github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-16 02:03:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #548 from merlokk/mfsniff_fix

Browse source 
`hf mf sniff` not a small fix
This commit is contained in:
Iceman 2018-01-17 23:16:08 +01:00 committed by GitHub
commit 30bb6d6591
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 186 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

46
client/mifarehost.c
View file

@ -609,7 +609,8 @@ int saveTraceCard(void) {
for (int i = 0; i < 64; i++) { // blocks
for (int j = 0; j < 16; j++) // bytes
fprintf(f, "%02x", *(traceCard + i * 16 + j));
fprintf(f,"\n");
if (i < 63)
fprintf(f,"\n");
}
fclose(f);
return 0;
@ -826,20 +827,30 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
if (len ==4) {
traceState = TRACE_IDLE;
at_enc = bytes_to_num(data, 4);
if (!traceCrypto1) {
at_enc = bytes_to_num(data, 4);
// decode key here)
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
// decode key here)
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
crypto1_get_lfsr(revstate, &lfsr);
printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));
AddLogUint64(logHexFileName, "key> ", lfsr);
crypto1_get_lfsr(revstate, &lfsr);
printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));
AddLogUint64(logHexFileName, "key> ", lfsr);
} else {
printf("key> nested not implemented!\n");
at_enc = bytes_to_num(data, 4);
crypto1_destroy(traceCrypto1);
// not implemented
traceState = TRACE_ERROR;
}
int blockShift = ((traceCurBlock & 0xFC) + 3) * 16;
if (isBlockEmpty((traceCurBlock & 0xFC) + 3)) memcpy(traceCard + blockShift + 6, trailerAccessBytes, 4);
@ -857,15 +868,6 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
// set cryptosystem state
traceCrypto1 = lfsr_recovery64(ks2, ks3);
// nt = crypto1_word(traceCrypto1, nt ^ uid, 1) ^ nt;
/* traceCrypto1 = crypto1_create(lfsr); // key in lfsr
crypto1_word(traceCrypto1, nt ^ uid, 0);
crypto1_word(traceCrypto1, ar, 1);
crypto1_word(traceCrypto1, 0, 0);
crypto1_word(traceCrypto1, 0, 0);*/
return 0;
} else {
traceState = TRACE_ERROR;