自从上次换了 Mac 后,还没有搭建 proxmark3 的环境,前几天搭建好了,不算太麻烦,比 acr122 方便多了 (那个多半咕了,一直搞不好) 这里记录一下。
安装 proxmark3 client
从 HomeBrew tap 安装(推荐)
在 macOS Sierra 10.12.3 测试通过。
我的 macOS 版本:Mojave 10.14.4
tap 中的 pm3 client 版本:3.1
- 安装 homebrew
HomeBrew 是 macOS 上的包管理工具,类似 Debian 的 apt,CentOS 的 yum。
如果你没有安装,可以使用以下命令安装:1
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
加载 proxmark 的仓库:
1
brew tap proxmark/proxmark3
安装 Proxmark3
如果安装 stable 稳定版本1
brew install proxmark3
如果安装 最新的 非稳定版本1
brew install --HEAD proxmark3
proxmark3 的 HomeBrew 仓库地址:https://github.com/Proxmark/homebrew-proxmark3
连接 proxmark3
命令格式1
proxmark3 /dev/tty.usbmodem######
######是一串数字,我们可以通过 tab 自动补全来确定
但是当我连接时,报错了
libreadline.7.dylib not found
1 | └─[$] <> proxmark3 /dev/tty.usbmodem143401 |
谷歌之,发现解决方案很粗暴。
好吧,看了下对应目录,我也照着做了个软连接(这就是解决方案),在 macOS 10.15 也同样适用1
ln -s /usr/local/opt/readline/lib/libreadline.8.0.dylib /usr/local/opt/readline/lib/libreadline.7.dylib
全部1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18┌─[meoww@meowdeMBP] - [~] - [Fri Mar 08, 23:57]
└─[$] <> ls -l /usr/local/opt/readline/lib/libreadline.*
lrwxr-xr-x 1 meoww staff 47 Mar 8 23:57 /usr/local/opt/readline/lib/libreadline.6.dylib -> /usr/local/opt/readline/lib/libreadline.7.dylib
-rw-r--r-- 1 meoww staff 239260 Feb 7 00:06 /usr/local/opt/readline/lib/libreadline.8.0.dylib
lrwxr-xr-x 1 meoww staff 21 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.8.dylib -> libreadline.8.0.dylib
-r--r--r-- 1 meoww staff 406384 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.a
lrwxr-xr-x 1 meoww staff 21 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.dylib -> libreadline.8.0.dylib
┌─[meoww@meowdeMBP] - [~] - [Fri Mar 08, 23:59]
└─[$] <> rm /usr/local/opt/readline/lib/libreadline.6.dylib
┌─[meoww@meowdeMBP] - [~] - [Sat Mar 09, 00:00]
└─[$] <> ln -s /usr/local/opt/readline/lib/libreadline.8.0.dylib /usr/local/opt/readline/lib/libreadline.7.dylib
┌─[meoww@meowdeMBP] - [~] - [Sat Mar 09, 00:01]
└─[$] <> ls -l /usr/local/opt/readline/lib/libreadline.*
lrwxr-xr-x 1 meoww staff 49 Mar 9 00:01 /usr/local/opt/readline/lib/libreadline.7.dylib -> /usr/local/opt/readline/lib/libreadline.8.0.dylib
-rw-r--r-- 1 meoww staff 239260 Feb 7 00:06 /usr/local/opt/readline/lib/libreadline.8.0.dylib
lrwxr-xr-x 1 meoww staff 21 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.8.dylib -> libreadline.8.0.dylib
-r--r--r-- 1 meoww staff 406384 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.a
lrwxr-xr-x 1 meoww staff 21 Dec 20 05:07 /usr/local/opt/readline/lib/libreadline.dylib -> libreadline.8.0.dylib
QtWidgets not found
1 | > proxmark3 /dev/cu.usbmodem142101 |
其实这个包我的电脑上是有的,只是路径不对1
2ls /usr/local/opt/qt@5/lib/QtWidgets.framework/Versions/5/QtWidgets
/usr/local/opt/qt@5/lib/QtWidgets.framework/Versions/5/QtWidgets
参考这里: https://github.com/ros2/ros2/issues/1107#issuecomment-834802013
Mac 上可以使用 install_name_tool 这个命令修改查找依赖的 image
格式是这样1
install_name_tool -change /old/path /new/path /path/to/exe
这里我们修改1
