nfc_initiator_mifare_cmd: Mifare Authentication Failed about mfoc HOT 4 OPEN

Hi,

I encountered the same error.
I don't know why this happens but I do know what happens and how you can circumvent it:

Have a look at the following code (and ignore the printf statements I jammed in there for debugging):
file: src/mfoc.c

// Try A key, auth() + read()
      memcpy(mp.mpa.abtKey, t.sectors[i].KeyA, sizeof(t.sectors[i].KeyA));
      int res;
      fprintf(stdout, "Trying key A\n");
      if ((res = nfc_initiator_mifare_cmd(r.pdi, MC_AUTH_A, block, &mp)) < 0) {
        fprintf(stdout, "authfail\n");
        if (res != NFC_EMFCAUTHFAIL) {
          nfc_perror(r.pdi, "nfc_initiator_mifare_cmd");
          goto error;
        }
        mf_configure(r.pdi);
        mf_anticollision(t, r);
      } else { // and Read
        fprintf(stdout, "and read\n");
        if ((res = nfc_initiator_mifare_cmd(r.pdi, MC_READ, block, &mp)) >= 0) {
          fprintf(stdout, "read A ok\n");
          fprintf(stdout, "Block %02d, type %c, key %012llx :", block, 'A', bytes_to_num(t.sectors[i].KeyA, 6));
          print_hex(mp.mpd.abtData, 16);
          mf_configure(r.pdi);
          mf_select_tag(r.pdi, &(t.nt));
          failure = false;
        } else {
          fprintf(stdout, "read A failed with err %d\n", res);
          // Error, now try read() with B key
          if (res != NFC_ERFTRANS) {
            nfc_perror(r.pdi, "nfc_initiator_mifare_cmd");
            //goto error;  <------ COMMENT THIS LINE <------------
          }
          mf_configure(r.pdi);
          mf_anticollision(t, r);
          memcpy(mp.mpa.abtKey, t.sectors[i].KeyB, sizeof(t.sectors[i].KeyB));
          fprintf(stdout, "Trying key B\n");

Basically it first attempts to authenticate with KEY A. which succeeds, it then tries to read with KEY A. Which fails with an AUTH error.

For some odd reason it does not fail with an auth error in the first check. Which trips up the application because it does not expect an auth error after that point.

Because of this it does not try with KEY B, which would have worked.

The solution that worked for me was to simply comment out the goto error;, recompile, and everything worked perfectly.

Hope this helps someone else

from mfoc.

It's no odd because KEY A has no read right.
ACs bits are 4b 44 bb, so it behaves correctly. KEYA can auth but will not read the block 12/13.

from mfoc.

Regardless. It makes no sense that the tool just errors out and quits instead of trying the second key, which would just work... This fixes that.

from mfoc.

Hi,

I encountered the same error. I don't know why this happens but I do know what happens and how you can circumvent it:

Have a look at the following code (and ignore the printf statements I jammed in there for debugging): file: src/mfoc.c

// Try A key, auth() + read()
      memcpy(mp.mpa.abtKey, t.sectors[i].KeyA, sizeof(t.sectors[i].KeyA));
      int res;
      fprintf(stdout, "Trying key A\n");
      if ((res = nfc_initiator_mifare_cmd(r.pdi, MC_AUTH_A, block, &mp)) < 0) {
        fprintf(stdout, "authfail\n");
        if (res != NFC_EMFCAUTHFAIL) {
          nfc_perror(r.pdi, "nfc_initiator_mifare_cmd");
          goto error;
        }
        mf_configure(r.pdi);
        mf_anticollision(t, r);
      } else { // and Read
        fprintf(stdout, "and read\n");
        if ((res = nfc_initiator_mifare_cmd(r.pdi, MC_READ, block, &mp)) >= 0) {
          fprintf(stdout, "read A ok\n");
          fprintf(stdout, "Block %02d, type %c, key %012llx :", block, 'A', bytes_to_num(t.sectors[i].KeyA, 6));
          print_hex(mp.mpd.abtData, 16);
          mf_configure(r.pdi);
          mf_select_tag(r.pdi, &(t.nt));
          failure = false;
        } else {
          fprintf(stdout, "read A failed with err %d\n", res);
          // Error, now try read() with B key
          if (res != NFC_ERFTRANS) {
            nfc_perror(r.pdi, "nfc_initiator_mifare_cmd");
            //goto error;  <------ COMMENT THIS LINE <------------
          }
          mf_configure(r.pdi);
          mf_anticollision(t, r);
          memcpy(mp.mpa.abtKey, t.sectors[i].KeyB, sizeof(t.sectors[i].KeyB));
          fprintf(stdout, "Trying key B\n");

Basically it first attempts to authenticate with KEY A. which succeeds, it then tries to read with KEY A. Which fails with an AUTH error.

For some odd reason it does not fail with an auth error in the first check. Which trips up the application because it does not expect an auth error after that point.

Because of this it does not try with KEY B, which would have worked.

The solution that worked for me was to simply comment out the goto error;, recompile, and everything worked perfectly.

Hope this helps someone else

I confirm this works on my practical case

Big Thanks
@pollev pollev

from mfoc.