]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/iso14443a.c
FIX: removing compiler warning about double const.
[proxmark3-svn] / armsrc / iso14443a.c
index d49e6ae1cd009b4c91814e12b9a44c32c4ef5aa1..3ef427e69dea0ac7f4c3f64df8c35db58085441a 100644 (file)
@@ -1,4 +1,4 @@
- //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
 // Merlok - June 2011, 2012
 // Gerhard de Koning Gans - May 2008
 // Hagen Fritsch - June 2010
@@ -871,17 +871,9 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
        uint8_t cardAUTHKEY = 0xff;  // no authentication
        // allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
 
-       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (std, moebius)
-       memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
-       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
-       memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
-       uint8_t nonce1_count = 0;
-       uint8_t nonce2_count = 0;
-       uint8_t moebius_n_count = 0;
-       bool gettingMoebius = false;
-       uint8_t mM = 0; // moebius_modifier for collection storage
-
+       nonces_t ar_nr_nonces[ATTACK_KEY_COUNT]; // for attack types moebius
+       memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
+       uint8_t moebius_count = 0;
        
        switch (tagType) {
                case 1: { // MIFARE Classic 1k 
@@ -926,7 +918,11 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                                memcpy(data+3, emdata+4, 4); // uid bytes 3-7
                                flags |= FLAG_7B_UID_IN_DATA;
                        }
-               } break;                
+               } break;        
+               case 8: { // MIFARE Classic 4k
+                       response1[0] = 0x02;
+                       sak = 0x18;
+               } break;
                default: {
                        Dbprintf("Error: unkown tagtype (%d)",tagType);
                        return;
@@ -1056,7 +1052,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                
                // Clean receive command buffer
                if(!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) {
-                       DbpString("Button press");
+                       Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ", tracing, BigBuf_get_traceLen());
                        break;
                }       
                p_response = NULL;
@@ -1116,12 +1112,12 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                        p_response = NULL;                                      
                } else if (receivedCmd[0] == MIFARE_ULEV1_READ_CNT && tagType == 7) {   // Received a READ COUNTER -- 
                        uint8_t index = receivedCmd[1];
-                       uint8_t data[] =  {0x00,0x00,0x00,0x14,0xa5};
+                       uint8_t cmd[] =  {0x00,0x00,0x00,0x14,0xa5};
                        if ( counters[index] > 0) {
-                               num_to_bytes(counters[index], 3, data);
-                               AppendCrc14443a(data, sizeof(data)-2);
+                               num_to_bytes(counters[index], 3, cmd);
+                               AppendCrc14443a(cmd, sizeof(cmd)-2);
                        }
-                       EmSendCmdEx(data,sizeof(data),false);                           
+                       EmSendCmdEx(cmd,sizeof(cmd),false);                             
                        p_response = NULL;
                } else if (receivedCmd[0] == MIFARE_ULEV1_INCR_CNT && tagType == 7) {   // Received a INC COUNTER -- 
                        // number of counter
@@ -1153,15 +1149,21 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                                EmSendCmdEx(emdata, sizeof(emdata), false);
                                p_response = NULL;
                        } else {
+                                                               
+                               cardAUTHKEY = receivedCmd[0] - 0x60;
+                               cardAUTHSC = receivedCmd[1] / 4; // received block num
                                
-                               // incease nonce at every command recieved. this is time consuming.
+                               // incease nonce at AUTH requests. this is time consuming.
                                nonce = prand();
-                               num_to_bytes(nonce, 4, response5);
-                               prepare_tag_modulation(&responses[5], DYNAMIC_MODULATION_BUFFER_SIZE);
-                               
-                               cardAUTHSC = receivedCmd[1] / 4; // received block num
-                               cardAUTHKEY = receivedCmd[0] - 0x60;
-                               p_response = &responses[5]; order = 7;
+                               //num_to_bytes(nonce, 4, response5);
+                               num_to_bytes(nonce, 4, dynamic_response_info.response);                         
+                               dynamic_response_info.response_n = 4;
+
+                               //prepare_tag_modulation(&responses[5], DYNAMIC_MODULATION_BUFFER_SIZE);
+                               prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE);
+                               p_response = &dynamic_response_info;
+                               //p_response = &responses[5]; 
+                               order = 7;
                        }
                } else if(receivedCmd[0] == ISO14443A_CMD_RATS) {       // Received a RATS request
                        if (tagType == 1 || tagType == 2) {     // RATS not supported
@@ -1178,69 +1180,60 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                        // Collect AR/NR per keytype & sector
                        if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) {
                                
