]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // Merlok - June 2011, 2012 | |
3 | // Gerhard de Koning Gans - May 2008 | |
4 | // Hagen Fritsch - June 2010 | |
5 | // | |
6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
7 | // at your option, any later version. See the LICENSE.txt file for the text of | |
8 | // the license. | |
9 | //----------------------------------------------------------------------------- | |
10 | // Mifare Classic Card Simulation | |
11 | //----------------------------------------------------------------------------- | |
12 | ||
13 | #include "mifaresim.h" | |
14 | #include "iso14443a.h" | |
15 | #include "iso14443crc.h" | |
16 | #include "crapto1/crapto1.h" | |
17 | #include "BigBuf.h" | |
18 | #include "string.h" | |
19 | #include "mifareutil.h" | |
20 | #include "fpgaloader.h" | |
21 | #include "proxmark3.h" | |
22 | #include "usb_cdc.h" | |
23 | #include "protocols.h" | |
24 | #include "apps.h" | |
25 | #include "util.h" | |
26 | ||
27 | ||
28 | //mifare emulator states | |
29 | #define MFEMUL_NOFIELD 0 | |
30 | #define MFEMUL_IDLE 1 | |
31 | #define MFEMUL_SELECT1 2 | |
32 | #define MFEMUL_SELECT2 3 | |
33 | #define MFEMUL_SELECT3 4 | |
34 | #define MFEMUL_AUTH1 5 | |
35 | #define MFEMUL_AUTH2 6 | |
36 | #define MFEMUL_WORK 7 | |
37 | #define MFEMUL_WRITEBL2 8 | |
38 | #define MFEMUL_INTREG_INC 9 | |
39 | #define MFEMUL_INTREG_DEC 10 | |
40 | #define MFEMUL_INTREG_REST 11 | |
41 | #define MFEMUL_HALTED 12 | |
42 | ||
43 | #define AC_DATA_READ 0 | |
44 | #define AC_DATA_WRITE 1 | |
45 | #define AC_DATA_INC 2 | |
46 | #define AC_DATA_DEC_TRANS_REST 3 | |
47 | #define AC_KEYA_READ 0 | |
48 | #define AC_KEYA_WRITE 1 | |
49 | #define AC_KEYB_READ 2 | |
50 | #define AC_KEYB_WRITE 3 | |
51 | #define AC_AC_READ 4 | |
52 | #define AC_AC_WRITE 5 | |
53 | ||
54 | #define AUTHKEYA 0 | |
55 | #define AUTHKEYB 1 | |
56 | #define AUTHKEYNONE 0xff | |
57 | ||
58 | ||
59 | static int ParamCardSizeBlocks(const char c) { | |
60 | int numBlocks = 16 * 4; | |
61 | switch (c) { | |
62 | case '0' : numBlocks = 5 * 4; break; | |
63 | case '2' : numBlocks = 32 * 4; break; | |
64 | case '4' : numBlocks = 32 * 4 + 8 * 16; break; | |
65 | default: numBlocks = 16 * 4; | |
66 | } | |
67 | return numBlocks; | |
68 | } | |
69 | ||
70 | static uint8_t BlockToSector(int block_num) { | |
71 | if (block_num < 32 * 4) { // 4 blocks per sector | |
72 | return (block_num / 4); | |
73 | } else { // 16 blocks per sector | |
74 | return 32 + (block_num - 32 * 4) / 16; | |
75 | } | |
76 | } | |
77 | ||
78 | static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { | |
79 | uint8_t sector_trailer[16]; | |
80 | emlGetMem(sector_trailer, blockNo, 1); | |
81 | uint8_t AC = ((sector_trailer[7] >> 5) & 0x04) | |
82 | | ((sector_trailer[8] >> 2) & 0x02) | |
83 | | ((sector_trailer[8] >> 7) & 0x01); | |
84 | switch (action) { | |
85 | case AC_KEYA_READ: { | |
86 | return false; | |
87 | break; | |
88 | } | |
89 | case AC_KEYA_WRITE: { | |
90 | return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01)) | |
91 | || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); | |
92 | break; | |
93 | } | |
94 | case AC_KEYB_READ: { | |
95 | return (keytype == AUTHKEYA && (AC == 0x00 || AC == 0x02 || AC == 0x01)); | |
96 | break; | |
97 | } | |
98 | case AC_KEYB_WRITE: { | |
99 | return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01)) | |
100 | || (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03))); | |
101 | break; | |
102 | } | |
103 | case AC_AC_READ: { | |
104 | return ((keytype == AUTHKEYA) | |
105 | || (keytype == AUTHKEYB && !(AC == 0x00 || AC == 0x02 || AC == 0x01))); | |
106 | break; | |
107 | } | |
108 | case AC_AC_WRITE: { | |
109 | return ((keytype == AUTHKEYA && (AC == 0x01)) | |
110 | || (keytype == AUTHKEYB && (AC == 0x03 || AC == 0x05))); | |
111 | break; | |
112 | } | |
113 | default: return false; | |
114 | } | |
115 | } | |
116 | ||
117 | ||
118 | static bool IsDataAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) | |
119 | { | |
120 | uint8_t sector_trailer[16]; | |
121 | emlGetMem(sector_trailer, SectorTrailer(blockNo), 1); | |
122 | ||
123 | uint8_t sector_block; | |
124 | if (blockNo < 32*4) { | |
125 | sector_block = blockNo & 0x03; | |
126 | } else { | |
127 | sector_block = (blockNo & 0x0f) / 5; | |
128 | } | |
