github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #363 from matthiaskonrath/autopwn_read_b_key

Browse source 
Added the autopwn read b key feature
This commit is contained in:
Philippe Teuwen 2019-08-27 21:02:06 +02:00 committed by GitHub
commit df1c58bb9a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

46
client/cmdhfmf.c
View file

@ -1873,7 +1873,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
for (int j = 0; j < 2; j++) { for (int j = 0; j < 2; j++) {
if (e_sector[i].foundKey[j] == 1) { if (e_sector[i].foundKey[j] == 1) {
num_to_bytes(e_sector[i].Key[j], 6, tmp_key); num_to_bytes(e_sector[i].Key[j], 6, tmp_key);
PrintAndLogEx(SUCCESS, "Found valid key: sector:%3d key type:%c key: " _YELLOW_("%s"), PrintAndLogEx(SUCCESS, "Found valid key: sector: %3d key type: %c key: " _YELLOW_("%s"),
i, i,
j ? 'B' : 'A', j ? 'B' : 'A',
sprint_hex(tmp_key, sizeof(tmp_key)) sprint_hex(tmp_key, sizeof(tmp_key))
@ -1983,7 +1983,50 @@ noValidKeyFound:
// Clear the last found key // Clear the last found key
num_to_bytes(0, 6, tmp_key); num_to_bytes(0, 6, tmp_key);
if (current_key_type_i == 1) {
if (e_sector[current_sector_i].foundKey[0] && !e_sector[current_sector_i].foundKey[1]) {
PrintAndLogEx(INFO, "Reading B key: sector: %3d", current_sector_i);
uint8_t sectrail = (FirstBlockOfSector(current_sector_i) + NumBlocksPerSector(current_sector_i) - 1);
mf_readblock_t payload;
payload.blockno = sectrail;
payload.keytype = 0;
num_to_bytes(e_sector[current_sector_i].Key[0], 6, payload.key); // KEY A
clearCommandBuffer();
SendCommandNG(CMD_HF_MIFARE_READBL, (uint8_t *)&payload, sizeof(mf_readblock_t));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500)) goto skipReadBKey;
if (resp.status != PM3_SUCCESS) goto skipReadBKey;
uint8_t *data = resp.data.asBytes;
key64 = bytes_to_num(data + 10, 6);
if (verbose){
num_to_bytes(key64, 6, tmp_key);
PrintAndLogEx(INFO, "Discovered key: sector: %3d key type: %c key: " _YELLOW_("%s"),
current_sector_i,
current_key_type_i ? 'B' : 'A',
sprint_hex(tmp_key, sizeof(tmp_key))
);
}
if (key64) {
e_sector[current_sector_i].foundKey[current_key_type_i] = 7;
e_sector[current_sector_i].Key[current_key_type_i] = key64;
num_to_bytes(key64, 6, tmp_key);
PrintAndLogEx(SUCCESS, "Found valid key: sector: %3d key type: %c key: " _YELLOW_("%s"),
current_sector_i,
current_key_type_i ? 'B' : 'A',
sprint_hex(tmp_key, sizeof(tmp_key))
);
}
}
}
// Use the nested / hardnested attack // Use the nested / hardnested attack
skipReadBKey:
if (e_sector[current_sector_i].foundKey[current_key_type_i] == 0) { if (e_sector[current_sector_i].foundKey[current_key_type_i] == 0) {
if (prng_type && (! nested_failed)) { if (prng_type && (! nested_failed)) {
uint8_t retries = 0; uint8_t retries = 0;
@ -2082,6 +2125,7 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack
PrintAndLogEx(INFO, " 4: Reused"); PrintAndLogEx(INFO, " 4: Reused");
PrintAndLogEx(INFO, " 5: Nested"); PrintAndLogEx(INFO, " 5: Nested");
PrintAndLogEx(INFO, " 6: Hardnested"); PrintAndLogEx(INFO, " 6: Hardnested");
PrintAndLogEx(INFO, " 7: Read B key with A key");
} }
PrintAndLogEx(INFO, "\nSaving keys"); PrintAndLogEx(INFO, "\nSaving keys");