github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove spurious spaces & tabs at end of lines

Browse source
This commit is contained in:
Philippe Teuwen 2019-03-09 08:59:13 +01:00
commit 60f292b18e
249 changed files with 8481 additions and 8481 deletions
Download patch file Download diff file Expand all files Collapse all files

268
client/mifare/mifarehost.c
View file

@ -17,7 +17,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
uint64_t *keylist = NULL, *last_keylist = NULL;
uint32_t keycount = 0;
int16_t isOK = 0;
UsbCommand c = {CMD_READER_MIFARE, {true, blockno, key_type}};
// message
@ -31,11 +31,11 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
SendCommand(&c);
//flush queue
while (ukbhit()) {
int gc = getchar(); (void)gc;
while (ukbhit()) {
int gc = getchar(); (void)gc;
return -5;
}
// wait cycle
while (true) {
printf("."); fflush(stdout);
@ -47,9 +47,9 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
isOK = resp.arg[0];
if (isOK < 0)
if (isOK < 0)
return isOK;
uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);
nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);
par_list = bytes_to_num(resp.d.asBytes + 8, 8);
@ -60,7 +60,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
}
}
PrintAndLogEx(NORMAL, "\n");
if (par_list == 0 && c.arg[0] == true) {
PrintAndLogEx(SUCCESS, "Parity is all zero. Most likely this card sends NACK on every authentication.");
}
@ -92,7 +92,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
uint8_t keyBlock[USB_CMD_DATA_SIZE];
int max_keys = USB_CMD_DATA_SIZE / 6;
for (int i = 0; i < keycount; i += max_keys) {
int size = keycount - i > max_keys ? max_keys : keycount - i;
for (int j = 0; j < size; j++) {
if (par_list == 0) {
@ -101,12 +101,12 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
num_to_bytes(keylist[i*max_keys + j], 6, keyBlock+(j*6));
}
}
if (!mfCheckKeys(blockno, key_type - 0x60, false, size, keyBlock, key)) {
break;
}
}
if (*key != -1) {
break;
} else {
@ -121,7 +121,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
return 0;
}
int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){
*key = -1;
*key = -1;
UsbCommand c = {CMD_MIFARE_CHKKEYS, { (blockNo | (keyType << 8)), clear_trace, keycnt}};
memcpy(c.d.asBytes, keyBlock, 6 * keycnt);
clearCommandBuffer();
@ -133,9 +133,9 @@ int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keyc
return 0;
}
// Sends chunks of keys to device.
// Sends chunks of keys to device.
// 0 == ok all keys found
// 1 ==
// 1 ==
// 2 == Time-out, aborting
int mfCheckKeys_fast( uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk, uint8_t strategy,
uint32_t size, uint8_t *keyBlock, sector_t *e_sector, bool use_flashmemory) {
@ -143,8 +143,8 @@ int mfCheckKeys_fast( uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
uint64_t t2 = msclock();
uint32_t timeout = 0;
// send keychunk
UsbCommand c = {CMD_MIFARE_CHKKEYS_FAST, { (sectorsCnt | (firstChunk << 8) | (lastChunk << 12) ), ((use_flashmemory << 8) | strategy), size}};
// send keychunk
UsbCommand c = {CMD_MIFARE_CHKKEYS_FAST, { (sectorsCnt | (firstChunk << 8) | (lastChunk << 12) ), ((use_flashmemory << 8) | strategy), size}};
memcpy(c.d.asBytes, keyBlock, 6 * size);
clearCommandBuffer();
SendCommand(&c);
@ -167,11 +167,11 @@ int mfCheckKeys_fast( uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
uint8_t curr_keys = resp.arg[0];
PrintAndLogEx(SUCCESS, "\nChunk: %.1fs | found %u/%u keys (%u)", (float)(t2/1000.0), curr_keys, (sectorsCnt<<1), size);
// all keys?
