hf mf darkside uses NG. checkbutton more seldom, shoulded interfere with syncing the prng so much

2025-08-21 13:53:55 -07:00 · 2019-09-25 10:24:34 +02:00 · 2019-09-25 10:24:34 +02:00 · 3e22d99b03
commit 3e22d99b03
parent 878e394cde
3 changed files with 91 additions and 31 deletions
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -2791,6 +2791,8 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
    static uint8_t par_low = 0;
    static uint8_t mf_nr_ar3 = 0;

+    int return_status = PM3_SUCCESS;
+
    AddCrc14A(mf_auth, 2);

    if (first_try) {
@ -2807,6 +2809,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
    }

    LED_C_ON();
+    uint16_t checkbtn_cnt = 0;
    uint16_t i;
    for (i = 0; true; ++i) {

@ -2815,10 +2818,15 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
        WDT_HIT();

        // Test if the action was cancelled
-        if (BUTTON_PRESS()) {
-            isOK = -1;
-            break;
+        if (checkbtn_cnt == 2000) {
+            if (BUTTON_PRESS() || data_available()) {
+                isOK = -1;
+                return_status = PM3_EABORTED;
+                break;
+            }
+            checkbtn_cnt = 0;
        }
+        checkbtn_cnt++;

        // this part is from Piwi's faster nonce collecting part in Hardnested.
        if (!have_uid) { // need a full select cycle to get the uid first
@ -2876,8 +2884,15 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
        ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);

        // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
-        if (ReaderReceive(receivedAnswer, receivedAnswerPar))
+        int resp_res = ReaderReceive(receivedAnswer, receivedAnswerPar);
+        if (resp_res == 4)
            received_nack = true;
+        else if (resp_res == 32) {
+            // did we get lucky and got our dummykey to be valid?
+            isOK = -6;
+            break;
+        }
+

        // we didn't calibrate our clock yet,
        // iceman: has to be calibrated every time.
@ -3000,26 +3015,36 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {

    if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Number of sent auth requests: %u", i);

-    uint8_t buf[32] = {0x00};
-    memset(buf, 0x00, sizeof(buf));
-    num_to_bytes(cuid, 4, buf);
-    num_to_bytes(nt, 4, buf + 4);
-    memcpy(buf + 8,  par_list, 8);
-    memcpy(buf + 16, ks_list, 8);
-    memcpy(buf + 24, mf_nr_ar, 8);
+    struct {
+        int32_t isOK;
+        uint8_t cuid[4];
+        uint8_t nt[4];
+        uint8_t par_list[8];
+        uint8_t ks_list[8];
+        uint8_t nr[4];
+        uint8_t ar[4];
+    } PACKED payload;

-    reply_mix(CMD_ACK, isOK, 0, 0, buf, sizeof(buf));
+    payload.isOK = isOK;
+    num_to_bytes(cuid, 4, payload.cuid);
+    num_to_bytes(nt, 4, payload.nt);
+    memcpy(payload.par_list, par_list, sizeof(payload.par_list));
+    memcpy(payload.ks_list, ks_list, sizeof(payload.ks_list));
+    memcpy(payload.nr, mf_nr_ar, sizeof(payload.nr));
+    memcpy(payload.ar, mf_nr_ar + 4, sizeof(payload.ar));
+
+    reply_ng(CMD_HF_MIFARE_READER, return_status, (uint8_t*)&payload, sizeof(payload));

    hf_field_off();
    set_tracing(false);
 }

 /*
-*  Mifare Classic NACK-bug detection
-*  Thanks to @doegox for the feedback and new approaches.
+ * Mifare Classic NACK-bug detection
+ * Thanks to @doegox for the feedback and new approaches.
 */
 void DetectNACKbug(void) {
-    uint8_t mf_auth[]     = {0x60, 0x00, 0xF5, 0x7B};
+    uint8_t mf_auth[] = {0x60, 0x00, 0xF5, 0x7B};
    uint8_t mf_nr_ar[]    = {0, 0, 0, 0, 0, 0, 0, 0};
    uint8_t uid[10]       = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};