mfoc

mfoc [OPTIONS]

-h
    Display help information and exit.

-P
    Specify the number of blocks to probe in the nested attack (default 500). Higher values may increase success rate but take longer.

-t
    Define the type of key to crack. Use 'A' for Key A or 'B' for Key B.

-O
    After successful cracking, dump the entire card's data to the specified output file in mifare classic dump format.

-f
    Use an existing dump file as input for offline cracking. Useful for re-cracking or validating.

-k
    Provide a file containing known keys to speed up the cracking process. Keys should be in hexadecimal format.

-r
    Specify the exact NFC reader device to use if multiple are connected. Use 'nfc-list' to find reader IDs.

-v
    Enable verbose output, showing more details about the cracking process.

-D
    Enable debug output, providing even more detailed information, useful for development or troubleshooting.

-S
    Start cracking from a specific sector number. Useful when only parts of the card need cracking or to resume an interrupted process.

-C
    Set the number of consecutive bytes in the known plaintext for the attack (default 16).

mfoc (Mifare Classic Offline Cracker) is a command-line utility designed to recover cryptographic keys used on Mifare Classic RFID cards. It exploits known vulnerabilities, such as the "nested attack" or "darkside attack", to deduce unknown keys for sectors on a Mifare Classic card. This process typically involves reading some known data from the card (e.g., from sectors with default or known keys) and then using computational methods to progressively discover the remaining unknown keys.

mfoc is commonly used in security research, penetration testing, and for recovering keys for legitimate purposes when access to them has been lost. It requires a compatible NFC reader, such as the ACR122U.

Using mfoc typically requires specific hardware, most commonly an ACR122U or compatible NFC reader. The legality and ethical implications of using this tool to access or modify RFID cards not explicitly owned or authorized for testing should be carefully considered, as it may be illegal in many jurisdictions.

Success is not guaranteed for all cards, as some newer implementations or configurations might be more resilient to these attacks. The cracking process can also be time-consuming, depending on the card and the chosen parameters.

mfoc typically requires an NFC Forum-compliant reader capable of raw Mifare commands. The ACR122U is a widely supported and popular choice due to its direct support for the necessary low-level interactions with Mifare Classic cards.

Users are strongly advised to use mfoc only on cards they own or for which they have explicit authorization to test. Adherence to local laws and ethical guidelines regarding cybersecurity research and penetration testing is paramount to prevent misuse.

mfoc emerged from significant security research into the cryptographic weaknesses of Mifare Classic cards. It implements the "nested attack", published by researchers like Karsten Nohl and Henryk Plötz, and the "darkside attack", published by Gerhard de Koning Gans in 2009. These vulnerabilities revealed flaws in the Mifare Classic's encryption scheme, enabling key recovery under certain conditions. mfoc provides an open-source implementation of these techniques, making them accessible to the security community for assessment, educational purposes, and legitimate key recovery efforts.

nfc-list(1), nfc-mfclassic(1)