github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: prng detection now takes in consideration if detection fails.

Browse source
This commit is contained in:
iceman1001 2018-02-20 21:20:17 +01:00
commit 4e915d2eb4
5 changed files with 21 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
client/cmdhf14a.c
View file

@ -501,11 +501,14 @@ int CmdHF14AInfo(const char *Cmd) {
detect_classic_magic(); detect_classic_magic();
if (isMifareClassic) { if (isMifareClassic) {
if ( detect_classic_prng() ) int res = detect_classic_prng();
PrintAndLog("Prng detection: WEAK"); if ( res == 1 )
PrintAndLog("[+] prng detection: WEAK");
else if (res == 0 )
PrintAndLog("[+] prng detection: HARDEND (hardnested)");
else else
PrintAndLog("Prng detection: HARDEND (hardnested)"); PrintAndLog("[-] prng detection: failed");
if ( do_nack_test ) if ( do_nack_test )
detect_classic_nackbug(silent); detect_classic_nackbug(silent);

10
client/mifarehost.c
View file

@ -851,7 +851,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack) * TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key) * FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
*/ */
bool detect_classic_prng(void){ int detect_classic_prng(void){
UsbCommand resp, respA; UsbCommand resp, respA;
uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00}; uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00};
@ -865,23 +865,23 @@ bool detect_classic_prng(void){
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
PrintAndLog("[!] PRNG UID: Reply timeout."); PrintAndLog("[!] PRNG UID: Reply timeout.");
return false; return -1;
} }
// if select tag failed. // if select tag failed.
if ( resp.arg[0] == 0 ) { if ( resp.arg[0] == 0 ) {
printf("[!] error: selecting tag failed, can't detect prng\n"); printf("[!] error: selecting tag failed, can't detect prng\n");
return false; return -2;
} }
if (!WaitForResponseTimeout(CMD_ACK, &respA, 2500)) { if (!WaitForResponseTimeout(CMD_ACK, &respA, 2500)) {
PrintAndLog("[!] PRNG data: Reply timeout."); PrintAndLog("[!] PRNG data: Reply timeout.");
return false; return -3;
} }
// check respA // check respA
if (respA.arg[0] != 4) { if (respA.arg[0] != 4) {
PrintAndLog("[!] PRNG data error: Wrong length: %d", respA.arg[0]); PrintAndLog("[!] PRNG data error: Wrong length: %d", respA.arg[0]);
return false; return -4;
} }
uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);

2
client/mifarehost.h
View file

@ -98,7 +98,7 @@ extern int loadTraceCard(uint8_t *tuid, uint8_t uidlen);
extern int saveTraceCard(void); extern int saveTraceCard(void);
extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);
extern bool detect_classic_prng(void); extern int detect_classic_prng(void);
extern int detect_classic_nackbug(bool verbose); extern int detect_classic_nackbug(bool verbose);
extern void detect_classic_magic(void); extern void detect_classic_magic(void);
extern void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted); extern void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted);

4
client/scripting.c
View file

@ -591,11 +591,13 @@ static int l_hardnested(lua_State *L){
/** /**
* @brief l_validate_prng is a function to test is a nonce is using the weak PRNG * @brief l_validate_prng is a function to test is a nonce is using the weak PRNG
* detection = 1 == weak, 0 == hard , -1 = failed
* @param L * @param L
* @return * @return
*/ */
static int l_detect_prng(lua_State *L) { static int l_detect_prng(lua_State *L) {
lua_pushboolean(L, detect_classic_prng()); int res = detect_classic_prng();
lua_pushinteger(L, res);
return 1; return 1;
} }
/* /*

8
client/scripts/mifare_autopwn.lua
View file

@ -111,10 +111,12 @@ end
-- performs a test if tag nonce uses weak or hardend prng -- performs a test if tag nonce uses weak or hardend prng
local function perform_prng_test() local function perform_prng_test()
local isweak = core.detect_prng() local isweak = core.detect_prng()
if isweak then if isweak == 1 then
dbg('PRNG detection : WEAK nonce detected') dbg('PRNG detection : WEAK nonce detected')
else elseif isweak == 0 then
dbg('PRNG detection : HARDEND nonce detected') dbg('PRNG detection : HARDEND nonce detected')
else
dbg('PRNG detection : failed')
end end
return isweak return isweak
end end
@ -149,7 +151,7 @@ local function main(args)
seen_uids[uid] = uid seen_uids[uid] = uid
-- check if PRNG is WEAK -- check if PRNG is WEAK
if perform_prng_test() then if perform_prng_test() == 1 then
print("Card found, commencing crack on UID", uid) print("Card found, commencing crack on UID", uid)
if #key == 12 then if #key == 12 then