github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-07-06 04:51:36 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #2923 from 0x6r1an0y/main
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Details
MacOS Build and Test / macos-make (push) Waiting to run
Details
MacOS Build and Test / macos-make-btaddon (push) Waiting to run
Details
MacOS Build and Test / macos-cmake (push) Waiting to run
Details
Ubuntu Build and Test / ubuntu-make (push) Waiting to run
Details
Ubuntu Build and Test / ubuntu-make-btaddon (push) Waiting to run
Details
Ubuntu Build and Test / ubuntu-cmake (push) Waiting to run
Details
Windows Build and Test / proxspace (push) Waiting to run
Details
Windows Build and Test / wsl (push) Waiting to run
Details

Browse source 
Fix: magic detection for SAK=0x00 cards by forcing RATS
This commit is contained in:
Iceman 2025-07-03 08:18:31 +02:00 committed by GitHub
commit d39b32997f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

21
armsrc/iso14443a.c
View file

@ -2976,9 +2976,13 @@ static int GetATQA(uint8_t *resp, uint16_t resp_len, uint8_t *resp_par, const is
int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) { int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) {
return iso14443a_select_cardEx(uid_ptr, p_card, cuid_ptr, anticollision, num_cascades, no_rats, NULL); return iso14443a_select_cardEx(uid_ptr, p_card, cuid_ptr, anticollision, num_cascades, no_rats, NULL, false);
}
int iso14443a_select_card_for_magic(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades){
// Bug fix: When SAK is 0x00, `iso14443a_select_cardEx` would return too early at
// line "if (hf14aconfig.forcerats == 0)".`force_rats` is used to force RATS execution and ATS retrieval.
return iso14443a_select_cardEx(uid_ptr, p_card, cuid_ptr, anticollision, num_cascades, false, NULL, true);
} }
// performs iso14443a anticollision (optional) and card select procedure // performs iso14443a anticollision (optional) and card select procedure
// fills the uid and cuid pointer unless NULL // fills the uid and cuid pointer unless NULL
@ -2988,7 +2992,7 @@ int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32
// requests ATS unless no_rats is true // requests ATS unless no_rats is true
int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr,
bool anticollision, uint8_t num_cascades, bool no_rats, bool anticollision, uint8_t num_cascades, bool no_rats,
const iso14a_polling_parameters_t *polling_parameters) { const iso14a_polling_parameters_t *polling_parameters, bool force_rats) {
uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller
@ -3206,18 +3210,18 @@ int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint
p_card->sak = sak; p_card->sak = sak;
} }
if (hf14aconfig.forcerats == 0) { if (hf14aconfig.forcerats == 0 && force_rats == false) {
// PICC compliant with iso14443a-4 ---> (SAK & 0x20 != 0) // PICC compliant with iso14443a-4 ---> (SAK & 0x20 != 0)
if ((sak & 0x20) == 0) { if ((sak & 0x20) == 0) {
return 2; return 2;
} }
} else if (hf14aconfig.forcerats == 2) { } else if (hf14aconfig.forcerats == 2 && force_rats == false) {
if ((sak & 0x20) != 0) Dbprintf("Skipping RATS according to hf 14a config"); if ((sak & 0x20) != 0) Dbprintf("Skipping RATS according to hf 14a config");
return 2; return 2;
} // else force RATS } // else force RATS
if ((sak & 0x20) == 0) Dbprintf("Forcing RATS according to hf 14a config"); if ((sak & 0x20) == 0 && force_rats == false) Dbprintf("Forcing RATS according to hf 14a config");
// RATS, Request for answer to select // RATS, Request for answer to select
if (no_rats == false) { if (no_rats == false) {
@ -3483,7 +3487,8 @@ void ReaderIso14443a(PacketCommandNG *c) {
true, true,
0, 0,
((param & ISO14A_NO_RATS) == ISO14A_NO_RATS), ((param & ISO14A_NO_RATS) == ISO14A_NO_RATS),
((param & ISO14A_USE_CUSTOM_POLLING) == ISO14A_USE_CUSTOM_POLLING) ? (iso14a_polling_parameters_t *)cmd : NULL ((param & ISO14A_USE_CUSTOM_POLLING) == ISO14A_USE_CUSTOM_POLLING) ? (iso14a_polling_parameters_t *)cmd : NULL,
false
); );
// TODO: Improve by adding a cmd parser pointer and moving it by struct length to allow combining data with polling params // TODO: Improve by adding a cmd parser pointer and moving it by struct length to allow combining data with polling params
FpgaDisableTracing(); FpgaDisableTracing();
@ -4501,4 +4506,4 @@ void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *uid,
BigBuf_free_keep_EM(); BigBuf_free_keep_EM();
reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0); reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
} }

3
armsrc/iso14443a.h
View file

@ -168,7 +168,8 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, u
int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats); int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr,
bool anticollision, uint8_t num_cascades, bool no_rats, bool anticollision, uint8_t num_cascades, bool no_rats,
const iso14a_polling_parameters_t *polling_parameters); const iso14a_polling_parameters_t *polling_parameters, bool force_rats);
int iso14443a_select_card_for_magic(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades);
int iso14443a_fast_select_card(const uint8_t *uid_ptr, uint8_t num_cascades); int iso14443a_fast_select_card(const uint8_t *uid_ptr, uint8_t num_cascades);
void iso14a_set_trigger(bool enable); void iso14a_set_trigger(bool enable);

8
armsrc/mifarecmd.c
View file

@ -83,14 +83,14 @@ static bool mifare_wakeup_auth(struct Crypto1State *pcs, MifareWakeupType wakeup
break; break;
} }
case MF_WAKE_WUPA: { case MF_WAKE_WUPA: {
if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &WUPA_POLLING_PARAMETERS) == 0) { if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &WUPA_POLLING_PARAMETERS, false) == 0) {
if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card"); if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card");
return false; return false;
}; };
break; break;
} }
case MF_WAKE_REQA: { case MF_WAKE_REQA: {
if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &REQA_POLLING_PARAMETERS) == 0) { if (iso14443a_select_cardEx(NULL, NULL, &cuid, true, 0, true, &REQA_POLLING_PARAMETERS, false) == 0) {
if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card"); if (g_dbglevel >= DBG_ERROR) Dbprintf("Can't select card");
return false; return false;
}; };
@ -3022,8 +3022,8 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
// reset card // reset card
mf_reset_card(); mf_reset_card();
// Use special magic detection function that always attempts RATS regardless of SAK
res = iso14443a_select_card(uid, card, &cuid, true, 0, false); res = iso14443a_select_card_for_magic(uid, card, &cuid, true, 0);
if (res) { if (res) {
if (cuid == 0xAA55C396) { if (cuid == 0xAA55C396) {
flag |= MAGIC_FLAG_GEN_UNFUSED; flag |= MAGIC_FLAG_GEN_UNFUSED;