github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: reverting back to more or less offical pm3 version.

Browse source
This commit is contained in:
iceman1001 2017-12-07 15:02:15 +01:00
commit 44280abf62
3 changed files with 42 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

58
armsrc/iso14443a.c
View file

@ -2300,6 +2300,14 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) { void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
if ( first_try ) {
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
}
BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace();
set_tracing(true);
uint8_t mf_auth[] = { keytype, block, 0x00, 0x00 }; uint8_t mf_auth[] = { keytype, block, 0x00, 0x00 };
uint8_t mf_nr_ar[] = {0,0,0,0,0,0,0,0}; uint8_t mf_nr_ar[] = {0,0,0,0,0,0,0,0};
uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
@ -2309,9 +2317,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00}; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
uint8_t nt_diff = 0; uint8_t nt_diff = 0;
uint32_t nt = 0; uint32_t nt = 0, previous_nt = 0, cuid = 0;
uint32_t previous_nt = 0;
uint32_t cuid = 0;
int32_t catch_up_cycles = 0; int32_t catch_up_cycles = 0;
int32_t last_catch_up = 0; int32_t last_catch_up = 0;
@ -2322,8 +2328,8 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
uint16_t unexpected_random = 0; uint16_t unexpected_random = 0;
uint16_t sync_tries = 0; uint16_t sync_tries = 0;
bool received_nack;
bool have_uid = false; bool have_uid = false;
bool received_nack;
uint8_t cascade_levels = 0; uint8_t cascade_levels = 0;
// static variables here, is re-used in the next call // static variables here, is re-used in the next call
@ -2336,9 +2342,9 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
AppendCrc14443a(mf_auth, 2); AppendCrc14443a(mf_auth, 2);
if (first_try) { if (first_try) {
// create our reader nonce randomly sync_time = GetCountSspClk() & 0xfffffff8;
uint32_t nonce = prng_successor( GetCountSspClk() & 0xfffffff8 , 32); sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
num_to_bytes(nonce, 4, mf_nr_ar); nt_attacked = 0;
mf_nr_ar3 = 0; mf_nr_ar3 = 0;
par_low = 0; par_low = 0;
} else { } else {
@ -2349,17 +2355,6 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
par[0] = par_low; par[0] = par_low;
} }
sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
nt_attacked = 0;
BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace();
set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
sync_time = GetCountSspClk() & 0xfffffff8;
if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %u", sync_time);
LED_C_ON(); LED_C_ON();
uint16_t i; uint16_t i;
for (i = 0; true; ++i) { for (i = 0; true; ++i) {
@ -2403,14 +2398,14 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
// if we missed the sync time already, advance to the next nonce repeat // if we missed the sync time already, advance to the next nonce repeat
while ( GetCountSspClk() > sync_time) { while ( GetCountSspClk() > sync_time) {
++elapsed_prng_sequences; elapsed_prng_sequences++;
sync_time = (sync_time & 0xfffffff8 ) + sync_cycles; sync_time = (sync_time & 0xfffffff8 ) + sync_cycles;
} }
// Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
// Receive the (4 Byte) "random" nonce from TAG // Receive the (4 Byte) "random" TAG nonce
if (!ReaderReceive(receivedAnswer, receivedAnswerPar)) if (!ReaderReceive(receivedAnswer, receivedAnswerPar))
continue; continue;
@ -2421,9 +2416,9 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL); ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
// Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
if (ReaderReceive(receivedAnswer, receivedAnswerPar)) { if (ReaderReceive(receivedAnswer, receivedAnswerPar))
received_nack = true; received_nack = true;
}
// we didn't calibrate our clock yet, // we didn't calibrate our clock yet,
