github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: 'hf mf nack' - loop three times. change nonce

Browse source
This commit is contained in:
iceman1001 2017-12-05 11:33:32 +01:00
commit 4f3e9f0f1f
1 changed files with 33 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

59
armsrc/iso14443a.c
View file

@ -2569,12 +2569,15 @@ void DetectNACKbug() {
uint16_t consecutive_resyncs = 0; uint16_t consecutive_resyncs = 0;
uint16_t unexpected_random = 0; uint16_t unexpected_random = 0;
uint16_t sync_tries = 0; uint16_t sync_tries = 0;
uint32_t nt_attacked = 0;
uint32_t sync_time = 0;
uint32_t sync_cycles = 0;
uint8_t par_low = 0;
uint8_t cascade_levels = 0;
// static variables here, is re-used in the next call bool have_uid = false;
static uint32_t nt_attacked = 0;
static uint32_t sync_time = 0; uint8_t num_nacks = 0;
static uint32_t sync_cycles = 0;
static uint8_t par_low = 0;
#define PRNG_SEQUENCE_LENGTH (1 << 16) #define PRNG_SEQUENCE_LENGTH (1 << 16)
#define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up.
@ -2589,18 +2592,12 @@ void DetectNACKbug() {
sync_time = GetCountSspClk() & 0xfffffff8; sync_time = GetCountSspClk() & 0xfffffff8;
sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces). sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
nt_attacked = 0;
if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %u", sync_time); if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %u", sync_time);
par_low = 0;
bool have_uid = false;
uint8_t cascade_levels = 0;
LED_C_ON(); LED_C_ON();
uint16_t i; uint16_t i;
for (i = 0; true; ++i) { for (i = 0; num_nacks < 3; ++i) {
WDT_HIT(); WDT_HIT();
@ -2733,27 +2730,28 @@ void DetectNACKbug() {
// Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
if (ReaderReceive(receivedAnswer, receivedAnswerPar)) { if (ReaderReceive(receivedAnswer, receivedAnswerPar)) {
catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer
num_nacks++;
if (nt_diff == 0) par[0] = 0;
par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change //new nonce
mf_nr_ar[0]++;
// Test if the information is complete mf_nr_ar[1]++;
mf_nr_ar[2]++;
nt_diff = (nt_diff + 1) & 0x07; mf_nr_ar[3]++;
mf_nr_ar[3] = (mf_nr_ar[3] & 0x1F) | (nt_diff << 5);
par[0] = par_low;
} else { } else {
// No NACK. // No NACK.
if (nt_diff == 0) { par[0]++;
par[0]++; // tried all 256 possible parities without success.
if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK. if (par[0] == 0x00) {
isOK = -2; //
break; if ( num_nacks < 3 ) {
//new nonce
mf_nr_ar[0]++;
mf_nr_ar[1]++;
mf_nr_ar[2]++;
mf_nr_ar[3]++;
} }
} else {
// Why this?
par[0] = ((par[0] & 0x1F) + 1) | par_low;
} }
} }
@ -2761,9 +2759,10 @@ void DetectNACKbug() {
consecutive_resyncs = 0; consecutive_resyncs = 0;
} // end for loop } // end for loop
if (MF_DBGLEVEL >= 4) Dbprintf("Number of sent auth requestes: %u", i); Dbprintf("Num of sent auth requestes : %u", i);
Dbprintf("Num of received NACK : %u", num_nacks);
cmd_send(CMD_ACK, isOK, 0, 0, 0, 0 ); cmd_send(CMD_ACK, num_nacks, 0, 0, 0, 0 );
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();