sudo install_name_tool -change /usr/local/opt/qt/lib/QtWidgets.framework/Versions/5/QtWidgets /usr/local/opt/qt@5/lib/QtWidgets.framework/Versions/5/QtWidgets /usr/local/bin/proxmark3
QtGui not found
1 | > proxmark3 /dev/cu.usbmodem142101 |
修改1
sudo install_name_tool -change /usr/local/opt/qt/lib/QtGui.framework/Versions/5/QtGui /usr/local/opt/qt@5/lib/QtGui.framework/Versions/5/QtGui /usr/local/bin/proxmark3
QtCore not found
1 | > proxmark3 /dev/cu.usbmodem142101 |
修改1
sudo install_name_tool -change /usr/local/opt/qt/lib/QtCore.framework/Versions/5/QtCore /usr/local/opt/qt@5/lib/QtCore.framework/Versions/5/QtCore /usr/local/bin/proxmark3
完成
终于连接上了,熟悉的shell1
2
3
4
5
6
7
8
9
10
11
12
13
14└─[$] <> proxmark3 /dev/tty.usbmodem143401
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: /-suspect 2015-04-02 15:12:04
#db# os: /-suspect 2015-04-02 15:12:11
#db# HF FPGA image built on 2015/03/09 at 08:41:42
Prox/RFID mark3 RFID instrument
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 0 bytes ( 0). Free: 262144 bytes (100).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
测试一下电压1
2
3
4
5
6
7
8proxmark3> hw tune
Measuring antenna characteristics, please wait.........
# LF antenna: 60.50 V @ 125.00 kHz
# LF antenna: 64.07 V @ 134.00 kHz
# LF optimal: 74.52 V @ 129.03 kHz
# HF antenna: 19.39 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
读卡1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30proxmark3> hf 14a reader
UID : 2c 63 22 c7
ATQA : 00 04
SAK : 08 [2]
Field dropped.
proxmark3> hf 14a list
Deprecated command, use 'hf list 14a' instead
proxmark3> hf 14a reader
iso14443a card select failed
proxmark3> hf 14a reader
UID : 2c 63 22 c7
ATQA : 00 04
SAK : 08 [2]
Field dropped.
proxmark3> hf 14a reader --help
Usage: hf 14a reader [-h|-H|--help] [-k|-K|--keep] [-x|-X|--drop] [-3]
Executes ISO1443A anticollision-select group of commands.
-h, -H, --help print this help and exit
-k, -K, --keep keep the field active after command executed
-x, -X, --drop just drop the signal field
-3 ISO14443-3 select only (skip RATS)
proxmark3> hf 14a reader -k
UID : 2c 63 22 c7
ATQA : 00 04
SAK : 08 [2]
Card is selected. You can now start sending commands
proxmark3> hf 14a reader -x
Field dropped.
但是,怎么总觉得有点怪怪的???
算了,试试mifare “DarkSide”攻击吧1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.......................Found a possible key. Trying to authenticate...
Found valid key:a0a1a2a3a4a5
proxmark3> hf mf mifare a0a1a2a3a4a5
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
..................Found a possible key. Trying to authenticate...
Found valid key:a0a1a2a3a4a5
proxmark3> hf mf nested 1 0 a a0a1a2a3a4a5
Can't authenticate to block: 0 key type:A key:a0 a1 a2 a3 a4 a5
proxmark3> hf mf nested 1 0 b a0a1a2a3a4a5
Can't authenticate to block: 0 key type:B key:a0 a1 a2 a3 a4 a5
proxmark3> hf mf chk *1 a a0a1a2a3a4a5
chk key[ 0] a0a1a2a3a4a5
To cancel this operation press the button on the proxmark...
--.
No valid keys found.
什么鬼??这密码是对的啊,为啥又说 ‘no valid keys’了
想来想去,在pm3的论坛找到了原因。
原来,brew 安装的 客户端版本是 3.x,我在老坛买的 proxmark3 Easy 版本 出厂是2.0版本,而 客户端只是固件的 shell,所以很多原始的命令是可以用的。
根据官方仓库的 release,3.0.0 发布的时间是 Jun 5, 2017
proxmark3的 brew 仓库开坑时间是 Mar 6, 2017,这个commit只是添加了个README.md文件,真正可用是 70fd792e8b8bb63239a328e7636a822dc5f586d6 commit,可以看到 rb文件 中使用的版本是 2.3,仍旧无法匹配 2.0,但是我又不想编译 2.0 的客户端用,明明有 brew 可以管理,那么就升级固件吧。
升级固件
准备工作
- 打开终端
- 安装一些必要依赖
使用 HomeBrew 安装1
2brew tap nitsky/stm32
brew install readline libusb p7zip libusb-compat wget qt5 pkgconfig arm-none-eabi-gcc
本来官方 wiki 还提供使用 MacPorts 来安装必要依赖的方法,这里略过,因为 life is short, brew is enough。
但是使用 brew 的话,需要手动设置一些环境变量。
添加 QT 到 PKG_CONFIG_PATH,这样 pkg-config 才能找到 QT51
export PKG_CONFIG_PATH=/usr/local/Cellar/qt5/<< INSTALLED VERSION >>/lib/pkgconfig/
比如我的是这样,我将之添加到了 shell 的环境变量文件~/.zshrc:1
export PKG_CONFIG_PATH=/usr/local/Cellar/qt/5.11.2/lib/pkgconfig/
然后,添加 moc_location 到 Qt5Core.pc 文件.我也加入到 ~/.zshrc中1
2
3
4export QT_PKG_CONFIG_QT5CORE=$(find /usr -name Qt5Core.pc 2>/dev/null)
chmod 666 $QT_PKG_CONFIG_QT5CORE
echo "moc_location=\${prefix}/bin/moc" >> $QT_PKG_CONFIG_QT5CORE
chmod 444 $QT_PKG_CONFIG_QT5CORE
为了避免与 readline 相关的编译错误,需要强制创建链接:1
brew link --force readline
- 安装 Xcode ,这样会附带安装一些编译器和工具链: gcc, make, 等等。
- 获取源码
因为最新的 release 版本是 3.1,发布于 Oct 27, 2018。我直接下载这个压缩包。 之所以不用 github 最新的代码,是因为可能会不稳定。
release 一般是测试好才会发布的。
被 github release 的下载包坑了。因为 release 的打包不含 git 信息,编译出来的固件刷进设备里,hw version 查出来会显示这样1
2bootrom: /-suspect 2020-01-17 01:16:50
os: /-suspect 2020-01-17 01:16:51
没有具体的版本号,本来这个问题也无伤大雅,自己能记住版本号就可以了。
但是偏偏安卓机上的 pm3 客户端要靠这个来识别设备的固件版本。
还是老老实实 clone 吧。
1 | git clone https://github.com/Proxmark/proxmark3 |
- 开始编译 bootrom, OS 和 软件
1
2
3cd proxmark3
git checkout v3.1.0 # 切换到 v3.1.0 的tag下
make clean; make
编译一般很顺利,没有遇到报错,心情顿时舒畅。
刷写固件
因为已经是 CDC 的 bootrom,无需按按钮即可进行刷写。
刷写命令:1
./client/flasher /dev/cu.usbmodem###### -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
brew 安装的 proxmark客户端 附带了 proxmark3-flasher,很贴心,我们可以开箱即用
刷写过程如下:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31└─[$] <> proxmark3-flasher /dev/cu.usbmodem141401 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
Loading ELF file 'bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000cd4->0x00000cd4) [R X] @0x298
Loading ELF file 'armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0002c808->0x0002c808) [R X] @0x94
1: V 0x00200000 P 0x0012e808 (0x00001a60->0x00001a60) [RW ] @0x2c89c
Note: Extending previous segment from 0x2c808 to 0x2e268 bytes
Waiting for Proxmark to appear on /dev/tty.usbmodem141401 .
Found.
Entering bootloader...
(Press and release the button only to abort)
Waiting for Proxmark to appear on /dev/tty.usbmodem141401 ....
Found.
Flashing...
Writing segments for file: bootrom/obj/bootrom.elf
0x00100000..0x001001ff [0x200 / 1 blocks]. OK
0x00100200..0x00100ed3 [0xcd4 / 7 blocks]....... OK
Writing segments for file: armsrc/obj/fullimage.elf
0x00102000..0x00130267 [0x2e268 / 370 blocks].................................................................................................................................................................................................................................................................................................................................................................................. OK
Resetting hardware...