// all keys?
if ( curr_keys == sectorsCnt*2 || lastChunk ) {
// success array. each byte is status of key
// success array. each byte is status of key
uint8_t arr[80];
uint64_t foo = 0;
uint16_t bar = 0;
@ -180,10 +180,10 @@ int mfCheckKeys_fast( uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
for (uint8_t i = 0; i < 64; i++)
arr[i] = (foo >> i) & 0x1;
for (uint8_t i = 0; i < 16; i++)
arr[i+64] = (bar >> i) & 0x1;
// initialize storage for found keys
icesector_t *tmp = calloc(sectorsCnt, sizeof(icesector_t));
if (tmp == NULL)
@ -203,7 +203,7 @@ int mfCheckKeys_fast( uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
}
}
free(tmp);
if ( curr_keys == sectorsCnt*2 )
return 0;
if ( lastChunk )
@ -226,11 +226,11 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
memset(candidates, 0, sizeof(candidates));
memset(keyBlock, 0, sizeof(keyBlock));
// Generate all possible keys for the first two unknown bytes.
for (uint16_t i = 0; i < 0xFFFF; ++i) {
uint32_t j = i * 6;
candidates[0 + j] = i >> 8;
for (uint16_t i = 0; i < 0xFFFF; ++i) {
uint32_t j = i * 6;
candidates[0 + j] = i >> 8;
candidates[1 + j] = i;
candidates[2 + j] = key[2];
candidates[3 + j] = key[3];
@ -241,7 +241,7 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
for ( i = 0, counter = 1; i < CANDIDATE_SIZE; i += KEYBLOCK_SIZE, ++counter){
key64 = 0;
// copy candidatekeys to test key block
memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE);
@ -251,8 +251,8 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
found = true;
break;
}
// progress
// progress
if ( counter % 20 == 0 )
PrintAndLogEx(SUCCESS, "tried : %s.. \t %u keys", sprint_hex(candidates + i, 6), counter * KEYS_IN_BLOCK );
}
@ -270,20 +270,20 @@ int Compare16Bits(const void * a, const void * b) {
void
#ifdef __has_attribute
#if __has_attribute(force_align_arg_pointer)
__attribute__((force_align_arg_pointer))
__attribute__((force_align_arg_pointer))
#endif
#endif
*nested_worker_thread(void *arg) {
struct Crypto1State *p1;
StateList_t *statelist = arg;
statelist->head.slhead = lfsr_recovery32(statelist->ks1, statelist->nt ^ statelist->uid);
statelist->head.slhead = lfsr_recovery32(statelist->ks1, statelist->nt ^ statelist->uid);
for (p1 = statelist->head.slhead; *(uint64_t *)p1 != 0; p1++) {};
statelist->len = p1 - statelist->head.slhead;
statelist->tail.sltail = --p1;
qsort(statelist->head.slhead, statelist->len, sizeof(uint64_t), Compare16Bits);
return statelist->head.slhead;
}
@ -293,7 +293,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
UsbCommand resp;
StateList_t statelists[2];
struct Crypto1State *p1, *p2, *p3, *p4;
UsbCommand c = {CMD_MIFARE_NESTED, {blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, calibrate}};
memcpy(c.d.asBytes, key, 6);
clearCommandBuffer();
@ -302,9 +302,9 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
// error during nested
if (resp.arg[0]) return resp.arg[0];
memcpy(&uid, resp.d.asBytes, 4);
for (i = 0; i < 2; i++) {
statelists[i].blockNo = resp.arg[2] & 0xff;
statelists[i].keyType = (resp.arg[2] >> 8) & 0xff;
@ -312,10 +312,10 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
memcpy(&statelists[i].nt, (void *)(resp.d.asBytes + 4 + i * 8 + 0), 4);
memcpy(&statelists[i].ks1, (void *)(resp.d.asBytes + 4 + i * 8 + 4), 4);
}
// calc keys
// calc keys
pthread_t thread_id[2];
// create and run worker threads
for (i = 0; i < 2; i++)
pthread_create(thread_id + i, NULL, nested_worker_thread, &statelists[i]);
@ -327,12 +327,12 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
// the first 16 Bits of the cryptostate already contain part of our key.
