github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

CHG: 'standalone mode MattyRun' - added some comments and suggestion

Browse source
This commit is contained in:
Chris 2018-08-25 23:26:04 +02:00
commit 2eab02e3ba
2 changed files with 37 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

25
armsrc/Standalone/hf_mattyrun.c
View file

@ -162,6 +162,7 @@ void RunMod() {
bool err = 0; bool err = 0;
bool allKeysFound = true; bool allKeysFound = true;
uint32_t size = mfKeysCnt; uint32_t size = mfKeysCnt;
for (int type = !keyType; type < 2 && !err; keyType == 2 ? (type++) : (type = 2)) { for (int type = !keyType; type < 2 && !err; keyType == 2 ? (type++) : (type = 2)) {
block = blockNo; block = blockNo;
for (int sec = 0; sec < sectorsCnt && !err; ++sec) { for (int sec = 0; sec < sectorsCnt && !err; ++sec) {
@ -179,17 +180,22 @@ void RunMod() {
num_to_bytes(key64, 6, foundKey[type][sec]); num_to_bytes(key64, 6, foundKey[type][sec]);
validKey[type][sec] = true; validKey[type][sec] = true;
keyFound = true; keyFound = true;
Dbprintf("\t✓ Found valid key: [%02x%02x%02x%02x%02x%02x]\n", (keyBlock + 6*key)[0],(keyBlock + 6*key)[1], (keyBlock + 6*key)[2],(keyBlock + 6*key)[3], (keyBlock + 6*key)[4], (keyBlock + 6*key)[5], 6); Dbprintf("\t✓ Found valid key: [%02x%02x%02x%02x%02x%02x]\n",
(keyBlock + 6*key)[0], (keyBlock + 6*key)[1], (keyBlock + 6*key)[2],
(keyBlock + 6*key)[3], (keyBlock + 6*key)[4], (keyBlock + 6*key)[5]
);
} }
block < 127 ? (block += 4) : (block += 16); block < 127 ? (block += 4) : (block += 16);
} }
} }
/* /*
TODO: This. TODO: This.
If at least one key was found, start a nested attack based on that key, and continue. - If at least one key was found, start a nested attack based on that key, and continue.
- Get UID from tag and set accordingly in emulator memory and call mifare1ksim with right flags (iceman)
*/ */
if (!allKeysFound && keyFound) { if (!allKeysFound && keyFound) {
Dbprintf("\t✕ There's currently no nested attack in MattyRun, sorry!"); Dbprintf("\t✕ There's currently no nested attack in MattyRun, sorry!");
@ -202,12 +208,13 @@ void RunMod() {
LED_C_ON(); //red LED_C_ON(); //red
} }
/* /*
If enabled, transfers found keys to memory and loads target content in emulator memory. Then it simulates to be the tag it has basically cloned. If enabled, transfers found keys to memory and loads target content in emulator memory. Then it simulates to be the tag it has basically cloned.
*/ */
if ((transferToEml) && (allKeysFound)) { if ((transferToEml) && (allKeysFound)) {
emlClearMem(); emlClearMem();
uint8_t mblock[16]; uint8_t mblock[16];
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) { for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
if (validKey[0][sectorNo] || validKey[1][sectorNo]) { if (validKey[0][sectorNo] || validKey[1][sectorNo]) {
@ -222,22 +229,28 @@ void RunMod() {
} }
Dbprintf("\t✓ Found keys have been transferred to the emulator memory."); Dbprintf("\t✓ Found keys have been transferred to the emulator memory.");
if (ecfill) { if (ecfill) {
Dbprintf("\tFilling in with key A."); Dbprintf("\tFilling in with key A.");
MifareECardLoad(sectorsCnt, 0, 0, &filled); MifareECardLoad(sectorsCnt, 0, 0, &filled);
if (filled != 1) { if (filled != 1) {
Dbprintf("\t✕ Failed filling with A."); Dbprintf("\t✕ Failed filling with A.");
} }
Dbprintf("\tFilling in with key B."); Dbprintf("\tFilling in with key B.");
MifareECardLoad(sectorsCnt, 1, 0, &filled); MifareECardLoad(sectorsCnt, 1, 0, &filled);
if (filled != 1) { if (filled != 1) {
Dbprintf("\t✕ Failed filling with B."); Dbprintf("\t✕ Failed filling with B.");
} }
if ((filled == 1) && simulation) { if ((filled == 1) && simulation) {
Dbprintf("\t✓ Filled, simulation started."); Dbprintf("\t✓ Filled, simulation started.");
// This will tell the fpga to emulate using previous keys and current target tag content. // This will tell the fpga to emulate using previous keys and current target tag content.
Dbprintf("\t Press button to abort simulation at anytime."); Dbprintf("\t Press button to abort simulation at anytime.");
LED_B_ON(); //green
Mifare1ksim(0, 0, 0, NULL); LED_B_ON(); // green
// assuming arg0==0, use hardcoded uid 0xdeadbeaf
Mifare1ksim( 0, 0, 0, NULL);
LED_B_OFF(); LED_B_OFF();
/* /*

2
armsrc/Standalone/hf_mattyrun.h
View file

@ -15,7 +15,7 @@
//#include <stdbool.h> // for bool //#include <stdbool.h> // for bool
#include "standalone.h" // standalone definitions #include "standalone.h" // standalone definitions
#include "apps.h" // debugstatements, lfops? #include "apps.h" // debugstatements, lfops?
#include "usb_cmd.h" // mifare1ksim flags
#define OPTS 2 #define OPTS 2