github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

renaming and making sure N never is a strange number

Browse source
This commit is contained in:
iceman1001 2023-05-24 17:19:34 +02:00
commit 1b67921086
3 changed files with 79 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

22
client/src/cmdhf14a.c
View file

@ -41,6 +41,7 @@
#include "atrs.h" // getATRinfo #include "atrs.h" // getATRinfo
#include "desfire.h" // desfire enums #include "desfire.h" // desfire enums
#include "mifare/desfirecore.h" // desfire context #include "mifare/desfirecore.h" // desfire context
#include "mifare/mifaredefault.h"
static bool g_apdu_in_framing_enable = true; static bool g_apdu_in_framing_enable = true;
bool Get_apdu_in_framing(void) { bool Get_apdu_in_framing(void) {
@ -738,9 +739,6 @@ int CmdHF14ASim(const char *Cmd) {
return PM3_EINVARG; return PM3_EINVARG;
} }
sector_t *k_sector = NULL;
uint8_t k_sectorsCount = 40;
if (useUIDfromEML) { if (useUIDfromEML) {
flags |= FLAG_UID_IN_EMUL; flags |= FLAG_UID_IN_EMUL;
} }
@ -761,17 +759,24 @@ int CmdHF14ASim(const char *Cmd) {
SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload));
PacketResponseNG resp; PacketResponseNG resp;
sector_t *k_sector = NULL;
size_t k_sectors_cnt = MIFARE_4K_MAXSECTOR;
PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
bool keypress = kbd_enter_pressed(); bool keypress = kbd_enter_pressed();
while (keypress == false) { while (keypress == false) {
if (WaitForResponseTimeout(CMD_HF_MIFARE_SIMULATE, &resp, 1500) == 0) continue; if (WaitForResponseTimeout(CMD_HF_MIFARE_SIMULATE, &resp, 1500) == 0)
if (resp.status != PM3_SUCCESS) break; continue;
if ((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK) break; if (resp.status != PM3_SUCCESS)
break;
if ((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK)
break;
nonces_t *data = (nonces_t *)resp.data.asBytes; nonces_t *data = (nonces_t *)resp.data.asBytes;
readerAttack(k_sector, k_sectorsCount, data[0], setEmulatorMem, verbose); readerAttack(k_sector, k_sectors_cnt, data[0], setEmulatorMem, verbose);
keypress = kbd_enter_pressed(); keypress = kbd_enter_pressed();
} }
@ -783,7 +788,8 @@ int CmdHF14ASim(const char *Cmd) {
} }
if (resp.status == PM3_EOPABORTED && ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK)) { if (resp.status == PM3_EOPABORTED && ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK)) {
showSectorTable(k_sector, k_sectorsCount); //iceman: readerAttack call frees k_sector , this call is useless.
showSectorTable(k_sector, k_sectors_cnt);
} }
} }

112
client/src/cmdhfmf.c
View file

@ -141,8 +141,8 @@ static int initSectorTable(sector_t **src, size_t items) {
return PM3_EMALLOC; return PM3_EMALLOC;
// empty e_sector // empty e_sector
for (int i = 0; i < items; i++) { for (size_t i = 0; i < items; i++) {
for (int j = 0; j < 2; j++) { for (uint8_t j = 0; j < 2; j++) {
(*src)[i].Key[j] = 0xffffffffffff; (*src)[i].Key[j] = 0xffffffffffff;
(*src)[i].foundKey[j] = 0; (*src)[i].foundKey[j] = 0;
} }
@ -294,19 +294,21 @@ static int mf_print_keys(uint16_t n, uint8_t *d) {
sectors = MIFARE_4K_MAXSECTOR; sectors = MIFARE_4K_MAXSECTOR;
break; break;
case MIFARE_1K_MAXBLOCK: case MIFARE_1K_MAXBLOCK:
sectors = MIFARE_1K_MAXSECTOR;
break;
default: default:
sectors = MIFARE_1K_MAXSECTOR; sectors = MIFARE_1K_MAXSECTOR;
n = MIFARE_1K_MAXBLOCK;
break; break;
} }
sector_t *e_sector = calloc(sectors, sizeof(sector_t)); sector_t *e_sector = calloc(sectors, sizeof(sector_t));
if (e_sector == NULL) { if (e_sector == NULL) {
return PM3_EMALLOC; return PM3_EMALLOC;
} }
// n is number of blocks, but in the loop its a zero based index. for (uint16_t i = 0; i < n; i++) {
// n = 20, i = 0-19
for (uint16_t i = 0; i < n - 1; i++) {
if (mfIsSectorTrailer(i)) { if (mfIsSectorTrailer(i)) {
e_sector[mfSectorNum(i)].foundKey[0] = 1; e_sector[mfSectorNum(i)].foundKey[0] = 1;
e_sector[mfSectorNum(i)].Key[0] = bytes_to_num(d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE); e_sector[mfSectorNum(i)].Key[0] = bytes_to_num(d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE);
