when attacking on Linux, but I still have not had any success on Windows. So far, I have only tested with this parameter using the original mfcuk that you linked to in your initial reply. I am going to try the other builds as well though.

@xavave
Copy link

xavave commented Feb 2, 2020

@DavidBerdik good 👍🏻
How long did it take on Linux ? Could you send me the dump please ?

@DavidBerdik
Copy link
Author

DavidBerdik commented Feb 2, 2020

@xavave It took about 30 minutes. Unfortunately, the card that I successfully dumped was not the hotel room key that I told you about earlier. The card that I managed to get working is actually sensitive, so I cannot share it. I am going to keep experimenting with the other card on Linux to see if I can get a dump to share with you. The room key has one of the default keys that mfoc checks for which makes using mfcuk unnecessary, but even so, it should be a good test card.

@xavave
Copy link

xavave commented Feb 2, 2020

@DavidBerdik ok 👍 thank you

@DavidBerdik
Copy link
Author

DavidBerdik commented Feb 2, 2020

@xavave It just occurred to me that even though mfcuk testing with the hotel room key is not working, I can still give you an mfoc dump since the card uses default keys, so I have attached one. I am still going to keep trying to get mfcuk working on it though. Thanks for your help with this!

I should point out that this mfoc dump was taken using Linux. Also, the MD5 hash for the dump file contained in the zip is 7e34f15beaa8db11b9c5e68df97328b5.

mfoc_hotel_room_key_dump.zip

@xavave
Copy link

xavave commented Feb 2, 2020

thank you, I'm going to test it now

@DavidBerdik
Copy link
Author

@xavave Excellent! Good luck!

@xavave
Copy link

xavave commented Feb 2, 2020

@DavidBerdik after a few minutes, diff nt and auths or different :
image
image
btw I used key B in parameters for testing: -C -R -1:B -s 250 -S 250 -v 3 -o mfcuk-dump

the mfcuk I used is attached here
mfcuk_keyrecovery_darkside.zip

I will let you know how it ends..

@DavidBerdik
Copy link
Author

@xavave I get different values for diff Nt and auths after a few minutes too, but it still doesn't seem to work for me. I am trying again on Ubuntu using -R 2:A, and here is where I am as of a few moments ago.

Screenshot from 2020-02-02 18-14-42

I was actually not aware that you could attack for B keys using mfcuk. I thought it was only for getting at least one A key which you then used with mfoc to get the B keys as well as the remaining A keys. I will let it continue running on Ubuntu for now, and if it does not crack a key within 24 hours, I will give up and try something else.

@xavave
Copy link

xavave commented Feb 2, 2020

@DavidBerdik I was reading on some chinese forums (that I've google translated :) ) that the results depend on the sector you attack, so many tries can be done before finding

@DavidBerdik
Copy link
Author

DavidBerdik commented Feb 3, 2020

@xavave Thanks for sharing! I have seen similar claims on other websites, but as I understand, my attacks are taking longer than they should have to. In several cases over the last few weeks, I let them run for over 24 hours without any progress made at all. In some of those cases, mfcuk would start throwing an error with each read attempt.

@xavave
Copy link

xavave commented Feb 3, 2020

@DavidBerdik it doesn't seem to work for me neither
image I saw there is a dedicated support for mfcuk btw
nfc-tools/mfcuk#39
I wonder if it comes from ACR122 tag reader on windows version, but, I dont't have other USB reader to test for now

@DavidBerdik
Copy link
Author

@xavave Have you experimented with doing it on Linux at all? Also, why do some versions of mfcuk have a hit4 field while others do not? What is that all about? I assume they are different versions of the program, but I do not know what it means. (Well, I actually do not know what any of those fields are except for the uid and auths ones.)

@xavave
Copy link

xavave commented Feb 3, 2020

@DavidBerdik I should try on Linux again. Tonight I let mfcuk run with libnfc.dll v1.5 to check if issue can be related to latest Libnfc version 1.7.
Hit4 is the number of successful auths as you can see in dr skottky mfcuk improved version:
4A05CED6-7842-47F7-98ED-BE8291AA9B4C

https://github.com/DrSchottky/mfcuk/blob/master/src/mfcuk.c line 623

@xavave
Copy link

xavave commented Feb 4, 2020

@xavave
Copy link

xavave commented Feb 4, 2020

@DavidBerdik I've decommented debug print in mfcuk source code on windows and ubuntu and, i've noticed that on ubuntu, nonce distance is between 0 and about 65535 and values follows each others
image diff nt much lower than auths , the same on windows (but diff nt increases faster on windows and this is bad )
but on windows something is wrong: I never see nonce distance value lower than a few thousands
anyway , I run mfcuk on ubuntu for more than 1 hour with your dump written on a card , and also no successful result

@DavidBerdik
Copy link
Author

DavidBerdik commented Feb 5, 2020

I have had an mfcuk attack running against the card for 2 days now and still nothing has come of it. I am not really sure what to do at this point. I have another card that I can try that I had successfully cracked with mfcuk before. Unfortunately though, it is sensitive and therefore I cannot share the dump.

Also, I am not sure what the nonce distance value is supposed to mean.

Here is the state of my attack attempt as of this post:
Screenshot from 2020-02-04 19-26-52

@DavidBerdik
Copy link
Author

@xavave I'm trying the other card that I mentioned in my previous post, and I am seeing no progress. The diff Nt and auths values are just incrementing together.

Screenshot from 2020-02-04 21-54-20

@xavave
Copy link

xavave commented Feb 5, 2020

@DavidBerdik some cards are protected against dark side attack. But I still can’t explain why different mfcuk versions never found a key for me neither on Ubuntu neither on windows with different cards including blank ones. I’ve just ordered a proxmark 3 Tag reader so I will be able to compare results with Acr122u-a9 soon.
How long did it take to crack Your previous card successfully ?

@DavidBerdik
Copy link
Author

@xavave What disturbs me is that I have already cracked this card using mfcuk on Ubuntu but now it's not working. Furthermore, this is the same card that I cracked 2:A on last week, but now it's acting weird again. I don't understand it.

As for how long it took when I did it last year, it was a several-hour process.

@xavave
Copy link

xavave commented Feb 6, 2020

@DavidBerdik I've reopened this issue on dedicated mfcuk discussion : nfc-tools/mfcuk#76

@GitH-Michael
Copy link

Hi, I've cross-compiled mfoc and nfc utils for windows 64 bits , you can find them on my blog: http://legacy.averbouch.biz/libnfc-and-nfc-utils-binaries-on-windows-10/

Yo bro, apparently the website you linked is empty! could you please share this somewhere else? I would really appreciate it

@DavidBerdik
Copy link
Author

Yo bro, apparently the website you linked is empty! could you please share this somewhere else? I would really appreciate it

The Internet Archive has it: https://web.archive.org/web/20230331102618/http://legacy.averbouch.biz/libnfc-and-nfc-utils-binaries-on-windows-10/

@xavave
Copy link

xavave commented Nov 16, 2024

Hi @GitH-Michael @DavidBerdik,
Sorry for the late reply!
I've just got my website back up and running on a new domain
The attachment upload feature is not back yet, but I'll try to get it back up and running in the next few days
Here is the link: https://blog.avxt.fr/libnfc-and-nfc-utils-binaries-on-windows-10/

@DavidBerdik
Copy link
Author

@xavave Unfortunately it does not seem to be loading for me.

@xavave
Copy link

xavave commented Nov 18, 2024

@DavidBerdik did you try with https://blog.avxt.fr ?
do you see an error message when trying to load ?
image

@DavidBerdik
Copy link
Author

@xavave This is what I see.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants