Current command:
lf em 4x70 brute --help
Optimized partial key-update attack of 16-bit key block 7, 8 or 9 of an EM4x70 This attack does NOT write anything to the tag. Before starting this attack, 0000 must be written to the 16-bit key block: 'lf em 4x70 write -b 9 -d 0000'. After success, the 16-bit key block have to be restored with the key found: 'lf em 4x70 write -b 9 -d c0de' usage: lf em 4x70 brute [-h] [--par] -b <dec> --rnd <hex> --frn <hex> [-s <hex>] options: -h, --help This help --par Add parity bit when sending commands -b, --block <dec> block/word address, dec --rnd <hex> Random 56-bit --frn <hex> F(RN) 28-bit as 4 hex bytes -s, --start <hex> Start bruteforce enumeration from this key value examples/notes: lf em 4x70 brute -b 9 --rnd 45F54ADA252AAC --frn 4866BB70 -> bruteforcing key bits k95...k80