CHG: @Marshmellow42 's fixes. ref: https://github.com/marshmellow42/proxmark3/commi...

[proxmark3-svn] / client / cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c

index 36438d7fdd5d09fa073b97fa24ad8bf44b0c0405..04998e181bf724f1085e9f38384407d4fcbbd226 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -226,7 +226,7 @@ start:
                         c.arg[0] = false;\r
                         goto start;\r
                 } else {\r
-                       PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
+                       PrintAndLog("Found valid key: %012" PRIx64 " \n", r_key);\r
                         goto END;\r
                 }\r
         }\r
@@ -246,10 +246,10 @@ start:
                 uint64_t key64 = 0;\r
                 int res = mfCheckKeys(blockNo, keytype - 0x60 , false, 1, keyblock, &key64);\r
                 if ( res > 0 ) {\r
-                       PrintAndLog("Candidate Key found (%012"llx") - Test authentication failed. [%d] Restarting darkside attack", r_key, res);       \r
+                       PrintAndLog("Candidate Key found (%012" PRIx64 ") - Test authentication failed. [%d] Restarting darkside attack", r_key, res);  \r
                         goto start;\r
                 }\r
-               PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
+               PrintAndLog("Found valid key: %012" PRIx64 " \n", r_key);\r
         }\r
  END:\r
         t1 = clock() - t1;\r
@@ -313,9 +313,7 @@ int CmdHF14AMfRdBl(const char *Cmd) {
         uint8_t blockNo = 0;\r
         uint8_t keyType = 0;\r
         uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
-       \r
-       char cmdp       = 0x00;\r
-\r
+       char cmdp = 0x00;\r
  \r
         if (strlen(Cmd)<3) {\r
                 PrintAndLog("Usage:  hf mf rdbl    <block number> <key A/B> <key (12 hex symbols)>");\r
@@ -472,10 +470,9 @@ int CmdHF14AMfDump(const char *Cmd) {
         size_t bytes_read;\r
         for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                 bytes_read = fread( keyA[sectorNo], 1, 6, fin );\r
-               if ( bytes_read == 0) {\r
+               if ( bytes_read != 6) {\r
                         PrintAndLog("File reading error.");\r
                         fclose(fin);\r
-                       fin = NULL;\r
                         return 2;\r
                 }\r
         }\r
@@ -483,16 +480,14 @@ int CmdHF14AMfDump(const char *Cmd) {
         // Read keys B from file\r
         for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                 bytes_read = fread( keyB[sectorNo], 1, 6, fin );\r
-               if ( bytes_read == 0) {\r
+               if ( bytes_read != 6) {\r
                         PrintAndLog("File reading error.");\r
                         fclose(fin);\r
-                       fin = NULL;\r
                         return 2;\r
                 }\r
         }\r
         \r
         fclose(fin);\r
-       fin = NULL;\r
                         \r
         PrintAndLog("|-----------------------------------------|");\r
         PrintAndLog("|------ Reading sector access bits...-----|");\r
@@ -645,20 +640,18 @@ int CmdHF14AMfRestore(const char *Cmd) {
         size_t bytes_read;\r
         for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
                 bytes_read = fread( keyA[sectorNo], 1, 6, fkeys );\r
-               if ( bytes_read == 0) {\r
+               if ( bytes_read != 6) {\r
                         PrintAndLog("File reading error (dumpkeys.bin).");\r
                         fclose(fkeys);\r
-                       fkeys = NULL;\r
                         return 2;\r
                 }\r
         }\r
  \r
         for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
                 bytes_read = fread( keyB[sectorNo], 1, 6, fkeys );\r
-               if ( bytes_read == 0) {\r
+               if ( bytes_read != 6) {\r
                         PrintAndLog("File reading error (dumpkeys.bin).");\r
                         fclose(fkeys);\r
-                       fkeys = NULL;\r
                         return 2;\r
                 }\r
         }\r
@@ -676,7 +669,7 @@ int CmdHF14AMfRestore(const char *Cmd) {
                         UsbCommand c = {CMD_MIFARE_WRITEBL, {FirstBlockOfSector(sectorNo) + blockNo, keyType, 0}};\r
                         memcpy(c.d.asBytes, key, 6);                    \r
                         bytes_read = fread(bldata, 1, 16, fdump);\r
-                       if ( bytes_read == 0) {\r
+                       if ( bytes_read != 16) {\r
