mirror of
				https://github.com/RfidResearchGroup/proxmark3.git
				synced 2025-10-26 22:16:12 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			62 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			62 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| # AUTH AES
 | |
| #
 | |
| #  blog:  https://x41-dsec.de/lab/blog/telenot-complex-insecure-keygen/
 | |
| #
 | |
| # Recover the AES key for Telenot Access system's desfire cards.
 | |
| # CVE-2021-34600
 | |
| #
 | |
| # Finds the UNIX timestamp an AES key created with compasX version older than 32.0 has been generated.
 | |
| # Will not work on access tokens afterwards.
 | |
| #
 | |
| 
 | |
| 
 | |
| # Unix time stamp 2006-01-01
 | |
| 1136073600
 | |
| 
 | |
| # reader challenge
 | |
| 3fda933e2953ca5e6cfbbf95d1b51ddf
 | |
| 
 | |
| # tag resp, challenge
 | |
| 97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
 | |
| 
 | |
| 
 | |
| #
 | |
| # Original source code by authors
 | |
| #
 | |
| 
 | |
| # simple
 | |
| ./brute_key 1605394800 bb6aea729414a5b1eff7b16328ce37fd 82f5f498dbc29f7570102397a2e5ef2b6dc14a864f665b3c54d11765af81e95c
 | |
| 
 | |
| # complex
 | |
| ./brute_key 1136073600 3fda933e2953ca5e6cfbbf95d1b51ddf 97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
 | |
| 
 | |
| 
 | |
| #
 | |
| # Multi threaded version (Iceman)
 | |
| #
 | |
| 
 | |
| # simple
 | |
| ./mfd_aes_brute 1605394800 bb6aea729414a5b1eff7b16328ce37fd 82f5f498dbc29f7570102397a2e5ef2b6dc14a864f665b3c54d11765af81e95c
 | |
| 
 | |
| expected result:
 | |
| 261c07a23f2bc8262f69f10a5bdf3764
 | |
| 
 | |
| 
 | |
| Bruteforce using 8 threads
 | |
| Found timestamp........ 1631100305  ( '2021-09-08 13:25:05' )
 | |
| key.................... 261c07a23f2bc8262f69f10a5bdf3764
 | |
| execution time 1.00 sec
 | |
| 
 | |
| #
 | |
| # complex
 | |
| ./mfd_aes_brute 1136073600 3fda933e2953ca5e6cfbbf95d1b51ddf 97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
 | |
| 
 | |
| expected result:
 | |
| e757178e13516a4f3171bc6ea85e165a
 | |
| 
 | |
| 
 | |
| Bruteforce using 8 threads
 | |
| Found timestamp........ 1606834416  ( '2020-12-01 15:53:36' )
 | |
| key.................... e757178e13516a4f3171bc6ea85e165a
 | |
| execution time 18.54 sec
 | |
| 
 |