Updated: January 2025
Current command:
hf mf autopwn --help
This command automates the key recovery process on MIFARE Classic cards. It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. If all keys are found, it try dumping card content both to file and emulator memory. default file name template is `hf-mf-<uid>-<dump|key>.` using suffix the template becomes `hf-mf-<uid>-<dump|key>-<suffix>.` usage: hf mf autopwn [--2k] options: -h, --help This help -k, --key <hex> Known key, 12 hex bytes -s, --sector <dec> Input sector number -a Input key A (def) -b Input key B -f, --file <fn> filename of dictionary --suffix <txt> Add this suffix to generated files --slow Slower acquisition (required by some non standard cards) -l, --legacy legacy mode (use the slow `hf mf chk`) -v, --verbose verbose output --ns No save to file --mini MIFARE Classic Mini / S20 --1k MIFARE Classic 1k / S50 (default) --2k MIFARE Classic/Plus 2k --4k MIFARE Classic 4k / S70 --in None (use CPU regular instruction set) --im MMX --is SSE2 --ia AVX --i2 AVX2 --i5 AVX512 examples/notes: hf mf autopwn hf mf autopwn -s 0 -a -k FFFFFFFFFFFF -> target MFC 1K card, Sector 0 with known key A 'FFFFFFFFFFFF' hf mf autopwn --1k -f mfc_default_keys -> target MFC 1K card, default dictionary hf mf autopwn --1k -s 0 -a -k FFFFFFFFFFFF -f mfc_default_keys -> combo of the two above samples hf mf autopwn --1k -s 0 -a -k FFFFFFFFFFFF -k a0a1a2a3a4a5 -> multiple user supplied keys