                                 PrintAndLog("File reading error (dumpdata.bin).");\r
                                 fclose(fdump);\r
                                 fdump = NULL;                           \r
@@ -715,7 +708,6 @@ int CmdHF14AMfRestore(const char *Cmd) {
         }\r
         \r
         fclose(fdump);\r
-       fdump = NULL;   \r
         return 0;\r
  }\r
  \r
@@ -791,7 +783,7 @@ int CmdHF14AMfNested(const char *Cmd) {
                 switch (isOK) {\r
                         case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
                         case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
-                       case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (its random number generator is not predictable).\n"); break;\r
+                       case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random number generator is not predictable).\n"); break;\r
                         case -4 : PrintAndLog("No valid key found"); break;\r
                         case -5 : \r
                                 key64 = bytes_to_num(keyBlock, 6);\r
@@ -1207,7 +1199,7 @@ int CmdHF14AMfChk(const char *Cmd) {
                                         }\r
                                         memset(keyBlock + 6 * keycnt, 0, 6);\r
                                         num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);\r
-                                       PrintAndLog("check key[%2d] %012"llx, keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r
+                                       PrintAndLog("check key[%2d] %012" PRIx64, keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r
                                         keycnt++;\r
                                         memset(buf, 0, sizeof(buf));\r
                                 }\r
@@ -1361,18 +1353,16 @@ int CmdHF14AMfChk(const char *Cmd) {
         PrintAndLog("");\r
         return 0;\r
  }\r
-#define ATTACK_KEY_COUNT 8\r
+\r
  sector *k_sector = NULL;\r
  uint8_t k_sectorsCount = 16;\r
-void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {\r
+static void emptySectorTable(){\r
  \r
         // initialize storage for found keys\r
         if (k_sector == NULL)\r
                 k_sector = calloc(k_sectorsCount, sizeof(sector));\r
         if (k_sector == NULL) \r
                 return;\r
-\r
-       uint64_t key = 0;\r
                 \r
         // empty e_sector\r
         for(int i = 0; i < k_sectorsCount; ++i){\r
@@ -1381,68 +1371,47 @@ void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {
                 k_sector[i].foundKey[0] = FALSE;\r
                 k_sector[i].foundKey[1] = FALSE;\r
         }\r
+}\r
+void showSectorTable(){\r
+       if (k_sector != NULL) {\r
+               printKeyTable(k_sectorsCount, k_sector);\r
+               free(k_sector);\r
+               k_sector = NULL;\r
+       }\r
+}\r
+void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose) {\r
  \r
-       if (verbose) printf("enter Moebius attack (mfkey32v2) \n");\r
+       uint64_t key = 0;       \r
+       bool success = FALSE;\r
         \r
-       for (uint8_t i = 0; i < ATTACK_KEY_COUNT; ++i) {\r
-               \r
-               // if no-collected data \r
-               if (data[i].ar2 == 0) continue;\r
-\r
-               // We can probably skip this, mfkey32v2 is more reliable.\r
-#ifdef HFMF_TRYMFK32\r
-               if (tryMfk32(data[i], &key, verbose)) {\r
-                       PrintAndLog("Found Key%s for sector %02d: [%012"llx"]"\r
-                               , (data[i].keytype) ? "B" : "A"\r
-                               , data[i].sector\r
-                               , key\r
-                       );\r
-\r
-                       k_sector[i].Key[data[i].keytype] = key;\r
-                       k_sector[i].foundKey[data[i].keytype] = TRUE;\r
-                       \r
-                       //set emulator memory for keys\r
-                       if (setEmulatorMem) {\r
-                               uint8_t memBlock[16] = {0,0,0,0,0,0, 0xff, 0x0F, 0x80, 0x69, 0,0,0,0,0,0};\r
-                               num_to_bytes( k_sector[i].Key[0], 6, memBlock);\r
-                               num_to_bytes( k_sector[i].Key[1], 6, memBlock+10);\r
-                               PrintAndLog("Setting Emulator Memory Block %02d: [%s]"\r
-                                       , ((data[i].sector)*4) + 3\r
-                                       , sprint_hex( memBlock, sizeof(memBlock))\r
-                                       );\r