-                                       for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+                               int8_t index = -1;
+                               int8_t empty = -1;
+                               for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+                                       // find which index to use
+                                       if ( (cardAUTHSC == ar_nr_nonces[i].sector) &&  (cardAUTHKEY == ar_nr_nonces[i].keytype)) 
+                                               index = i;
+
+                                       // keep track of empty slots.
+                                       if ( ar_nr_nonces[i].state == EMPTY)
+                                               empty = i;
+                               }
+                               // if no empty slots.  Choose first and overwrite.
+                               if ( index == -1 ) {
+                                       if ( empty == -1 ) {
+                                               index = 0;
+                                               ar_nr_nonces[index].state = EMPTY;
+                                       } else {
+                                               index = empty;
+                                       }
+                               }
+
+                               switch(ar_nr_nonces[index].state) {
+                                       case EMPTY: {
+                                               // first nonce collect
+                                               ar_nr_nonces[index].cuid = cuid;
+                                               ar_nr_nonces[index].sector = cardAUTHSC;
+                                               ar_nr_nonces[index].keytype = cardAUTHKEY;
+                                               ar_nr_nonces[index].nonce = nonce;
+                                               ar_nr_nonces[index].nr = nr;
+                                               ar_nr_nonces[index].ar = ar;
+                                               ar_nr_nonces[index].state = FIRST;
+                                               break;
+                                       } 
+                                       case FIRST : { 
+                                               // second nonce collect
+                                               ar_nr_nonces[index].nonce2 = nonce;
+                                               ar_nr_nonces[index].nr2 = nr;
+                                               ar_nr_nonces[index].ar2 = ar;
+                                               ar_nr_nonces[index].state = SECOND;
+
+                                               // send to client
+                                               cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_nonces[index], sizeof(nonces_t));
                                                
-                                               if ( ar_nr_collected[i+mM] == 0 || (
-                                                                       (cardAUTHSC == ar_nr_resp[i+mM].sector) && 
-                                                                       (cardAUTHKEY == ar_nr_resp[i+mM].keytype) &&
-                                                                       (ar_nr_collected[i+mM] > 0)
-                                                               )
-                                                       ) {
-                                                               
-                                                       // if first auth for sector, or matches sector and keytype of previous auth
-                                                       if (ar_nr_collected[i+mM] > 1) continue;
-                                                               
-                                                       // if we haven't already collected 2 nonces for this sector
-                                                       if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
-                                                               // Avoid duplicates... probably not necessary, ar should vary. 
-                                                               if (ar_nr_collected[i+mM]==0) {
-                                                                       // first nonce collect
-                                                                       nonce1_count++;
-                                                                       // add this nonce to first moebius nonce
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
-                                                                       ar_nr_collected[i+ATTACK_KEY_COUNT]++;
-                                                               } else { 
-                                                                       // second nonce collect (std and moebius)
-                                                                       ar_nr_resp[i+mM].nonce2 = nonce;
-                                                                       ar_nr_resp[i+mM].nr2 = nr;
-                                                                       ar_nr_resp[i+mM].ar2 = ar;
-                                                                       
-                                                                       if (!gettingMoebius) {
-                                                                               nonce2_count++;
-                                                                               // check if this was the last second nonce we need for std attack
-                                                                               if ( nonce2_count == nonce1_count ) {
-                                                                                       // done collecting std test switch to moebius
-                                                                                       // first finish incrementing last sample
-                                                                                       ar_nr_collected[i+mM]++; 
-                                                                                       // switch to moebius collection
-                                                                                       gettingMoebius = true;
-                                                                                       mM = ATTACK_KEY_COUNT;
-                                                                                       break;
-                                                                               }
-                                                                       } else {
-                                                                               moebius_n_count++;
-                                                                               // if we've collected all the nonces we need - finish.
-                                                                               if (nonce1_count == moebius_n_count) {
-                                                                                       cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
-                                                                                       nonce1_count = 0;
-                                                                                       nonce2_count = 0;
-                                                                                       moebius_n_count = 0;
-                                                                                       gettingMoebius = false;
-                                                                               }
-                                                                       }
-                                                               }
-                                                               ar_nr_collected[i+mM]++;
-                                                       }
-                                                       // we found right spot for this nonce stop looking
-                                                       break;
-                                               }
+                                               ar_nr_nonces[index].state = EMPTY;
+                                               ar_nr_nonces[index].sector = 0;
+                                               ar_nr_nonces[index].keytype = 0;
+                                               
+                                               moebius_count++;
+                                               break;
                                        }
+                                       default: break;
                                }
+                       }
+                       p_response = NULL;
                        
                } else if (receivedCmd[0] == MIFARE_ULC_AUTH_1 ) { // ULC authentication, or Desfire Authentication
                } else if (receivedCmd[0] == MIFARE_ULEV1_AUTH) { // NTAG / EV-1 authentication
@@ -1318,7 +1311,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                                dynamic_response_info.response_n += 2;
         
                                if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
-                                       Dbprintf("Error preparing tag response");
+                                       DbpString("Error preparing tag response");
                                        LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                                        break;
                                }
@@ -1403,9 +1396,10 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
        */
                
        if (MF_DBGLEVEL >= 4){
-               Dbprintf("-[ Wake ups after halt [%d]", happened);
-               Dbprintf("-[ Messages after halt [%d]", happened2);
-               Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
+               Dbprintf("-[ Wake ups after halt  [%d]", happened);
+               Dbprintf("-[ Messages after halt  [%d]", happened2);
+               Dbprintf("-[ Num of received cmd  [%d]", cmdsRecvd);
+               Dbprintf("-[ Num of moebius tries [%d]", moebius_count);
        }
        
        cmd_send(CMD_ACK,1,0,0,0,0);
@@ -2053,7 +2047,6 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
        {
                iso14_pcb_blocknum ^= 1;
        }
-
        return len;
 }
 
@@ -2500,17 +2493,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        
        // Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2
        // This can be used in a reader-only attack.
-       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
-       memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
-       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
-       memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
-       uint8_t nonce1_count = 0;
-       uint8_t nonce2_count = 0;
-       uint8_t moebius_n_count = 0;
-       bool gettingMoebius = false;
-       uint8_t mM = 0; // moebius_modifier for collection storage
-       bool doBufResetNext = false;
+       nonces_t ar_nr_nonces[ATTACK_KEY_COUNT];
+       memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
 
        // -- Determine the UID
        // Can be set from emulator memory or incoming data
@@ -2752,127 +2736,92 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                uint32_t nr = bytes_to_num(receivedCmd, 4);
                                uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
 
-                               if (doBufResetNext) {
-                                       // Reset, lets try again!
-                                       if (MF_DBGLEVEL >= 4) Dbprintf("Re-read after previous NR_AR_ATTACK, resetting buffer");
-                                       memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-                                       memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
-                                       mM = 0;
-                                       doBufResetNext = false;
-                               }
-
-                               for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+                               // Collect AR/NR per keytype & sector
+                               if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) {
                                        