129 | ||
130 | uint8_t AC; | |
131 | switch (sector_block) { | |
132 | case 0x00: { | |
133 | AC = ((sector_trailer[7] >> 2) & 0x04) | |
134 | | ((sector_trailer[8] << 1) & 0x02) | |
135 | | ((sector_trailer[8] >> 4) & 0x01); | |
136 | break; | |
137 | } | |
138 | case 0x01: { | |
139 | AC = ((sector_trailer[7] >> 3) & 0x04) | |
140 | | ((sector_trailer[8] >> 0) & 0x02) | |
141 | | ((sector_trailer[8] >> 5) & 0x01); | |
142 | break; | |
143 | } | |
144 | case 0x02: { | |
145 | AC = ((sector_trailer[7] >> 4) & 0x04) | |
146 | | ((sector_trailer[8] >> 1) & 0x02) | |
147 | | ((sector_trailer[8] >> 6) & 0x01); | |
148 | break; | |
149 | } | |
150 | default: | |
151 | return false; | |
152 | } | |
153 | ||
154 | switch (action) { | |
155 | case AC_DATA_READ: { | |
156 | return ((keytype == AUTHKEYA && !(AC == 0x03 || AC == 0x05 || AC == 0x07)) | |
157 | || (keytype == AUTHKEYB && !(AC == 0x07))); | |
158 | break; | |
159 | } | |
160 | case AC_DATA_WRITE: { | |
161 | return ((keytype == AUTHKEYA && (AC == 0x00)) | |
162 | || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x04 || AC == 0x06 || AC == 0x03))); | |
163 | break; | |
164 | } | |
165 | case AC_DATA_INC: { | |
166 | return ((keytype == AUTHKEYA && (AC == 0x00)) | |
167 | || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06))); | |
168 | break; | |
169 | } | |
170 | case AC_DATA_DEC_TRANS_REST: { | |
171 | return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x06 || AC == 0x01)) | |
172 | || (keytype == AUTHKEYB && (AC == 0x00 || AC == 0x06 || AC == 0x01))); | |
173 | break; | |
174 | } | |
175 | } | |
176 | ||
177 | return false; | |
178 | } | |
179 | ||
180 | ||
181 | static bool IsAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { | |
182 | if (IsSectorTrailer(blockNo)) { | |
183 | return IsTrailerAccessAllowed(blockNo, keytype, action); | |
184 | } else { | |
185 | return IsDataAccessAllowed(blockNo, keytype, action); | |
186 | } | |
187 | } | |
188 | ||
189 | ||
190 | static void MifareSimInit(uint8_t flags, uint8_t *datain, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len, uint8_t cardsize) { | |
191 | ||
192 | #define TAG_RESPONSE_COUNT 5 // number of precompiled responses | |
193 | static uint8_t rATQA[] = {0x00, 0x00}; | |
194 | static uint8_t rUIDBCC1[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 1st cascade level | |
195 | static uint8_t rUIDBCC2[] = {0x00, 0x00, 0x00, 0x00, 0x00}; // UID 2nd cascade level | |
196 | static uint8_t rSAKfinal[]= {0x00, 0x00, 0x00}; // SAK after UID complete | |
197 | static uint8_t rSAK1[] = {0x00, 0x00, 0x00}; // indicate UID not finished | |
198 | ||
199 | *uid_len = 4; | |
200 | // UID can be set from emulator memory or incoming data and can be 4 or 7 bytes long | |
201 | if (flags & FLAG_4B_UID_IN_DATA) { // get UID from datain | |
202 | memcpy(rUIDBCC1, datain, 4); | |
203 | } else if (flags & FLAG_7B_UID_IN_DATA) { | |
204 | rUIDBCC1[0] = 0x88; | |
205 | memcpy(rUIDBCC1+1, datain, 3); | |
206 | memcpy(rUIDBCC2, datain+3, 4); | |
207 | *uid_len = 7; | |
208 | } else { | |
209 | uint8_t probable_atqa; | |
210 | emlGetMemBt(&probable_atqa, 7, 1); // get UID from emul memory - weak guess at length | |
211 | if (probable_atqa == 0x00) { // ---------- 4BUID | |
212 | emlGetMemBt(rUIDBCC1, 0, 4); | |
213 | } else { // ---------- 7BUID | |
214 | rUIDBCC1[0] = 0x88; | |
215 | emlGetMemBt(rUIDBCC1+1, 0, 3); | |
216 | emlGetMemBt(rUIDBCC2, 3, 4); | |
217 | *uid_len = 7; | |
218 | } | |
219 | } | |
220 | ||
221 | switch (*uid_len) { | |
222 | case 4: | |
223 | *cuid = bytes_to_num(rUIDBCC1, 4); | |
224 | rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; | |
225 | if (MF_DBGLEVEL >= MF_DBG_INFO) { | |
226 | Dbprintf("4B UID: %02x%02x%02x%02x", | |
227 | rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3] ); | |
228 | } | |
229 | break; | |
230 | case 7: | |
231 | *cuid = bytes_to_num(rUIDBCC2, 4); | |
232 | rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; | |
233 | rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3]; | |
234 | if (MF_DBGLEVEL >= MF_DBG_INFO) { | |
235 | Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x", | |
236 | rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3], rUIDBCC2[0], rUIDBCC2[1], rUIDBCC2[2], rUIDBCC2[3] ); | |
237 | } | |
238 | break; | |
239 | default: | |
240 | break; | |
241 | } | |
242 | ||
243 | // set SAK based on cardsize | |
244 | switch (cardsize) { | |
245 | case '0': rSAKfinal[0] = 0x09; break; // Mifare Mini | |
246 | case '2': rSAKfinal[0] = 0x10; break; // Mifare 2K | |
247 | case '4': rSAKfinal[0] = 0x18; break; // Mifare 4K | |
248 | default: rSAKfinal[0] = 0x08; // Mifare 1K | |
249 | } | |
250 | ComputeCrc14443(CRC_14443_A, rSAKfinal, 1, rSAKfinal + 1, rSAKfinal + 2); | |
251 | if (MF_DBGLEVEL >= MF_DBG_INFO) { | |
252 | Dbprintf("SAK: %02x", rSAKfinal[0]); | |
253 | } | |
254 | ||
255 | // set SAK for incomplete UID | |
256 | rSAK1[0] = 0x04; // Bit 3 indicates incomplete UID | |
257 | ComputeCrc14443(CRC_14443_A, rSAK1, 1, rSAK1 + 1, rSAK1 + 2); | |
258 | ||
259 | // set ATQA based on cardsize and UIDlen | |
260 | if (cardsize == '4') { | |
261 | rATQA[0] = 0x02; | |
262 | } else { | |
263 | rATQA[0] = 0x04; | |
264 | } | |
265 | if (*uid_len == 7) { | |
266 | rATQA[0] |= 0x40; | |
267 | } | |
268 | if (MF_DBGLEVEL >= MF_DBG_INFO) { | |
269 | Dbprintf("ATQA: %02x %02x", rATQA[1], rATQA[0]); | |
270 | } | |
271 | ||
272 | static tag_response_info_t responses_init[TAG_RESPONSE_COUNT] = { | |
273 | { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type | |
274 | { .response = rUIDBCC1, .response_n = sizeof(rUIDBCC1) }, // Anticollision cascade1 - respond with first part of uid | |
275 | { .response = rUIDBCC2, .response_n = sizeof(rUIDBCC2) }, // Anticollision cascade2 - respond with 2nd part of uid | |
276 | { .response = rSAKfinal, .response_n = sizeof(rSAKfinal) }, // Acknowledge select - last cascade | |
277 | { .response = rSAK1, .response_n = sizeof(rSAK1) } // Acknowledge select - previous cascades | |
278 | }; | |
279 | ||
280 | // Prepare ("precompile") the responses of the anticollision phase. There will be not enough time to do this at the moment the reader sends its REQA or SELECT | |
281 | // There are 5 predefined responses with a total of 18 bytes data to transmit. Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) | |
282 | // 18 * 8 data bits, 18 * 1 parity bits, 5 start bits, 5 stop bits, 5 correction bits -> need 177 bytes buffer | |
283 | #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 177 // number of bytes required for precompiled responses | |
284 | ||
285 | uint8_t *free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE); | |
286 | size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE; | |
287 | for (size_t i = 0; i < TAG_RESPONSE_COUNT; i++) { | |
288 | prepare_allocated_tag_modulation(&responses_init[i], &free_buffer_pointer, &free_buffer_size); | |
289 | } | |
290 | ||
291 | *responses = responses_init; | |
292 | ||
293 | // indices into responses array: | |
294 | #define ATQA 0 | |
295 | #define UIDBCC1 1 | |
296 | #define UIDBCC2 2 | |
297 | #define SAKfinal 3 | |
298 | #define SAK1 4 | |
299 | ||
300 | } | |
301 | ||
302 | ||
303 | static bool HasValidCRC(uint8_t *receivedCmd, uint16_t receivedCmd_len) { | |
304 | uint8_t CRC_byte_1, CRC_byte_2; | |
305 | ComputeCrc14443(CRC_14443_A, receivedCmd, receivedCmd_len-2, &CRC_byte_1, &CRC_byte_2); | |
306 | return (receivedCmd[receivedCmd_len-2] == CRC_byte_1 && receivedCmd[receivedCmd_len-1] == CRC_byte_2); | |
307 | } | |
308 | ||
309 | ||
310 | /** | |
311 | *MIFARE simulate. | |
312 | * | |
313 | *@param flags : | |
314 | * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK | |
315 | * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that | |
316 | * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that | |
317 | * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later | |
318 | * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack) | |
319 | *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ... | |
320 | * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted) | |
321 | */ | |
322 | void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t *datain) | |
323 | { | |
324 | LED_A_ON(); | |
325 | ||
326 | tag_response_info_t *responses; | |
327 | uint8_t uid_len = 4; | |
328 | uint32_t cuid = 0; | |
329 | uint8_t cardWRBL = 0; | |
330 | uint8_t cardAUTHSC = 0; | |
331 | uint8_t cardAUTHKEY = AUTHKEYNONE; // no authentication | |
332 | uint32_t cardRr = 0; | |
333 | //uint32_t rn_enc = 0; | |
334 | uint32_t ans = 0; | |
335 | uint32_t cardINTREG = 0; | |
336 | uint8_t cardINTBLOCK = 0; | |