// Create the intersection of the two lists based on these 16 Bits and
// roll back the cryptostate
p1 = p3 = statelists[0].head.slhead;
p1 = p3 = statelists[0].head.slhead;
p2 = p4 = statelists[1].head.slhead;
while (p1 <= statelists[0].tail.sltail && p2 <= statelists[1].tail.sltail) {
if (Compare16Bits(p1, p2) == 0) {
struct Crypto1State savestate, *savep = &savestate;
savestate = *p1;
while(Compare16Bits(p1, savep) == 0 && p1 <= statelists[0].tail.sltail) {
@ -381,15 +381,15 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
uint8_t keyBlock[USB_CMD_DATA_SIZE] = {0x00};
for (int i = 0; i < keycnt; i += max_keys) {
int size = keycnt - i > max_keys ? max_keys : keycnt - i;
for (int j = 0; j < size; j++) {
crypto1_get_lfsr(statelists[0].head.slhead + i, &key64);
num_to_bytes(key64, 6, keyBlock + i * 6);
}
if (!mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, false, size, keyBlock, &key64)) {
if (!mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, false, size, keyBlock, &key64)) {
free(statelists[0].head.slhead);
free(statelists[1].head.slhead);
num_to_bytes(key64, 6, resultKey);
@ -400,14 +400,14 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
key64
);
return -5;
}
}
}
out:
PrintAndLogEx(SUCCESS, "target block:%3u key type: %c",
(uint16_t)resp.arg[2] & 0xff,
(resp.arg[2] >> 8) ? 'B' : 'A'
);
);
free(statelists[0].head.slhead);
free(statelists[1].head.slhead);
@ -416,7 +416,7 @@ out:
// MIFARE
int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data) {
UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};
memcpy(c.d.asBytes, key, 6);
clearCommandBuffer();
@ -436,7 +436,7 @@ int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data)
PrintAndLogEx(ERR, "Command execute timeout");
return 2;
}
return 0;
}
@ -457,7 +457,7 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
int mfEmlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth) {
UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, blockBtWidth}};
memcpy(c.d.asBytes, data, blocksCount * blockBtWidth);
memcpy(c.d.asBytes, data, blocksCount * blockBtWidth);
clearCommandBuffer();
SendCommand(&c);
return 0;
@ -473,27 +473,27 @@ int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, uint8_
int old = mfCGetBlock(0, block0, params);
if (old == 0)
PrintAndLogEx(SUCCESS, "old block 0: %s", sprint_hex(block0, sizeof(block0)));
else
PrintAndLogEx(FAILED, "couldn't get old data. Will write over the last bytes of Block 0.");
else
PrintAndLogEx(FAILED, "couldn't get old data. Will write over the last bytes of Block 0.");
// fill in the new values
// UID
memcpy(block0, uid, 4);
memcpy(block0, uid, 4);
// Mifare UID BCC
block0[4] = block0[0] ^ block0[1] ^ block0[2] ^ block0[3];
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
if ( sak != NULL )
block0[5] = sak[0];
if ( atqa != NULL ) {
block0[6] = atqa[1];
block0[7] = atqa[0];
}
PrintAndLogEx(SUCCESS, "new block 0: %s", sprint_hex(block0,16));
if ( wipecard ) params |= MAGIC_WIPE;
if ( wipecard ) params |= MAGIC_WIPE;
if ( oldUID == NULL) params |= MAGIC_UID;
return mfCSetBlock(0, block0, oldUID, params);
}
@ -501,15 +501,15 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, uint8_t params) {
uint8_t isOK = 0;
UsbCommand c = {CMD_MIFARE_CSETBLOCK, {params, blockNo, 0}};
memcpy(c.d.asBytes, data, 16);
memcpy(c.d.asBytes, data, 16);
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
isOK = resp.arg[0] & 0xff;
if (uid != NULL)
if (uid != NULL)
memcpy(uid, resp.d.asBytes, 4);
