X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/7ac59a82ab5d244407254febf5dc9b7be892d2ad..890738733a64445e6565516fe20c927884b712fd:/client/mifarehost.c?ds=inline diff --git a/client/mifarehost.c b/client/mifarehost.c index cbd79cf7..51dd7374 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -8,6 +8,8 @@ // mifare commands //----------------------------------------------------------------------------- +#include "mifarehost.h" + #include #include #include @@ -20,7 +22,6 @@ #include "ui.h" #include "util.h" #include "iso14443crc.h" -#include "mifarehost.h" // mifare tracer flags used in mfTraceDecode() #define TRACE_IDLE 0x00 @@ -223,7 +224,7 @@ int mfDarkside(uint64_t *key) int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){ - *key = 0; + *key = -1; UsbCommand c = {CMD_MIFARE_CHKKEYS, {((blockNo & 0xff) | ((keyType&0xff)<<8)), clear_trace, keycnt}}; memcpy(c.d.asBytes, keyBlock, 6 * keycnt); @@ -819,3 +820,33 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, crypto1_destroy(traceCrypto1); return 0; } +/* Detect Tag Prng, +* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce. +* the tag nonce is check to see if it has a predictable PRNG. +* @returns +* TRUE if tag uses WEAK prng (ie Darkside attack possible) +* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key) +*/ +bool detect_classic_prng(){ + + UsbCommand resp, respA; + uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00}; + uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC; + + UsbCommand cAuth = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}}; + memcpy(cAuth.d.asBytes, cmd, sizeof(cmd)); + + clearCommandBuffer(); + SendCommand(&cAuth); + WaitForResponse(CMD_ACK, &resp); + WaitForResponse(CMD_ACK, &respA); + + // if select tag failed. + if ( resp.arg[0] == 0 ) { + printf("Error: selecting tag failed, can't detect prng\n"); + return false; + } + + uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); + return validate_prng_nonce(nonce); +}