mfoc安装编译
系统环境 UBUNTU16.04,要安装好各种基础的编译环境,这就不说了,如果不知道需要什么,那就编译时出错时看到什么安装什么吧
下载源码包libnfc, mfoc, mfcuk,都是github上,源码都可以从https://github.com/nfc-tools中下面找到。
-
安装依赖:
安装前要稍看下README之类的,有的有依赖关系,比如,LIBNFC可能需要LIBUSB之类的,但不是必须的,根据你的硬件,如果是PN532使用UART,就需要下面的部分:
apt-get install libpcsclite-dev libusb-dev libusb-0.1-4 libpcsclite1 libccid pcscd
-
编译安装libnfc
进入到源码目录下,需要autoreconf一下,这样才会有INSTALL等文件出现,而这又需要libtool开发工具,如果没有就需要安装下
vmuser@Linux-host:~/nfc/libnfc-master$ sudo apt-get install libtool
安装好后,运行autoreconf
vmuser@Linux-host:~/nfc/libnfc-master$ autoreconf -is libtoolize: putting auxiliary files in `.'. libtoolize: linking file `./ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'. libtoolize: linking file `m4/libtool.m4' libtoolize: linking file `m4/ltoptions.m4' libtoolize: linking file `m4/ltsugar.m4' libtoolize: linking file `m4/ltversion.m4' libtoolize: linking file `m4/lt~obsolete.m4' configure.ac:27: installing './config.guess' configure.ac:27: installing './config.sub' vmuser@Linux-host:~/nfc/libnfc-master$
有的时候,会出现MACRO错误的字样,并提示版本不匹配aclocal功能版本的原因,删除aclocal.m4后,安装新版本,并运行aclocal重新生成即可,这里没有出现,就不演示了。
继续配置,因为使用的是PN532 UART,所以按下面的配置并MAKE
vmuser@Linux-host:~/nfc/libnfc-master$ ./configure --sysconfdir=/etc --prefix=/usr --with-drivers=pn532_uart vmuser@Linux-host:~/nfc/libnfc-master$ make vmuser@Linux-host:~/nfc/libnfc-master$ sudo make install
如果顺得的话,就编译完成了,已经完成了一半的工作,因为还需要配置,否则很大的机率是不能工作的,如下图,反正我这里是不能工作的,
vmuser@Linux-host:~/nfc/libnfc-master$ sudo LIBNFC_LOG_LEVEL=3 nfc-list
info libnfc.config Unable to open file: /etc/nfc/libnfc.conf
debug libnfc.config Unable to open directory: /etc/nfc/devices.d
debug libnfc.general log_level is set to 3
debug libnfc.general allow_autoscan is set to true
debug libnfc.general allow_intrusive_scan is set to false
debug libnfc.general 0 device(s) defined by user
nfc-list uses libnfc 1.7.1
No NFC device found.
vmuser@Linux-host:~/nfc/libnfc-master$
从上图中,设置了LIBNFC_LOG_LEVEL=3后,发现/etc/nfc/libnfc.conf,/etc/nfc/devices.d都是不存在的。其实,GITHUB上首面就已经有相关的操作方法了
sudo mkdir /etc/nfc sudo cp libnfc.conf.sample /etc/nfc/libnfc.conf
第二个配置文件官方给的例子是是
sudo mkdir -p /etc/nfc/devices.d printf 'name = "My first device"\nconnstring = "pn532_uart:/dev/ttyACM0"\n' | sudo tee /etc/nfc/devices.d/first.conf printf 'name = "My second device"\nconnstring = "pn532_uart:/dev/ttyACM1"\n' | sudo tee /etc/nfc/devices.d/second.conf
上面建立了两个文件,指出需要去检测ttyACM0 ttyACM1两个作为pn532来使用,而我的设置是ttyUSB0,可以连上硬件后,通过ls /dev 和 lsusb 等命令去确认你的是哪个设备,所以我这里ttyACM0改为了ttyUSB0,如下图:
vmuser@Linux-host:/etc/nfc/devices.d$ ls first.conf vmuser@Linux-host:/etc/nfc/devices.d$ cat first.conf name = "My first device" connstring = "pn532_uart:/dev/ttyUSB0" vmuser@Linux-host:/etc/nfc/devices.d$
继续检查
vmuser@Linux-host:/etc/nfc/devices.d$ sudo nfc-list nfc-list uses libnfc 1.7.1 NFC device: My first device opened
-
编译mfoc
这就容易多了,解压后进入源码目录,根据README.MD,运行下面的编译过程退可
autoreconf -is ./configure make && sudo make install
在我的计算机上,直接成功完成
- 测试
在连好硬件后,执行mfoc命令
vmuser@Linux-host:~/nfc/mfoc-master$ mfoc -O ~/home.dump error libnfc.driver.pn532_uart Invalid serial port: /dev/ttyUSB0 No NFC device found. vmuser@Linux-host:~/nfc/mfoc-master$ sudo mfoc -O ~/home.dump Found Mifare Classic 1k tag ISO/IEC 14443A (106 kbps) target: ATQA (SENS_RES): 00 04 * UID size: single * bit frame anticollision supported UID (NFCID1): b5 4a cc 73 SAK (SEL_RES): 08 * Not compliant with ISO/IEC 14443-4 * Not compliant with ISO/IEC 18092 Fingerprinting based on MIFARE type Identification Procedure: * MIFARE Classic 1K * MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1 * SmartMX with MIFARE 1K emulation Other possible matches based on ATQA & SAK values: Try to authenticate to all sectors with default keys... Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found [Key: ffffffffffff] -> [xxxxxxxxx..xx.xx] [Key: a0a1a2a3a4a5] -> [xxxxxxxxx..xx.xx] [Key: d3f7d3f7d3f7] -> [xxxxxxxxx..xx.xx] [Key: 000000000000] -> [xxxxxxxxx..xx.xx] [Key: b0b1b2b3b4b5] -> [xxxxxxxxx..xx.xx] [Key: 4d3a99c351dd] -> [xxxxxxxxx..xx.xx] [Key: 1a982c7e459a] -> [xxxxxxxxx..xx.xx] [Key: aabbccddeeff] -> [xxxxxxxxx..xx.xx] [Key: 714c5c886e97] -> [xxxxxxxxx..xx.xx] [Key: 587ee5f9350f] -> [xxxxxxxxx..xx.xx] [Key: a0478cc39091] -> [xxxxxxxxx..xx.xx] [Key: 533cb6c723f6] -> [xxxxxxxxx..xx.xx] [Key: 8fd0a4f256e9] -> [xxxxxxxxx..xx.xx] Sector 00 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 01 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 02 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 03 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 04 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 05 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 06 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 07 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 08 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 09 - Unknown Key A Unknown Key B Sector 10 - Unknown Key A Unknown Key B Sector 11 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 12 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 13 - Unknown Key A Unknown Key B Sector 14 - Found Key A: ffffffffffff Found Key B: ffffffffffff Sector 15 - Found Key A: ffffffffffff Found Key B: ffffffffffff Using sector 00 as an exploit sector Sector: 9, type A, probe 0, distance 32 ..... Found Key: A [474249433434] Data read with Key A revealed Key B: [474249433434] - checking Auth: OK Sector: 10, type A Data read with Key A revealed Key B: [474249433434] - checking Auth: OK Found Key: A [474249433434] Sector: 13, type A, probe 0, distance 32 ..... Found Key: A [112233445214] Data read with Key A revealed Key B: [57454942494e] - checking Auth: OK Auth with all sectors succeeded, dumping keys to a file! Block 63, type A, key ffffffffffff :00 00 00 00 00 00 ff 07 80 bc ff ff ff ff ff ff Block 62, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..........
.......... Block 02, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 01, type A, key ffffffffffff :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Block 00, type A, key ffffffffffff :b5 4a cc 73 40 08 04 00 62 63 64 65 66 67 68 69 vmuser@Linux-host:~/nfc/mfoc-master$
以上说明命令执行完成,反过来说明PN532工作正常。
- 设置USB串口的权限
目前为止,运行MFOC需要ROOT权限,因为硬件设备一般是不能随便一个用户就可以打开的,这就需要改变USB-SERIAL的权限。
这个问题实际上LIBNFC已经给出了解决的代码,在GITHUB的代码首页上就已经有说明了,首先你曾阅读了它。
vmuser@Linux-host:~/nfc/libnfc-master$ sudo cp contrib/udev/93-pn53x.rules /lib/udev/rules.d/
然后,你再编辑/lib/udev/rules.d/93-pn53x.rules文件中的设备中的PID和VID即可。
不过,上面的方法是在编译前设置的,现在再开始似乎不能生效-至少在我这里是无效的。
只好使用另外的方法
printf 'SUBSYSTEMS=="usb", ATTRS{idVendor}=="067b", ATTRS{idProduct}=="2303", GROUP="users", MODE="0666"\n' | sudo tee /etc/udev/rules.d/50-myusb.rules
然后再生效
vmuser@Linux-host:/lib/udev/rules.d$ sudo udevadm control --reload
重新插拔后,再查看发现设备已经任何用户都可以读写了
vmuser@Linux-host:/etc/udev/rules.d$ ls /dev/ttyU* -l crw-rw-rw- 1 root dialout 188, 0 11月 10 12:57 /dev/ttyUSB0
至此,配置完成
-
编译安装mfcuk
autoreconf -is ./configure make
sudo make install
没有悬念地成功了
-
附记
下面是从网上其它地方摘取的资料,顺便可以了解一下网上各种工具之间的关系
1)mfoc mfocgui 以及目前网络上,淘宝上充斥的各类破解工具都是基于nested authentication攻击原理,就是内置了一些默认密码,首先使用默认密码对每个扇区进行测试,如果某个扇区存在默认密码,然后就是用nested authentication攻击获得其他扇区的密码。
2)PM3的darkside攻击,Mfcuk等为darkside攻击工具,一个扇区密码都不知道的情况下破解用的,由于破解算法的原理本身就不是100%成功的,所以如果长时间破解不出来,就停了重新换个nt,重新选个时间破解,跟运气也有些关系。
不要别人几个小时,甚至几十分钟就破解成功了,你几天都没有破解出来,还一直傻傻的等,不如暂停换个nt,过一会再试。
3)Libnfc工具,目前用的比较多的是radiowar的nfcgui,radiowar网站上也说了,就是给nfc-list nfc-mfsetuid nfc-mfclassic 这三个工具写了个gui界面,你也可以使用命令行模式,或者你也可以自己写个gui界面调用这三个程序即可,这些都是操作卡或者读卡数据的工具,国内不同的IC卡读卡器都附带有一些读写卡程序,我用的一个比这个要方便的多。