}\r
\r
void readerAttack(nonces_t ar_resp[], bool setEmulatorMem) {\r
- #define ATTACK_KEY_COUNT 8\r
+ #define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim()\r
uint64_t key = 0;\r
typedef struct {\r
uint64_t keyA;\r
- uint32_t security;\r
uint64_t keyB;\r
} st_t;\r
st_t sector_trailer[ATTACK_KEY_COUNT];\r
\r
for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r
if (ar_resp[i].ar2 > 0) {\r
- //PrintAndLog("Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r
+ //PrintAndLog("DEBUG: Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r
if (mfkey32(ar_resp[i], &key)) {\r
- PrintAndLog("Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
+ PrintAndLog(" Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
\r
for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r
if (key_cnt[ii]==0 || stSector[ii]==ar_resp[i].sector) {\r
if (setEmulatorMem) {\r
for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r
if (key_cnt[i]>0) {\r
- //PrintAndLog ("block %d, keyA:%04x%08x, keyb:%04x%08x",stSector[i]*4+3, (uint32_t) (sector_trailer[i].keyA>>32), (uint32_t) (sector_trailer[i].keyA &0xFFFFFFFF),(uint32_t) (sector_trailer[i].keyB>>32), (uint32_t) (sector_trailer[i].keyB &0xFFFFFFFF));\r
uint8_t memBlock[16];\r
memset(memBlock, 0x00, sizeof(memBlock));\r
char cmd1[36];\r
}\r
\r
int usage_hf14_mf1ksim(void) {\r
- PrintAndLog("Usage: hf mf sim [h] u <uid (8,14 hex symbols)> n <numreads> i x");\r
+ PrintAndLog("Usage: hf mf sim h u <uid (8, 14, or 20 hex symbols)> n <numreads> i x");\r
PrintAndLog("options:");\r
PrintAndLog(" h this help");\r
- PrintAndLog(" u (Optional) UID 4,7 bytes. If not specified, the UID 4b from emulator memory will be used");\r
+ PrintAndLog(" u (Optional) UID 4,7 or 10 bytes. If not specified, the UID 4B from emulator memory will be used");\r
PrintAndLog(" n (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");\r
PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
- PrintAndLog(" e (Optional) set keys found from 'reader attack' to emulator memory");\r
+ PrintAndLog(" e (Optional) set keys found from 'reader attack' to emulator memory (implies x and i)");\r
PrintAndLog(" f (Optional) get UIDs to use for 'reader attack' from file 'f <filename.txt>' (implies x and i)");\r
PrintAndLog("samples:");\r
PrintAndLog(" hf mf sim u 0a0a0a0a");\r
PrintAndLog(" hf mf sim u 11223344556677");\r
- PrintAndLog(" hf mf sim u 112233445566778899AA"); \r
+ PrintAndLog(" hf mf sim u 112233445566778899AA");\r
+ PrintAndLog(" hf mf sim f uids.txt");\r
+ PrintAndLog(" hf mf sim u 0a0a0a0a e");\r
+ \r
return 0;\r
}\r
\r
case 'e':\r
case 'E':\r
setEmulatorMem = true;\r
+ //implies x and i\r
+ flags |= FLAG_INTERACTIVE;\r
+ flags |= FLAG_NR_AR_ATTACK;\r
cmdp++;\r
break;\r
case 'f':\r
return 0;\r
}\r
attackFromFile = true;\r
- cmdp+=2;\r
+ //implies x and i\r
+ flags |= FLAG_INTERACTIVE;\r
+ flags |= FLAG_NR_AR_ATTACK;\r
+ cmdp += 2;\r
break;\r
case 'h':\r
case 'H':\r
case 8: flags = FLAG_4B_UID_IN_DATA; break;\r
default: return usage_hf14_mf1ksim();\r
}\r
- cmdp +=2;\r
+ cmdp += 2;\r
break;\r
case 'x':\r
case 'X':\r
//Validations\r
if(errors) return usage_hf14_mf1ksim();\r
\r
- // attack from file implies nr ar attack and interactive...\r
- if (!(flags & FLAG_NR_AR_ATTACK) && attackFromFile) flags |= FLAG_NR_AR_ATTACK | FLAG_INTERACTIVE;\r
- \r
//get uid from file\r
if (attackFromFile) {\r
int count = 0;\r
nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r
memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp));\r
readerAttack(ar_resp, setEmulatorMem);\r
- if (resp.arg[1]) {\r
+ if ((bool)resp.arg[1]) {\r
PrintAndLog("Device button pressed - quitting");\r
fclose(f);\r
return 4;\r
count++;\r
}\r
fclose(f);\r
- } else {\r
+ } else { //not from file\r
\r
PrintAndLog("mf 1k sim uid: %s, numreads:%d, flags:%d (0x%02x) ",\r
flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4):\r
projects / proxmark3-svn / blobdiff