fix: 'hf mf hardnested' test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside, a more unified way, so we don't forget to turn of the antenna ...
chg: renamed 'hf iclass snoop' into 'hf iclass sniff' in an attempt to make all sniff/snoop commands only SNIFF
chg: 'standalone' -> starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
ADD: 'hf mfu restore' - added a restore from file command, see helptext for instructions
CHG: some help-text updates and refactored to functions
CHG: 'hf mfu gen' - added the possibility to read uid from card as input
CHG: 'hf mfu dump' - refactored out the dump-printing
FIX: 'hf mf sim x i' - same as above.
In general we only use Moebius attack for "sim x", that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
this version uses int64_t (signed) to signify end-of-lists (-1). It also needs its own compare function for the qsort. I didn't merge this into existing code which uses uint64_t. (too lazy)
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
J_Run's 2nd phase of multiple sector nested authentication key recovery
You have a known 4 last bytes of a key recovered with mf_nonce_brute tool.
First 2 bytes of key will be bruteforced
Usage: hf mf keybrute [h] <block number> <A|B> <key>
options:
h this help
<block number> target block number
<A|B> target key type
<key> candidate key from mf_nonce_brute tool
samples:
hf mf keybrute 1 A 000011223344
FIX: The flushing of logentries.
ADD: "hf mf sniff" - added the sniffing of UID's with a uidlen of 10.
Whats left? The key is not always found even if we use the "mfkey64" approach.
ADD: added the parity_zero attack in "hf mf mifare". Still not working since piwi's changes to the iso14443a.c, maybe needs a param to tell it to collect nonces for this special attack.
CHG: extracted some help-texts into usage_* methods. Changed some text as well
FIX: "hf mf sim" command now uses both mfkey32 and mfkey32_moebius version to find the key in attack mode.
CHG: "hf mf sim" also now defaults to emul_memory to read a 4 byte UID.