337 | struct Crypto1State mpcs = {0, 0}; | |
338 | struct Crypto1State *pcs = &mpcs; | |
339 | uint32_t numReads = 0; //Counts numer of times reader reads a block | |
340 | uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE]; | |
341 | uint8_t receivedCmd_dec[MAX_MIFARE_FRAME_SIZE]; | |
342 | uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE]; | |
343 | uint16_t receivedCmd_len; | |
344 | uint8_t response[MAX_MIFARE_FRAME_SIZE]; | |
345 | uint8_t response_par[MAX_MIFARE_PARITY_SIZE]; | |
346 | uint8_t fixed_nonce[] = {0x01, 0x02, 0x03, 0x04}; | |
347 | ||
348 | int num_blocks = ParamCardSizeBlocks(cardsize); | |
349 | ||
350 | // Here we collect UID, sector, keytype, NT, AR, NR, NT2, AR2, NR2 | |
351 | // This will be used in the reader-only attack. | |
352 | ||
353 | // allow collecting up to 7 sets of nonces to allow recovery of up to 7 keys | |
354 | #define ATTACK_KEY_COUNT 7 // keep same as define in cmdhfmf.c -> readerAttack() (Cannot be more than 7) | |
355 | nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // *2 for 2 separate attack types (nml, moebius) 36 * 7 * 2 bytes = 504 bytes | |
356 | memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp)); | |
357 | ||
358 | uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // *2 for 2nd attack type (moebius) | |
359 | memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected)); | |
360 | uint8_t nonce1_count = 0; | |
361 | uint8_t nonce2_count = 0; | |
362 | uint8_t moebius_n_count = 0; | |
363 | bool gettingMoebius = false; | |
364 | uint8_t mM = 0; // moebius_modifier for collection storage | |
365 | ||
366 | // Authenticate response - nonce | |
367 | uint32_t nonce; | |
368 | if (flags & FLAG_RANDOM_NONCE) { | |
369 | nonce = prand(); | |
370 | } else { | |
371 | nonce = bytes_to_num(fixed_nonce, 4); | |
372 | } | |
373 | ||
374 | // free eventually allocated BigBuf memory but keep Emulator Memory | |
375 | BigBuf_free_keep_EM(); | |
376 | ||
377 | MifareSimInit(flags, datain, &responses, &cuid, &uid_len, cardsize); | |
378 | ||
379 | // We need to listen to the high-frequency, peak-detected path. | |
380 | iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); | |
381 | ||
382 | // clear trace | |
383 | clear_trace(); | |
384 | set_tracing(true); | |
385 | ResetSspClk(); | |
386 | ||
387 | bool finished = false; | |
388 | bool button_pushed = BUTTON_PRESS(); | |
389 | int cardSTATE = MFEMUL_NOFIELD; | |
390 | ||
391 | while (!button_pushed && !finished && !usb_poll_validate_length()) { | |
392 | WDT_HIT(); | |
393 | ||
394 | if (cardSTATE == MFEMUL_NOFIELD) { | |
395 | // wait for reader HF field | |
396 | int vHf = (MAX_ADC_HF_VOLTAGE_LOW * AvgAdc(ADC_CHAN_HF_LOW)) >> 10; | |
397 | if (vHf > MF_MINFIELDV) { | |
398 | LED_D_ON(); | |
399 | cardSTATE = MFEMUL_IDLE; | |
400 | } | |
401 | button_pushed = BUTTON_PRESS(); | |
402 | continue; | |
403 | } | |
404 | ||
405 | //Now, get data | |
406 | FpgaEnableTracing(); | |
407 | int res = EmGetCmd(receivedCmd, &receivedCmd_len, receivedCmd_par); | |
408 | ||
409 | if (res == 2) { // Reader has dropped the HF field. Power off. | |
410 | FpgaDisableTracing(); | |
411 | LED_D_OFF(); | |
412 | cardSTATE = MFEMUL_NOFIELD; | |
413 | continue; | |
414 | } else if (res == 1) { // button pressed | |
415 | FpgaDisableTracing(); | |
416 | button_pushed = true; | |
417 | break; | |
418 | } | |
419 | ||
420 | // WUPA in HALTED state or REQA or WUPA in any other state | |
421 | if (receivedCmd_len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) { | |
422 | EmSendPrecompiledCmd(&responses[ATQA]); | |
423 | FpgaDisableTracing(); | |
424 | ||
425 | // init crypto block | |
426 | crypto1_destroy(pcs); | |
427 | cardAUTHKEY = AUTHKEYNONE; | |
428 | if (flags & FLAG_RANDOM_NONCE) { | |
429 | nonce = prand(); | |
430 | } | |
431 | cardSTATE = MFEMUL_SELECT1; | |
432 | continue; | |
433 | } | |
434 | ||
435 | switch (cardSTATE) { | |
436 | case MFEMUL_NOFIELD: | |
437 | case MFEMUL_HALTED: | |
438 | case MFEMUL_IDLE:{ | |
439 | break; | |
440 | } | |
441 | ||
442 | case MFEMUL_SELECT1:{ | |
443 | // select all - 0x93 0x20 | |
444 | if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) { | |
445 | EmSendPrecompiledCmd(&responses[UIDBCC1]); | |
446 | FpgaDisableTracing(); | |
447 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT ALL CL1 received"); | |
