support parity attack for any block

2025-08-24 06:55:27 -07:00 · 2016-04-21 15:44:24 +08:00 · 2016-04-21 15:44:24 +08:00 · fef3990444
commit fef3990444
parent b324b02f88
4 changed files with 24 additions and 5 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -1110,7 +1110,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 			
 		case CMD_READER_MIFARE:
-			ReaderMifare(c->arg[0]);
+			ReaderMifare(c->arg[0], c->arg[1], c->arg[2]);
 			break;
 		case CMD_MIFARE_READBL:
 			MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -113,7 +113,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
 void EPA_PACE_Replay(UsbCommand *c);

 // mifarecmd.h
-void ReaderMifare(bool first_try);
+void ReaderMifare(bool first_try, uint8_t blockNo, uint8_t keyType);
 int32_t dist_nt(uint32_t nt1, uint32_t nt2);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -2022,16 +2022,18 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
 // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
 // (article by Nicolas T. Courtois, 2009)
 //-----------------------------------------------------------------------------
-void ReaderMifare(bool first_try)
+void ReaderMifare(bool first_try, uint8_t blockNo, uint8_t keyType)
 {
 	// Mifare AUTH
-	uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
+	uint8_t mf_auth[]    = { 0x60 + (keyType & 0x01), blockNo ,0x00,0x00 };
 	uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 	static uint8_t mf_nr_ar3;

 	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
 	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];

+	AppendCrc14443a(mf_auth, 2);
+
 	if (first_try) { 
 		iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 	}
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -19,7 +19,24 @@ int CmdHF14AMifare(const char *Cmd)
 	uint64_t par_list = 0, ks_list = 0, r_key = 0;
 	int16_t isOK = 0;

-	UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};
+	uint8_t blockNo = 0, keyType = 0;
+	char cmdp	= 0x00;
+
+	if (strlen(Cmd)<3) {
+		PrintAndLog("Usage:  hf mf mifare <block number> <key A/B>");
+		PrintAndLog("        sample: hf mf mi 0 A");
+		return 0;
+	}	
+
+	blockNo = param_get8(Cmd, 0);
+	cmdp = param_getchar(Cmd, 1);
+	if (cmdp == 0x00) {
+		PrintAndLog("Key type must be A or B");
+		return 1;
+	}
+	if (cmdp != 'A' && cmdp != 'a') keyType = 1;
+
+	UsbCommand c = {CMD_READER_MIFARE, {true, blockNo, keyType}};

 	// message
 	printf("-------------------------------------------------------------------------\n");