X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/621601ecef8ae2e9c399d4d706827c03e7a66ffe..52cf34c1cc842412c10acadf83f7750a75e064bc:/client/cmdhfmf.c diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index d15a4020..cf0f5c13 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -20,7 +20,8 @@ int CmdHF14AMifare(const char *Cmd) uint32_t nt = 0, nr = 0; uint64_t par_list = 0, ks_list = 0, r_key = 0; int16_t isOK = 0; - + int tmpchar; + UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}}; // message @@ -29,21 +30,25 @@ int CmdHF14AMifare(const char *Cmd) printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n"); printf("-------------------------------------------------------------------------\n"); - time_t time1 = clock(); + clock_t t = clock(); start: clearCommandBuffer(); SendCommand(&c); //flush queue - while (ukbhit()) getchar(); + while (ukbhit()) { + tmpchar = getchar(); + (void)tmpchar; + } // wait cycle while (true) { printf("."); fflush(stdout); if (ukbhit()) { - getchar(); + tmpchar = getchar(); + (void)tmpchar; printf("\naborted via keyboard!\n"); break; } @@ -86,9 +91,9 @@ start: printf("------------------------------------------------------------------\n"); PrintAndLog("Found valid key: %012"llx" \n", r_key); } - - PrintAndLog("Time in darkside: %1.0f seconds", (float)(clock() - time1)/CLOCKS_PER_SEC); - PrintAndLog(""); + t = clock() - t; + //printf("Time in darkside: %d ticks - %1.2f seconds\n", t, ((float)t)/CLOCKS_PER_SEC); + printf("Time in darkside: %Lf ticks - %1.2Lf seconds\n", (long double)t, ((long double)t)/CLOCKS_PER_SEC); return 0; } @@ -734,7 +739,38 @@ int CmdHF14AMfNested(const char *Cmd) } } - PrintAndLog("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC); + // 20160116 If Sector A is found, but not Sector B, try just reading it of the tag? + PrintAndLog("testing to read B..."); + for (i = 0; i < SectorsCnt; i++) { + // KEY A but not KEY B + if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) { + + uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1); + + UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}}; + num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A + clearCommandBuffer(); + SendCommand(&c); + + UsbCommand resp; + if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) continue; + + uint8_t isOK = resp.arg[0] & 0xff; + uint8_t *data = resp.d.asBytes; + + if (isOK) { + + key64 = bytes_to_num(data+10, 6); + if (key64) { + PrintAndLog("Data:%s", sprint_hex(data+10, 6)); + e_sector[i].foundKey[1] = 1; + e_sector[i].Key[1] = key64; + } + } + } + } + + PrintAndLog("Time in nested: %1.2f (%1.2f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC); PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations); //print them @@ -743,7 +779,11 @@ int CmdHF14AMfNested(const char *Cmd) PrintAndLog("|---|----------------|---|----------------|---|"); for (i = 0; i < SectorsCnt; i++) { PrintAndLog("|%03d| %012"llx" | %d | %012"llx" | %d |", i, - e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]); + e_sector[i].Key[0], + e_sector[i].foundKey[0], + e_sector[i].Key[1], + e_sector[i].foundKey[1] + ); } PrintAndLog("|---|----------------|---|----------------|---|"); @@ -1044,7 +1084,7 @@ int CmdHF14AMfChk(const char *Cmd) if (!p) { PrintAndLog("Cannot allocate memory for defKeys"); free(keyBlock); - free(f); + fclose(f); return 2; } keyBlock = p; @@ -1085,7 +1125,7 @@ int CmdHF14AMfChk(const char *Cmd) } } // time - time_t time1 = clock(); + clock_t time1 = clock(); for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) { int b=blockNo; @@ -1178,10 +1218,12 @@ int CmdHF14AMf1kSim(const char *Cmd) } pnr +=2; } + if (param_getchar(Cmd, pnr) == 'n') { exitAfterNReads = param_get8(Cmd,pnr+1); pnr += 2; } + if (param_getchar(Cmd, pnr) == 'i' ) { //Using a flag to signal interactiveness, least significant bit flags |= FLAG_INTERACTIVE; @@ -1192,10 +1234,13 @@ int CmdHF14AMf1kSim(const char *Cmd) //Using a flag to signal interactiveness, least significant bit flags |= FLAG_NR_AR_ATTACK; } + PrintAndLog(" uid:%s, numreads:%d, flags:%d (0x%02x) ", flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4): flags & FLAG_7B_UID_IN_DATA ? sprint_hex(uid,7): "N/A" - , exitAfterNReads, flags,flags); + , exitAfterNReads + , flags + , flags); UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}}; @@ -1210,40 +1255,39 @@ int CmdHF14AMf1kSim(const char *Cmd) UsbCommand resp; PrintAndLog("Press pm3-button or send another cmd to abort simulation"); - //while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - //We're waiting only 1.5 s at a time, otherwise we get the - // annoying message about "Waiting for a response... " - //} - while(!ukbhit() ){ - if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) continue; + + while( !ukbhit() ){ + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; if ( !(flags & FLAG_NR_AR_ATTACK) ) break; + if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; - memset(data, 0x00, sizeof(data)); - memset(key, 0x00, sizeof(key)); - int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1]; - - memcpy(data, resp.d.asBytes, len); - - uint64_t corr_uid = 0; - if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) { - corr_uid = (data[3] << 24) | (data[2] << 16) | (data[1] << 8) | data[0]; - tryMfk32(corr_uid, data, key); - } else { - corr_uid |= (uint64_t)data[2] << 48; - corr_uid |= (uint64_t)data[1] << 40; - corr_uid |= (uint64_t)data[0] << 32; - corr_uid |= (uint64_t)data[7] << 24; - corr_uid |= (uint64_t)data[6] << 16; - corr_uid |= (uint64_t)data[5] << 8; - corr_uid |= (uint64_t)data[4]; - tryMfk64(corr_uid, data, key); - } - PrintAndLog("--"); + memset(data, 0x00, sizeof(data)); + memset(key, 0x00, sizeof(key)); + int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1]; + + memcpy(data, resp.d.asBytes, len); + + uint64_t corr_uid = 0; + + // this IF? what was I thinking of? + if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) { + corr_uid = ((uint64_t)(data[3] << 24)) | (data[2] << 16) | (data[1] << 8) | data[0]; + tryMfk32(corr_uid, data, key); + } else { + corr_uid |= (uint64_t)data[2] << 48; + corr_uid |= (uint64_t)data[1] << 40; + corr_uid |= (uint64_t)data[0] << 32; + corr_uid |= (uint64_t)data[7] << 24; + corr_uid |= (uint64_t)data[6] << 16; + corr_uid |= (uint64_t)data[5] << 8; + corr_uid |= (uint64_t)data[4]; + tryMfk64(corr_uid, data, key); } - } - + PrintAndLog("--"); + } + } return 0; } @@ -1789,6 +1833,7 @@ int CmdHF14AMfCLoad(const char *Cmd) if (mfCSetBlock(blockNum, buf8, NULL, flags)) { PrintAndLog("Can't set magic card block: %d", blockNum); + fclose(f); return 3; } blockNum++; @@ -1976,6 +2021,7 @@ int CmdHF14AMfSniff(const char *Cmd){ bool wantSaveToEmlFile = 0; //var + int tmpchar; int res = 0; int len = 0; int blockLen = 0; @@ -2026,7 +2072,8 @@ int CmdHF14AMfSniff(const char *Cmd){ printf("."); fflush(stdout); if (ukbhit()) { - getchar(); + tmpchar = getchar(); + (void)tmpchar; printf("\naborted via keyboard!\n"); break; }