Merge pull request #2636 from piotrva/hf-mf-sim-no-answer-sec-out-of-range

Do not respond to mifare simulation sectors out of bounds
2025-08-20 21:33:47 -07:00 · 2024-11-15 13:20:34 +01:00 · 2024-11-15 13:20:34 +01:00 · cd96bcfa68
commit cd96bcfa68
parent 133fe505f6 a9c10c872e
2 changed files with 24 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

 ## [unreleased][unreleased]
+- Fixed `hf mf sim` not to respond to authentication attempts for sectors out of bound for selected Mifare type (@piotrva)
 - Added option to build against non-default python3 with CMake as well (@doegox)
 - Added option to build against non-default python3 with Makefile (@ANTodorov)
 - Changed `hf 14a info` `hf mf info` - now detects FM1216-137 CPU cards (@iceman1001)
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@ -184,6 +184,20 @@ static bool IsAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) {
    }
 }

+static uint8_t MifareMaxSector(uint16_t flags) {
+    if (IS_FLAG_MF_SIZE(flags, MIFARE_MINI_MAX_BYTES)) {
+        return MIFARE_MINI_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_1K_MAX_BYTES)) {
+        return MIFARE_1K_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_2K_MAX_BYTES)) {
+        return MIFARE_2K_MAXSECTOR;
+    } else if (IS_FLAG_MF_SIZE(flags, MIFARE_4K_MAX_BYTES)) {
+        return MIFARE_4K_MAXSECTOR;
+    } else {
+        return MIFARE_4K_MAXSECTOR;
+    }
+}
+
 static bool MifareSimInit(uint16_t flags, uint8_t *uid, uint16_t atqa, uint8_t sak, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len, uint8_t **rats, uint8_t *rats_len) {

    uint8_t uid_tmp[10] = {0};
@ -464,6 +478,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t

    uint8_t cardWRBL = 0;
    uint8_t cardAUTHSC = 0;
+    uint8_t cardMaxSEC = MifareMaxSector(flags);
    uint8_t cardAUTHKEY = AUTHKEYNONE;  // no authentication
    uint32_t cardRr = 0;
    uint32_t ans = 0;
@ -769,6 +784,14 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t

                    if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] KEY %c: %012" PRIx64, (cardAUTHKEY == 0) ? 'A' : 'B', emlGetKey(cardAUTHSC, cardAUTHKEY));

+                    // sector out of range - do not respond
+                    if (cardAUTHSC >= cardMaxSEC) {
+                        cardAUTHKEY = AUTHKEYNONE; // not authenticated
+                        cardSTATE_TO_IDLE();
+                        if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x)", cardAUTHSC, cardAUTHSC);
+                        break;
+                    }
+
                    // first authentication
                    crypto1_deinit(pcs);