diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 26fffaf42..32aa03c73 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1858,7 +1858,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { i2 ? 'B' : 'A', tmp_key[0], tmp_key[1], tmp_key[2], tmp_key[3], tmp_key[4], tmp_key[5]); - // Store vaild credentials for the nested / hardnested attack if none exist + // Store valid credentials for the nested / hardnested attack if none exist if (know_target_key == false) { num_to_bytes(e_sector[i].Key[i2], 6, key); know_target_key = true; @@ -1901,9 +1901,9 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { break; } num_to_bytes(key64, 6, key); - // Check if the darkside key is vaild + // Check if the darkside key is valid if (mfCheckKeys(FirstBlockOfSector(blockNo), keyType, true, 1, key, &key64) != PM3_SUCCESS) { - PrintAndLogEx(FAILED, "The key generated by the darkside attack is not vaild!" + PrintAndLogEx(FAILED, "The key generated by the darkside attack is not valid!" _RED_("%3d") " key type:"_RED_("%c") " key: " _RED_("0x%02x%02x%02x%02x%02x%02x"), blockNo, keyType ? 'B' : 'A', @@ -1924,6 +1924,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { free(keyBlock); // Clear the needed variables num_to_bytes(0, 6, tmp_key); + bool nested_failed = false; // Iterate over each sector and key(A/B) for (current_sector_i=0; current_sector_i < sectors_cnt; current_sector_i++) { @@ -1958,7 +1959,9 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // Use the nested / hardnested attack if (e_sector[current_sector_i].foundKey[current_key_type_i] == 0) { - if (prng_type) { + if (prng_type && (! nested_failed)) { + uint8_t retries = 0; +tryNested: PrintAndLogEx(INFO, "[ NESTED ] Sector no:%3d, target key type:%c", current_sector_i, current_key_type_i ? 'B' : 'A'); @@ -1982,8 +1985,15 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { break; case -4 : //key not found calibrate = false; - PrintAndLogEx(FAILED, "Nested attack failed --> try hardnested instead!"); - goto tryHardnested; + // this can happen on some old cards, it's worth trying some more before switching to slower hardnested + if (retries++ < MIFARE_SECTOR_RETRY) { + PrintAndLogEx(FAILED, "Nested attack failed, trying again (%i/%i)", retries, MIFARE_SECTOR_RETRY); + goto tryNested; + } else { + PrintAndLogEx(FAILED, "Nested attack failed, moving to hardnested"); + nested_failed = true; + goto tryHardnested; + } break; case -5 : calibrate = false; @@ -1997,7 +2007,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { break; } } else { - tryHardnested: // If the nested attack failes then we try the hardnested attack +tryHardnested: // If the nested attack fails then we try the hardnested attack PrintAndLogEx(INFO, "[ HARDNESTED ] Sector no:%3d, target key type:%c, Slow: %s", current_sector_i, current_key_type_i ? 'B' : 'A', @@ -2061,7 +2071,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { PrintAndLogEx(INFO, "Dumping the keys:"); createMfcKeyDump(sectors_cnt, e_sector, GenerateFilename("hf-mf-", "-key.bin")); - PrintAndLogEx(SUCCESS, "Transfering the found keys to the simulator memory (Cmd Error: 04 can occour, but this shouldn't be a problem)"); + PrintAndLogEx(SUCCESS, "Transferring the found keys to the simulator memory (Cmd Error: 04 can occur, but this shouldn't be a problem)"); for (current_sector_i=0; current_sector_i < sectors_cnt; current_sector_i++) { mfEmlGetMem(block, current_sector_i, 1); if (e_sector[current_sector_i].foundKey[0])