- //May just aswell send the collected ar_nr in the response aswell
- cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_responses,ar_nr_collected*4*4);
- }
-
- if(flags & FLAG_NR_AR_ATTACK)
- {
- if(ar_nr_collected > 1) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_responses[0], // UID
- ar_nr_responses[1], //NT
- ar_nr_responses[2], //AR1
- ar_nr_responses[3], //NR1
- ar_nr_responses[6], //AR2
- ar_nr_responses[7] //NR2
- );
- } else {
- Dbprintf("Failed to obtain two AR/NR pairs!");
- if(ar_nr_collected >0) {
- Dbprintf("Only got these: UID=%08x, nonce=%08x, AR1=%08x, NR1=%08x",
- ar_nr_responses[0], // UID
- ar_nr_responses[1], //NT
- ar_nr_responses[2], //AR1
- ar_nr_responses[3] //NR1
+ for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ if (ar_nr_collected[i] == 2) {
+ Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
+ Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
+ ar_nr_resp[i].cuid, //UID
+ ar_nr_resp[i].nonce, //NT
+ ar_nr_resp[i].ar, //AR1
+ ar_nr_resp[i].nr, //NR1
+ ar_nr_resp[i].ar2, //AR2
+ ar_nr_resp[i].nr2 //NR2