@ -2380,7 +2382,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
// create/initialize key storage structure // create/initialize key storage structure
sector_t *e_sector = NULL; sector_t *e_sector = NULL;
uint32_t e_sector_cnt = (sector_cnt > sectorno) ? sector_cnt : sectorno + 1; size_t e_sector_cnt = (sector_cnt > sectorno) ? sector_cnt : sectorno + 1;
if (initSectorTable(&e_sector, e_sector_cnt) != PM3_SUCCESS) { if (initSectorTable(&e_sector, e_sector_cnt) != PM3_SUCCESS) {
return PM3_EMALLOC; return PM3_EMALLOC;
} }
@ -3151,7 +3153,7 @@ static int CmdHF14AMfChk_fast(const char *Cmd) {
m1 = true; m1 = true;
} }
uint8_t sectorsCnt = 1; uint8_t sectorsCnt = MIFARE_1K_MAXSECTOR;
if (m0) { if (m0) {
sectorsCnt = MIFARE_MINI_MAXSECTOR; sectorsCnt = MIFARE_MINI_MAXSECTOR;
} else if (m1) { } else if (m1) {
@ -3367,42 +3369,42 @@ static int CmdHF14AMfChk(const char *Cmd) {
return PM3_EINVARG; return PM3_EINVARG;
} }
uint8_t SectorsCnt = 1; size_t sectors_cnt = 1;
if (m0) { if (m0) {
SectorsCnt = MIFARE_MINI_MAXSECTOR; sectors_cnt = MIFARE_MINI_MAXSECTOR;
} else if (m1) { } else if (m1) {
SectorsCnt = MIFARE_1K_MAXSECTOR; sectors_cnt = MIFARE_1K_MAXSECTOR;
} else if (m2) { } else if (m2) {
SectorsCnt = MIFARE_2K_MAXSECTOR; sectors_cnt = MIFARE_2K_MAXSECTOR;
} else if (m4) { } else if (m4) {
SectorsCnt = MIFARE_4K_MAXSECTOR; sectors_cnt = MIFARE_4K_MAXSECTOR;
} }
if (singleSector) { if (singleSector) {
uint8_t MinSectorsCnt = 0; size_t min_sectors_cnt = 0;
// find a MIFARE type that can accommodate the provided block number // find a MIFARE type that can accommodate the provided block number
uint8_t s = mfSectorNum(blockNo); uint8_t s = mfSectorNum(blockNo);
if (s < MIFARE_MINI_MAXSECTOR) { if (s < MIFARE_MINI_MAXSECTOR) {
MinSectorsCnt = MIFARE_MINI_MAXSECTOR; min_sectors_cnt = MIFARE_MINI_MAXSECTOR;
} else if (s < MIFARE_1K_MAXSECTOR) { } else if (s < MIFARE_1K_MAXSECTOR) {
MinSectorsCnt = MIFARE_1K_MAXSECTOR; min_sectors_cnt = MIFARE_1K_MAXSECTOR;
} else if (s < MIFARE_2K_MAXSECTOR) { } else if (s < MIFARE_2K_MAXSECTOR) {
MinSectorsCnt = MIFARE_2K_MAXSECTOR; min_sectors_cnt = MIFARE_2K_MAXSECTOR;
} else if (s < MIFARE_4K_MAXSECTOR) { } else if (s < MIFARE_4K_MAXSECTOR) {
MinSectorsCnt = MIFARE_4K_MAXSECTOR; min_sectors_cnt = MIFARE_4K_MAXSECTOR;
} else { } else {
PrintAndLogEx(WARNING, "Provided block out of possible MIFARE Type memory map"); PrintAndLogEx(WARNING, "Provided block out of possible MIFARE Type memory map");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (SectorsCnt == 1) { if (sectors_cnt == 1) {
SectorsCnt = MinSectorsCnt; sectors_cnt = min_sectors_cnt;
} else if (SectorsCnt < MinSectorsCnt) { } else if (sectors_cnt < min_sectors_cnt) {
PrintAndLogEx(WARNING, "Provided block out of provided MIFARE Type memory map"); PrintAndLogEx(WARNING, "Provided block out of provided MIFARE Type memory map");
return PM3_EINVARG; return PM3_EINVARG;
} }
} }
if (SectorsCnt == 1) { if (sectors_cnt == 1) {
SectorsCnt = MIFARE_1K_MAXSECTOR; sectors_cnt = MIFARE_1K_MAXSECTOR;
} }
uint8_t *keyBlock = NULL; uint8_t *keyBlock = NULL;
@ -3416,7 +3418,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
// create/initialize key storage structure // create/initialize key storage structure
sector_t *e_sector = NULL; sector_t *e_sector = NULL;
if (initSectorTable(&e_sector, SectorsCnt) != PM3_SUCCESS) { if (initSectorTable(&e_sector, sectors_cnt) != PM3_SUCCESS) {
free(keyBlock); free(keyBlock);
return PM3_EMALLOC; return PM3_EMALLOC;
} }
@ -3441,7 +3443,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
// loop sectors but block is used as to keep track of from which blocks to test // loop sectors but block is used as to keep track of from which blocks to test
int b = blockNo; int b = blockNo;
for (int i = mfSectorNum(b); i < SectorsCnt; ++i) { for (int i = mfSectorNum(b); i < sectors_cnt; ++i) {
// skip already found keys. // skip already found keys.