if (!isOK)
if (!isOK)
return 2;
} else {
PrintAndLogEx(WARNING, "command execute timeout");
@ -520,14 +520,14 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, uint8_t params) {
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {
uint8_t isOK = 0;
UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, blockNo, 0}};
UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, blockNo, 0}};
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
isOK = resp.arg[0] & 0xff;
if (!isOK)
return 2;
if (!isOK)
return 2;
memcpy(data, resp.d.asBytes, 16);
} else {
PrintAndLogEx(WARNING, "command execute timeout");
@ -567,7 +567,7 @@ int isTraceCardEmpty(void) {
}
int isBlockEmpty(int blockN) {
for (int i = 0; i < 16; i++)
for (int i = 0; i < 16; i++)
if (traceCard[blockN * 16 + i] != 0) return 0;
return 1;
@ -583,10 +583,10 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
uint8_t buf8[64] = {0x00};
int i, blockNum;
uint32_t tmp;
if (!isTraceCardEmpty())
if (!isTraceCardEmpty())
saveTraceCard();
memset(traceCard, 0x00, 4096);
memcpy(traceCard, tuid, uidlen);
@ -594,11 +594,11 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
f = fopen(traceFileName, "r");
if (!f) return 1;
blockNum = 0;
while (!feof(f)){
memset(buf, 0, sizeof(buf));
if (fgets(buf, sizeof(buf), f) == NULL) {
PrintAndLogEx(FAILED, "No trace file found or reading error.");
@ -632,19 +632,19 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
}
int saveTraceCard(void) {
if ((!strlen(traceFileName)) || (isTraceCardEmpty())) return 0;
FILE * f;
f = fopen(traceFileName, "w+");
if ( !f ) return 1;
// given 4096 tracecard size, these loop will only match a 1024, 1kb card memory
// 4086/16 == 256blocks.
// 4086/16 == 256blocks.
for (uint16_t i = 0; i < 256; i++) { // blocks
for (uint8_t j = 0; j < 16; j++) // bytes
fprintf(f, "%02X", *(traceCard + i * 16 + j));
fprintf(f, "%02X", *(traceCard + i * 16 + j));
// no extra line in the end
if ( i < 255 )
fprintf(f, "\n");
@ -656,14 +656,14 @@ int saveTraceCard(void) {
//
int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {
if (traceCrypto1)
if (traceCrypto1)
crypto1_destroy(traceCrypto1);
traceCrypto1 = NULL;
if (wantSaveToEmlFile)
if (wantSaveToEmlFile)
loadTraceCard(tuid, uidlen);
traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];
traceCard[5] = sak;
memcpy(&traceCard[6], atqa, 2);
@ -676,16 +676,16 @@ int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted){
uint8_t bt = 0;
int i;
if (len != 1) {
for (i = 0; i < len; i++)
data[i] = crypto1_byte(pcs, 0x00, isEncrypted) ^ data[i];
} else {
bt = 0;
bt = 0;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 0)) << 0;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 1)) << 1;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 2)) << 2;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 3)) << 3;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 3)) << 3;
data[0] = bt;
}
}
@ -699,28 +699,28 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
traceState = TRACE_ERROR;
return 1;
}
uint8_t data[255];
memset(data, 0x00, sizeof(data));
memcpy(data, data_src, len);
if ((traceCrypto1) && ((traceState == TRACE_IDLE) || (traceState > TRACE_AUTH_OK))) {
mf_crypto1_decrypt(traceCrypto1, data, len, 0);
PrintAndLogEx(NORMAL, "DEC| %s", sprint_hex(data, len));
AddLogHex(logHexFileName, "DEC| ", data, len);
AddLogHex(logHexFileName, "DEC| ", data, len);
}
switch (traceState) {
case TRACE_IDLE:
case TRACE_IDLE:
// check packet crc16!
