fix MFP check with defines and easier logic

2025-08-22 06:13:51 -07:00 · 2023-04-15 20:44:52 +02:00 · 2023-04-15 20:44:52 +02:00 · 1bb78e02a4
commit 1bb78e02a4
parent 1f1c1d1458
2 changed files with 11 additions and 8 deletions
--- a/client/src/cmdhfmfp.c
+++ b/client/src/cmdhfmfp.c
@ -1024,7 +1024,7 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA

                for (int retry = 0; retry < 4; retry++) {
                    res = MifareAuth4(NULL, keyn, keyList[i], selectCard, true, false, false, true);
-                    if (res != 2)
+                    if (res == PM3_SUCCESS || PM3_EWRONGANSWER)
                        break;

                    if (verbose)
@ -1041,7 +1041,7 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA
                    PrintAndLogEx(WARNING, "\nsector %02d key %d [%s] res: %d", sector, keyAB, sprint_hex_inrow(keyList[i], 16), res);

                // key for [sector,keyAB] found
-                if (res == 0) {
+                if (res == PM3_SUCCESS) {
                    if (verbose)
                        PrintAndLogEx(INFO, "\nFound key for sector %d key %s [%s]", sector, keyAB == 0 ? "A" : "B", sprint_hex_inrow(keyList[i], 16));
                    else
@ -1055,9 +1055,10 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA
                    break;
                }

-                // 5 - auth error (rnd not equal)
-                // PM3 client says that RND not equal is -16. Corrected. Seems to work.
-                if (res != -16) {
+                // RES can be: 
+                // PM3_ERFTRANS     -7
+                // PM3_EWRONGANSWER -16
+                if (res == PM3_ERFTRANS) {
                    if (verbose)
                        PrintAndLogEx(ERR, "\nExchange error. Aborted.");
                    else
--- a/client/src/mifare/mifare4.c
+++ b/client/src/mifare/mifare4.c
@ -289,8 +289,9 @@ int MifareAuth4(mf4Session_t *mf4session, uint8_t *keyn, uint8_t *key, bool acti
    uint8_t kenc[16] = {0};
    memcpy(&kenc[0], &RndA[11], 5);
    memcpy(&kenc[5], &RndB[11], 5);
-    for (int i = 0; i < 5; i++)
+    for (int i = 0; i < 5; i++) {
        kenc[10 + i] = RndA[4 + i] ^ RndB[4 + i];
+    }
    kenc[15] = 0x11;

    aes_encode(NULL, key, kenc, kenc, 16);
@ -301,8 +302,9 @@ int MifareAuth4(mf4Session_t *mf4session, uint8_t *keyn, uint8_t *key, bool acti
    uint8_t kmac[16] = {0};
    memcpy(&kmac[0], &RndA[7], 5);
    memcpy(&kmac[5], &RndB[7], 5);
-    for (int i = 0; i < 5; i++)
+    for (int i = 0; i < 5; i++) {
        kmac[10 + i] = RndA[0 + i] ^ RndB[0 + i];
+    }
    kmac[15] = 0x22;

    aes_encode(NULL, key, kmac, kmac, 16);