return 0;\r
}\r
\r
-\r
-typedef struct {\r
- uint64_t Key[2];\r
- int foundKey[2];\r
-} sector_t;\r
-\r
-\r
# define NESTED_KEY_COUNT 15\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
if (e_sector == NULL) return 1;\r
\r
//test current key and additional standard keys first\r
- memcpy(keyBlock, key, 6);\r
- num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 1 * 6));\r
- num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 2 * 6));\r
- num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 3 * 6));\r
- num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 4 * 6));\r
- num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 5 * 6));\r
- num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 6 * 6));\r
- num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 7 * 6));\r
- num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 8 * 6));\r
- num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 9 * 6));\r
- num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 10 * 6));\r
- num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 11 * 6));\r
- num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 12 * 6));\r
- num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 13 * 6));\r
- num_to_bytes(0x1a2b3c4d5e6f, 6, (uint8_t*)(keyBlock + 14 * 6));\r
+ for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){\r
+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
+ }\r
\r
PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);\r
- for (i = 0; i < SectorsCnt; i++) {\r
- for (j = 0; j < 2; j++) {\r
- if (e_sector[i].foundKey[j]) continue;\r
-\r
- res = mfCheckKeys(FirstBlockOfSector(i), j, true, NESTED_KEY_COUNT, keyBlock, &key64); \r
-\r
- if (!res) {\r
- e_sector[i].Key[j] = key64;\r
- e_sector[i].foundKey[j] = 1;\r
- }\r
- }\r
- }\r
+ mfCheckKeysSec(SectorsCnt, 2, MF_CHKKEYS_DEFTIMEOUT, true, NESTED_KEY_COUNT, keyBlock, e_sector);\r
\r
// get known key from array\r
bool keyFound = false;\r
PrintAndLog("Found valid key:%012" PRIx64, key64);\r
e_sector[sectorNo].foundKey[trgKeyType] = 1;\r
e_sector[sectorNo].Key[trgKeyType] = key64;\r
+ \r
+ // try to check this key as a key to the other sectors\r
+ mfCheckKeysSec(SectorsCnt, 2, MF_CHKKEYS_DEFTIMEOUT, true, 1, keyBlock, e_sector);\r
}\r
}\r
}\r
PrintAndLog("\n\n-----------------------------------------------\nNested statistic:\nIterations count: %d", iterations);\r
PrintAndLog("Time in nested: %1.3f (%1.3f sec per key)", ((float)(msclock() - msclock1))/1000.0, ((float)(msclock() - msclock1))/iterations/1000.0);\r
\r
- // check if we have unrecognized keys\r
- bool notFoundKeys = false;\r
- for (i = 0; i < SectorsCnt; i++) {\r
- for (j = 0; j < 2; j++) {\r
- if (!e_sector[i].foundKey[j]) {\r
- notFoundKeys = true;\r
- break;\r
- }\r
- }\r
- if (notFoundKeys) break;\r
- } \r
- \r
- if (notFoundKeys) {\r
- PrintAndLog("-----------------------------------------------\n");\r
- PrintAndLog("We have unrecognized keys. Trying to check if we have this keys on key buffer...");\r
-\r
- // fill keyBlock with known keys\r
- int cnt = 0;\r
- for (i = 0; i < SectorsCnt; i++) {\r
- for (j = 0; j < 2; j++) {\r
- if (e_sector[i].foundKey[j]) {\r
- // try to insert key to keyBlock \r
- if (cnt < NESTED_KEY_COUNT) {\r
-\r
- // search for dublicates\r
- bool dubl = false;\r
- for (int v = 0; v < NESTED_KEY_COUNT; v++) {\r
- if (e_sector[i].Key[j] == bytes_to_num((uint8_t*)(keyBlock + v * 6), 6)) {\r
- dubl = true;\r
- break;\r
- }\r
- }\r
- \r
- // insert\r
- if (!dubl) {\r
- num_to_bytes(e_sector[i].Key[j], 6, (uint8_t*)(keyBlock + cnt * 6));\r
- cnt++;\r
- }\r
- }\r
- }\r
- }\r
- }\r
-\r
- // try to auth with known keys to not recognized sectors keys\r
- PrintAndLog("Testing keys. Sector count=%d known keys count:%d", SectorsCnt, cnt);\r
- for (i = 0; i < SectorsCnt; i++) {\r
- for (j = 0; j < 2; j++) {\r
- if (e_sector[i].foundKey[j]) continue;\r
-\r
- res = mfCheckKeys(FirstBlockOfSector(i), j, true, cnt, keyBlock, &key64); \r
-\r
- if (!res) {\r
- e_sector[i].Key[j] = key64;\r
- e_sector[i].foundKey[j] = 1;\r
- }\r
- }\r
- } \r
- \r
- } // if (notFoundKeys)\r
- \r
// print result\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
PrintAndLog("|sec|key A |res|key B |res|");\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
- PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
+ PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d|s|ss] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
PrintAndLog(" * - all sectors");\r
PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
PrintAndLog("d - write keys to binary file\n");\r
PrintAndLog("t - write keys to emulator memory");\r
+ PrintAndLog("s - slow execute. timeout 1ms");\r
+ PrintAndLog("ss- very slow execute. timeout 5ms");\r
PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r
PrintAndLog(" hf mf chk *1 ? t");\r
PrintAndLog(" hf mf chk *1 ? d");\r
+ PrintAndLog(" hf mf chk *1 ? s");\r
+ PrintAndLog(" hf mf chk *1 ? dss");\r
return 0;\r
}\r
\r
int i, res;\r
int keycnt = 0;\r
char ctmp = 0x00;\r
+ char ctmp3[3] = {0x00};\r
uint8_t blockNo = 0;\r
- uint8_t SectorsCnt = 1;\r
+ uint8_t SectorsCnt = 0;\r
uint8_t keyType = 0;\r
uint64_t key64 = 0;\r
+ uint32_t timeout14a = 0; // timeout in us\r
+ bool param3InUse = false;\r
\r
int transferToEml = 0;\r
int createDumpFile = 0;\r
+ \r
+ sector_t *e_sector = NULL;\r
\r
keyBlock = calloc(stKeyBlock, 6);\r
if (keyBlock == NULL) return 1;\r
\r
- uint64_t defaultKeys[] =\r
- {\r
- 0xffffffffffff, // Default key (first key used by program if no user defined key)\r
- 0x000000000000, // Blank key\r
- 0xa0a1a2a3a4a5, // NFCForum MAD key\r
- 0xb0b1b2b3b4b5,\r
- 0xaabbccddeeff,\r
- 0x4d3a99c351dd,\r
- 0x1a982c7e459a,\r
- 0xd3f7d3f7d3f7,\r
- 0x714c5c886e97,\r
- 0x587ee5f9350f,\r
- 0xa0478cc39091,\r
- 0x533cb6c723f6,\r
- 0x8fd0a4f256e9\r
- };\r
- int defaultKeysSize = sizeof(defaultKeys) / sizeof(uint64_t);\r
-\r
- for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++)\r
- {\r
- num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
+ int defaultKeysSize = MifareDefaultKeysSize;\r
+ for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++){\r
+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
}\r
\r
if (param_getchar(Cmd, 0)=='*') {\r
- blockNo = 3;\r
SectorsCnt = ParamCardSizeSectors(param_getchar(Cmd + 1, 0));\r
}\r
else\r
ctmp = param_getchar(Cmd, 1);\r
switch (ctmp) {\r
case 'a': case 'A':\r
- keyType = !0;\r
+ keyType = 0;\r
break;\r
case 'b': case 'B':\r
- keyType = !1;\r
+ keyType = 1;\r
break;\r
case '?':\r
keyType = 2;\r
return 1;\r
};\r
\r
+ // transfer to emulator & create dump file\r
ctmp = param_getchar(Cmd, 2);\r
- if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r
- else if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r
+ if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r
+ if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r
+ \r
+ param3InUse = transferToEml | createDumpFile;\r
+ \r
+ timeout14a = 500; // fast by default\r
+ // double parameters - ts, ds\r
+ int clen = param_getlength(Cmd, 2);\r
+ if (clen == 2 || clen == 3){\r
+ param_getstr(Cmd, 2, ctmp3);\r
+ ctmp = ctmp3[1];\r
+ }\r
+ //parse\r
+ if (ctmp == 's' || ctmp == 'S') {\r
+ timeout14a = 1000; // slow\r
+ if (!param3InUse && clen == 2 && (ctmp3[1] == 's' || ctmp3[1] == 'S')) {\r
+ timeout14a = 5000; // very slow\r
+ }\r
+ if (param3InUse && clen == 3 && (ctmp3[2] == 's' || ctmp3[2] == 'S')) {\r
+ timeout14a = 5000; // very slow\r
+ }\r
+ param3InUse = true;\r
+ }\r
\r
- for (i = transferToEml || createDumpFile; param_getchar(Cmd, 2 + i); i++) {\r
+ for (i = param3InUse; param_getchar(Cmd, 2 + i); i++) {\r
if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r
if ( stKeyBlock - keycnt < 2) {\r
p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
}\r
}\r
\r
+ // fill with default keys\r
if (keycnt == 0) {\r
PrintAndLog("No key specified, trying default keys");\r
for (;keycnt < defaultKeysSize; keycnt++)\r
}\r
\r
// initialize storage for found keys\r
- bool validKey[2][40];\r
- uint8_t foundKey[2][40][6];\r
- for (uint16_t t = 0; t < 2; t++) {\r
+ e_sector = calloc(SectorsCnt, sizeof(sector_t));\r
+ if (e_sector == NULL) return 1;\r
+ for (uint8_t keyAB = 0; keyAB < 2; keyAB++) {\r
for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- validKey[t][sectorNo] = false;\r
- for (uint16_t i = 0; i < 6; i++) {\r
- foundKey[t][sectorNo][i] = 0xff;\r
- }\r
+ e_sector[sectorNo].Key[keyAB] = 0xffffffffffff;\r
+ e_sector[sectorNo].foundKey[keyAB] = 0;\r
}\r
}\r
+ printf("\n");\r
+\r
+ bool foundAKey = false;\r
+ uint32_t max_keys = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt;\r
+ if (SectorsCnt) {\r
+ PrintAndLog("To cancel this operation press the button on the proxmark...");\r
+ printf("--");\r
+ for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
\r
- for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) {\r
- int b=blockNo;\r
- for (int i = 0; i < SectorsCnt; ++i) {\r
- PrintAndLog("--sector:%2d, block:%3d, key type:%C, key count:%2d ", i, b, t?'B':'A', keycnt);\r
- uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt;\r
+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
+ res = mfCheckKeysSec(SectorsCnt, keyType, timeout14a * 1.06 / 100, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106\r
+\r
+ if (res != 1) {\r
+ if (!res) {\r
+ printf("o");\r
+ foundAKey = true;\r
+ } else {\r
+ printf(".");\r
+ }\r
+ } else {\r
+ printf("\n");\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ }\r
+ } else {\r
+ int keyAB = keyType;\r
+ do {\r
for (uint32_t c = 0; c < keycnt; c+=max_keys) {\r
- uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c;\r
- res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64);\r
+\r
+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
+ res = mfCheckKeys(blockNo, keyAB & 0x01, true, size, &keyBlock[6 * c], &key64); \r
+\r
if (res != 1) {\r
if (!res) {\r
- PrintAndLog("Found valid key:[%012" PRIx64 "]",key64);\r
- num_to_bytes(key64, 6, foundKey[t][i]);\r
- validKey[t][i] = true;\r
+ PrintAndLog("Found valid key:[%d:%c]%012" PRIx64, blockNo, (keyAB & 0x01)?'B':'A', key64);\r
+ foundAKey = true;\r
}\r
} else {\r
PrintAndLog("Command execute timeout");\r
}\r
}\r
- b<127?(b+=4):(b+=16);\r
- }\r
+ } while(--keyAB > 0);\r
}\r
-\r
+ \r
+ // print result\r
+ if (foundAKey) {\r
+ if (SectorsCnt) {\r
+ PrintAndLog("");\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ PrintAndLog("|sec|key A |res|key B |res|");\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ for (i = 0; i < SectorsCnt; i++) {\r
+ PrintAndLog("|%03d| %012" PRIx64 " | %d | %012" PRIx64 " | %d |", i,\r
+ e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);\r
+ }\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ }\r
+ } else {\r
+ PrintAndLog("");\r
+ PrintAndLog("No valid keys found.");\r
+ } \r
+ \r
if (transferToEml) {\r
uint8_t block[16];\r
for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- if (validKey[0][sectorNo] || validKey[1][sectorNo]) {\r
+ if (e_sector[sectorNo].foundKey[0] || e_sector[sectorNo].foundKey[1]) {\r
mfEmlGetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
for (uint16_t t = 0; t < 2; t++) {\r
- if (validKey[t][sectorNo]) {\r
- memcpy(block + t*10, foundKey[t][sectorNo], 6);\r
+ if (e_sector[sectorNo].foundKey[t]) {\r
+ num_to_bytes(e_sector[sectorNo].Key[t], 6, block + t * 10);\r
}\r
}\r
mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
FILE *fkeys = fopen("dumpkeys.bin","wb");\r
if (fkeys == NULL) {\r
PrintAndLog("Could not create file dumpkeys.bin");\r
+ free(e_sector);\r
free(keyBlock);\r
return 1;\r
}\r
- for (uint16_t t = 0; t < 2; t++) {\r
- fwrite(foundKey[t], 1, 6*SectorsCnt, fkeys);\r
+ uint8_t mkey[6];\r
+ for (uint8_t t = 0; t < 2; t++) {\r
+ for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
+ num_to_bytes(e_sector[sectorNo].Key[t], 6, mkey);\r
+ fwrite(mkey, 1, 6, fkeys);\r
+ }\r
}\r
fclose(fkeys);\r
PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.");\r
}\r
\r
+ free(e_sector);\r
free(keyBlock);\r
PrintAndLog("");\r
return 0;\r
projects / proxmark3-svn / blobdiff