if (e_sector[i].foundKey[trgKeyType]) continue; if (e_sector[i].foundKey[trgKeyType]) continue;
@ -3480,7 +3482,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
// loop sectors but block is used as to keep track of from which blocks to test // loop sectors but block is used as to keep track of from which blocks to test
int b = blockNo; int b = blockNo;
for (int i = mfSectorNum(b); i < SectorsCnt; i++) { for (int i = mfSectorNum(b); i < sectors_cnt; i++) {
// KEY A but not KEY B // KEY A but not KEY B
if (e_sector[i].foundKey[0] && !e_sector[i].foundKey[1]) { if (e_sector[i].foundKey[0] && !e_sector[i].foundKey[1]) {
@ -3526,13 +3528,13 @@ out:
if (singleSector) if (singleSector)
printKeyTableEx(1, e_sector, mfSectorNum(blockNo)); printKeyTableEx(1, e_sector, mfSectorNum(blockNo));
else else
printKeyTable(SectorsCnt, e_sector); printKeyTable(sectors_cnt, e_sector);
if (transferToEml) { if (transferToEml) {
// fast push mode // fast push mode
g_conn.block_after_ACK = true; g_conn.block_after_ACK = true;
uint8_t block[16] = {0x00}; uint8_t block[16] = {0x00};
for (int i = 0; i < SectorsCnt; ++i) { for (int i = 0; i < sectors_cnt; ++i) {
uint8_t blockno = mfFirstBlockOfSector(i) + mfNumBlocksPerSector(i) - 1; uint8_t blockno = mfFirstBlockOfSector(i) + mfNumBlocksPerSector(i) - 1;
mfEmlGetMem(block, blockno, 1); mfEmlGetMem(block, blockno, 1);
@ -3542,7 +3544,7 @@ out:
if (e_sector[i].foundKey[1]) if (e_sector[i].foundKey[1])
num_to_bytes(e_sector[i].Key[1], 6, block + 10); num_to_bytes(e_sector[i].Key[1], 6, block + 10);
if (i == SectorsCnt - 1) { if (i == sectors_cnt - 1) {
// Disable fast mode on last packet // Disable fast mode on last packet
g_conn.block_after_ACK = false; g_conn.block_after_ACK = false;
} }
@ -3553,7 +3555,7 @@ out:
if (createDumpFile) { if (createDumpFile) {
char *fptr = GenerateFilename("hf-mf-", "-key.bin"); char *fptr = GenerateFilename("hf-mf-", "-key.bin");
if (createMfcKeyDump(fptr, SectorsCnt, e_sector) != PM3_SUCCESS) { if (createMfcKeyDump(fptr, sectors_cnt, e_sector) != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Failed to save keys to file"); PrintAndLogEx(ERR, "Failed to save keys to file");
} }
free(fptr); free(fptr);
@ -3574,14 +3576,14 @@ out:
return PM3_SUCCESS; return PM3_SUCCESS;
} }
void showSectorTable(sector_t *k_sector, uint8_t k_sectors_cnt) { void showSectorTable(sector_t *k_sector, size_t k_sectors_cnt) {
if (k_sector != NULL) { if (k_sector != NULL) {
printKeyTable(k_sectors_cnt, k_sector); printKeyTable(k_sectors_cnt, k_sector);
free(k_sector); free(k_sector);
} }
} }
void readerAttack(sector_t *k_sector, uint8_t k_sectors_cnt, nonces_t data, bool setEmulatorMem, bool verbose) { void readerAttack(sector_t *k_sector, size_t k_sectors_cnt, nonces_t data, bool setEmulatorMem, bool verbose) {
// init if needed // init if needed
if (k_sector == NULL) { if (k_sector == NULL) {
@ -3715,22 +3717,19 @@ static int CmdHF14AMfSim(const char *Cmd) {
} }
CLIParserFree(ctx); CLIParserFree(ctx);
sector_t *k_sector = NULL;
//Validations //Validations
if (atqalen > 0) { if (atqalen > 0) {