if ((len >= 4) && (!check_crc(CRC_14443_A, data, len))) {
PrintAndLogEx(NORMAL, "DEC| CRC ERROR!!!");
AddLogLine(logHexFileName, "DEC| ", "CRC ERROR!!!");
AddLogLine(logHexFileName, "DEC| ", "CRC ERROR!!!");
traceState = TRACE_ERROR; // do not decrypt the next commands
return 1;
}
// AUTHENTICATION
if ((len == 4) && ((data[0] == MIFARE_AUTH_KEYA) || (data[0] == MIFARE_AUTH_KEYB))) {
traceState = TRACE_AUTH1;
@ -750,7 +750,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
}
return 0;
case TRACE_READ_DATA:
case TRACE_READ_DATA:
if (len == 18) {
traceState = TRACE_IDLE;
@ -766,7 +766,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 1;
}
break;
case TRACE_WRITE_OK:
case TRACE_WRITE_OK:
if ((len == 1) && (data[0] == 0x0a)) {
traceState = TRACE_WRITE_DATA;
return 0;
@ -775,7 +775,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 1;
}
break;
case TRACE_WRITE_DATA:
case TRACE_WRITE_DATA:
if (len == 18) {
traceState = TRACE_IDLE;
memcpy(traceCard + traceCurBlock * 16, data, 16);
@ -786,7 +786,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 1;
}
break;
case TRACE_AUTH1:
case TRACE_AUTH1:
if (len == 4) {
traceState = TRACE_AUTH2;
nt = bytes_to_num(data, 4);
@ -796,7 +796,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 1;
}
break;
case TRACE_AUTH2:
case TRACE_AUTH2:
if (len == 8) {
traceState = TRACE_AUTH_OK;
nr_enc = bytes_to_num(data, 4);
@ -807,11 +807,11 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 1;
}
break;
case TRACE_AUTH_OK:
case TRACE_AUTH_OK:
if (len == 4) {
traceState = TRACE_IDLE;
at_enc = bytes_to_num(data, 4);
// mfkey64 recover key.
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
@ -822,37 +822,37 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
lfsr_rollback_word(revstate, cuid ^ nt, 0);
crypto1_get_lfsr(revstate, &key);
PrintAndLogEx(SUCCESS, "found Key: [%012" PRIx64 "]", key);
//if ( tryMfk64(cuid, nt, nr_enc, ar_enc, at_enc, &key) )
AddLogUint64(logHexFileName, "Found Key: ", key);
AddLogUint64(logHexFileName, "Found Key: ", key);
int blockShift = ((traceCurBlock & 0xFC) + 3) * 16;
if (isBlockEmpty((traceCurBlock & 0xFC) + 3))
if (isBlockEmpty((traceCurBlock & 0xFC) + 3))
memcpy(traceCard + blockShift + 6, trailerAccessBytes, 4);
// keytype A/B
if (traceCurKey)
num_to_bytes(key, 6, traceCard + blockShift + 10);
else
num_to_bytes(key, 6, traceCard + blockShift);
if (wantSaveToEmlFile)
saveTraceCard();
if (traceCrypto1)
crypto1_destroy(traceCrypto1);
// set cryptosystem state
traceCrypto1 = lfsr_recovery64(ks2, ks3);
traceCrypto1 = lfsr_recovery64(ks2, ks3);
} else {
PrintAndLogEx(NORMAL, "[!] nested key recovery not implemented!\n");
at_enc = bytes_to_num(data, 4);
crypto1_destroy(traceCrypto1);
crypto1_destroy(traceCrypto1);
traceState = TRACE_ERROR;
}
break;
default:
default:
traceState = TRACE_ERROR;
return 1;
}
@ -871,30 +871,30 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
return 0;
}
/* Detect Tag Prng,
/* Detect Tag Prng,
* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce.
* the tag nonce is check to see if it has a predictable PRNG.
