github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-23 22:45:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

nested attack: really testing default/known keys

Browse source 
and restarts nested attack with different found key if not all has been
found, but last round added new ones.
This commit is contained in:
Johannes 2015-09-10 19:31:40 +02:00
commit 0ee816d0d9
1 changed files with 74 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

108
client/cmdhfmf.c
View file

@ -534,8 +534,9 @@ int CmdHF14AMfRestore(const char *Cmd)
int CmdHF14AMfNested(const char *Cmd) int CmdHF14AMfNested(const char *Cmd)
{ {
int i, j, res, iterations; int i, j, res, iterations, NumFound, NumFoundOld;
sector *e_sector = NULL; sector *e_sector = NULL;
bool *triedOnes = NULL;
uint8_t blockNo = 0; uint8_t blockNo = 0;
uint8_t keyType = 0; uint8_t keyType = 0;
uint8_t trgBlockNo = 0; uint8_t trgBlockNo = 0;
@ -655,6 +656,8 @@ int CmdHF14AMfNested(const char *Cmd)
clock_t time1; clock_t time1;
time1 = clock(); time1 = clock();
NumFound = 0; // did not foud a key, yet
triedOnes = calloc(2 * SectorsCnt, sizeof(bool));
e_sector = calloc(SectorsCnt, sizeof(sector)); e_sector = calloc(SectorsCnt, sizeof(sector));
if (e_sector == NULL) return 1; if (e_sector == NULL) return 1;
@ -676,52 +679,89 @@ int CmdHF14AMfNested(const char *Cmd)
PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt); PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);
for (i = 0; i < SectorsCnt; i++) { for (i = 0; i < SectorsCnt; i++) {
PrintAndLog(". test sector: %03d of %03d", i, SectorsCnt);
for (j = 0; j < 2; j++) { for (j = 0; j < 2; j++) {
if (e_sector[i].foundKey[j]) continue; if (e_sector[i].foundKey[j]) continue;
res = mfCheckKeys(FirstBlockOfSector(i), j, true, 6, keyBlock, &key64); // new loop to iterate through the given keys
for (int h = 0; h < sizeof(keyBlock)/6; h++){
res = mfCheckKeys(FirstBlockOfSector(i), j, true, 6, (uint8_t*)(keyBlock + h * 6), &key64);
if (!res) { if (!res) {
e_sector[i].Key[j] = key64; e_sector[i].Key[j] = key64;
e_sector[i].foundKey[j] = 1; e_sector[i].foundKey[j] = 1;
NumFound++; // found a new one
break;
}else if(res == 1){
PrintAndLog("Error: No response from Proxmark.\n");
free(triedOnes);
free(e_sector);
}
} }
} }
} }
// nested sectors // nested sectors
iterations = 0;
PrintAndLog("nested...");
bool calibrate = true;
for (i = 0; i < NESTED_SECTOR_RETRY; i++) {
for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {
for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) {
if (e_sector[sectorNo].foundKey[trgKeyType]) continue;
PrintAndLog("-----------------------------------------------");
int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);
if(isOK) {
switch (isOK) {
case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;
case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;
case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;
default : PrintAndLog("Unknown Error.\n");
}
free(e_sector);
return 2;
} else {
calibrate = false;
}
iterations++;
key64 = bytes_to_num(keyBlock, 6); iterations = 0;
if (key64) { do{
PrintAndLog("Found valid key:%012"llx, key64); NumFoundOld = NumFound;
e_sector[sectorNo].foundKey[trgKeyType] = 1; // find a new sector or key for the sector
e_sector[sectorNo].Key[trgKeyType] = key64; for (i = 0; i < SectorsCnt; i++) {
for (j = 0; j < 2; j++) {
if (e_sector[i].foundKey[j]){
if(!triedOnes[2 * i + j]){
triedOnes[2 * i + j] = true; // try this one
// reset default values
num_to_bytes(e_sector[i].Key[j], 6, key);
keyType = j;
blockNo = FirstBlockOfSector(i);
PrintAndLog("\nTrying block %03d type %01d", blockNo, keyType);
goto start;
}
} }
} }
} }
}
start:
PrintAndLog("# Keys found so far: %03d \n", NumFound);
PrintAndLog("nested...");
bool calibrate = true;
for (i = 0; i < NESTED_SECTOR_RETRY; i++) {
for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {
for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) {
if (e_sector[sectorNo].foundKey[trgKeyType]) continue;
PrintAndLog("-----------------------------------------------");
int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);
if(isOK) {
switch (isOK) {
case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;
case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;
case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;
default : PrintAndLog("Unknown Error.\n");
}
free(triedOnes);
free(e_sector);
return 2;
} else {
calibrate = false;
}
iterations++;
key64 = bytes_to_num(keyBlock, 6);
if (key64) {
PrintAndLog("Found valid key:%012"llx, key64);
e_sector[sectorNo].foundKey[trgKeyType] = 1;
e_sector[sectorNo].Key[trgKeyType] = key64;
NumFound++;
}
}
}
}
}while((NumFound != NumFoundOld) && (NumFound < 2 * SectorsCnt));
free(triedOnes);
printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC); printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);