if (atqalen != 2) { if (atqalen != 2) {
PrintAndLogEx(WARNING, "Wrong ATQA length"); PrintAndLogEx(WARNING, "Wrong ATQA length");
return PM3_EINVARG; return PM3_EINVARG;
} }
flags |= FLAG_FORCED_ATQA; flags |= FLAG_FORCED_ATQA;
} }
if (saklen > 0) { if (saklen > 0) {
if (saklen != 1) { if (saklen != 1) {
PrintAndLogEx(WARNING, "Wrong SAK length"); PrintAndLogEx(WARNING, "Wrong SAK length");
return PM3_EINVARG; return PM3_EINVARG;
} }
flags |= FLAG_FORCED_SAK; flags |= FLAG_FORCED_SAK;
} }
@ -3740,7 +3739,7 @@ static int CmdHF14AMfSim(const char *Cmd) {
flags |= FLAG_UID_IN_EMUL; flags |= FLAG_UID_IN_EMUL;
} }
uint8_t k_sectorsCount = 40; size_t k_sectors_cnt = MIFARE_4K_MAXSECTOR;
char csize[13] = { 0 }; char csize[13] = { 0 };
if ((m0 + m1 + m2 + m4) > 1) { if ((m0 + m1 + m2 + m4) > 1) {
@ -3751,19 +3750,19 @@ static int CmdHF14AMfSim(const char *Cmd) {
if (m0) { if (m0) {
flags |= FLAG_MF_MINI; flags |= FLAG_MF_MINI;
snprintf(csize, sizeof(csize), "MINI"); snprintf(csize, sizeof(csize), "MINI");
k_sectorsCount = MIFARE_MINI_MAXSECTOR; k_sectors_cnt = MIFARE_MINI_MAXSECTOR;
} else if (m1) { } else if (m1) {
flags |= FLAG_MF_1K; flags |= FLAG_MF_1K;
snprintf(csize, sizeof(csize), "1K"); snprintf(csize, sizeof(csize), "1K");
k_sectorsCount = MIFARE_1K_MAXSECTOR; k_sectors_cnt = MIFARE_1K_MAXSECTOR;
} else if (m2) { } else if (m2) {
flags |= FLAG_MF_2K; flags |= FLAG_MF_2K;
snprintf(csize, sizeof(csize), "2K with RATS"); snprintf(csize, sizeof(csize), "2K with RATS");
k_sectorsCount = MIFARE_2K_MAXSECTOR; k_sectors_cnt = MIFARE_2K_MAXSECTOR;
} else if (m4) { } else if (m4) {
flags |= FLAG_MF_4K; flags |= FLAG_MF_4K;
snprintf(csize, sizeof(csize), "4K"); snprintf(csize, sizeof(csize), "4K");
k_sectorsCount = MIFARE_4K_MAXSECTOR; k_sectors_cnt = MIFARE_4K_MAXSECTOR;
} else { } else {
PrintAndLogEx(WARNING, "Please specify a MIFARE Type"); PrintAndLogEx(WARNING, "Please specify a MIFARE Type");
return PM3_EINVARG; return PM3_EINVARG;
@ -3801,15 +3800,26 @@ static int CmdHF14AMfSim(const char *Cmd) {
if (flags & FLAG_INTERACTIVE) { if (flags & FLAG_INTERACTIVE) {
PrintAndLogEx(INFO, "Press pm3-button or send another cmd to abort simulation"); PrintAndLogEx(INFO, "Press pm3-button or send another cmd to abort simulation");
while (!kbd_enter_pressed()) { sector_t *k_sector = NULL;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) continue;
if (!(flags & FLAG_NR_AR_ATTACK)) break; while (kbd_enter_pressed() == 0) {
if ((resp.oldarg[0] & 0xffff) != CMD_HF_MIFARE_SIMULATE) break;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500) == false)
continue;
if ((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK)
break;
if ((resp.oldarg[0] & 0xffff) != CMD_HF_MIFARE_SIMULATE)
break;
nonces_t data[1]; nonces_t data[1];
memcpy(data, resp.data.asBytes, sizeof(data)); memcpy(data, resp.data.asBytes, sizeof(data));
readerAttack(k_sector, k_sectorsCount, data[0], setEmulatorMem, verbose); readerAttack(k_sector, k_sectors_cnt, data[0], setEmulatorMem, verbose);
} }
showSectorTable(k_sector, k_sectorsCount); //iceman: readerAttack call frees k_sector. this call below is useless.
