X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0de8e3874d6524379550a50a4d9c29faf2d239ea..857bc2ff6a4b7112b61def90b4716dcdf2c448af:/armsrc/iso14443a.c diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index a723f502..06b6d32f 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -718,6 +718,8 @@ void RAMFUNC SniffIso14443a(uint8_t param) { Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len); Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]); + + set_tracing(FALSE); } //----------------------------------------------------------------------------- @@ -937,7 +939,6 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { //----------------------------------------------------------------------------- void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { - //Here, we collect UID,NT,AR,NR,UID2,NT2,AR2,NR2 // This can be used in a reader-only attack. // (it can also be retrieved via 'hf 14a list', but hey... @@ -947,10 +948,10 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) uint8_t sak; // PACK response to PWD AUTH for EV1/NTAG - uint8_t response8[4]; + uint8_t response8[4] = {0,0,0,0}; // The first response contains the ATQA (note: bytes are transmitted in reverse order). - uint8_t response1[2]; + uint8_t response1[2] = {0,0}; switch (tagType) { case 1: { // MIFARE Classic @@ -1299,7 +1300,8 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) if ( tagType == 7 ) { p_response = &responses[8]; // PACK response uint32_t pwd = bytes_to_num(receivedCmd+1,4); - Dbprintf("Auth attempt: %08x", pwd); + + if ( MF_DBGLEVEL >= 3) Dbprintf("Auth attempt: %08x", pwd); } } else { @@ -1414,13 +1416,14 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + set_tracing(FALSE); BigBuf_free_keep_EM(); LED_A_OFF(); if (MF_DBGLEVEL >= 4){ - Dbprintf("-[ Wake ups after halt [%d]", happened); - Dbprintf("-[ Messages after halt [%d]", happened2); - Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd); + Dbprintf("-[ Wake ups after halt [%d]", happened); + Dbprintf("-[ Messages after halt [%d]", happened2); + Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd); } } @@ -1432,7 +1435,7 @@ void PrepareDelayedTransfer(uint16_t delay) uint8_t bitmask = 0; uint8_t bits_to_shift = 0; uint8_t bits_shifted = 0; - + delay &= 0x07; if (delay) { for (uint16_t i = 0; i < delay; i++) { @@ -2179,6 +2182,7 @@ void ReaderIso14443a(UsbCommand *c) } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + set_tracing(FALSE); LEDsoff(); } @@ -2206,28 +2210,6 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) { return(-99999); // either nt1 or nt2 are invalid nonces } -int32_t dist_nt_ex32(uint32_t nt1, uint32_t nt2, bool *result) { - - uint16_t i; - uint32_t nttmp1, nttmp2; - - if (nt1 == nt2) return 0; - - nttmp1 = nt1; - nttmp2 = nt2; - - *result = true; - for (i = 1; i < 0xFFFFFFFF; i++) { - nttmp1 = prng_successor(nttmp1, 1); - if (nttmp1 == nt2) return i; - - nttmp2 = prng_successor(nttmp2, 1); - if (nttmp2 == nt1) return -i; - } - - *result = false; - return(-99999); // either nt1 or nt2 are invalid nonces -} //----------------------------------------------------------------------------- // Recover several bits of the cypher stream. This implements (first stages of) @@ -2270,9 +2252,10 @@ void ReaderMifare(bool first_try) #define PRNG_SEQUENCE_LENGTH (1 << 16); static uint32_t sync_time = 0; - static uint32_t sync_cycles = 0; + static int32_t sync_cycles = 0; int catch_up_cycles = 0; int last_catch_up = 0; + uint16_t elapsed_prng_sequences; uint16_t consecutive_resyncs = 0; int isOK = 0; @@ -2281,7 +2264,6 @@ void ReaderMifare(bool first_try) sync_time = GetCountSspClk() & 0xfffffff8; sync_cycles = PRNG_SEQUENCE_LENGTH; //65536; //0x10000 // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces). nt_attacked = 0; - nt = 0; par[0] = 0; } else { @@ -2296,12 +2278,17 @@ void ReaderMifare(bool first_try) LED_C_OFF(); - #define MAX_UNEXPECTED_RANDOM 5 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. - #define MAX_SYNC_TRIES 16 + #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. + #define MAX_SYNC_TRIES 32 + #define NUM_DEBUG_INFOS 8 // per strategy + #define MAX_STRATEGY 3 uint16_t unexpected_random = 0; uint16_t sync_tries = 0; int16_t debug_info_nr = -1; - uint32_t debug_info[MAX_SYNC_TRIES]; + uint16_t strategy = 0; + int32_t debug_info[MAX_STRATEGY][NUM_DEBUG_INFOS]; + uint32_t select_time; + uint32_t halt_time; for(uint16_t i = 0; TRUE; i++) { @@ -2314,24 +2301,59 @@ void ReaderMifare(bool first_try) break; } + if (strategy == 2) { + // test with additional hlt command + halt_time = 0; + int len = mifare_sendcmd_short(NULL, false, 0x50, 0x00, receivedAnswer, receivedAnswerPar, &halt_time); + if (len && MF_DBGLEVEL >= 3) { + Dbprintf("Unexpected response of %d bytes to hlt command (additional debugging).", len); + } + } + + if (strategy == 3) { + // test with FPGA power off/on + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + SpinDelay(100); + } + if(!iso14443a_select_card(uid, NULL, &cuid)) { if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card"); continue; } + select_time = GetCountSspClk(); + elapsed_prng_sequences = 1; if (debug_info_nr == -1) { sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles; catch_up_cycles = 0; // if we missed the sync time already, advance to the next nonce repeat while(GetCountSspClk() > sync_time) { + elapsed_prng_sequences++; sync_time = (sync_time & 0xfffffff8) + sync_cycles; } // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); } else { - ReaderTransmit(mf_auth, sizeof(mf_auth), NULL); + // collect some information on tag nonces for debugging: + #define DEBUG_FIXED_SYNC_CYCLES PRNG_SEQUENCE_LENGTH + if (strategy == 0) { + // nonce distances at fixed time after card select: + sync_time = select_time + DEBUG_FIXED_SYNC_CYCLES; + } else if (strategy == 1) { + // nonce distances at fixed time between authentications: + sync_time = sync_time + DEBUG_FIXED_SYNC_CYCLES; + } else if (strategy == 2) { + // nonce distances at fixed time after halt: + sync_time = halt_time + DEBUG_FIXED_SYNC_CYCLES; + } else { + // nonce_distances at fixed time after power on + sync_time = DEBUG_FIXED_SYNC_CYCLES; + } + ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); } // Receive the (4 Byte) "random" nonce @@ -2353,7 +2375,7 @@ void ReaderMifare(bool first_try) } else { if (nt_distance == -99999) { // invalid nonce received unexpected_random++; - if (!nt_attacked && unexpected_random > MAX_UNEXPECTED_RANDOM) { + if (unexpected_random > MAX_UNEXPECTED_RANDOM) { isOK = -3; // Card has an unpredictable PRNG. Give up break; } else { @@ -2361,20 +2383,25 @@ void ReaderMifare(bool first_try) } } if (++sync_tries > MAX_SYNC_TRIES) { - if (sync_tries > 2 * MAX_SYNC_TRIES) { + if (strategy > MAX_STRATEGY || MF_DBGLEVEL < 3) { isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly break; } else { // continue for a while, just to collect some debug info - debug_info[++debug_info_nr] = nt_distance; + debug_info[strategy][debug_info_nr] = nt_distance; + debug_info_nr++; + if (debug_info_nr == NUM_DEBUG_INFOS) { + strategy++; + debug_info_nr = 0; + } continue; } } - sync_cycles = (sync_cycles - nt_distance); + sync_cycles = (sync_cycles - nt_distance/elapsed_prng_sequences); if (sync_cycles <= 0) { sync_cycles += PRNG_SEQUENCE_LENGTH; } if (MF_DBGLEVEL >= 3) { - Dbprintf("calibrating in cycle %d. nt_distance=%d, Sync_cycles: %d\n", i, nt_distance, sync_cycles); + Dbprintf("calibrating in cycle %d. nt_distance=%d, elapsed_prng_sequences=%d, new sync_cycles: %d\n", i, nt_distance, elapsed_prng_sequences, sync_cycles); } continue; } @@ -2386,6 +2413,7 @@ void ReaderMifare(bool first_try) catch_up_cycles = 0; continue; } + catch_up_cycles /= elapsed_prng_sequences; if (catch_up_cycles == last_catch_up) { consecutive_resyncs++; } @@ -2399,6 +2427,9 @@ void ReaderMifare(bool first_try) else { sync_cycles = sync_cycles + catch_up_cycles; if (MF_DBGLEVEL >= 3) Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d.\n", i, -catch_up_cycles, sync_cycles); + last_catch_up = 0; + catch_up_cycles = 0; + consecutive_resyncs = 0; } continue; } @@ -2406,12 +2437,10 @@ void ReaderMifare(bool first_try) consecutive_resyncs = 0; // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding - if (ReaderReceive(receivedAnswer, receivedAnswerPar)) - { + if (ReaderReceive(receivedAnswer, receivedAnswerPar)) { catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer - if (nt_diff == 0) - { + if (nt_diff == 0) { par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change } @@ -2449,8 +2478,10 @@ void ReaderMifare(bool first_try) if (isOK == -4) { if (MF_DBGLEVEL >= 3) { - for(uint16_t i = 0; i < MAX_SYNC_TRIES; i++) { - Dbprintf("collected debug info[%d] = %d\n", i, debug_info[i]); + for (uint16_t i = 0; i <= MAX_STRATEGY; i++) { + for(uint16_t j = 0; j < NUM_DEBUG_INFOS; j++) { + Dbprintf("collected debug info[%d][%d] = %d", i, j, debug_info[i][j]); + } } } } @@ -3001,6 +3032,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } } if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen()); + + set_tracing(FALSE); } @@ -3159,4 +3192,5 @@ void RAMFUNC SniffMifare(uint8_t param) { MfSniffEnd(); LEDsoff(); Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len); + set_tracing(FALSE); }