addded static encrypted nonce checks to nested

2025-08-21 13:53:55 -07:00 · 2023-04-01 12:24:32 +02:00 · 2023-04-01 12:24:32 +02:00 · 222ef4e084
commit 222ef4e084
parent e03f7ed6d2
2 changed files with 51 additions and 11 deletions
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -1154,7 +1154,12 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
        }
        memcpy(prev_enc_nt, receivedAnswer, 4);
        if (prev_counter == 5) {
-            if (g_dbglevel >= DBG_EXTENDED) DbpString("Static encrypted nonce detected, exiting...");
+            if (g_dbglevel >= DBG_EXTENDED) {
+                DbpString("Static encrypted nonce detected, exiting...");
+                uint32_t a = bytes_to_num(prev_enc_nt, 4);
+                uint32_t b = bytes_to_num(receivedAnswer, 4);
+                Dbprintf("( %08x vs %08x )", a, b);
+            }
            isOK = PM3_ESTATIC_NONCE;
            break;
        }
@ -1224,6 +1229,9 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
        LED_B_ON();
        WDT_HIT();

+        uint8_t prev_enc_nt[] = {0, 0, 0, 0};
+        uint8_t prev_counter = 0;
+
        uint16_t unsuccessful_tries = 0;
        uint16_t davg = 0;
        dmax = 0;
@ -1266,11 +1274,13 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
            };

            // cards with fixed nonce
+            /*
            if (nt1 == nt2) {
                Dbprintf("Nested: %08x vs %08x", nt1, nt2);
                break;
            }
-
+            */
+         
            uint32_t nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
            for (i = 101; i < 1200; i++) {
                nttmp = prng_successor(nttmp, 1);
@ -1292,6 +1302,25 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
                    isOK = PM3_EFAILED;
                }
            }
+
+            if (prev_enc_nt[0] == receivedAnswer[0] &&
+                    prev_enc_nt[1] == receivedAnswer[1] &&
+                    prev_enc_nt[2] == receivedAnswer[2] &&
+                    prev_enc_nt[3] == receivedAnswer[3]
+                ) {
+                prev_counter++;
+            }
+            memcpy(prev_enc_nt, receivedAnswer, 4);
+            if (prev_counter == 5) {
+                if (g_dbglevel >= DBG_EXTENDED) {
+                    DbpString("Static encrypted nonce detected, exiting...");
+                    uint32_t a = bytes_to_num(prev_enc_nt, 4);
+                    uint32_t b = bytes_to_num(receivedAnswer, 4);
+                    Dbprintf("( %08x vs %08x )", a, b);
+                }
+                isOK = PM3_ESTATIC_NONCE;
+                break;
+            }
        }

        if (rtr > 1)