All done.
Have a nice day!
刷写成功。
手机上也可以正常使用了。
一些显著变化
贴出一些我感觉变化比较大的地方。
至于版本的详细更新日志,我会在另一篇博文中给出翻译。
查看固件版本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15proxmark3> hw version
Prox/RFID mark3 RFID instrument
bootrom: HEAD/v3.1.0-suspect 2020-01-17 01:21:36
os: HEAD/v3.1.0-suspect 2020-01-17 01:21:37
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2018/09/12 at 15:18:46
SmartCard Slot: not available
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 197222 bytes (75). Free: 64922 bytes (25).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory查看卡片信息
之前1
hf 14a reader
现在1
2
3
4
5
6
7
8
9
10
11
12
13
14proxmark3> hf 14a info
UID : xx xx xx xx
ATQA : 00 08
SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
ATS : 12 78 00 b2 02 43 44 00 8c 00 01 86 84 1e xx xx xx xx 17 b1
- TL : length is 18 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
- TA1 : different divisors are supported, DR: [], DS: []
- TB1 : SFGI = 2 (SFGT = 16384/fc), FWI = 11 (FWT = 8388608/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : 43 44 00 8c 00 01 86 84 1e xx xx xx xx
No chinese magic backdoor command detected
Prng detection: WEAK
- 对于cpu卡,运行
hf mf mifare
之前1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23proxmark3> hf mf mifare
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
#db# Mifare: Can't select card
现在1
2
3
4
5
6
7proxmark3> hf mf mi
-------------------------------------------------------------------------
Executing command. Expected execution time: 25sec on average
Press button on the proxmark3 device to abort both proxmark3 and client.
-------------------------------------------------------------------------
.....Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown
generating polynomial with 16 effective bits only, but shows unexpected behaviour.
dump to binary file1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282proxmark3> hf mf nested 1 0 A a0a1a2a3a4a5 d
--nested. sectors:16, block no: 0, key type:A, eml:n, dmp=y checktimeout=471 us
Testing known keys. Sector count=16
nested...
-----------------------------------------------
uid:2c6322c7 trgbl=0 trgkey=1
Found valid key:79c914b8dea0
-----------------------------------------------
uid:2c6322c7 trgbl=4 trgkey=0
Found valid key:2c6322c7d39c
-----------------------------------------------
uid:2c6322c7 trgbl=4 trgkey=1
Found valid key:bd58e4b1782a
-----------------------------------------------
uid:2c6322c7 trgbl=8 trgkey=0
Found valid key:9352f48e759b
-----------------------------------------------
uid:2c6322c7 trgbl=8 trgkey=1
Found valid key:35e9efed85d6
-----------------------------------------------
uid:2c6322c7 trgbl=12 trgkey=0
Found valid key:9d111d836b1f
-----------------------------------------------
uid:2c6322c7 trgbl=12 trgkey=1
Found valid key:3062650481c2
-----------------------------------------------
uid:2c6322c7 trgbl=16 trgkey=0
Found valid key:212061cbf3c7
-----------------------------------------------
uid:2c6322c7 trgbl=16 trgkey=1
Found valid key:2ca1655797db
-----------------------------------------------
uid:2c6322c7 trgbl=20 trgkey=0
-----------------------------------------------
uid:2c6322c7 trgbl=20 trgkey=1
Found valid key:49a7c98e197c
-----------------------------------------------
uid:2c6322c7 trgbl=24 trgkey=0
Found valid key:2e8cfc764dd3
-----------------------------------------------
uid:2c6322c7 trgbl=24 trgkey=1
Found valid key:a5cc0b3f61a6
-----------------------------------------------
uid:2c6322c7 trgbl=28 trgkey=0
Found valid key:e63839385319
-----------------------------------------------
uid:2c6322c7 trgbl=28 trgkey=1
Found valid key:7e6dcc9d210d
-----------------------------------------------
uid:2c6322c7 trgbl=32 trgkey=0
Found valid key:cb8e294a15b0
-----------------------------------------------
uid:2c6322c7 trgbl=32 trgkey=1
Found valid key:778240d80b99
-----------------------------------------------
uid:2c6322c7 trgbl=36 trgkey=0
Found valid key:76de3ddd253a
-----------------------------------------------
uid:2c6322c7 trgbl=36 trgkey=1
Found valid key:e49c2d453797
