From fdf1566c23a96f6cd870ab6181923ce179a19741 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 30 Oct 2017 12:01:34 +0100 Subject: [PATCH] FIX: 'hf 14a reader' - detection of magic refactored, all test now assumes turn on/off readerfield. --- client/cmdhf14a.c | 31 +++++-------------------------- client/mifarehost.c | 26 +++++++++++++++++++++----- client/mifarehost.h | 4 +++- 3 files changed, 29 insertions(+), 32 deletions(-) diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 85ed8302a..ab7f9517d 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -169,14 +169,13 @@ int CmdHF14AList(const char *Cmd) { int CmdHF14AReader(const char *Cmd) { bool silent = (Cmd[0] == 's' || Cmd[0] == 'S'); - UsbCommand cDisconnect = {CMD_READER_ISO_14443a, {0,0,0}}; UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; clearCommandBuffer(); SendCommand(&c); UsbCommand resp; if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { if (!silent) PrintAndLog("iso14443a card select failed"); - SendCommand(&cDisconnect); + ul_switch_off_field(); return 0; } @@ -193,14 +192,14 @@ int CmdHF14AReader(const char *Cmd) { if (select_status == 0) { if (!silent) PrintAndLog("iso14443a card select failed"); - SendCommand(&cDisconnect); + ul_switch_off_field(); return 0; } if (select_status == 3) { PrintAndLog("Card doesn't support standard iso14443-3 anticollision"); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); - SendCommand(&cDisconnect); + ul_switch_off_field(); return 0; } @@ -383,28 +382,8 @@ int CmdHF14AReader(const char *Cmd) { } else { PrintAndLog("proprietary non iso14443-4 card found, RATS not supported"); } - - // try to see if card responses to "chinese magic backdoor" commands. - uint8_t isGeneration = 0; - clearCommandBuffer(); - c.cmd = CMD_MIFARE_CIDENT; - c.arg[0] = 0; - c.arg[1] = 0; - c.arg[2] = 0; - SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) - isGeneration = resp.arg[0] & 0xff; - - switch( isGeneration ){ - case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break; - case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break; - //case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break; - default: PrintAndLog("Answers to magic commands: NO"); break; - } - - // disconnect - //SendCommand(&cDisconnect); + detect_classic_magic(); if (isMifareClassic) { if ( detect_classic_prng() ) @@ -706,7 +685,7 @@ int CmdHF14ACmdRaw(const char *cmd) { // Max buffer is USB_CMD_DATA_SIZE datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen; - c.arg[1] = (datalen & 0xFFFF) | (uint32_t)(numbits << 16); + c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)(numbits << 16)); memcpy(c.d.asBytes, data, datalen); clearCommandBuffer(); diff --git a/client/mifarehost.c b/client/mifarehost.c index 319f62edd..fab67793e 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -826,7 +826,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, * TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack) * FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key) */ -bool detect_classic_prng(){ +bool detect_classic_prng(void){ UsbCommand resp, respA; uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00}; @@ -849,10 +849,8 @@ bool detect_classic_prng(){ uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); return validate_prng_nonce(nonce); } -/* Detect Mifare Classic NACK bug -* -*/ -bool detect_classic_nackbug(){ +/* Detect Mifare Classic NACK bug */ +bool detect_classic_nackbug(void){ // get nonce? @@ -860,4 +858,22 @@ bool detect_classic_nackbug(){ // fixed nonce, different parity every call return false; +} +/* try to see if card responses to "chinese magic backdoor" commands. */ +void detect_classic_magic(void) { + + uint8_t isGeneration = 0; + UsbCommand resp; + UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}}; + clearCommandBuffer(); + SendCommand(&c); + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) + isGeneration = resp.arg[0] & 0xff; + + switch( isGeneration ){ + case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break; + case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break; + //case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break; + default: PrintAndLog("Answers to magic commands: NO"); break; + } } \ No newline at end of file diff --git a/client/mifarehost.h b/client/mifarehost.h index b7d90f68b..19e963b44 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -94,5 +94,7 @@ extern int loadTraceCard(uint8_t *tuid, uint8_t uidlen); extern int saveTraceCard(void); extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); -extern bool detect_classic_prng(); +extern bool detect_classic_prng(void); +extern bool detect_classic_nackbug(void); +extern void detect_classic_magic(void); #endif \ No newline at end of file