github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

added a check for static encrypted nonces when collecting encrypted nonces for hardnested to run. Will abort the collection if detected.

Browse source
This commit is contained in:
iceman1001 2022-11-15 07:07:26 +01:00
commit 6c163fa262
5 changed files with 36 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Changed `hf mf hardnested` - a detection for static encrypted nonces (@iceman1001)
- Added requirements.txt file to tools folder. Minimum to run pm3_tests.sh (@iceman1001) - Added requirements.txt file to tools folder. Minimum to run pm3_tests.sh (@iceman1001)
- Changed `hf mf hardnested` - now can detect and use MFC EV1 signature sector key (@iceman1001) - Changed `hf mf hardnested` - now can detect and use MFC EV1 signature sector key (@iceman1001)
- Changed `hf mf autopwn` - now can detect and use MFC EV1 signature sector key (@iceman1001) - Changed `hf mf autopwn` - now can detect and use MFC EV1 signature sector key (@iceman1001)

27
armsrc/mifarecmd.c
View file

@ -775,7 +775,7 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t flags) {
if (!have_uid) { // need a full select cycle to get the uid first if (!have_uid) { // need a full select cycle to get the uid first
iso14a_card_select_t card_info; iso14a_card_select_t card_info;
if (!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) { if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) {
if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (ALL)"); if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (ALL)");
continue; continue;
} }
@ -794,7 +794,7 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t flags) {
} }
have_uid = true; have_uid = true;
} else { // no need for anticollision. We can directly select the card } else { // no need for anticollision. We can directly select the card
if (!iso14443a_fast_select_card(uid, cascade_levels)) { if (iso14443a_fast_select_card(uid, cascade_levels) == 0) {
if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (UID)"); if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireNonces: Can't select card (UID)");
continue; continue;
} }
@ -878,6 +878,9 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
LED_C_ON(); LED_C_ON();
uint8_t prev_enc_nt[] = {0,0,0,0};
uint8_t prev_counter = 0;
for (uint16_t i = 0; i <= PM3_CMD_DATA_SIZE - 9;) { for (uint16_t i = 0; i <= PM3_CMD_DATA_SIZE - 9;) {
// Test if the action was cancelled // Test if the action was cancelled
@ -944,6 +947,22 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
memcpy(buf + i + 8, &nt_par_enc, 1); memcpy(buf + i + 8, &nt_par_enc, 1);
i += 9; i += 9;
} }
if (prev_enc_nt[0] == receivedAnswer[0] &&
prev_enc_nt[1] == receivedAnswer[1] &&
prev_enc_nt[2] == receivedAnswer[2] &&
prev_enc_nt[3] == receivedAnswer[3]
) {
prev_counter++;
}
memcpy(prev_enc_nt, receivedAnswer, 4);
if (prev_counter == 5) {
if (g_dbglevel >= DBG_EXTENDED) DbpString("Static encrypted nonce detected, exiting...");
isOK = PM3_ESTATIC_NONCE;
break;
}
} }
LED_C_OFF(); LED_C_OFF();
@ -952,7 +971,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
reply_old(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf)); reply_old(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf));
LED_B_OFF(); LED_B_OFF();
if (g_dbglevel >= 3) DbpString("AcquireEncryptedNonces finished"); if (g_dbglevel >= DBG_ERROR) DbpString("AcquireEncryptedNonces finished");
if (field_off) { if (field_off) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1030,7 +1049,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
continue; continue;
} }
if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { if (iso14443a_select_card(uid, NULL, &cuid, true, 0, true) == 0) {
if (g_dbglevel >= DBG_INFO) Dbprintf("Nested: Can't select card"); if (g_dbglevel >= DBG_INFO) Dbprintf("Nested: Can't select card");
rtr--; rtr--;
continue; continue;

7
client/src/cmdhfmf.c
View file

@ -2054,6 +2054,9 @@ static int CmdHF14AMfNestedHard(const char *Cmd) {
case PM3_EOPABORTED: case PM3_EOPABORTED:
PrintAndLogEx(WARNING, "Button pressed. Aborted.\n"); PrintAndLogEx(WARNING, "Button pressed. Aborted.\n");
break; break;
case PM3_ESTATIC_NONCE:
PrintAndLogEx(ERR, "Error: Static encrypted nonce detected. Aborted.\n");
break;
default : default :
break; break;
} }
@ -2744,6 +2747,10 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack
PrintAndLogEx(NORMAL, "\nButton pressed, user aborted"); PrintAndLogEx(NORMAL, "\nButton pressed, user aborted");
break; break;
} }
case PM3_ESTATIC_NONCE: {
PrintAndLogEx(ERR, "\nError: Static encrypted nonce detected. Aborted.\n");
break;
}
default: { default: {
break; break;
} }

2
client/src/mifare/mifarehost.c
View file

@ -437,7 +437,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_MIFARE_NESTED, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_HF_MIFARE_NESTED, (uint8_t *)&payload, sizeof(payload));
if (!WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 2000)) { if (WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 2000) == false) {
SendCommandNG(CMD_BREAK_LOOP, NULL, 0); SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }

4
include/pm3_cmd.h
View file

@ -773,11 +773,15 @@ typedef struct {
// Got bad CRC client/pm3: error in transfer of data, crc mismatch. // Got bad CRC client/pm3: error in transfer of data, crc mismatch.
#define PM3_ECRC -24 #define PM3_ECRC -24
// STATIC Nonce detect pm3: when collecting nonces for hardnested
#define PM3_ESTATIC_NONCE -25
// No data pm3: no data available, no host frame available (not really an error) // No data pm3: no data available, no host frame available (not really an error)
#define PM3_ENODATA -98 #define PM3_ENODATA -98
// Quit program client: reserved, order to quit the program // Quit program client: reserved, order to quit the program
#define PM3_EFATAL -99 #define PM3_EFATAL -99
// LF // LF
#define LF_FREQ2DIV(f) ((int)(((12000.0 + (f)/2.0)/(f))-1)) #define LF_FREQ2DIV(f) ((int)(((12000.0 + (f)/2.0)/(f))-1))
#define LF_DIVISOR_125 LF_FREQ2DIV(125) #define LF_DIVISOR_125 LF_FREQ2DIV(125)