From 08193fd2e5e6eebe9cbe82ec0bd0ffc2f10326ec Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 5 Dec 2017 12:30:40 +0100 Subject: [PATCH] chg: getting crazy out of sync when running against magic cards. --- armsrc/iso14443a.c | 15 +++++++++++++-- client/cmdhfmf.c | 11 +++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index ef7b42415..f647b9ea8 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2578,8 +2578,9 @@ void DetectNACKbug() { uint8_t num_nacks = 0; #define PRNG_SEQUENCE_LENGTH (1 << 16) - #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. - #define MAX_SYNC_TRIES 32 + #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync, then give up. + #define MAX_SYNC_TRIES 32 + #define MAX_PRNG_TRIES 20 // when we gone through 10 prng sequences without managing to sync, then give up. AppendCrc14443a(mf_auth, 2); @@ -2649,6 +2650,11 @@ void DetectNACKbug() { // Transmit reader nonce with fake par ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL); + if ( elapsed_prng_sequences > MAX_PRNG_TRIES) { + isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly + break; + } + // we didn't calibrate our clock yet, // iceman: has to be calibrated every time. if (previous_nt && !nt_attacked) { @@ -2682,6 +2688,11 @@ void DetectNACKbug() { if (sync_cycles <= 0) sync_cycles += PRNG_SEQUENCE_LENGTH; + if (sync_cycles > PRNG_SEQUENCE_LENGTH * 2 ) { + isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly + break; + } + if (MF_DBGLEVEL >= 4) Dbprintf("calibrating in cycle %d. nt_distance=%d, elapsed_prng_sequences=%d, new sync_cycles: %d\n", i, nt_distance, elapsed_prng_sequences, sync_cycles); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index ccb46901e..9fc12233b 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2867,7 +2867,7 @@ int CmdHf14AMfNack(const char *Cmd) { } if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { - int32_t ok = resp.arg[0] & 0xff; + int32_t ok = resp.arg[0]; uint32_t nacks = resp.arg[1]; uint32_t auths = resp.arg[2]; @@ -2880,7 +2880,14 @@ int CmdHf14AMfNack(const char *Cmd) { case -4 : PrintAndLog("Card random number generator seems to be based on the wellknown"); PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour."); return 1; case 1 : PrintAndLog("Card has NACK bug."); return 1; - case 0 : PrintAndLog("Card may have NACK bug. inconclusive result"); return 1; + case 0 : { + if ( nacks > 0 ) + PrintAndLog("Card may have NACK bug. inconclusive result"); + else + PrintAndLog("Card has not NACK bug."); + return 1; + } + default : PrintAndLog(" errorcode from device [%i]", ok); return 1; } break; }