draft for a Mifare classic NACK bug detection.

the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug. -in short, ref https://github.com/iceman1001/proxmark3/issues/141 NACK bug; when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct. This is a strong oracle which is used in the darkside attack.
2025-08-14 10:37:23 -07:00 · 2017-12-04 19:36:26 +01:00 · 2017-12-04 19:36:26 +01:00 · e02e145fae
commit e02e145fae
parent 07bf77e155
6 changed files with 281 additions and 14 deletions
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -2848,6 +2848,36 @@ int CmdHf14AMfSetMod(const char *Cmd) {
 	return 0;
 }

+// Mifare NACK bug detection
+int CmdHf14AMfNack(const char *Cmd) {
+
+	UsbCommand c = {CMD_MIFARE_NACK_DETECT, {0, 0, 0}};
+	clearCommandBuffer();
+	SendCommand(&c);
+	UsbCommand resp;
+	
+	while (true) {
+		
+		printf(".");
+		fflush(stdout);
+		if (ukbhit()) {
+			int gc = getchar(); (void)gc;
+			return -1;
+			break;
+		}
+	
+		if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
+			uint8_t ok = resp.arg[0] & 0xff;
+			PrintAndLog("isOk:%02x", ok);
+			if (!ok) {
+				PrintAndLog("Failed.");
+			}
+			break;
+		}
+	}
+	return 0;
+}
+
 int CmdHF14AMfice(const char *Cmd) {

 	uint8_t blockNo = 0;
@ -2957,6 +2987,7 @@ static command_t CommandTable[] = {
 	{"decrypt",		CmdHf14AMfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},
 	{"setmod",		CmdHf14AMfSetMod, 		0, "Set MIFARE Classic EV1 load modulation strength"},
 	{"ice",			CmdHF14AMfice,			0, "collect Mifare Classic nonces to file"},
+	{"nack",		CmdHf14AMfNack,			0, "Test for Mifare NACK bug"},
 	{NULL, NULL, 0, NULL}
 };