448 | break; | |
449 | } | |
450 | // select card - 0x93 0x70 ... | |
451 | if (receivedCmd_len == 9 && | |
452 | (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC1].response, 4) == 0)) { | |
453 | if (uid_len == 4) { | |
454 | EmSendPrecompiledCmd(&responses[SAKfinal]); | |
455 | cardSTATE = MFEMUL_WORK; | |
456 | } else if (uid_len == 7) { | |
457 | EmSendPrecompiledCmd(&responses[SAK1]); | |
458 | cardSTATE = MFEMUL_SELECT2; | |
459 | } | |
460 | FpgaDisableTracing(); | |
461 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT CL1 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); | |
462 | break; | |
463 | } | |
464 | cardSTATE = MFEMUL_IDLE; | |
465 | break; | |
466 | } | |
467 | ||
468 | case MFEMUL_SELECT2:{ | |
469 | // select all cl2 - 0x95 0x20 | |
470 | if (receivedCmd_len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) { | |
471 | EmSendPrecompiledCmd(&responses[UIDBCC2]); | |
472 | FpgaDisableTracing(); | |
473 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT ALL CL2 received"); | |
474 | break; | |
475 | } | |
476 | // select cl2 card - 0x95 0x70 xxxxxxxxxxxx | |
477 | if (receivedCmd_len == 9 && | |
478 | (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], responses[UIDBCC2].response, 4) == 0)) { | |
479 | if (uid_len == 7) { | |
480 | EmSendPrecompiledCmd(&responses[SAKfinal]); | |
481 | FpgaDisableTracing(); | |
482 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("SELECT CL2 %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]); | |
483 | cardSTATE = MFEMUL_WORK; | |
484 | break; | |
485 | } | |
486 | } | |
487 | cardSTATE = MFEMUL_IDLE; | |
488 | break; | |
489 | } | |
490 | ||
491 | case MFEMUL_WORK:{ | |
492 | if (receivedCmd_len != 4) { // all commands must have exactly 4 bytes | |
493 | break; | |
494 | } | |
495 | bool encrypted_data = (cardAUTHKEY != AUTHKEYNONE) ; | |
496 | if (encrypted_data) { | |
497 | // decrypt seqence | |
498 | mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec); | |
499 | } else { | |
500 | memcpy(receivedCmd_dec, receivedCmd, receivedCmd_len); | |
501 | } | |
502 | if (!HasValidCRC(receivedCmd_dec, receivedCmd_len)) { // all commands must have a valid CRC | |
503 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_TR)); | |
504 | break; | |
505 | } | |
506 | ||
507 | if (receivedCmd_dec[0] == MIFARE_AUTH_KEYA || receivedCmd_dec[0] == MIFARE_AUTH_KEYB) { | |
508 | // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack | |
509 | if (receivedCmd_dec[1] >= num_blocks && !(flags & FLAG_NR_AR_ATTACK)) { | |
510 | //is this the correct response to an auth on a out of range block? marshmellow | |
511 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
512 | FpgaDisableTracing(); | |
513 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], receivedCmd_dec[1]); | |
514 | break; | |
515 | } | |
516 | cardAUTHSC = BlockToSector(receivedCmd_dec[1]); // received block num | |
517 | cardAUTHKEY = receivedCmd_dec[0] & 0x01; | |
518 | crypto1_destroy(pcs);//Added by martin | |
519 | crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY)); | |
520 | if (!encrypted_data) { // first authentication | |
521 | crypto1_word(pcs, cuid ^ nonce, 0); // Update crypto state | |
522 | num_to_bytes(nonce, 4, response); // Send unencrypted nonce | |
523 | EmSendCmd(response, sizeof(nonce)); | |
524 | FpgaDisableTracing(); | |
525 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); | |
526 | } else { // nested authentication | |
527 | num_to_bytes(nonce, sizeof(nonce), response); | |
528 | uint8_t pcs_in[4] = {0}; | |
529 | num_to_bytes(cuid ^ nonce, sizeof(nonce), pcs_in); | |
530 | mf_crypto1_encryptEx(pcs, response, pcs_in, sizeof(nonce), response_par); | |
531 | EmSendCmdPar(response, sizeof(nonce), response_par); // send encrypted nonce | |
532 | FpgaDisableTracing(); | |
533 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d", receivedCmd_dec[1], receivedCmd_dec[1], cardAUTHKEY); | |
534 | } | |
535 | cardSTATE = MFEMUL_AUTH1; | |
536 | break; | |
537 | } | |
538 | ||
539 | // halt can be sent encrypted or in clear | |
540 | if (receivedCmd_dec[0] == ISO14443A_CMD_HALT && receivedCmd_dec[1] == 0x00) { | |
541 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("--> HALTED."); | |
542 | cardSTATE = MFEMUL_HALTED; | |
543 | break; | |
544 | } | |
545 | ||
546 | if(receivedCmd_dec[0] == MIFARE_CMD_READBLOCK | |
547 | || receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK | |
548 | || receivedCmd_dec[0] == MIFARE_CMD_INC | |
549 | || receivedCmd_dec[0] == MIFARE_CMD_DEC | |
550 | || receivedCmd_dec[0] == MIFARE_CMD_RESTORE | |
551 | || receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) { | |
552 | if (receivedCmd_dec[1] >= num_blocks) { | |
553 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
554 | FpgaDisableTracing(); | |
555 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],receivedCmd_dec[1]); | |
556 | break; | |
557 | } | |
558 | if (BlockToSector(receivedCmd_dec[1]) != cardAUTHSC) { | |
559 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
560 | FpgaDisableTracing(); | |
561 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd_dec[0],receivedCmd_dec[1],cardAUTHSC); | |
562 | break; | |
563 | } | |
564 | } | |
565 | ||
566 | if (receivedCmd_dec[0] == MIFARE_CMD_READBLOCK) { | |
567 | uint8_t blockNo = receivedCmd_dec[1]; | |
568 | emlGetMem(response, blockNo, 1); | |
569 | if (IsSectorTrailer(blockNo)) { | |
570 | memset(response, 0x00, 6); // keyA can never be read | |
571 | if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_KEYB_READ)) { | |
572 | memset(response+10, 0x00, 6); // keyB cannot be read | |
573 | } | |
574 | if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_AC_READ)) { | |
575 | memset(response+6, 0x00, 4); // AC bits cannot be read | |
576 | } | |
577 | } else { | |
578 | if (!IsAccessAllowed(blockNo, cardAUTHKEY, AC_DATA_READ)) { | |
579 | memset(response, 0x00, 16); // datablock cannot be read | |
580 | } | |
581 | } | |
582 | AppendCrc14443a(response, 16); | |
583 | mf_crypto1_encrypt(pcs, response, 18, response_par); | |
584 | EmSendCmdPar(response, 18, response_par); | |
585 | FpgaDisableTracing(); | |
586 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { | |
587 | Dbprintf("Reader reading block %d (0x%02x)", blockNo, blockNo); | |
588 | } | |
589 | numReads++; | |
590 | if(exitAfterNReads > 0 && numReads == exitAfterNReads) { | |
591 | Dbprintf("%d reads done, exiting", numReads); | |
592 | finished = true; | |
593 | } | |
594 | break; | |
595 | } | |
596 | ||
597 | if (receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK) { | |
598 | uint8_t blockNo = receivedCmd_dec[1]; | |
599 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); | |
600 | FpgaDisableTracing(); | |
601 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("RECV 0xA0 write block %d (%02x)", blockNo, blockNo); | |
602 | cardWRBL = blockNo; | |
603 | cardSTATE = MFEMUL_WRITEBL2; | |
604 | break; | |
605 | } | |
606 | ||
607 | if (receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE) { | |
608 | uint8_t blockNo = receivedCmd_dec[1]; | |
609 | if (emlCheckValBl(blockNo)) { | |
610 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
611 | FpgaDisableTracing(); | |
612 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { | |
613 | Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); | |
614 | } | |
615 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking"); | |
616 | break; | |
617 | } | |
618 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); | |
619 | FpgaDisableTracing(); | |
620 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { | |
621 | Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); | |
622 | } | |
623 | cardWRBL = blockNo; | |
624 | if (receivedCmd_dec[0] == MIFARE_CMD_INC) | |
625 | cardSTATE = MFEMUL_INTREG_INC; | |
626 | if (receivedCmd_dec[0] == MIFARE_CMD_DEC) | |
627 | cardSTATE = MFEMUL_INTREG_DEC; | |
628 | if (receivedCmd_dec[0] == MIFARE_CMD_RESTORE) | |
629 | cardSTATE = MFEMUL_INTREG_REST; | |
630 | break; | |
631 | } | |
632 | ||
633 | if (receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) { | |
634 | uint8_t blockNo = receivedCmd_dec[1]; | |
635 | if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd_dec[1])) | |
636 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
637 | else | |
638 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); | |
639 | FpgaDisableTracing(); | |
640 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd_dec[0], blockNo, blockNo); | |
641 | break; | |
642 | } | |
643 | ||
644 | // command not allowed | |
645 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
646 | FpgaDisableTracing(); | |
647 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Received command not allowed, nacking"); | |
648 | cardSTATE = MFEMUL_IDLE; | |
649 | break; | |
650 | } | |
651 | ||
652 | case MFEMUL_AUTH1:{ | |
653 | if (receivedCmd_len != 8) { | |
654 | cardSTATE = MFEMUL_IDLE; | |
655 | break; | |
656 | } | |
657 | ||
658 | uint32_t nr = bytes_to_num(receivedCmd, 4); | |
659 | uint32_t ar = bytes_to_num(&receivedCmd[4], 4); | |
660 | ||
661 | // Collect AR/NR per keytype & sector | |
662 | if(flags & FLAG_NR_AR_ATTACK) { | |
663 | for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { | |
664 | if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) { | |
665 | // if first auth for sector, or matches sector and keytype of previous auth | |
666 | if (ar_nr_collected[i+mM] < 2) { | |
667 | // if we haven't already collected 2 nonces for this sector | |
668 | if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) { | |
669 | // Avoid duplicates... probably not necessary, ar should vary. | |
670 | if (ar_nr_collected[i+mM]==0) { | |
671 | // first nonce collect | |
672 | ar_nr_resp[i+mM].cuid = cuid; | |
673 | ar_nr_resp[i+mM].sector = cardAUTHSC; | |
674 | ar_nr_resp[i+mM].keytype = cardAUTHKEY; | |
675 | ar_nr_resp[i+mM].nonce = nonce; | |
676 | ar_nr_resp[i+mM].nr = nr; | |
677 | ar_nr_resp[i+mM].ar = ar; | |
678 | nonce1_count++; | |
679 | // add this nonce to first moebius nonce | |
680 | ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid; | |
681 | ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC; | |
682 | ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY; | |
683 | ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce; | |
684 | ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr; | |
685 | ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar; | |
686 | ar_nr_collected[i+ATTACK_KEY_COUNT]++; | |
687 | } else { // second nonce collect (std and moebius) | |
688 | ar_nr_resp[i+mM].nonce2 = nonce; | |
689 | ar_nr_resp[i+mM].nr2 = nr; | |
690 | ar_nr_resp[i+mM].ar2 = ar; | |
691 | if (!gettingMoebius) { | |
692 | nonce2_count++; | |
693 | // check if this was the last second nonce we need for std attack | |
694 | if ( nonce2_count == nonce1_count ) { | |
695 | // done collecting std test switch to moebius | |
696 | // first finish incrementing last sample | |
697 | ar_nr_collected[i+mM]++; | |
698 | // switch to moebius collection | |
699 | gettingMoebius = true; | |
700 | mM = ATTACK_KEY_COUNT; | |
701 | if (flags & FLAG_RANDOM_NONCE) { | |
702 | nonce = prand(); | |
703 | } else { | |
704 | nonce = nonce*7; | |
705 | } | |
706 | break; | |
707 | } | |
708 | } else { | |
709 | moebius_n_count++; | |
710 | // if we've collected all the nonces we need - finish. | |
711 | if (nonce1_count == moebius_n_count) finished = true; | |
712 | } | |
713 | } | |
714 | ar_nr_collected[i+mM]++; | |
715 | } | |
716 | } | |
717 | // we found right spot for this nonce stop looking | |
718 | break; | |
719 | } | |
720 | } | |
721 | } | |
722 | ||
723 | // --- crypto | |
724 | crypto1_word(pcs, nr , 1); | |
725 | cardRr = ar ^ crypto1_word(pcs, 0, 0); | |
726 | ||
727 | // test if auth OK | |
728 | if (cardRr != prng_successor(nonce, 64)){ | |
729 | FpgaDisableTracing(); | |
730 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", | |
731 | cardAUTHSC, cardAUTHKEY == AUTHKEYA ? 'A' : 'B', | |
732 | cardRr, prng_successor(nonce, 64)); | |
733 | // Shouldn't we respond anything here? | |
734 | // Right now, we don't nack or anything, which causes the | |
735 | // reader to do a WUPA after a while. /Martin | |
736 | // -- which is the correct response. /piwi | |
737 | cardAUTHKEY = AUTHKEYNONE; // not authenticated | |
738 | cardSTATE = MFEMUL_IDLE; | |
739 | break; | |
740 | } | |
741 | ans = prng_successor(nonce, 96); | |
742 | num_to_bytes(ans, 4, response); | |
743 | mf_crypto1_encrypt(pcs, response, 4, response_par); | |
744 | EmSendCmdPar(response, 4, response_par); | |
745 | FpgaDisableTracing(); | |
746 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("AUTH COMPLETED for sector %d with key %c.", cardAUTHSC, cardAUTHKEY == AUTHKEYA ? 'A' : 'B'); | |
747 | cardSTATE = MFEMUL_WORK; | |
748 | break; | |
749 | } | |
750 | ||
751 | case MFEMUL_WRITEBL2:{ | |
752 | if (receivedCmd_len == 18) { | |