showSectorTable(k_sector, k_sectors_cnt);
} else { } else {
PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
} }
@ -3849,11 +3859,11 @@ static int CmdHF14AMfKeyBrute(const char *Cmd) {
} }
*/ */
void printKeyTable(uint8_t sectorscnt, sector_t *e_sector) { void printKeyTable(size_t sectorscnt, sector_t *e_sector) {
return printKeyTableEx(sectorscnt, e_sector, 0); return printKeyTableEx(sectorscnt, e_sector, 0);
} }
void printKeyTableEx(uint8_t sectorscnt, sector_t *e_sector, uint8_t start_sector) { void printKeyTableEx(size_t sectorscnt, sector_t *e_sector, uint8_t start_sector) {
char strA[26 + 1] = {0}; char strA[26 + 1] = {0};
char strB[26 + 1] = {0}; char strB[26 + 1] = {0};
char resA[20 + 1] = {0}; char resA[20 + 1] = {0};
@ -3867,7 +3877,7 @@ void printKeyTableEx(uint8_t sectorscnt, sector_t *e_sector, uint8_t start_secto
uint64_t ndef_key = 0xD3F7D3F7D3F7; uint64_t ndef_key = 0xD3F7D3F7D3F7;
bool has_ndef_key = false; bool has_ndef_key = false;
bool extended_legend = false; bool extended_legend = false;
for (uint8_t i = 0; i < sectorscnt; i++) { for (size_t i = 0; i < sectorscnt; i++) {
if ((e_sector[i].foundKey[0] > 1) || (e_sector[i].foundKey[1] > 1)) { if ((e_sector[i].foundKey[0] > 1) || (e_sector[i].foundKey[1] > 1)) {
extended_legend = true; extended_legend = true;
@ -4545,7 +4555,7 @@ static int CmdHF14AMfEKeyPrn(const char *Cmd) {
m1 = true; m1 = true;
} }
uint8_t sectors_cnt = MIFARE_1K_MAXSECTOR; size_t sectors_cnt = MIFARE_1K_MAXSECTOR;
if (m0) { if (m0) {
sectors_cnt = MIFARE_MINI_MAXSECTOR; sectors_cnt = MIFARE_MINI_MAXSECTOR;

9
client/src/cmdhfmf.h
View file

@ -30,11 +30,10 @@ int CmdHFMFNDEFRead(const char *Cmd); // used by "nfc mf cread"
int CmdHFMFNDEFFormat(const char *Cmd); // used by "nfc mf cformat" int CmdHFMFNDEFFormat(const char *Cmd); // used by "nfc mf cformat"
int CmdHFMFNDEFWrite(const char *Cmd); // used by "nfc mf cwrite" int CmdHFMFNDEFWrite(const char *Cmd); // used by "nfc mf cwrite"
void showSectorTable(sector_t *k_sector, uint8_t k_sectors_cnt); void showSectorTable(sector_t *k_sector, size_t k_sectors_cnt);
void readerAttack(sector_t *k_sector, uint8_t k_sectors_cnt, nonces_t data, bool setEmulatorMem, bool verbose); void readerAttack(sector_t *k_sector, size_t k_sectors_cnt, nonces_t data, bool setEmulatorMem, bool verbose);
void printKeyTable(uint8_t sectorscnt, sector_t *e_sector); void printKeyTable(size_t sectorscnt, sector_t *e_sector);
void printKeyTableEx(uint8_t sectorscnt, sector_t *e_sector, uint8_t start_sector); void printKeyTableEx(size_t sectorscnt, sector_t *e_sector, uint8_t start_sector);
void printKeyTable_fast(uint8_t sectorscnt, icesector_t *e_sector, uint64_t bar, uint64_t foo);
int mfc_ev1_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len); int mfc_ev1_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len);
#endif #endif