From 810a89c4df8098b58d24ae29b94b866fc38ca8c3 Mon Sep 17 00:00:00 2001 From: Jin Jia Date: Wed, 4 Jan 2023 07:11:48 +0000 Subject: [PATCH] Added Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 --- armsrc/mifaresim.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index c2f81df21..ad975381b 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -46,6 +46,15 @@ #include "dbprint.h" #include "ticks.h" +static bool IsKeyBReadable(uint8_t blockNo) { + uint8_t sector_trailer[16]; + emlGetMem(sector_trailer, SectorTrailer(blockNo), 1); + uint8_t AC = ((sector_trailer[7] >> 5) & 0x04) + | ((sector_trailer[8] >> 2) & 0x02) + | ((sector_trailer[8] >> 7) & 0x01); + return (AC == 0x00 || AC == 0x01 || AC == 0x02); +} + static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { uint8_t sector_trailer[16]; emlGetMem(sector_trailer, blockNo, 1); @@ -881,6 +890,17 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 Dbprintf("[MFEMUL_WORK] Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], cardAUTHSC); break; } + + // Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 + // If access bits show that key B is Readable, any subsequent memory access will be refused. + if (cardAUTHKEY == keyB && IsKeyBReadable(blockNo)) { + EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); + FpgaDisableTracing(); + + if (g_dbglevel >= DBG_ERROR) + Dbprintf("[MFEMUL_WORK] Access denied: Reader tried to access memory on authentication with key B while key B is readable in sector (0x%02x)", cardAUTHSC); + break; + } } // case MFEMUL_WORK => CMD READ block