-----------------------------------------------
uid:2c6322c7 trgbl=40 trgkey=0
-----------------------------------------------
uid:2c6322c7 trgbl=40 trgkey=1
Found valid key:e1528817f67d
-----------------------------------------------
uid:2c6322c7 trgbl=44 trgkey=0
Found valid key:a0f3fd2d71a9
-----------------------------------------------
uid:2c6322c7 trgbl=44 trgkey=1
Found valid key:6f1eaa86f53c
-----------------------------------------------
uid:2c6322c7 trgbl=48 trgkey=0
Found valid key:68c029486eaf
-----------------------------------------------
uid:2c6322c7 trgbl=48 trgkey=1
Found valid key:767e6064cf7d
-----------------------------------------------
uid:2c6322c7 trgbl=52 trgkey=0
Found valid key:44cd93a1bc36
-----------------------------------------------
uid:2c6322c7 trgbl=52 trgkey=1
Found valid key:aad05ea245ac
-----------------------------------------------
uid:2c6322c7 trgbl=56 trgkey=0
Found valid key:7e2bbae5cf92
-----------------------------------------------
uid:2c6322c7 trgbl=56 trgkey=1
Found valid key:4d3e12b9d96b
-----------------------------------------------
uid:2c6322c7 trgbl=60 trgkey=0
Found valid key:43cb3b658b1b
-----------------------------------------------
uid:2c6322c7 trgbl=60 trgkey=1
-----------------------------------------------
uid:2c6322c7 trgbl=20 trgkey=0
Found valid key:64b8a15df8c7
-----------------------------------------------
uid:2c6322c7 trgbl=40 trgkey=0
Found valid key:c66ba9d4ff0a
-----------------------------------------------
uid:2c6322c7 trgbl=60 trgkey=1
Found valid key:e9f659512cb4
-----------------------------------------------
Nested statistic:
Iterations count: 34
Time in nested: 32.272 (0.949 sec per key)
|---|----------------|---|----------------|---|
|sec|key A |res|key B |res|
|---|----------------|---|----------------|---|
|000| a0a1a2a3a4a5 | 1 | 79c914b8dea0 | 1 |
|001| 2c6322c7d39c | 1 | bd58e4b1782a | 1 |
|002| 9352f48e759b | 1 | 35e9efed85d6 | 1 |
|003| 9d111d836b1f | 1 | 3062650481c2 | 1 |
|004| 212061cbf3c7 | 1 | 2ca1655797db | 1 |
|005| 64b8a15df8c7 | 1 | 49a7c98e197c | 1 |
|006| 2e8cfc764dd3 | 1 | a5cc0b3f61a6 | 1 |
|007| e63839385319 | 1 | 7e6dcc9d210d | 1 |
|008| cb8e294a15b0 | 1 | 778240d80b99 | 1 |
|009| 76de3ddd253a | 1 | e49c2d453797 | 1 |
|010| c66ba9d4ff0a | 1 | e1528817f67d | 1 |
|011| a0f3fd2d71a9 | 1 | 6f1eaa86f53c | 1 |
|012| 68c029486eaf | 1 | 767e6064cf7d | 1 |
|013| 44cd93a1bc36 | 1 | aad05ea245ac | 1 |
|014| 7e2bbae5cf92 | 1 | 4d3e12b9d96b | 1 |
|015| 43cb3b658b1b | 1 | e9f659512cb4 | 1 |
|---|----------------|---|----------------|---|
Printing keys to binary file dumpkeys.bin...
proxmark3> hf mf dump
|-----------------------------------------|
|------ Reading sector access bits...-----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
#db# READ BLOCK FINISHED
|-----------------------------------------|
|----- Dumping all blocks to file... -----|
|-----------------------------------------|
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 0.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 1.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 2.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 3.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 4.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 5.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 6.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 7.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 8.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 9.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 10.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 11.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 12.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 13.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 14.
#db# READ BLOCK FINISHED
Successfully read block 0 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 1 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 2 of sector 15.
#db# READ BLOCK FINISHED
Successfully read block 3 of sector 15.
Dumped 64 blocks (1024 bytes) to file dumpdata.bin
参考: