X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/bea6e7b0b648868926329addf21036255a460166..43f5dd0705ad10f714c20776be36a8b5b3fc5f93:/client/mifarehost.c

diff --git a/client/mifarehost.c b/client/mifarehost.c
index cbd79cf7..51dd7374 100644
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@@ -8,6 +8,8 @@
 // mifare commands
 //-----------------------------------------------------------------------------
 
+#include "mifarehost.h"
+
 #include <stdio.h>
 #include <stdlib.h> 
 #include <string.h>
@@ -20,7 +22,6 @@
 #include "ui.h"
 #include "util.h"
 #include "iso14443crc.h"
-#include "mifarehost.h"
 
 // mifare tracer flags used in mfTraceDecode()
 #define TRACE_IDLE		 				0x00
@@ -223,7 +224,7 @@ int mfDarkside(uint64_t *key)
 
 int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){
 
-	*key = 0;
+	*key = -1;
 
 	UsbCommand c = {CMD_MIFARE_CHKKEYS, {((blockNo & 0xff) | ((keyType&0xff)<<8)), clear_trace, keycnt}};
 	memcpy(c.d.asBytes, keyBlock, 6 * keycnt);
@@ -819,3 +820,33 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
 	crypto1_destroy(traceCrypto1);
 	return 0;
 }
+/* Detect Tag Prng, 
+* function performs a partial AUTH,  where it tries to authenticate against block0, key A, but only collects tag nonce.
+* the tag nonce is check to see if it has a predictable PRNG.
+* @returns 
+*	TRUE if tag uses WEAK prng (ie Darkside attack possible)
+*   FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
+*/
+bool detect_classic_prng(){
+
+	UsbCommand resp, respA;	
+	uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00};
+	uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC;
+	
+	UsbCommand cAuth = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}};
+	memcpy(cAuth.d.asBytes, cmd, sizeof(cmd));
+
+	clearCommandBuffer();
+	SendCommand(&cAuth);
+	WaitForResponse(CMD_ACK, &resp);
+	WaitForResponse(CMD_ACK, &respA);
+		
+	// if select tag failed.
+	if ( resp.arg[0] == 0 ) {
+		printf("Error:  selecting tag failed,  can't detect prng\n");
+		return false;
+	}
+
+	uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);
+	return validate_prng_nonce(nonce);
+}