* @returns
* @returns
* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
*/
int detect_classic_prng(void){
UsbCommand resp, respA;
UsbCommand resp, respA;
uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00};
uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_RATS;
UsbCommand c = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}};
memcpy(c.d.asBytes, cmd, sizeof(cmd));
clearCommandBuffer();
SendCommand(&c);
SendCommand(&c);
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
PrintAndLogEx(WARNING, "PRNG UID: Reply timeout.");
return -1;
}
// if select tag failed.
if ( resp.arg[0] == 0 ) {
PrintAndLogEx(WARNING, "error: selecting tag failed, can't detect prng\n");
@ -909,12 +909,12 @@ int detect_classic_prng(void){
if (respA.arg[0] != 4) {
PrintAndLogEx(WARNING, "PRNG data error: Wrong length: %d", respA.arg[0]);
return -4;
}
}
uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);
return validate_prng_nonce(nonce);
}
/* Detect Mifare Classic NACK bug
/* Detect Mifare Classic NACK bug
returns:
0 = error during test / aborted
@ -923,25 +923,25 @@ returns:
3 = always leak nacks (clones)
*/
int detect_classic_nackbug(bool verbose){
UsbCommand c = {CMD_MIFARE_NACK_DETECT, {0, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if ( verbose )
PrintAndLogEx(SUCCESS, "press pm3-button on the proxmark3 device to abort both proxmark3 and client.\n");
// for nice animation
// for nice animation
bool term = !isatty(STDIN_FILENO);
#if defined(__linux__) || (__APPLE__)
char star[] = {'-', '\\', '|', '/'};
uint8_t staridx = 0;
#endif
uint8_t staridx = 0;
#endif
while (true) {
if (term) {
if (term) {
printf(".");
} else {
printf(
@ -958,21 +958,21 @@ int detect_classic_nackbug(bool verbose){
return -1;
break;
}
if (WaitForResponseTimeout(CMD_ACK, &resp, 500)) {
int32_t ok = resp.arg[0];
uint32_t nacks = resp.arg[1];
uint32_t auths = resp.arg[2];
PrintAndLogEx(NORMAL, "");
if ( verbose ) {
PrintAndLogEx(SUCCESS, "num of auth requests : %u", auths);
PrintAndLogEx(SUCCESS, "num of received NACK : %u", nacks);
}
switch( ok ) {
case 99 : PrintAndLogEx(WARNING, "button pressed. Aborted."); return 0;
case 96 :
case 98 : {
case 96 :
case 98 : {
if (verbose)
PrintAndLogEx(FAILED, "card random number generator is not predictable.");
PrintAndLogEx(WARNING, "detection failed");
@ -981,10 +981,10 @@ int detect_classic_nackbug(bool verbose){
case 97 : {
if (verbose) {
PrintAndLogEx(FAILED, "card random number generator seems to be based on the well-known generating polynomial");
PrintAndLogEx(NORMAL, "[- ]with 16 effective bits only, but shows unexpected behavior, try again.");
PrintAndLogEx(NORMAL, "[- ]with 16 effective bits only, but shows unexpected behavior, try again.");
}
return 2;
}
}
case 2 : PrintAndLogEx(SUCCESS, _GREEN_(always leak NACK detected)); return 3;
case 1 : PrintAndLogEx(SUCCESS, _GREEN_(NACK bug detected)); return 1;
case 0 : PrintAndLogEx(SUCCESS, "No NACK bug detected"); return 2;
@ -992,12 +992,12 @@ int detect_classic_nackbug(bool verbose){
}
break;
}
}
}
return 0;
}
/* try to see if card responses to "chinese magic backdoor" commands. */
void detect_classic_magic(void) {
uint8_t isGeneration = 0;
UsbCommand resp;
UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}};
@ -1005,11 +1005,11 @@ void detect_classic_magic(void) {
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500))
isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLogEx(SUCCESS, "Answers to magic commands (GEN 1a): " _GREEN_(YES)); break;
case 2: PrintAndLogEx(SUCCESS, "Answers to magic commands (GEN 1b): " _GREEN_(YES)); break;
//case 4: PrintAndLogEx(SUCCESS, "Answers to magic commands (GEN 2): " _GREEN_(YES)); break;
default: PrintAndLogEx(INFO, "Answers to magic commands: " _YELLOW_(NO)); break;
}
}
}