// iceman: has to be calibrated every time. // iceman: has to be calibrated every time.
if (first_try && previous_nt && !nt_attacked) { if (first_try && previous_nt && !nt_attacked) {
@ -2557,7 +2552,6 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
* Thanks to @doegox for the feedback and new approaches. * Thanks to @doegox for the feedback and new approaches.
*/ */
void DetectNACKbug() { void DetectNACKbug() {
uint8_t mf_auth[] = {0x60, 0x00, 0xF5, 0x7B}; uint8_t mf_auth[] = {0x60, 0x00, 0xF5, 0x7B};
uint8_t mf_nr_ar[] = {0,0,0,0,0,0,0,0}; uint8_t mf_nr_ar[] = {0,0,0,0,0,0,0,0};
uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
@ -2579,10 +2573,6 @@ void DetectNACKbug() {
// Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces). // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
uint32_t sync_cycles = PRNG_SEQUENCE_LENGTH; uint32_t sync_cycles = PRNG_SEQUENCE_LENGTH;
// create our reader nonce randomly
uint32_t nonce = prng_successor( GetCountSspClk() & 0xfffffff8 , 32);
num_to_bytes(nonce, 4, mf_nr_ar);
BigBuf_free(); BigBuf_Clear_ext(false); BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace(); clear_trace();
set_tracing(true); set_tracing(true);
@ -2590,16 +2580,14 @@ void DetectNACKbug() {
sync_time = GetCountSspClk() & 0xfffffff8; sync_time = GetCountSspClk() & 0xfffffff8;
if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %u", sync_time);
LED_C_ON(); LED_C_ON();
uint16_t i; uint16_t i;
for (i = 0; true; ++i) { for (i = 1; true; ++i) {
received_nack = false; received_nack = false;
// Cards always leaks a NACK, no matter the parity // Cards always leaks a NACK, no matter the parity
if ((i==10) && (num_nacks == i)) { if ((i==10) && (num_nacks == i-1)) {
isOK = 2; isOK = 2;
break; break;
} }
@ -2648,7 +2636,7 @@ void DetectNACKbug() {
// Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
// Receive the (4 Byte) "random" nonce from TAG // Receive the (4 Byte) "random" TAG nonce
if (!ReaderReceive(receivedAnswer, receivedAnswerPar)) if (!ReaderReceive(receivedAnswer, receivedAnswerPar))
continue; continue;
@ -2661,6 +2649,10 @@ void DetectNACKbug() {
if (ReaderReceive(receivedAnswer, receivedAnswerPar)) { if (ReaderReceive(receivedAnswer, receivedAnswerPar)) {
received_nack = true; received_nack = true;
num_nacks++; num_nacks++;
// ALWAYS leak Detection.
if ( i == num_nacks ) {
continue;
}
} }
// we didn't calibrate our clock yet, // we didn't calibrate our clock yet,
@ -2683,7 +2675,7 @@ void DetectNACKbug() {
if (sync_cycles <= 0) { if (sync_cycles <= 0) {
sync_cycles += PRNG_SEQUENCE_LENGTH; sync_cycles += PRNG_SEQUENCE_LENGTH;
} }
continue; // continue trying... continue;
} }
} }

2
client/mifarehost.c
View file

@ -61,7 +61,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
printf("\n"); printf("\n");
if (par_list == 0 && c.arg[0] == true) { if (par_list == 0 && c.arg[0] == true) {
PrintAndLog("Parity is all zero. Most likely this card sends NACK on every failed authentication."); PrintAndLog("Parity is all zero. Most likely this card sends NACK on every authentication.");
PrintAndLog("Attack will take a few seconds longer because we need two consecutive successful runs."); PrintAndLog("Attack will take a few seconds longer because we need two consecutive successful runs.");
} }
c.arg[0] = false; c.arg[0] = false;

1
common/crapto1/crapto1.c
View file

@ -436,7 +436,6 @@ static uint32_t fastfwd[2][8] = {
{ 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB}, { 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB},
{ 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}}; { 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}};
/** lfsr_prefix_ks /** lfsr_prefix_ks
* *
* Is an exported helper function from the common prefix attack * Is an exported helper function from the common prefix attack