diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 93566f34b..219fb7c0c 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -501,11 +501,14 @@ int CmdHF14AInfo(const char *Cmd) { detect_classic_magic(); - if (isMifareClassic) { - if ( detect_classic_prng() ) - PrintAndLog("Prng detection: WEAK"); + if (isMifareClassic) { + int res = detect_classic_prng(); + if ( res == 1 ) + PrintAndLog("[+] prng detection: WEAK"); + else if (res == 0 ) + PrintAndLog("[+] prng detection: HARDEND (hardnested)"); else - PrintAndLog("Prng detection: HARDEND (hardnested)"); + PrintAndLog("[-] prng detection: failed"); if ( do_nack_test ) detect_classic_nackbug(silent); diff --git a/client/mifarehost.c b/client/mifarehost.c index 26956e6a7..a29039c40 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -851,7 +851,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, * TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack) * FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key) */ -bool detect_classic_prng(void){ +int detect_classic_prng(void){ UsbCommand resp, respA; uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00}; @@ -865,23 +865,23 @@ bool detect_classic_prng(void){ if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { PrintAndLog("[!] PRNG UID: Reply timeout."); - return false; + return -1; } // if select tag failed. if ( resp.arg[0] == 0 ) { printf("[!] error: selecting tag failed, can't detect prng\n"); - return false; + return -2; } if (!WaitForResponseTimeout(CMD_ACK, &respA, 2500)) { PrintAndLog("[!] PRNG data: Reply timeout."); - return false; + return -3; } // check respA if (respA.arg[0] != 4) { PrintAndLog("[!] PRNG data error: Wrong length: %d", respA.arg[0]); - return false; + return -4; } uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); diff --git a/client/mifarehost.h b/client/mifarehost.h index 27db5c1d5..0ee1504bd 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -98,7 +98,7 @@ extern int loadTraceCard(uint8_t *tuid, uint8_t uidlen); extern int saveTraceCard(void); extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); -extern bool detect_classic_prng(void); +extern int detect_classic_prng(void); extern int detect_classic_nackbug(bool verbose); extern void detect_classic_magic(void); extern void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted); diff --git a/client/scripting.c b/client/scripting.c index 86e0248c8..db864aebe 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -591,11 +591,13 @@ static int l_hardnested(lua_State *L){ /** * @brief l_validate_prng is a function to test is a nonce is using the weak PRNG + * detection = 1 == weak, 0 == hard , -1 = failed * @param L * @return */ static int l_detect_prng(lua_State *L) { - lua_pushboolean(L, detect_classic_prng()); + int res = detect_classic_prng(); + lua_pushinteger(L, res); return 1; } /* diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index ae32b5c66..9bd149a55 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -111,10 +111,12 @@ end -- performs a test if tag nonce uses weak or hardend prng local function perform_prng_test() local isweak = core.detect_prng() - if isweak then + if isweak == 1 then dbg('PRNG detection : WEAK nonce detected') - else + elseif isweak == 0 then dbg('PRNG detection : HARDEND nonce detected') + else + dbg('PRNG detection : failed') end return isweak end @@ -149,7 +151,7 @@ local function main(args) seen_uids[uid] = uid -- check if PRNG is WEAK - if perform_prng_test() then + if perform_prng_test() == 1 then print("Card found, commencing crack on UID", uid) if #key == 12 then