-                               mfEmlSetMem( memBlock, ((data[i].sector)*4) + 3, 1);\r
-                       }\r
-                       continue;\r
-               }\r
-#endif\r
-               \r
-               //moebius attack                        \r
-               if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, verbose)) {\r
-                       uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;\r
-                       uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;\r
-\r
-                       PrintAndLog("Reader is trying authenticate with: Key %s, sector %02d: [%012"llx"]"\r
-                               , keyType ? "B" : "A"\r
-                               , sectorNum\r
-                               , key\r
-                       );\r
-\r
-                       k_sector[sectorNum].Key[keyType] = key;\r
-                       k_sector[sectorNum].foundKey[keyType] = TRUE;\r
-\r
-                       //set emulator memory for keys\r
-                       if (setEmulatorMem) {\r
-                               uint8_t memBlock[16] = {0,0,0,0,0,0, 0xff, 0x0F, 0x80, 0x69, 0,0,0,0,0,0};\r
-                               num_to_bytes( k_sector[sectorNum].Key[0], 6, memBlock);\r
-                               num_to_bytes( k_sector[sectorNum].Key[1], 6, memBlock+10);\r
-                               //iceman,  guessing this will not work so well for 4K tags.\r
-                               PrintAndLog("Setting Emulator Memory Block %02d: [%s]"\r
-                                       , (sectorNum*4) + 3\r
-                                       , sprint_hex( memBlock, sizeof(memBlock))\r
-                                       );\r
-                               mfEmlSetMem( memBlock, (sectorNum*4) + 3, 1);\r
-                       }\r
-                       continue;\r
+       if (k_sector == NULL)\r
+               emptySectorTable();\r
+\r
+       success = tryMfk32_moebius(data, &key, verbose);\r
+       if (success) {\r
+               uint8_t sector = data.sector;\r
+               uint8_t keytype = data.keytype;\r
+\r
+               PrintAndLog("Reader is trying authenticate with: Key %s, sector %02d: [%012" PRIx64 "]"\r
+                       , keytype ? "B" : "A"\r
+                       , sector\r
+                       , key\r
+               );\r
+\r
+               k_sector[sector].Key[keytype] = key;\r
+               k_sector[sector].foundKey[keytype] = TRUE;\r
+\r
+               //set emulator memory for keys\r
+               if (setEmulatorMem) {\r
+                       uint8_t memBlock[16] = {0,0,0,0,0,0, 0xff, 0x0F, 0x80, 0x69, 0,0,0,0,0,0};\r
+                       num_to_bytes( k_sector[sector].Key[0], 6, memBlock);\r
+                       num_to_bytes( k_sector[sector].Key[1], 6, memBlock+10);\r
+                       //iceman,  guessing this will not work so well for 4K tags.\r
+                       PrintAndLog("Setting Emulator Memory Block %02d: [%s]"\r
+                               , (sector*4) + 3\r
+                               , sprint_hex( memBlock, sizeof(memBlock))\r
+                               );\r
+                       mfEmlSetMem( memBlock, (sector*4) + 3, 1);\r
                 }\r
         }\r
  }\r
@@ -1453,18 +1422,17 @@ int CmdHF14AMf1kSim(const char *Cmd) {
         uint8_t exitAfterNReads = 0;\r
         uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);\r
         int uidlen = 0;\r
-       bool setEmulatorMem = false;\r
         uint8_t cmdp = 0;\r
-       bool errors = false;\r
-\r
-       // If set to true, we should show our workings when doing NR_AR_ATTACK.\r
-       bool verbose = false;\r
-\r
+       bool errors = FALSE;\r
+       bool verbose = FALSE;\r
+       bool setEmulatorMem = FALSE;\r
+       nonces_t data[1];\r
+               \r
         while(param_getchar(Cmd, cmdp) != 0x00) {\r
                 switch(param_getchar(Cmd, cmdp)) {\r
                 case 'e':\r
                 case 'E':\r
-                       setEmulatorMem = true;\r
+                       setEmulatorMem = TRUE;\r
                         cmdp++;\r
                         break;\r
                 case 'h':\r
@@ -1489,11 +1457,11 @@ int CmdHF14AMf1kSim(const char *Cmd) {
                                 case  8: flags = FLAG_4B_UID_IN_DATA; break;\r
                                 default: return usage_hf14_mf1ksim();\r
                         }\r
-                       cmdp +=2;\r
+                       cmdp += 2;\r
                         break;\r
