added a check for static encrypted nonces when collecting encrypted nonces for hardnested to run. Will abort the collection if detected.

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Changed `hf mf hardnested` - a detection for static encrypted nonces (@iceman1001)
  - Added requirements.txt file to tools folder. Minimum to run pm3_tests.sh (@iceman1001)
  - Changed `hf mf hardnested` - now can detect and use MFC EV1 signature sector key (@iceman1001)
  - Changed `hf mf autopwn` - now can detect and use MFC EV1 signature sector key (@iceman1001)

armsrc/mifarecmd.c

@@ -775,7 +775,7 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t flags) {
 
         if (!have_uid) { // need a full select cycle to get the uid first
             iso14a_card_select_t card_info;
-            if (!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {
+            if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) {
                 if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (ALL)");
                 continue;
             }
@@ -794,7 +794,7 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t flags) {
             }
             have_uid = true;
         } else { // no need for anticollision. We can directly select the card
-            if (!iso14443a_fast_select_card(uid, cascade_levels)) {
+            if (iso14443a_fast_select_card(uid, cascade_levels) == 0) {
                 if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (UID)");
                 continue;
             }
@@ -878,6 +878,9 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
 
     LED_C_ON();
 
+    uint8_t prev_enc_nt[] = {0,0,0,0};
+    uint8_t prev_counter = 0;
+
     for (uint16_t i = 0; i <= PM3_CMD_DATA_SIZE - 9;) {
 
         // Test if the action was cancelled
@@ -944,6 +947,22 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
             memcpy(buf + i + 8, &nt_par_enc, 1);
             i += 9;
         }
+
+
+        if (prev_enc_nt[0] == receivedAnswer[0] &&
+            prev_enc_nt[1] == receivedAnswer[1] &&
+            prev_enc_nt[2] == receivedAnswer[2] &&
+            prev_enc_nt[3] == receivedAnswer[3]
+        ) {
+            prev_counter++;
+        }
+        memcpy(prev_enc_nt, receivedAnswer, 4);
+        if (prev_counter == 5) {
+            if (g_dbglevel >= DBG_EXTENDED) DbpString("Static encrypted nonce detected, exiting...");
+            isOK = PM3_ESTATIC_NONCE;
+            break;
+        }
+
     }
 
     LED_C_OFF();
@@ -952,7 +971,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
     reply_old(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf));
     LED_B_OFF();
 
-    if (g_dbglevel >= 3) DbpString("AcquireEncryptedNonces finished");
+    if (g_dbglevel >= DBG_ERROR) DbpString("AcquireEncryptedNonces finished");
 
     if (field_off) {
         FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@@ -1030,7 +1049,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
                 continue;
             }
 
-            if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
+            if (iso14443a_select_card(uid, NULL, &cuid, true, 0, true) == 0) {
                 if (g_dbglevel >= DBG_INFO) Dbprintf("Nested: Can't select card");
                 rtr--;
                 continue;

client/src/cmdhfmf.c

@@ -2054,6 +2054,9 @@ static int CmdHF14AMfNestedHard(const char *Cmd) {
             case PM3_EOPABORTED:
                 PrintAndLogEx(WARNING, "Button pressed. Aborted.\n");
                 break;
+            case PM3_ESTATIC_NONCE:
+                PrintAndLogEx(ERR, "Error: Static encrypted nonce detected. Aborted.\n");
+                break;
             default :
                 break;
         }
@@ -2744,6 +2747,10 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack
                                     PrintAndLogEx(NORMAL, "\nButton pressed, user aborted");
                                     break;
                                 }
+                                case PM3_ESTATIC_NONCE: {
+                                    PrintAndLogEx(ERR, "\nError: Static encrypted nonce detected. Aborted.\n");
+                                    break;
+                                }
                                 default: {
                                     break;
                                 }

client/src/mifare/mifarehost.c

@@ -437,7 +437,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
     clearCommandBuffer();
     SendCommandNG(CMD_HF_MIFARE_NESTED, (uint8_t *)&payload, sizeof(payload));
 
-    if (!WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 2000)) {
+    if (WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 2000) == false) {
         SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
         return PM3_ETIMEOUT;
     }

include/pm3_cmd.h

@@ -773,11 +773,15 @@ typedef struct {
 // Got bad CRC                          client/pm3: error in transfer of data,  crc mismatch.
 #define PM3_ECRC              -24
 
+// STATIC Nonce detect                  pm3:  when collecting nonces for hardnested
+#define PM3_ESTATIC_NONCE     -25
+
 // No data                              pm3:        no data available, no host frame available (not really an error)
 #define PM3_ENODATA           -98
 // Quit program                         client:     reserved, order to quit the program
 #define PM3_EFATAL            -99
 
+
 // LF
 #define LF_FREQ2DIV(f) ((int)(((12000.0 + (f)/2.0)/(f))-1))
 #define LF_DIVISOR_125 LF_FREQ2DIV(125)