- //-----------------------------------------------------------------------------
+ //-----------------------------------------------------------------------------
// Merlok - June 2011, 2012
// Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010
// Stop when button is pressed
// Or return TRUE when command is captured
//-----------------------------------------------------------------------------
-static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
+int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
uint8_t cardAUTHKEY = 0xff; // no authentication
// allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (std, moebius)
- memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
- memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- uint8_t nonce1_count = 0;
- uint8_t nonce2_count = 0;
- uint8_t moebius_n_count = 0;
- bool gettingMoebius = false;
- uint8_t mM = 0; // moebius_modifier for collection storage
-
+ nonces_t ar_nr_nonces[ATTACK_KEY_COUNT]; // for attack types moebius
+ memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
+ uint8_t moebius_count = 0;
switch (tagType) {
case 1: { // MIFARE Classic 1k
memcpy(data+3, emdata+4, 4); // uid bytes 3-7
flags |= FLAG_7B_UID_IN_DATA;
}
- } break;
+ } break;
+ case 8: { // MIFARE Classic 4k
+ response1[0] = 0x02;
+ sak = 0x18;
+ } break;
default: {
Dbprintf("Error: unkown tagtype (%d)",tagType);
return;
// Clean receive command buffer
if(!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) {
- DbpString("Button press");
+ Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
break;
- }
-
- // incease nonce at every command recieved
- nonce = prand();
- num_to_bytes(nonce, 4, response5);
-
+ }
p_response = NULL;
// Okay, look at the command now.
uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt( emdata, start, 16);
AppendCrc14443a(emdata, 16);
- EmSendCmdEx(emdata, sizeof(emdata), false);
+ EmSendCmd(emdata, sizeof(emdata));
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
} else { // all other tags (16 byte block tags)
uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt( emdata, block, 16);
AppendCrc14443a(emdata, 16);
- EmSendCmdEx(emdata, sizeof(emdata), false);
- // EmSendCmdEx(data+(4*receivedCmd[1]),16,false);
+ EmSendCmd(emdata, sizeof(emdata));
+ // EmSendCmd(data+(4*receivedCmd[1]),16);
// Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
int len = (receivedCmd[2] - receivedCmd[1] + 1) * 4;
emlGetMemBt( emdata, start, len);
AppendCrc14443a(emdata, len);
- EmSendCmdEx(emdata, len+2, false);
+ EmSendCmd(emdata, len+2);
p_response = NULL;
} else if(receivedCmd[0] == MIFARE_ULEV1_READSIG && tagType == 7) { // Received a READ SIGNATURE --
// first 12 blocks of emu are [getversion answer - check tearing - pack - 0x00 - signature]
uint8_t emdata[34];
emlGetMemBt( emdata, start, 32);
AppendCrc14443a(emdata, 32);
- EmSendCmdEx(emdata, sizeof(emdata), false);
+ EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULEV1_READ_CNT && tagType == 7) { // Received a READ COUNTER --
uint8_t index = receivedCmd[1];
- uint8_t data[] = {0x00,0x00,0x00,0x14,0xa5};
+ uint8_t cmd[] = {0x00,0x00,0x00,0x14,0xa5};
if ( counters[index] > 0) {
- num_to_bytes(counters[index], 3, data);
- AppendCrc14443a(data, sizeof(data)-2);
+ num_to_bytes(counters[index], 3, cmd);
+ AppendCrc14443a(cmd, sizeof(cmd)-2);
}
- EmSendCmdEx(data,sizeof(data),false);
+ EmSendCmd(cmd,sizeof(cmd));
p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULEV1_INCR_CNT && tagType == 7) { // Received a INC COUNTER --
// number of counter
// send ACK
uint8_t ack[] = {0x0a};
- EmSendCmdEx(ack,sizeof(ack),false);
+ EmSendCmd(ack,sizeof(ack));
p_response = NULL;
} else if(receivedCmd[0] == MIFARE_ULEV1_CHECKTEAR && tagType == 7) { // Received a CHECK_TEARING_EVENT --
// first 12 blocks of emu are [getversion answer - check tearing - pack - 0x00 - signature]
if (receivedCmd[1]<3) counter = receivedCmd[1];
emlGetMemBt( emdata, 10+counter, 1);
AppendCrc14443a(emdata, sizeof(emdata)-2);
- EmSendCmdEx(emdata, sizeof(emdata), false);
+ EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
} else if(receivedCmd[0] == ISO14443A_CMD_HALT) { // Received a HALT
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
uint8_t emdata[10];
emlGetMemBt( emdata, 0, 8 );
AppendCrc14443a(emdata, sizeof(emdata)-2);
- EmSendCmdEx(emdata, sizeof(emdata), false);
+ EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
} else {
- cardAUTHSC = receivedCmd[1] / 4; // received block num
+
cardAUTHKEY = receivedCmd[0] - 0x60;
- p_response = &responses[5]; order = 7;
+ cardAUTHSC = receivedCmd[1] / 4; // received block num
+
+ // incease nonce at AUTH requests. this is time consuming.
+ nonce = prand();
+ //num_to_bytes(nonce, 4, response5);
+ num_to_bytes(nonce, 4, dynamic_response_info.response);
+ dynamic_response_info.response_n = 4;
+
+ //prepare_tag_modulation(&responses[5], DYNAMIC_MODULATION_BUFFER_SIZE);
+ prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE);
+ p_response = &dynamic_response_info;
+ //p_response = &responses[5];
+ order = 7;
}
} else if(receivedCmd[0] == ISO14443A_CMD_RATS) { // Received a RATS request
if (tagType == 1 || tagType == 2) { // RATS not supported
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
uint32_t nr = bytes_to_num(receivedCmd,4);
uint32_t ar = bytes_to_num(receivedCmd+4,4);
-
+
// Collect AR/NR per keytype & sector
if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) {
- for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ int8_t index = -1;
+ int8_t empty = -1;
+ for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ // find which index to use
+ if ( (cardAUTHSC == ar_nr_nonces[i].sector) && (cardAUTHKEY == ar_nr_nonces[i].keytype))
+ index = i;
+
+ // keep track of empty slots.
+ if ( ar_nr_nonces[i].state == EMPTY)
+ empty = i;
+ }
+ // if no empty slots. Choose first and overwrite.
+ if ( index == -1 ) {
+ if ( empty == -1 ) {
+ index = 0;
+ ar_nr_nonces[index].state = EMPTY;
+ } else {
+ index = empty;
+ }
+ }
+
+ switch(ar_nr_nonces[index].state) {
+ case EMPTY: {
+ // first nonce collect
+ ar_nr_nonces[index].cuid = cuid;
+ ar_nr_nonces[index].sector = cardAUTHSC;
+ ar_nr_nonces[index].keytype = cardAUTHKEY;
+ ar_nr_nonces[index].nonce = nonce;
+ ar_nr_nonces[index].nr = nr;
+ ar_nr_nonces[index].ar = ar;
+ ar_nr_nonces[index].state = FIRST;
+ break;
+ }
+ case FIRST : {
+ // second nonce collect
+ ar_nr_nonces[index].nonce2 = nonce;
+ ar_nr_nonces[index].nr2 = nr;
+ ar_nr_nonces[index].ar2 = ar;
+ ar_nr_nonces[index].state = SECOND;
+
+ // send to client
+ cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_nonces[index], sizeof(nonces_t));
- if ( ar_nr_collected[i+mM] == 0 || (
- (cardAUTHSC == ar_nr_resp[i+mM].sector) &&
- (cardAUTHKEY == ar_nr_resp[i+mM].keytype) &&
- (ar_nr_collected[i+mM] > 0)
- )
- ) {
-
- // if first auth for sector, or matches sector and keytype of previous auth
- if (ar_nr_collected[i+mM] > 1) continue;
-
- // if we haven't already collected 2 nonces for this sector
- if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
- // Avoid duplicates... probably not necessary, ar should vary.
- if (ar_nr_collected[i+mM]==0) {
- // first nonce collect
- nonce1_count++;
- // add this nonce to first moebius nonce
- ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
- ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
- ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
- ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
- ar_nr_collected[i+ATTACK_KEY_COUNT]++;
- } else {
- // second nonce collect (std and moebius)
- ar_nr_resp[i+mM].nonce2 = nonce;
- ar_nr_resp[i+mM].nr2 = nr;
- ar_nr_resp[i+mM].ar2 = ar;
-
- if (!gettingMoebius) {
- nonce2_count++;
- // check if this was the last second nonce we need for std attack
- if ( nonce2_count == nonce1_count ) {
- // done collecting std test switch to moebius
- // first finish incrementing last sample
- ar_nr_collected[i+mM]++;
- // switch to moebius collection
- gettingMoebius = true;
- mM = ATTACK_KEY_COUNT;
- break;
- }
- } else {
- moebius_n_count++;
- // if we've collected all the nonces we need - finish.
- if (nonce1_count == moebius_n_count) {
- cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
- nonce1_count = 0;
- nonce2_count = 0;
- moebius_n_count = 0;
- gettingMoebius = false;
- }
- }
- }
- ar_nr_collected[i+mM]++;
- }
- // we found right spot for this nonce stop looking
- break;
- }
+ ar_nr_nonces[index].state = EMPTY;
+ ar_nr_nonces[index].sector = 0;
+ ar_nr_nonces[index].keytype = 0;
+
+ moebius_count++;
+ break;
}
+ default: break;
}
+ }
+ p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULC_AUTH_1 ) { // ULC authentication, or Desfire Authentication
} else if (receivedCmd[0] == MIFARE_ULEV1_AUTH) { // NTAG / EV-1 authentication
uint8_t emdata[4];
emlGetMemBt( emdata, start, 2);
AppendCrc14443a(emdata, 2);
- EmSendCmdEx(emdata, sizeof(emdata), false);
+ EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
uint32_t pwd = bytes_to_num(receivedCmd+1,4);
dynamic_response_info.response_n = 2;
} break;
- case 0xaa:
- case 0xbb: {
+ case 0xAA:
+ case 0xBB: {
dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11;
dynamic_response_info.response_n = 2;
} break;
dynamic_response_info.response[1] = receivedCmd[1];
// Add CRC bytes, always used in ISO 14443A-4 compliant cards
- AppendCrc14443a(dynamic_response_info.response,dynamic_response_info.response_n);
+ AppendCrc14443a(dynamic_response_info.response, dynamic_response_info.response_n);
dynamic_response_info.response_n += 2;
if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
- Dbprintf("Error preparing tag response");
+ DbpString("Error preparing tag response");
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
// comment this limit if you want to simulation longer
if (!tracing) {
- Dbprintf("Trace Full. Simulation stopped.");
+ DbpString("Trace Full. Simulation stopped.");
break;
}
// comment this limit if you want to simulation longer
cmdsRecvd++;
if (p_response != NULL) {
- EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
+ EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n);
// do the tracing for the previous reader request and this tag answer:
uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(p_response->response, p_response->response_n, par);
set_tracing(FALSE);
BigBuf_free_keep_EM();
LED_A_OFF();
-
- if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
- /*
- for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- */
- for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nonce2,//NT2
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- }
-
+
if (MF_DBGLEVEL >= 4){
- Dbprintf("-[ Wake ups after halt [%d]", happened);
- Dbprintf("-[ Messages after halt [%d]", happened2);
- Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
+ Dbprintf("-[ Wake ups after halt [%d]", happened);
+ Dbprintf("-[ Messages after halt [%d]", happened2);
+ Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
+ Dbprintf("-[ Num of moebius tries [%d]", moebius_count);
}
cmd_send(CMD_ACK,1,0,0,0,0);
// Stop when button is pressed (return 1) or field was gone (return 2)
// Or return 0 when command is captured
//-----------------------------------------------------------------------------
-static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
+int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
*len = 0;
uint32_t timer = 0, vtime = 0;
}
}
-int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNeeded) {
+int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) {
uint8_t b;
uint16_t i = 0;
uint32_t ThisTransferTime;
+ bool correctionNeeded;
// Modulate Manchester
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
- // include correction bit if necessary
- if (Uart.parityBits & 0x01) {
- correctionNeeded = TRUE;
+ // Include correction bit if necessary
+ if (Uart.bitCount == 7)
+ {
+ // Short tags (7 bits) don't have parity, determine the correct value from MSB
+ correctionNeeded = Uart.output[0] & 0x40;
+ }
+ else
+ {
+ // The parity bits are left-aligned
+ correctionNeeded = Uart.parity[(Uart.len-1)/8] & (0x80 >> ((Uart.len-1) & 7));
}
// 1236, so correction bit needed
i = (correctionNeeded) ? 0 : 1;
i++;
}
}
- LastTimeProxToAirStart = ThisTransferTime + (correctionNeeded?8:0);
+ LastTimeProxToAirStart = ThisTransferTime + (correctionNeeded ? 8 : 0);
return 0;
}
-int EmSend4bitEx(uint8_t resp, bool correctionNeeded){
+int EmSend4bit(uint8_t resp){
Code4bitAnswerAsTag(resp);
- int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
+ int res = EmSendCmd14443aRaw(ToSend, ToSendMax);
// do the tracing for the previous reader request and this tag answer:
uint8_t par[1] = {0x00};
GetParity(&resp, 1, par);
return res;
}
-int EmSend4bit(uint8_t resp){
- return EmSend4bitEx(resp, false);
-}
-
-int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par){
+int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
CodeIso14443aAsTagPar(resp, respLen, par);
- int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
+ int res = EmSendCmd14443aRaw(ToSend, ToSendMax);
// do the tracing for the previous reader request and this tag answer:
EmLogTrace(Uart.output,
Uart.len,
return res;
}
-int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded){
- uint8_t par[MAX_PARITY_SIZE] = {0x00};
- GetParity(resp, respLen, par);
- return EmSendCmdExPar(resp, respLen, correctionNeeded, par);
-}
-
int EmSendCmd(uint8_t *resp, uint16_t respLen){
uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(resp, respLen, par);
- return EmSendCmdExPar(resp, respLen, false, par);
-}
-
-int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
- return EmSendCmdExPar(resp, respLen, false, par);
+ return EmSendCmdPar(resp, respLen, par);
}
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
{
iso14_pcb_blocknum ^= 1;
}
-
return len;
}
// Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2
// This can be used in a reader-only attack.
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
- memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
- memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- uint8_t nonce1_count = 0;
- uint8_t nonce2_count = 0;
- uint8_t moebius_n_count = 0;
- bool gettingMoebius = false;
- uint8_t mM = 0; // moebius_modifier for collection storage
- bool doBufResetNext = false;
+ nonces_t ar_nr_nonces[ATTACK_KEY_COUNT];
+ memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
// -- Determine the UID
// Can be set from emulator memory or incoming data
// this if-statement doesn't match the specification above. (iceman)
if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
selTimer = GetTickCount();
- EmSendCmdEx(atqa, sizeof(atqa), (receivedCmd[0] == ISO14443A_CMD_WUPA));
+ EmSendCmd(atqa, sizeof(atqa));
cardSTATE = MFEMUL_SELECT1;
crypto1_destroy(pcs);
cardAUTHKEY = 0xff;
uint32_t nr = bytes_to_num(receivedCmd, 4);
uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
- if (doBufResetNext) {
- // Reset, lets try again!
- if (MF_DBGLEVEL >= 4) Dbprintf("Re-read after previous NR_AR_ATTACK, resetting buffer");
- memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
- memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- mM = 0;
- doBufResetNext = false;
- }
-
- for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ // Collect AR/NR per keytype & sector
+ if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) {
- if ( ar_nr_collected[i+mM] == 0 || (
- (cardAUTHSC == ar_nr_resp[i+mM].sector) &&
- (cardAUTHKEY == ar_nr_resp[i+mM].keytype) &&
- (ar_nr_collected[i+mM] > 0)
- )
- ) {
-
- // if first auth for sector, or matches sector and keytype of previous auth
- if (ar_nr_collected[i+mM] < 2) {
- // if we haven't already collected 2 nonces for this sector
- if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
- // Avoid duplicates... probably not necessary, ar should vary.
- if (ar_nr_collected[i+mM]==0) {
- // first nonce collect
- ar_nr_resp[i+mM].cuid = cuid;
- ar_nr_resp[i+mM].sector = cardAUTHSC;
- ar_nr_resp[i+mM].keytype = cardAUTHKEY;
- ar_nr_resp[i+mM].nonce = nonce;
- ar_nr_resp[i+mM].nr = nr;
- ar_nr_resp[i+mM].ar = ar;
- nonce1_count++;
- // add this nonce to first moebius nonce
- ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
- ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
- ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
- ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
- ar_nr_collected[i+ATTACK_KEY_COUNT]++;
- } else { // second nonce collect (std and moebius)
- ar_nr_resp[i+mM].nonce2 = nonce;
- ar_nr_resp[i+mM].nr2 = nr;
- ar_nr_resp[i+mM].ar2 = ar;
- if (!gettingMoebius) {
- nonce2_count++;
- // check if this was the last second nonce we need for std attack
- if ( nonce2_count == nonce1_count ) {
- // done collecting std test switch to moebius
- // first finish incrementing last sample
- ar_nr_collected[i+mM]++;
- // switch to moebius collection
- gettingMoebius = true;
- mM = ATTACK_KEY_COUNT;
- break;
- }
- } else {
- moebius_n_count++;
- // if we've collected all the nonces we need - finish.
-
- if (nonce1_count == moebius_n_count) {
- cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_resp, sizeof(ar_nr_resp));
- nonce1_count = 0;
- nonce2_count = 0;
- moebius_n_count = 0;
- gettingMoebius = false;
- doBufResetNext = true;
- finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE));
- }
- }
- }
- ar_nr_collected[i+mM]++;
- }
+ int8_t index = -1;
+ int8_t empty = -1;
+ for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ // find which index to use
+ if ( (cardAUTHSC == ar_nr_nonces[i].sector) && (cardAUTHKEY == ar_nr_nonces[i].keytype))
+ index = i;
+
+ // keep track of empty slots.
+ if ( ar_nr_nonces[i].state == EMPTY)
+ empty = i;
+ }
+ // if no empty slots. Choose first and overwrite.
+ if ( index == -1 ) {
+ if ( empty == -1 ) {
+ index = 0;
+ ar_nr_nonces[index].state = EMPTY;
+ } else {
+ index = empty;
}
- // we found right spot for this nonce stop looking
- break;
}
- }
-
- /*
- // Collect AR/NR
- // if(ar_nr_collected < 2 && cardAUTHSC == 2){
- if(ar_nr_collected < 2) {
- // if(ar_nr_responses[2] != nr) {
- ar_nr_responses[ar_nr_collected*4] = cuid;
- ar_nr_responses[ar_nr_collected*4+1] = nonce;
- ar_nr_responses[ar_nr_collected*4+2] = nr;
- ar_nr_responses[ar_nr_collected*4+3] = ar;
- ar_nr_collected++;
- // }
-
- // Interactive mode flag, means we need to send ACK
- finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE)&& ar_nr_collected == 2);
+ switch(ar_nr_nonces[index].state) {
+ case EMPTY: {
+ // first nonce collect
+ ar_nr_nonces[index].cuid = cuid;
+ ar_nr_nonces[index].sector = cardAUTHSC;
+ ar_nr_nonces[index].keytype = cardAUTHKEY;
+ ar_nr_nonces[index].nonce = nonce;
+ ar_nr_nonces[index].nr = nr;
+ ar_nr_nonces[index].ar = ar;
+ ar_nr_nonces[index].state = FIRST;
+ break;
+ }
+ case FIRST : {
+ // second nonce collect
+ ar_nr_nonces[index].nonce2 = nonce;
+ ar_nr_nonces[index].nr2 = nr;
+ ar_nr_nonces[index].ar2 = ar;
+ ar_nr_nonces[index].state = SECOND;
+
+ // send to client
+ cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_nonces[index], sizeof(nonces_t));
+
+ ar_nr_nonces[index].state = EMPTY;
+ ar_nr_nonces[index].sector = 0;
+ ar_nr_nonces[index].keytype = 0;
+ break;
+ }
+ default: break;
+ }
}
+
+ crypto1_word(pcs, nr , 1);
+ uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0);
- crypto1_word(pcs, ar , 1);
- cardRr = nr ^ crypto1_word(pcs, 0, 0);
-
- test if auth OK
+ //test if auth OK
if (cardRr != prng_successor(nonce, 64)){
- if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- cardRr, prng_successor(nonce, 64));
- Shouldn't we respond anything here?
- Right now, we don't nack or anything, which causes the
- reader to do a WUPA after a while. /Martin
- -- which is the correct response. /piwi
+ if (MF_DBGLEVEL >= 3) {
+ Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x cardRr=%08x] [nt=%08x succ=%08x]"
+ , cardAUTHSC
+ , (cardAUTHKEY == 0) ? 'A' : 'B'
+ , nr
+ , cardRr
+ , nonce // nt
+ , prng_successor(nonce, 64)
+ );
+ }
+ // Shouldn't we respond anything here?
+ // Right now, we don't nack or anything, which causes the
+ // reader to do a WUPA after a while. /Martin
+ // -- which is the correct response. /piwi
cardSTATE_TO_IDLE();
LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
- */
ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
num_to_bytes(ans, 4, rAUTH_AT);
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
LED_C_ON();
- if (MF_DBGLEVEL >= 4) {
+ if (MF_DBGLEVEL >= 1) {
Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
cardAUTHSC,
cardAUTHKEY == 0 ? 'A' : 'B',
receivedCmd[0] == MIFARE_AUTH_KEYB) ) {
authTimer = GetTickCount();
- cardAUTHSC = receivedCmd[1] / 4; // received block num
- cardAUTHKEY = receivedCmd[0] - 0x60; // & 1
+ cardAUTHSC = receivedCmd[1] / 4; // received block -> sector
+ cardAUTHKEY = receivedCmd[0] & 0x1;
crypto1_destroy(pcs);
+
+ // load key into crypto
crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
- if (!encrypted_data) {
+ if (!encrypted_data) {
// first authentication
- crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state
- num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
-
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
-
+ // Update crypto state init (UID ^ NONCE)
+ crypto1_word(pcs, cuid ^ nonce, 0);
+ num_to_bytes(nonce, 4, rAUTH_AT);
} else {
// nested authentication
ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
num_to_bytes(ans, 4, rAUTH_AT);
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+ if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", receivedCmd[1], receivedCmd[1], cardAUTHKEY == 0 ? 'A' : 'B');
}
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
}
}
- // Interactive mode flag, means we need to send ACK
- /*
- if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE && flags & FLAG_NR_AR_ATTACK == FLAG_NR_AR_ATTACK) {
- // May just aswell send the collected ar_nr in the response aswell
- uint8_t len = ar_nr_collected * 4 * 4;
- cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
- }
- */
-
- if( ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) && MF_DBGLEVEL >= 1 ) {
- for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nonce2,//NT2
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- }
-
if (MF_DBGLEVEL >= 1)
Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());