-                                       if ( ar_nr_collected[i+mM] == 0 || (
-                                                               (cardAUTHSC == ar_nr_resp[i+mM].sector) && 
-                                                               (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && 
-                                                               (ar_nr_collected[i+mM] > 0)
-                                                       )
-                                               ) {
-
-                                               // if first auth for sector, or matches sector and keytype of previous auth
-                                               if (ar_nr_collected[i+mM] < 2) {
-                                                       // if we haven't already collected 2 nonces for this sector
-                                                       if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
-                                                               // Avoid duplicates... probably not necessary, ar should vary.
-                                                               if (ar_nr_collected[i+mM]==0) {
-                                                                       // first nonce collect
-                                                                       ar_nr_resp[i+mM].cuid = cuid;
-                                                                       ar_nr_resp[i+mM].sector = cardAUTHSC;
-                                                                       ar_nr_resp[i+mM].keytype = cardAUTHKEY;
-                                                                       ar_nr_resp[i+mM].nonce = nonce;
-                                                                       ar_nr_resp[i+mM].nr = nr;
-                                                                       ar_nr_resp[i+mM].ar = ar;
-                                                                       nonce1_count++;
-                                                                       // add this nonce to first moebius nonce
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
-                                                                       ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
-                                                                       ar_nr_collected[i+ATTACK_KEY_COUNT]++;
-                                                               } else { // second nonce collect (std and moebius)
-                                                                       ar_nr_resp[i+mM].nonce2 = nonce;
-                                                                       ar_nr_resp[i+mM].nr2 = nr;
-                                                                       ar_nr_resp[i+mM].ar2 = ar;
-                                                                       if (!gettingMoebius) {
-                                                                               nonce2_count++;
-                                                                               // check if this was the last second nonce we need for std attack
-                                                                               if ( nonce2_count == nonce1_count ) {
-                                                                                       // done collecting std test switch to moebius
-                                                                                       // first finish incrementing last sample
-                                                                                       ar_nr_collected[i+mM]++; 
-                                                                                       // switch to moebius collection
-                                                                                       gettingMoebius = true;
-                                                                                       mM = ATTACK_KEY_COUNT;
-                                                                                       break;
-                                                                               }
-                                                                       } else {
-                                                                               moebius_n_count++;
-                                                                               // if we've collected all the nonces we need - finish.
-
-                                                                               if (nonce1_count == moebius_n_count) {
-                                                                                       cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_resp, sizeof(ar_nr_resp));
-                                                                                       nonce1_count = 0;
-                                                                                       nonce2_count = 0;
-                                                                                       moebius_n_count = 0;
-                                                                                       gettingMoebius = false;
-                                                                                       doBufResetNext = true;
-                                                                                       finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE));
-                                                                               }
-                                                                       }
-                                                               }
-                                                               ar_nr_collected[i+mM]++;
-                                                       }
+                                       int8_t index = -1;
+                                       int8_t empty = -1;
+                                       for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+                                               // find which index to use
+                                               if ( (cardAUTHSC == ar_nr_nonces[i].sector) &&  (cardAUTHKEY == ar_nr_nonces[i].keytype)) 
+                                                       index = i;
+
+                                               // keep track of empty slots.
+                                               if ( ar_nr_nonces[i].state == EMPTY)
+                                                       empty = i;
+                                       }
+                                       // if no empty slots.  Choose first and overwrite.
+                                       if ( index == -1 ) {
+                                               if ( empty == -1 ) {
+                                                       index = 0;
+                                                       ar_nr_nonces[index].state = EMPTY;
+                                               } else {
+                                                       index = empty;
                                                }
-                                               // we found right spot for this nonce stop looking
-                                               break;
                                        }
-                               }
-
 
-                               /*
-                               // Collect AR/NR
-                               // if(ar_nr_collected < 2 && cardAUTHSC == 2){
-                               if(ar_nr_collected < 2) {                                       
-                                       // if(ar_nr_responses[2] != nr) {
-                                               ar_nr_responses[ar_nr_collected*4]   = cuid;
-                                               ar_nr_responses[ar_nr_collected*4+1] = nonce;
-                                               ar_nr_responses[ar_nr_collected*4+2] = nr;
-                                               ar_nr_responses[ar_nr_collected*4+3] = ar;
-                                               ar_nr_collected++;
-                                       // }                                    
-               
-                                       // Interactive mode flag, means we need to send ACK
-                                       finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE)&& ar_nr_collected == 2);
+                                       switch(ar_nr_nonces[index].state) {
+                                               case EMPTY: {
+                                                       // first nonce collect
+                                                       ar_nr_nonces[index].cuid = cuid;
+                                                       ar_nr_nonces[index].sector = cardAUTHSC;
+                                                       ar_nr_nonces[index].keytype = cardAUTHKEY;
+                                                       ar_nr_nonces[index].nonce = nonce;
+                                                       ar_nr_nonces[index].nr = nr;
+                                                       ar_nr_nonces[index].ar = ar;
+                                                       ar_nr_nonces[index].state = FIRST;
+                                                       break;
+                                               } 
+                                               case FIRST : { 
+                                                       // second nonce collect
+                                                       ar_nr_nonces[index].nonce2 = nonce;
+                                                       ar_nr_nonces[index].nr2 = nr;
+                                                       ar_nr_nonces[index].ar2 = ar;
+                                                       ar_nr_nonces[index].state = SECOND;
+
+                                                       // send to client
+                                                       cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_nonces[index], sizeof(nonces_t));
+                                                       
+                                                       ar_nr_nonces[index].state = EMPTY;
+                                                       ar_nr_nonces[index].sector = 0;
+                                                       ar_nr_nonces[index].keytype = 0;
+                                                       break;
+                                               }
+                                               default: break;
+                                       }
                                }
+
+                               crypto1_word(pcs, nr , 1);
+                               uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0);
                                
-                               crypto1_word(pcs, ar , 1);
-                               cardRr = nr ^ crypto1_word(pcs, 0, 0);
-                               
-                               test if auth OK
+                               //test if auth OK
                                if (cardRr != prng_successor(nonce, 64)){
                                        