                 case 'v':\r
                 case 'V':\r
-                       verbose = true;\r
+                       verbose = TRUE;\r
                         cmdp++;\r
                         break;\r
                 case 'x':\r
@@ -1503,7 +1471,7 @@ int CmdHF14AMf1kSim(const char *Cmd) {
                         break;\r
                 default:\r
                         PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
-                       errors = true;\r
+                       errors = TRUE;\r
                         break;\r
                 }\r
                 if(errors) break;\r
@@ -1521,27 +1489,20 @@ int CmdHF14AMf1kSim(const char *Cmd) {
         memcpy(c.d.asBytes, uid, sizeof(uid));\r
         clearCommandBuffer();\r
         SendCommand(&c);\r
+       UsbCommand resp;                \r
  \r
-       if(flags & FLAG_INTERACTIVE) {          \r
+       if(flags & FLAG_INTERACTIVE) {\r
                 PrintAndLog("Press pm3-button or send another cmd to abort simulation");\r
  \r
-               nonces_t data[ATTACK_KEY_COUNT*2];\r
-               UsbCommand resp;                \r
-\r
                 while( !ukbhit() ){\r
                         if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;\r
                         if ( !(flags & FLAG_NR_AR_ATTACK) ) break;\r
                         if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;\r
  \r
-                       memcpy( data, resp.d.asBytes, sizeof(data) );                   \r
-                       readerAttack(data, setEmulatorMem, verbose);\r
-               }\r
-               \r
-               if (k_sector != NULL) {\r
-                       printKeyTable(k_sectorsCount, k_sector);\r
-                       free(k_sector);\r
-                       k_sector = NULL;\r
+                       memcpy(data, resp.d.asBytes, sizeof(data));\r
+                       readerAttack(data[0], setEmulatorMem, verbose);\r
                 }\r
+               showSectorTable();\r
         }\r
         return 0;\r
  }\r
@@ -1617,7 +1578,7 @@ int CmdHF14AMfSniff(const char *Cmd){
  \r
                         if (res == 1) {                                                         // there is (more) data to be transferred\r
                                 if (pckNum == 0) {                                              // first packet, (re)allocate necessary buffer\r
-                                       if (traceLen > bufsize) {\r
+                                       if (traceLen > bufsize || buf == NULL) {\r
                                                 uint8_t *p;\r
                                                 if (buf == NULL)                                // not yet allocated\r
                                                         p = malloc(traceLen);\r
@@ -1738,7 +1699,7 @@ int CmdHF14AMfKeyBrute(const char *Cmd) {
         time(&start);\r
         \r
         if (mfKeyBrute( blockNo, keytype, key, &foundkey))\r
-               PrintAndLog("Found valid key: %012"llx" \n", foundkey);\r
+               PrintAndLog("Found valid key: %012" PRIx64 " \n", foundkey);\r
         else\r
                 PrintAndLog("Key not found");\r
         \r
@@ -1756,7 +1717,7 @@ void printKeyTable( uint8_t sectorscnt, sector *e_sector ){
         PrintAndLog("|sec|key A           |res|key B           |res|");\r
         PrintAndLog("|---|----------------|---|----------------|---|");\r
         for (uint8_t i = 0; i < sectorscnt; ++i) {\r
-               PrintAndLog("|%03d|  %012"llx"  | %d |  %012"llx"  | %d |", i,\r
+               PrintAndLog("|%03d|  %012" PRIx64 "  | %d |  %012" PRIx64 "  | %d |", i,\r
                         e_sector[i].Key[0], e_sector[i].foundKey[0], \r
                         e_sector[i].Key[1], e_sector[i].foundKey[1]\r
                 );\r
@@ -1805,7 +1766,6 @@ int CmdHF14AMfESet(const char *Cmd)
  {\r
         uint8_t memBlock[16];\r
         uint8_t blockNo = 0;\r
-\r
         memset(memBlock, 0x00, sizeof(memBlock));\r
  \r
         if (strlen(Cmd) < 3 || param_getchar(Cmd, 0) == 'h') {\r
@@ -2087,7 +2047,7 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
                 }\r
                 keyA = bytes_to_num(data, 6);\r
                 keyB = bytes_to_num(data + 10, 6);\r
-               PrintAndLog("|%03d|  %012"llx"  |  %012"llx"  |", i, keyA, keyB);\r
+               PrintAndLog("|%03d|  %012" PRIx64 "  |  %012" PRIx64 "  |", i, keyA, keyB);\r
         }\r
         PrintAndLog("|---|----------------|----------------|");\r
         \r