mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 05:43:48 -07:00
chg: 'hf mf sniff' - adjustments
This commit is contained in:
iceman1001
parent
d60721d131
commit
21dd3f68ea
1 changed files with 22 additions and 16 deletions
|
|
@ -523,7 +523,7 @@ uint64_t key = 0;
|
||||||
uint32_t ks2 = 0;
|
uint32_t ks2 = 0;
|
||||||
uint32_t ks3 = 0;
|
uint32_t ks3 = 0;
|
||||||
|
|
||||||
uint32_t cuid = 0; // serial number
|
uint32_t cuid = 0; // uid part used for crypto1.
|
||||||
uint32_t nt = 0; // tag challenge
|
uint32_t nt = 0; // tag challenge
|
||||||
uint32_t nr_enc = 0; // encrypted reader challenge
|
uint32_t nr_enc = 0; // encrypted reader challenge
|
||||||
uint32_t ar_enc = 0; // encrypted reader response
|
uint32_t ar_enc = 0; // encrypted reader response
|
||||||
|
|
@ -564,7 +564,7 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
||||||
|
|
||||||
blockNum = 0;
|
blockNum = 0;
|
||||||
|
|
||||||
while(!feof(f)){
|
while (!feof(f)){
|
||||||
|
|
||||||
memset(buf, 0, sizeof(buf));
|
memset(buf, 0, sizeof(buf));
|
||||||
if (fgets(buf, sizeof(buf), f) == NULL) {
|
if (fgets(buf, sizeof(buf), f) == NULL) {
|
||||||
|
|
@ -606,18 +606,21 @@ int saveTraceCard(void) {
|
||||||
f = fopen(traceFileName, "w+");
|
f = fopen(traceFileName, "w+");
|
||||||
if ( !f ) return 1;
|
if ( !f ) return 1;
|
||||||
|
|
||||||
for (int i = 0; i < 64; i++) { // blocks
|
// given 4096 tracecard size, these loop will only match a 1024, 1kb card memory
|
||||||
|
// 4086/16 == 256blocks.
|
||||||
|
for (int i = 0; i < 256; i++) { // blocks
|
||||||
for (int j = 0; j < 16; j++) // bytes
|
for (int j = 0; j < 16; j++) // bytes
|
||||||
fprintf(f, "%02X", *(traceCard + i * 16 + j));
|
fprintf(f, "%02X", *(traceCard + i * 16 + j));
|
||||||
fprintf(f,"\n");
|
|
||||||
|
// no extra line in the end
|
||||||
|
if ( i < 255 )
|
||||||
|
fprintf(f,"\n");
|
||||||
}
|
}
|
||||||
fflush(f);
|
fflush(f);
|
||||||
if (f) {
|
fclose(f);
|
||||||
fclose(f);
|
|
||||||
}
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
//
|
||||||
int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {
|
int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {
|
||||||
|
|
||||||
if (traceCrypto1)
|
if (traceCrypto1)
|
||||||
|
|
@ -632,7 +635,7 @@ int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool
|
||||||
traceCard[5] = sak;
|
traceCard[5] = sak;
|
||||||
memcpy(&traceCard[6], atqa, 2);
|
memcpy(&traceCard[6], atqa, 2);
|
||||||
traceCurBlock = 0;
|
traceCurBlock = 0;
|
||||||
cuid = bytes_to_num(tuid+(uidlen-4), 4);
|
cuid = bytes_to_num(tuid + (uidlen-4), 4);
|
||||||
traceState = TRACE_IDLE;
|
traceState = TRACE_IDLE;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -652,12 +655,12 @@ void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool i
|
||||||
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 3)) << 3;
|
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 3)) << 3;
|
||||||
data[0] = bt;
|
data[0] = bt;
|
||||||
}
|
}
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
||||||
|
|
||||||
if (traceState == TRACE_ERROR) return 1;
|
if (traceState == TRACE_ERROR)
|
||||||
|
return 1;
|
||||||
|
|
||||||
if (len > 255) {
|
if (len > 255) {
|
||||||
traceState = TRACE_ERROR;
|
traceState = TRACE_ERROR;
|
||||||
|
|
@ -713,6 +716,8 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
break;
|
||||||
|
|
||||||
case TRACE_READ_DATA:
|
case TRACE_READ_DATA:
|
||||||
if (len == 18) {
|
if (len == 18) {
|
||||||
traceState = TRACE_IDLE;
|
traceState = TRACE_IDLE;
|
||||||
|
|
@ -775,7 +780,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
||||||
traceState = TRACE_IDLE;
|
traceState = TRACE_IDLE;
|
||||||
at_enc = bytes_to_num(data, 4);
|
at_enc = bytes_to_num(data, 4);
|
||||||
|
|
||||||
// decode key here)
|
// mfkey64 recover key.
|
||||||
ks2 = ar_enc ^ prng_successor(nt, 64);
|
ks2 = ar_enc ^ prng_successor(nt, 64);
|
||||||
ks3 = at_enc ^ prng_successor(nt, 96);
|
ks3 = at_enc ^ prng_successor(nt, 96);
|
||||||
revstate = lfsr_recovery64(ks2, ks3);
|
revstate = lfsr_recovery64(ks2, ks3);
|
||||||
|
|
@ -790,8 +795,10 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
||||||
AddLogUint64(logHexFileName, "Found Key: ", key);
|
AddLogUint64(logHexFileName, "Found Key: ", key);
|
||||||
|
|
||||||
int blockShift = ((traceCurBlock & 0xFC) + 3) * 16;
|
int blockShift = ((traceCurBlock & 0xFC) + 3) * 16;
|
||||||
if (isBlockEmpty((traceCurBlock & 0xFC) + 3)) memcpy(traceCard + blockShift + 6, trailerAccessBytes, 4);
|
if (isBlockEmpty((traceCurBlock & 0xFC) + 3))
|
||||||
|
memcpy(traceCard + blockShift + 6, trailerAccessBytes, 4);
|
||||||
|
|
||||||
|
// keytype A/B
|
||||||
if (traceCurKey)
|
if (traceCurKey)
|
||||||
num_to_bytes(key, 6, traceCard + blockShift + 10);
|
num_to_bytes(key, 6, traceCard + blockShift + 10);
|
||||||
else
|
else
|
||||||
|
|
@ -805,7 +812,6 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
|
||||||
|
|
||||||
// set cryptosystem state
|
// set cryptosystem state
|
||||||
traceCrypto1 = lfsr_recovery64(ks2, ks3);
|
traceCrypto1 = lfsr_recovery64(ks2, ks3);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
traceState = TRACE_ERROR;
|
traceState = TRACE_ERROR;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue