Reader key capture

A shortcut for obtaining card keys when we have physical access to the (legitimate) reader is to capture the communications between the tag and the reader. This is an straight forward process in Proxmark or alternative emulators like iCopy or Chameleon (AKA Reader Attack).

I was wondering if there are any plans for near future to improve the “detect reader” and support the same concept?

Alternatively, until that is implemented, it would be great to have an option to save traces when emulating a user defined or saved UID. This trace can be also used to extract the keys later on phone/computer.

Thanks for all the great work you’ve done so far!

1 Like

already implemented a base version of this

currently you need to collect the nonces using the flipper and calculate the keys off-device but the end goal is to have the companion app run the calculations. note this attack will not be able to ever run souly on the flipper due to the memory footprint needed exceeding that of the flippers capabilities

1 Like

nested or hardnested attacks would be great too, since they don’t require sniffing, just access to the card for some minutes

That’s in the backlog, will be implemented eventually, but will require connection to the mobile app for computing


yeah, would be nice to have, but definitely not a must, since a pm3 is more suited for this task and pm3 clones are available for ~30$

Maybe a binary of Mfkey32 compiled to windows without the need of using MingW could be of use …

just use linux in a virtual machine‽

mingw wink

Thank you very much @equip ! worked nicely! :slight_smile: It would be great to mention this in FZ’s documentation somewhere, as it would be unlikely to randomly find this. Looking forward to future mobile app updates.