Fix hf mf chk

armsrc/mifarecmd.c

@@ -1529,7 +1529,12 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain, b
     uint64_t key = 0;
     uint32_t cuid = 0;
     int i, res;
-    uint8_t cascade_levels = 0, isOK = 0;
+    uint8_t cascade_levels = 0;
+    struct {
+        uint8_t key[6];
+        bool found;
+    } PACKED keyresult;
+    keyresult.found = false;
     uint8_t blockNo, keyType, keyCount;
     bool clearTrace, have_uid = false;
 
@@ -1595,19 +1600,19 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain, b
 
         if (res)
             continue;
-
+        memcpy(keyresult.key, datain + i * 6, 6);
-        isOK = 1;
+        keyresult.found = true;
         break;
     }
 
     LED_B_ON();
 
     if (ng) {
-        reply_ng(CMD_MIFARE_CHKKEYS, PM3_SUCCESS, datain + i * 6, 6);
+        reply_ng(CMD_MIFARE_CHKKEYS, PM3_SUCCESS, (uint8_t*)&keyresult, sizeof(keyresult));
     } else {
-        reply_mix(CMD_ACK, isOK, 0, 0, datain + i * 6, 6);
+        reply_mix(CMD_ACK, keyresult.found, 0, 0, (uint8_t*)&keyresult.key, sizeof(keyresult.key));
     }
-//    reply_old(CMD_ACK, isOK, 0, 0, datain + i * 6, 6);
+//    reply_old(CMD_ACK, keyresult.found, 0, 0, (uint8_t*)&keyresult.key, sizeof(keyresult.key));
     FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
     LEDsoff();
 

client/cmdhfmf.c

@@ -1117,8 +1117,7 @@ static int CmdHF14AMfNested(const char *Cmd) {
     }
 
     // check if we can authenticate to sector
-    res = mfCheckKeys(blockNo, keyType, true, 1, key, &key64);
+    if (mfCheckKeys(blockNo, keyType, true, 1, key, &key64) != PM3_SUCCESS) {
-    if (res) {
         PrintAndLogEx(WARNING, "Wrong key. Can't authenticate to block:%3d key type:%c", blockNo, keyType ? 'B' : 'A');
         return 3;
     }
@@ -1179,6 +1178,7 @@ static int CmdHF14AMfNested(const char *Cmd) {
 
         PrintAndLogEx(SUCCESS, "Testing known keys. Sector count=%d", SectorsCnt);
         res = mfCheckKeys_fast(SectorsCnt, true, true, 1, MIFARE_DEFAULTKEYS_SIZE + 1, keyBlock, e_sector, false);
+        // TODO check result!!
 
         uint64_t t2 = msclock() - t1;
         PrintAndLogEx(SUCCESS, "Time to check %d known keys: %.0f seconds\n", MIFARE_DEFAULTKEYS_SIZE, (float)t2 / 1000.0);
@@ -1464,8 +1464,7 @@ static int CmdHF14AMfNestedHard(const char *Cmd) {
     if (!know_target_key && nonce_file_read == false) {
         uint64_t key64 = 0;
         // check if we can authenticate to sector
-        int res = mfCheckKeys(blockNo, keyType, true, 1, key, &key64);
+        if (mfCheckKeys(blockNo, keyType, true, 1, key, &key64) != PM3_SUCCESS) {
-        if (res) {
             PrintAndLogEx(WARNING, "Key is wrong. Can't authenticate to block:%3d key type:%c", blockNo, keyType ? 'B' : 'A');
             return 3;
         }
@@ -1795,7 +1794,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
     int clen = 0;
     int transferToEml = 0;
     int createDumpFile = 0;
-    int i, res, keycnt = 0;
+    int i, keycnt = 0;
 
     keyBlock = calloc(MIFARE_DEFAULTKEYS_SIZE, 6);
     if (keyBlock == NULL) return 1;
@@ -1963,8 +1962,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
 
                 uint32_t size = keycnt - c > max_keys ? max_keys : keycnt - c;
 
-                res = mfCheckKeys(b, trgKeyType, true, size, &keyBlock[6 * c], &key64);
+                if (mfCheckKeys(b, trgKeyType, true, size, &keyBlock[6 * c], &key64) == PM3_SUCCESS) {
-                if (!res) {
                     e_sector[i].Key[trgKeyType] = key64;
                     e_sector[i].foundKey[trgKeyType] = true;
                     break;

client/mifare/mifarehost.c

@@ -102,7 +102,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
                 }
             }
 
-            if (!mfCheckKeys(blockno, key_type - 0x60, false, size, keyBlock, key)) {
+            if (mfCheckKeys(blockno, key_type - 0x60, false, size, keyBlock, key) == PM3_SUCCESS) {
                 break;
             }
         }
@@ -133,8 +133,15 @@ int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keyc
 
     PacketResponseNG resp;
     if (!WaitForResponseTimeout(CMD_MIFARE_CHKKEYS, &resp, 2500)) return PM3_ETIMEOUT;
-    if (resp.status != PM3_SUCCESS) return PM3_EUNDEF;
+    if (resp.status != PM3_SUCCESS) return resp.status;
-    *key = bytes_to_num(resp.data.asBytes, 6);
+
+    struct kr {
+        uint8_t key[6];
+        bool found;
+    } PACKED;
+    struct kr *keyresult = (struct kr *)&resp.data.asBytes;
+    if (!keyresult->found) return PM3_ESOFT;
+    *key = bytes_to_num(keyresult->key, sizeof(keyresult->key));
     return PM3_SUCCESS;
 }
 
@@ -251,7 +258,7 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
         memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE);
 
         // check a block of generated candidate keys.
-        if (!mfCheckKeys(blockNo, keyType, true, KEYS_IN_BLOCK, keyBlock, &key64)) {
+        if (mfCheckKeys(blockNo, keyType, true, KEYS_IN_BLOCK, keyBlock, &key64) == PM3_SUCCESS) {
             *resultkey = key64;
             found = true;
             break;
@@ -391,7 +398,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
             num_to_bytes(key64, 6, keyBlock + i * 6);
         }
 
-        if (!mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, false, size, keyBlock, &key64)) {
+        if (mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, false, size, keyBlock, &key64) == PM3_SUCCESS) {
             free(statelists[0].head.slhead);
             free(statelists[1].head.slhead);
             num_to_bytes(key64, 6, resultKey);