-                                       if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
-                                               cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
-                                                       cardRr, prng_successor(nonce, 64));
-                                       Shouldn't we respond anything here?
-                                       Right now, we don't nack or anything, which causes the
-                                       reader to do a WUPA after a while. /Martin
-                                       -- which is the correct response. /piwi
+                                       if (MF_DBGLEVEL >= 3) {
+                                               Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x  cardRr=%08x] [nt=%08x succ=%08x]"
+                                                       , cardAUTHSC
+                                                       , (cardAUTHKEY == 0) ? 'A' : 'B'
+                                                       , nr
+                                                       , cardRr
+                                                       , nonce // nt
+                                                       , prng_successor(nonce, 64)
+                                               );
+                                       }
+                                       // Shouldn't we respond anything here?
+                                       // Right now, we don't nack or anything, which causes the
+                                       // reader to do a WUPA after a while. /Martin
+                                       // -- which is the correct response. /piwi
                                        cardSTATE_TO_IDLE();
                                        LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                                        break;
                                }
-                               */
                                
                                ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
                                num_to_bytes(ans, 4, rAUTH_AT);
                                EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
                                LED_C_ON();
                                
-                               if (MF_DBGLEVEL >= 4) {
+                               if (MF_DBGLEVEL >= 1) {
                                        Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d", 
                                                cardAUTHSC, 
                                                cardAUTHKEY == 0 ? 'A' : 'B',
@@ -2896,24 +2845,24 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                 receivedCmd[0] == MIFARE_AUTH_KEYB)  ) {
 
                                        authTimer = GetTickCount();
-                                       cardAUTHSC = receivedCmd[1] / 4;  // received block num
-                                       cardAUTHKEY = receivedCmd[0] - 0x60; // & 1
+                                       cardAUTHSC = receivedCmd[1] / 4;  // received block -> sector
+                                       cardAUTHKEY = receivedCmd[0] & 0x1;
                                        crypto1_destroy(pcs);
+                                       
+                                       // load key into crypto
                                        crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
 
-                                       if (!encrypted_data) { 
+                                       if (!encrypted_data) {
                                                // first authentication
-                                               crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state
-                                               num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
-                                               
-                                               if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY  );
-
+                                               // Update crypto state init  (UID ^ NONCE)
+                                               crypto1_word(pcs, cuid ^ nonce, 0);
+                                               num_to_bytes(nonce, 4, rAUTH_AT);
                                        } else {
                                                // nested authentication
                                                ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); 
                                                num_to_bytes(ans, 4, rAUTH_AT);
 
-                                               if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+                                               if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", receivedCmd[1], receivedCmd[1],  cardAUTHKEY == 0 ? 'A' : 'B');
                                        }
 
                                        EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
@@ -3081,45 +3030,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                }
        }
 
-       // Interactive mode flag, means we need to send ACK
-       /*
-       if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE && flags & FLAG_NR_AR_ATTACK == FLAG_NR_AR_ATTACK) {
-               // May just aswell send the collected ar_nr in the response aswell
-               uint8_t len = ar_nr_collected * 4 * 4;
-               cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
-       }
-       */
-       
-       if( ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) && MF_DBGLEVEL >= 1 ) {
-               for ( uint8_t   i = 0; i < ATTACK_KEY_COUNT; i++) {
-                       if (ar_nr_collected[i] == 2) {
-                               Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
-                               Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
-                                               ar_nr_resp[i].cuid,  //UID
-                                               ar_nr_resp[i].nonce, //NT
-                                               ar_nr_resp[i].nr,    //NR1
-                                               ar_nr_resp[i].ar,    //AR1
-                                               ar_nr_resp[i].nr2,   //NR2
-                                               ar_nr_resp[i].ar2    //AR2
-                                               );
-                       }
-               }       
-               for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
-                       if (ar_nr_collected[i] == 2) {
-                               Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
-                               Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
-                                               ar_nr_resp[i].cuid,  //UID
-                                               ar_nr_resp[i].nonce, //NT
-                                               ar_nr_resp[i].nr,    //NR1
-                                               ar_nr_resp[i].ar,    //AR1
-                                               ar_nr_resp[i].nonce2,//NT2
-                                               ar_nr_resp[i].nr2,   //NR2
-                                               ar_nr_resp[i].ar2    //AR2
-                                               );
-                       }
-               }
-       }       
-       
        if (MF_DBGLEVEL >= 1) 
                Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ", tracing, BigBuf_get_traceLen());
        
Impressum, Datenschutz