hf mf sim: add --allowover option, needed for RF08S originality check

2025-08-20 21:33:47 -07:00 · 2025-07-25 20:54:01 +02:00 · 2025-07-25 20:54:01 +02:00 · 48724e44b4
commit 48724e44b4
parent 47b7827982
3 changed files with 9 additions and 4 deletions
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@ -790,7 +790,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                    if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] KEY %c: %012" PRIx64, (cardAUTHKEY == 0) ? 'A' : 'B', emlGetKey(cardAUTHSC, cardAUTHKEY));

                    // sector out of range - do not respond
-                    if (cardAUTHSC >= cardMaxSEC) {
+                    if ((cardAUTHSC >= cardMaxSEC) && (flags & FLAG_MF_ALLOW_OOB_AUTH) == 0) {
                        cardAUTHKEY = AUTHKEYNONE; // not authenticated
                        cardSTATE_TO_IDLE();
                        if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x) >= %d(0x%02x)", cardAUTHSC, cardAUTHSC, cardMaxSEC, cardMaxSEC);
--- a/client/src/cmdhfmf.c
+++ b/client/src/cmdhfmf.c
@ -4671,6 +4671,7 @@ static int CmdHF14AMfSim(const char *Cmd) {
        arg_lit0("e", "emukeys", "Fill simulator keys from found keys. Requires -x or -y. Implies -i. Simulation will restart automatically."),
        // If access bits show that key B is Readable, any subsequent memory access should be refused.
        arg_lit0(NULL, "allowkeyb", "Allow key B even if readable"),
+        arg_lit0(NULL, "allowover", "Allow auth attempts out of range for selected mifare type"),
        arg_lit0("v", "verbose", "Verbose output"),
        arg_lit0(NULL, "cve", "Trigger CVE 2021_0430"),
        arg_param_end
@ -4725,9 +4726,13 @@ static int CmdHF14AMfSim(const char *Cmd) {
        flags |= FLAG_MF_USE_READ_KEYB;
    }

-    bool verbose = arg_get_lit(ctx, 14);
+    if (arg_get_lit(ctx, 14)) {
+        flags |= FLAG_MF_ALLOW_OOB_AUTH;
+    }

-    if (arg_get_lit(ctx, 15)) {
+    bool verbose = arg_get_lit(ctx, 15);
+
+    if (arg_get_lit(ctx, 16)) {
        flags |= FLAG_CVE21_0430;
    }
    CLIParserFree(ctx);
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@ -872,7 +872,7 @@ typedef struct {
 #define FLAG_NR_AR_ATTACK       0x0400
 // support nested authentication attack
 #define FLAG_NESTED_AUTH_ATTACK 0x0800
-
+#define FLAG_MF_ALLOW_OOB_AUTH  0x1000

 #define MODE_SIM_CSN        0
 #define MODE_EXIT_AFTER_MAC 1