]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/iso14443a.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
meant to put clock detection before demods
[proxmark3-svn] / armsrc / iso14443a.c
diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index f47c8a798f1334f72bf02912ff9008136e790906..83907fce18b72c9b5407949c460b5e85d16a593a 100644 (file)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -2329,6 +2329,7 @@ typedef struct {
   * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
   * FLAG_10B_UID_IN_DATA       - use 10-byte UID in the data-section not finished
   *    FLAG_NR_AR_ATTACK  - means we should collect NR_AR responses for bruteforcing later
+  * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
   *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
   * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
   */
@@ -2375,19 +2376,24 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 
        //allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
        #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
-       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types
+       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
        memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
 
-       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2];
+       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
        memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
-       bool gettingMoebius = false;
        uint8_t nonce1_count = 0;
        uint8_t nonce2_count = 0;
        uint8_t moebius_n_count = 0;
+       bool gettingMoebius = false;
        uint8_t mM = 0; //moebius_modifier for collection storage
 
        // Authenticate response - nonce
-       uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
+       uint32_t nonce;
+       if (flags & FLAG_RANDOM_NONCE) {
+               nonce = prand();
+       } else {
+               nonce = bytes_to_num(rAUTH_NT, 4);
+       }
        
        //-- Determine the UID
        // Can be set from emulator memory, incoming data
@@ -2511,7 +2517,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                cardSTATE_TO_IDLE();
                                LED_A_ON();
                        }
-               } 
+               }
                if (cardSTATE == MFEMUL_NOFIELD) continue;
 
                //Now, get data
@@ -2523,7 +2529,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                } else if (res == 1) {
                        break;  //return value 1 means button press
                }
-                       
+
                // REQ or WUP request in ANY state and WUP in HALTED state
                if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
                        selTimer = GetTickCount();
@@ -2535,6 +2541,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                        LED_C_OFF();
                        crypto1_destroy(pcs);
                        cardAUTHKEY = 0xff;
+                       if (flags & FLAG_RANDOM_NONCE) {
+                               nonce = prand();
+                       }
                        continue;
                }
                
@@ -2656,7 +2665,11 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                                                                // switch to moebius collection
                                                                                                gettingMoebius = true;
                                                                                                mM = ATTACK_KEY_COUNT;
-                                                                                               nonce = nonce*7;
+                                                                                               if (flags & FLAG_RANDOM_NONCE) {
+                                                                                                       nonce = prand();
+                                                                                               } else {
+                                                                                                       nonce = nonce*7;
+                                                                                               }
                                                                                                break;
                                                                                        }
                                                                                } else {
@@ -2992,7 +3005,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                //Send the collected ar_nr in the response
                cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
        }
-       
 }
 
 
Proxmark3 GIT tracking
Impressum, Datenschutz