From 6eae192c415b6c4455d67f6d8e7ae8fb5c70a8e5 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 24 Jun 2016 16:46:11 -0400 Subject: [PATCH 1/1] fix bug in moebius nonce collection - now finishes also cleaned up some comments note previous update added the creation of a stats.txt file to generate statistics of the differences between std mfkey32 and the moebius version. --- armsrc/iso14443a.c | 23 +++++++++++++++-------- client/cmdhfmf.c | 7 ++++--- client/nonce2key/nonce2key.c | 8 -------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 7b7314dd..6216fc4a 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2382,7 +2382,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected)); - bool collectMoebius = false; + bool gettingMoebius = false; uint8_t nonce1_count = 0; uint8_t nonce2_count = 0; uint8_t moebius_n_count = 0; @@ -2623,7 +2623,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * //Collect AR/NR per keytype & sector if(flags & FLAG_NR_AR_ATTACK) { for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { - if ( ar_nr_collected[i+mM]==0 || (cardAUTHSC == ar_nr_resp[i+mM].sector && cardAUTHKEY == ar_nr_resp[i+mM].keytype && ar_nr_collected[i+mM] > 0) ) { + if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) { // if first auth for sector, or matches sector and keytype of previous auth if (ar_nr_collected[i+mM] < 2) { // if we haven't already collected 2 nonces for this sector @@ -2650,14 +2650,18 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * ar_nr_resp[i+mM].nonce2 = nonce; ar_nr_resp[i+mM].nr2 = nr; ar_nr_resp[i+mM].ar2 = ar; - if (!collectMoebius) { + if (!gettingMoebius) { nonce2_count++; //check if this was the last second nonce we need for std attack if ( nonce2_count == nonce1_count ) { //done collecting std test switch to moebius - collectMoebius = true; + //finish incrementing last sample + ar_nr_collected[i+mM]++; + //switch to moebius collection + gettingMoebius = true; mM = ATTACK_KEY_COUNT; nonce = nonce*7; + break; } } else { moebius_n_count++; @@ -2666,15 +2670,16 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } } ar_nr_collected[i+mM]++; - break; } - } else { //already collected 2 nonces for sector - reader looping? - quit + } else { //already collected 2 nonces for sector - dump out //finished = true; } + // we found right spot for this nonce stop looking + break; } } } - + // --- crypto crypto1_word(pcs, nr , 1); cardRr = ar ^ crypto1_word(pcs, 0, 0); @@ -2759,7 +2764,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } if (len == 4 && (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61)) { - if (receivedCmd[1] >= 16 * 4) { + + // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack + if (receivedCmd[1] >= 16 * 4 && !(flags & FLAG_NR_AR_ATTACK)) { //is this the correct response to an auth on a out of range block? marshmellow EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 4b82e698..c565a7cf 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1072,6 +1072,7 @@ int CmdHF14AMf1kSim(const char *Cmd) cmdp = param_getchar(Cmd, pnr); if (cmdp == 'x' || cmdp == 'X') { flags |= FLAG_NR_AR_ATTACK; + pnr++; } cmdp = param_getchar(Cmd, pnr); @@ -1119,7 +1120,7 @@ int CmdHF14AMf1kSim(const char *Cmd) if (ar_resp[i].ar2 > 0) { //PrintAndLog("Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2); if (mfkey32(ar_resp[i], &key)) { - PrintAndLog("Found Key%s for sector %d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF)); + PrintAndLog("Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF)); for (uint8_t ii = 0; ii>32), (uint32_t) (sector_trailer[i].keyA &0xFFFFFFFF),(uint32_t) (sector_trailer[i].keyB>>32), (uint32_t) (sector_trailer[i].keyB &0xFFFFFFFF)); - //PrintAndLog("%s",cmd1); + PrintAndLog("Setting Emulator Memory Block %02d: [%s]",stSector[i]*4+3, cmd1); if (param_gethex(cmd1, 0, memBlock, 32)) { PrintAndLog("block data must include 32 HEX symbols"); return 1; @@ -1168,7 +1169,7 @@ int CmdHF14AMf1kSim(const char *Cmd) for (uint8_t i = ATTACK_KEY_COUNT; i 0) { if (tryMfk32_moebius(ar_resp[i], &key)) { - PrintAndLog("M-Found Key%s for sector %d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF)); + PrintAndLog("M-Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF)); } } } diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index 3750366b..fcf34a73 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -164,14 +164,6 @@ bool mfkey32(nonces_t data, uint64_t *outputkey) { clock_t t1 = clock(); bool isSuccess = FALSE; uint8_t counter=0; - //PrintAndLog("Enter mfkey32"); - //PrintAndLog("Trying sector %d, cuid %08x, nt %08x, nr %08x, ar %08x, nr2 %08x, ar2 %08x",data.sector, uid, nt,nr0_enc,ar0_enc,nr1_enc,ar1_enc); - // Generate lfsr succesors of the tag challenge - //prng_successor(nt, 64); - //prng_successor(nt, 96); - - // Extract the keystream from the messages - //ks2 = ar0_enc ^ prng_successor(nt, 64); s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0); -- 2.39.5