From 73ab92d14c8d80f1313f54d9a9b939cd9452b91b Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 25 Jun 2016 00:53:53 -0400 Subject: [PATCH] mf 1k sim reader attack cleanup add abort options - keyboard & button press. --- armsrc/iso14443a.c | 6 +++-- client/cmdhfmf.c | 62 ++++++++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 31 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 6216fc4a..d76bddd5 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2504,7 +2504,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * set_tracing(TRUE); bool finished = FALSE; - while (!BUTTON_PRESS() && !finished && !usb_poll_validate_length()) { + bool button_pushed = BUTTON_PRESS(); + while (!button_pushed && !finished && !usb_poll_validate_length()) { WDT_HIT(); // find reader field @@ -2956,6 +2957,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * break; } } + button_pushed = BUTTON_PRESS(); } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@ -2996,7 +2998,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK { //Send the collected ar_nr in the response - cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp)); + cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp)); } } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 05202ac5..07d2ab26 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1100,7 +1100,7 @@ int usage_hf14_mf1ksim(void) { PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted"); PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); PrintAndLog(" e (Optional) set keys found from 'reader attack' to emulator memory"); - PrintAndLog(" f (Optional) get UIDs to use for 'reader attack' from file 'f '"); + PrintAndLog(" f (Optional) get UIDs to use for 'reader attack' from file 'f ' (implies x and i)"); PrintAndLog("samples:"); PrintAndLog(" hf mf sim u 0a0a0a0a"); PrintAndLog(" hf mf sim u 11223344556677"); @@ -1109,6 +1109,7 @@ int usage_hf14_mf1ksim(void) { } int CmdHF14AMf1kSim(const char *Cmd) { + UsbCommand resp; uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; uint8_t exitAfterNReads = 0; uint8_t flags = 0; @@ -1182,12 +1183,9 @@ int CmdHF14AMf1kSim(const char *Cmd) { //Validations if(errors) return usage_hf14_mf1ksim(); - // attack from file implies nr ar attack... - if (!(flags & FLAG_NR_AR_ATTACK) && attackFromFile) flags |= FLAG_NR_AR_ATTACK; + // attack from file implies nr ar attack and interactive... + if (!(flags & FLAG_NR_AR_ATTACK) && attackFromFile) flags |= FLAG_NR_AR_ATTACK | FLAG_INTERACTIVE; - UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}}; - UsbCommand resp; - //get uid from file if (attackFromFile) { int count = 0; @@ -1197,7 +1195,8 @@ int CmdHF14AMf1kSim(const char *Cmd) { PrintAndLog("File %s not found or locked", filename); return 1; } - while(!feof(f)){ + PrintAndLog("Loading file and simulating. Press keyboard to abort"); + while(!feof(f) && !ukbhit()){ memset(buf, 0, sizeof(buf)); memset(uidBuffer, 0, sizeof(uidBuffer)); @@ -1208,43 +1207,47 @@ int CmdHF14AMf1kSim(const char *Cmd) { fclose(f); return 2; } - - if (strlen(buf) < uidlen) { - if(strlen(buf) && feof(f)) - break; - PrintAndLog("File content error. Block data must include %d HEX symbols", uidlen); - fclose(f); - return 2; + if(strlen(buf) && feof(f)) break; + + uidlen = strlen(buf); + switch(uidlen) { + case 20: flags = FLAG_10B_UID_IN_DATA; break; //not complete + case 14: flags = FLAG_7B_UID_IN_DATA; break; + case 8: flags = FLAG_4B_UID_IN_DATA; break; + default: + PrintAndLog("uid in file wrong length at %d",count); + fclose(f); + return 2; } - + for (uint8_t i = 0; i < uidlen; i += 2) { sscanf(&buf[i], "%02x", (unsigned int *)&uidBuffer[i / 2]); } - PrintAndLog("mf 1k sim uid: %s, numreads:%d, flags:%d (0x%02x) ", + PrintAndLog("mf 1k sim uid: %s, numreads:%d, flags:%d (0x%02x) - press button to abort", flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4): flags & FLAG_7B_UID_IN_DATA ? sprint_hex(uid,7): flags & FLAG_10B_UID_IN_DATA ? sprint_hex(uid,10): "N/A" , exitAfterNReads, flags, flags); + UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}}; memcpy(c.d.asBytes, uid, sizeof(uid)); clearCommandBuffer(); SendCommand(&c); - if(flags & FLAG_INTERACTIVE) { - PrintAndLog("Press pm3-button to abort simulation"); - while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - //We're waiting only 1.5 s at a time, otherwise we get the - // annoying message about "Waiting for a response... " - } - //got a response - if (flags & FLAG_NR_AR_ATTACK) { - nonces_t ar_resp[ATTACK_KEY_COUNT*2]; - memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp)); - readerAttack(ar_resp, setEmulatorMem); - } + while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + //We're waiting only 1.5 s at a time, otherwise we get the + // annoying message about "Waiting for a response... " + } + //got a response + nonces_t ar_resp[ATTACK_KEY_COUNT*2]; + memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp)); + readerAttack(ar_resp, setEmulatorMem); + if (resp.arg[1]) { + PrintAndLog("Device button pressed - quitting"); + fclose(f); + return 4; } - count++; } fclose(f); @@ -1256,6 +1259,7 @@ int CmdHF14AMf1kSim(const char *Cmd) { flags & FLAG_10B_UID_IN_DATA ? sprint_hex(uid,10): "N/A" , exitAfterNReads, flags, flags); + UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}}; memcpy(c.d.asBytes, uid, sizeof(uid)); clearCommandBuffer(); SendCommand(&c); -- 2.39.2