* FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
* FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section not finished
* FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later
+ * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
*@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
* (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
*/
uint8_t mM = 0; //moebius_modifier for collection storage
// Authenticate response - nonce
- uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
+ uint32_t nonce;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ } else {
+ nonce = bytes_to_num(rAUTH_NT, 4);
+ }
//-- Determine the UID
// Can be set from emulator memory, incoming data
LED_C_OFF();
crypto1_destroy(pcs);
cardAUTHKEY = 0xff;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ }
continue;
}
// switch to moebius collection
gettingMoebius = true;
mM = ATTACK_KEY_COUNT;
- nonce = nonce*7;
+ if (flags & FLAG_RANDOM_NONCE) {
+ nonce = prand();
+ } else {
+ nonce = nonce*7;
+ }
break;
}
} else {
projects / proxmark3-svn / blobdiff