...
On pose une carte (mifare desfire donc ici) sur le proxmark et on lance la commande
| Bloc de code |
|---|
|
hf mfdes info |
Cette commande lance un certain nombres d'apdus sur le tag qui permete permettent de récupérer un certain nombre d'informations, alors même que nous n'avons pas donné de clef d'authentificaiton authentification :
| Bloc de code |
|---|
|
[=] ---------------------------------- Tag Information ----------------------------------
[+] UID: 04 33 20 BA 3E 62 80
[+] Batch number: CE D9 98 61 30
[+] Production date: week 45 / 2018
[+] Product type: MIFARE DESFire native IC (physical card)
[=] --- Hardware Information
[=] raw: 04010112001805
[=] Vendor Id: NXP Semiconductors Germany
[=] Type: 0x01 ( DESFire )
[=] Subtype: 0x01
[=] Version: 12.0 ( DESFire EV2 )
[=] Storage size: 0x18 ( 4096 bytes )
[=] Protocol: 0x05 ( ISO 14443-2, 14443-3 )
[=] --- Software Information
[=] raw: 04010102011805
[=] Vendor Id: NXP Semiconductors Germany
[=] Type: 0x01 ( DESFire )
[=] Subtype: 0x01
[=] Version: 2.1
[=] Storage size: 0x18 ( 4096 bytes )
[=] Protocol: 0x05 ( ISO 14443-3, 14443-4 )
[=] --------------------------------- Card capabilities ---------------------------------
[=] --- Tag Signature
[=] IC signature public key name: NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2
[=] IC signature public key value: 04B304DC4C615F5326FE9383DDEC9AA8
[=] : 92DF3A57FA7FFB3276192BC0EAA252ED
[=] : 45A865E3B093A3D0DCE5BE29E92F1392
[=] : CE7DE321E3E5C52B3A
[=] Elliptic curve parameters: secp224r1
[=] TAG IC Signature: C83449E7E0427B621868F0E78611FE5E
[=] : FA83298C34C77B2C0D80FC937284434F
[=] : 59C5B7E0E6F44EE02FB2173C9750825B
[=] : 15201E32F341A6D1
[+] Signature verification: successful
[+] --- AID list ( 1 found )
[+] F58540,
[+] ------------------------------------ PICC level -------------------------------------
[+] # applications....... 1
[+]
[+] PICC level auth commands
[+] Auth.............. NO
[+] Auth ISO.......... NO
[+] Auth AES.......... YES
[+] Auth Ev2.......... YES
[+] Auth ISO Native... YES
[+] Auth LRP.......... NO
[+] PICC level rights
[+] [1...] CMK Configuration changeable : YES
[+] [.0..] CMK required for create/delete : YES
[+] [..1.] CMK required for AID list / GetKeySettings : NO
[+] [...1] CMK is changeable : YES
[+]
[+] Key type... AES
[+] Key cnt.... 1
[+] PICC key 0 version: 0 (0x00)
[=] --- Free memory
[+] Available free memory on card... 4928 bytes
[=] Standalone DESFire |
Toujours sans authentification, suivant la configuration de la carte, on peut lister les applications desfire par exemple :
| Bloc de code |
|---|
|
hf mfdes lsapp --no-auth |
Ce qui renvoie :
| Bloc de code |
|---|
|
[=] It may take up to 15 seconds. Processing...
[+] ------------------------------------ PICC level -------------------------------------
[+] # applications....... 1
[+]
[+] PICC level auth commands
[+] Auth.............. NO
[+] Auth ISO.......... NO
[+] Auth AES.......... YES
[+] Auth Ev2.......... YES
[+] Auth ISO Native... YES
[+] Auth LRP.......... NO
[+] PICC level rights
[+] [1...] CMK Configuration changeable : YES
[+] [.0..] CMK required for create/delete : YES
[+] [..1.] CMK required for AID list / GetKeySettings : NO
[+] [...1] CMK is changeable : YES
[+]
[+] Key type... AES
[+] Key cnt.... 1
[+] PICC key 0 version: 0 (0x00)
[+] --------------------------------- Applications list ---------------------------------
[+] Application ID....... 0xF58540
[+] ISO id............ 0x0000
[+] DF name........... ( 00000000000000000000000000000000 )
[+] AID mapped to MIFARE Classic AID (MAD): 5854
[+] MAD AID Cluster 0x58..... Reserved
[=] MAD AID Function 0x5854... University student identification [Pro Active]
[+] Auth commands
[+] Auth.............. NO
[+] Auth ISO.......... NO
[+] Auth AES.......... YES
[+] Auth Ev2.......... YES
[+] Auth ISO Native... YES
[+] Auth LRP.......... NO
[+]
[+] Application level rights
[+] - AMK authentication is necessary to change any key (default)
[+] [1...] AMK Configuration changeable : YES
[+] [.0..] AMK required for create/delete : YES
[+] [..1.] AMK required for FID list / GetKeySettings : NO
[+] [...1] AMK is changeable : YES
[+]
[+] Key type... AES
[+] Key cnt.... 3
[+] Key versions [0..2] 00, 00, 00
|
...