github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-22 06:13:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix MFP check with defines and easier logic

Browse source
This commit is contained in:
iceman1001 2023-04-15 20:44:52 +02:00
commit 1bb78e02a4
2 changed files with 11 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
client/src/cmdhfmfp.c
View file

@ -1024,7 +1024,7 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA
for (int retry = 0; retry < 4; retry++) { for (int retry = 0; retry < 4; retry++) {
res = MifareAuth4(NULL, keyn, keyList[i], selectCard, true, false, false, true); res = MifareAuth4(NULL, keyn, keyList[i], selectCard, true, false, false, true);
if (res != 2) if (res == PM3_SUCCESS || PM3_EWRONGANSWER)
break; break;
if (verbose) if (verbose)
@ -1041,7 +1041,7 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA
PrintAndLogEx(WARNING, "\nsector %02d key %d [%s] res: %d", sector, keyAB, sprint_hex_inrow(keyList[i], 16), res); PrintAndLogEx(WARNING, "\nsector %02d key %d [%s] res: %d", sector, keyAB, sprint_hex_inrow(keyList[i], 16), res);
// key for [sector,keyAB] found // key for [sector,keyAB] found
if (res == 0) { if (res == PM3_SUCCESS) {
if (verbose) if (verbose)
PrintAndLogEx(INFO, "\nFound key for sector %d key %s [%s]", sector, keyAB == 0 ? "A" : "B", sprint_hex_inrow(keyList[i], 16)); PrintAndLogEx(INFO, "\nFound key for sector %d key %s [%s]", sector, keyAB == 0 ? "A" : "B", sprint_hex_inrow(keyList[i], 16));
else else
@ -1055,9 +1055,10 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA
break; break;
} }
// 5 - auth error (rnd not equal) // RES can be:
// PM3 client says that RND not equal is -16. Corrected. Seems to work. // PM3_ERFTRANS -7
if (res != -16) { // PM3_EWRONGANSWER -16
if (res == PM3_ERFTRANS) {
if (verbose) if (verbose)
PrintAndLogEx(ERR, "\nExchange error. Aborted."); PrintAndLogEx(ERR, "\nExchange error. Aborted.");
else else

6
client/src/mifare/mifare4.c
View file

@ -289,8 +289,9 @@ int MifareAuth4(mf4Session_t *mf4session, uint8_t *keyn, uint8_t *key, bool acti
uint8_t kenc[16] = {0}; uint8_t kenc[16] = {0};
memcpy(&kenc[0], &RndA[11], 5); memcpy(&kenc[0], &RndA[11], 5);
memcpy(&kenc[5], &RndB[11], 5); memcpy(&kenc[5], &RndB[11], 5);
for (int i = 0; i < 5; i++) for (int i = 0; i < 5; i++) {
kenc[10 + i] = RndA[4 + i] ^ RndB[4 + i]; kenc[10 + i] = RndA[4 + i] ^ RndB[4 + i];
}
kenc[15] = 0x11; kenc[15] = 0x11;
aes_encode(NULL, key, kenc, kenc, 16); aes_encode(NULL, key, kenc, kenc, 16);
@ -301,8 +302,9 @@ int MifareAuth4(mf4Session_t *mf4session, uint8_t *keyn, uint8_t *key, bool acti
uint8_t kmac[16] = {0}; uint8_t kmac[16] = {0};
memcpy(&kmac[0], &RndA[7], 5); memcpy(&kmac[0], &RndA[7], 5);
memcpy(&kmac[5], &RndB[7], 5); memcpy(&kmac[5], &RndB[7], 5);
for (int i = 0; i < 5; i++) for (int i = 0; i < 5; i++) {
kmac[10 + i] = RndA[0 + i] ^ RndB[0 + i]; kmac[10 + i] = RndA[0 + i] ^ RndB[0 + i];
}
kmac[15] = 0x22; kmac[15] = 0x22;
aes_encode(NULL, key, kmac, kmac, 16); aes_encode(NULL, key, kmac, kmac, 16);