753 | mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec); | |
754 | if (HasValidCRC(receivedCmd_dec, receivedCmd_len)) { | |
755 | if (IsSectorTrailer(cardWRBL)) { | |
756 | emlGetMem(response, cardWRBL, 1); | |
757 | if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_KEYA_WRITE)) { | |
758 | memcpy(receivedCmd_dec, response, 6); // don't change KeyA | |
759 | } | |
760 | if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_KEYB_WRITE)) { | |
761 | memcpy(receivedCmd_dec+10, response+10, 6); // don't change KeyA | |
762 | } | |
763 | if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_AC_WRITE)) { | |
764 | memcpy(receivedCmd_dec+6, response+6, 4); // don't change AC bits | |
765 | } | |
766 | } else { | |
767 | if (!IsAccessAllowed(cardWRBL, cardAUTHKEY, AC_DATA_WRITE)) { | |
768 | memcpy(receivedCmd_dec, response, 16); // don't change anything | |
769 | } | |
770 | } | |
771 | emlSetMem(receivedCmd_dec, cardWRBL, 1); | |
772 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK)); // always ACK? | |
773 | cardSTATE = MFEMUL_WORK; | |
774 | break; | |
775 | } | |
776 | } | |
777 | cardSTATE = MFEMUL_IDLE; | |
778 | break; | |
779 | } | |
780 | ||
781 | case MFEMUL_INTREG_INC:{ | |
782 | if (receivedCmd_len == 6) { | |
783 | mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); | |
784 | if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { | |
785 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
786 | cardSTATE = MFEMUL_IDLE; | |
787 | break; | |
788 | } | |
789 | cardINTREG = cardINTREG + ans; | |
790 | cardSTATE = MFEMUL_WORK; | |
791 | } | |
792 | break; | |
793 | } | |
794 | ||
795 | case MFEMUL_INTREG_DEC:{ | |
796 | if (receivedCmd_len == 6) { | |
797 | mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); | |
798 | if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { | |
799 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
800 | cardSTATE = MFEMUL_IDLE; | |
801 | break; | |
802 | } | |
803 | cardINTREG = cardINTREG - ans; | |
804 | cardSTATE = MFEMUL_WORK; | |
805 | } | |
806 | break; | |
807 | } | |
808 | ||
809 | case MFEMUL_INTREG_REST:{ | |
810 | mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t*)&ans); | |
811 | if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { | |
812 | EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); | |
813 | cardSTATE = MFEMUL_IDLE; | |
814 | break; | |
815 | } | |
816 | cardSTATE = MFEMUL_WORK; | |
817 | break; | |
818 | } | |
819 | ||
820 | } // end of switch | |
821 | ||
822 | FpgaDisableTracing(); | |
823 | button_pushed = BUTTON_PRESS(); | |
824 | ||
825 | } // end of while | |
826 | ||
827 | FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); | |
828 | LEDsoff(); | |
829 | ||
830 | if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= MF_DBG_INFO) { | |
831 | for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { | |
832 | if (ar_nr_collected[i] == 2) { | |
833 | Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector); | |
834 | Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x", | |
835 | ar_nr_resp[i].cuid, //UID | |
836 | ar_nr_resp[i].nonce, //NT | |
837 | ar_nr_resp[i].nr, //NR1 | |
838 | ar_nr_resp[i].ar, //AR1 | |
839 | ar_nr_resp[i].nr2, //NR2 | |
840 | ar_nr_resp[i].ar2 //AR2 | |
841 | ); | |
842 | } | |
843 | } | |
844 | for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) { | |
845 | if (ar_nr_collected[i] == 2) { | |
846 | Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector); | |
847 | Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x %08x", | |
848 | ar_nr_resp[i].cuid, //UID | |
849 | ar_nr_resp[i].nonce, //NT | |
850 | ar_nr_resp[i].nr, //NR1 | |
851 | ar_nr_resp[i].ar, //AR1 | |
852 | ar_nr_resp[i].nonce2,//NT2 | |
853 | ar_nr_resp[i].nr2, //NR2 | |
854 | ar_nr_resp[i].ar2 //AR2 | |
855 | ); | |
856 | } | |
857 | } | |
858 | } | |
859 | if (MF_DBGLEVEL >= MF_DBG_INFO) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", get_tracing(), BigBuf_get_traceLen()); | |
860 | ||
861 | if(flags & FLAG_INTERACTIVE) { // Interactive mode flag, means we need to send ACK | |
862 | //Send the collected ar_nr in the response | |
863 | cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, button_pushed, 0, &ar_nr_resp, sizeof(ar_nr_resp)); | |
864 | } | |
865 | ||
866 | LED_A_OFF(); | |
867 | } |