github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 04:50:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

CHG: 'hf 14a sim', 'hf mf sim' - now uses weak PRNG from Crypto1 as nonce generation.

Browse source
This commit is contained in:
iceman1001 2017-12-07 15:21:06 +01:00
commit 0430b84f65
1 changed files with 5 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
armsrc/iso14443a.c
View file

@ -824,9 +824,7 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) {
void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) { void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
// init pseudorand
fast_prand();
uint8_t sak = 0; uint8_t sak = 0;
uint32_t cuid = 0; uint32_t cuid = 0;
uint32_t nonce = 0; uint32_t nonce = 0;
@ -1149,8 +1147,8 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
cardAUTHKEY = receivedCmd[0] - 0x60; cardAUTHKEY = receivedCmd[0] - 0x60;
cardAUTHSC = receivedCmd[1] / 4; // received block num cardAUTHSC = receivedCmd[1] / 4; // received block num
// incease nonce at AUTH requests. this is time consuming. // incease nonce at AUTH requests. this is time consuming.
nonce = prand(); nonce = prng_successor( GetTickCount(), 32 );
//num_to_bytes(nonce, 4, response5); //num_to_bytes(nonce, 4, response5);
num_to_bytes(nonce, 4, dynamic_response_info.response); num_to_bytes(nonce, 4, dynamic_response_info.response);
dynamic_response_info.response_n = 4; dynamic_response_info.response_n = 4;
@ -2779,9 +2777,6 @@ void DetectNACKbug() {
* (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted) * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
*/ */
void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain) { void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain) {
// init pseudorand
fast_prand( GetTickCount() );
int cardSTATE = MFEMUL_NOFIELD; int cardSTATE = MFEMUL_NOFIELD;
int _UID_LEN = 0; // 4, 7, 10 int _UID_LEN = 0; // 4, 7, 10
@ -2818,7 +2813,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
// TAG Nonce - Authenticate response // TAG Nonce - Authenticate response
uint8_t rAUTH_NT[4]; uint8_t rAUTH_NT[4];
uint32_t nonce = prand(); uint32_t nonce = prng_successor( GetTickCount(), 32 );
num_to_bytes(nonce, 4, rAUTH_NT); num_to_bytes(nonce, 4, rAUTH_NT);
// uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this? // uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this?
@ -2964,7 +2959,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
crypto1_destroy(pcs); crypto1_destroy(pcs);
cardAUTHKEY = 0xff; cardAUTHKEY = 0xff;
LEDsoff(); LEDsoff();
nonce = prand(); nonce = prng_successor(selTimer, 32);
continue; continue;
} }