X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/95aeb706d719f5ce1ad9aa1aac7eeeebff7e7a56..3bc7b13d237109c9dca948326315c1476f78c415:/client/cmdhfmf.c diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index e52b910a..2b3f77ca 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -18,15 +18,14 @@ int CmdHF14AMifare(const char *Cmd) uint32_t uid = 0; uint32_t nt = 0, nr = 0; uint64_t par_list = 0, ks_list = 0, r_key = 0; - uint8_t isOK = 0; - uint8_t keyBlock[8] = {0}; + int16_t isOK = 0; UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}}; // message printf("-------------------------------------------------------------------------\n"); printf("Executing command. Expected execution time: 25sec on average :-)\n"); - printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n"); + printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n"); printf("-------------------------------------------------------------------------\n"); @@ -35,7 +34,7 @@ start: SendCommand(&c); //flush queue - while (ukbhit()) getchar(); + while (ukbhit()) getchar(); // wait cycle while (true) { @@ -49,14 +48,21 @@ start: UsbCommand resp; if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { - isOK = resp.arg[0] & 0xff; + isOK = resp.arg[0]; uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4); nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4); par_list = bytes_to_num(resp.d.asBytes + 8, 8); ks_list = bytes_to_num(resp.d.asBytes + 16, 8); nr = bytes_to_num(resp.d.asBytes + 24, 4); printf("\n\n"); - if (!isOK) PrintAndLog("Proxmark can't get statistic info. Execution aborted.\n"); + switch (isOK) { + case -1 : PrintAndLog("Button pressed. Aborted.\n"); break; + case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).\n"); break; + case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable).\n"); break; + case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown"); + PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour.\n"); break; + default: ; + } break; } } @@ -70,22 +76,13 @@ start: if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) { isOK = 2; PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt); - } else { - printf("------------------------------------------------------------------\n"); - PrintAndLog("Key found:%012"llx" \n", r_key); - - num_to_bytes(r_key, 6, keyBlock); - isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key); - } - - if (!isOK) - PrintAndLog("Found valid key:%012"llx, r_key); - else - { - if (isOK != 2) PrintAndLog("Found invalid key. "); PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce..."); c.arg[0] = false; goto start; + } else { + isOK = 0; + printf("------------------------------------------------------------------\n"); + PrintAndLog("Found valid key: %012"llx" \n", r_key); } PrintAndLog(""); @@ -623,8 +620,14 @@ int CmdHF14AMfNested(const char *Cmd) if (cmdp == 'o') { PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A'); - if (mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true)) { - PrintAndLog("Nested error."); + int16_t isOK = mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true); + if (isOK) { + switch (isOK) { + case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break; + case -2 : PrintAndLog("Button pressed. Aborted.\n"); break; + case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break; + default : PrintAndLog("Unknown Error.\n"); + } return 2; } key64 = bytes_to_num(keyBlock, 6); @@ -679,7 +682,7 @@ int CmdHF14AMfNested(const char *Cmd) for (j = 0; j < 2; j++) { if (e_sector[i].foundKey[j]) continue; - res = mfCheckKeys(FirstBlockOfSector(i), j, 6, keyBlock, &key64); + res = mfCheckKeys(FirstBlockOfSector(i), j, true, 6, keyBlock, &key64); if (!res) { e_sector[i].Key[j] = key64; @@ -697,11 +700,17 @@ int CmdHF14AMfNested(const char *Cmd) for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) { if (e_sector[sectorNo].foundKey[trgKeyType]) continue; PrintAndLog("-----------------------------------------------"); - if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) { - PrintAndLog("Nested error.\n"); + int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate); + if(isOK) { + switch (isOK) { + case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break; + case -2 : PrintAndLog("Button pressed. Aborted.\n"); break; + case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break; + default : PrintAndLog("Unknown Error.\n"); + } free(e_sector); - return 2; } - else { + return 2; + } else { calibrate = false; } @@ -957,7 +966,7 @@ int CmdHF14AMfChk(const char *Cmd) uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt; for (uint32_t c = 0; c < keycnt; c+=max_keys) { uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c; - res = mfCheckKeys(b, t, size, &keyBlock[6*c], &key64); + res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64); if (res != 1) { if (!res) { PrintAndLog("Found valid key:[%012"llx"]",key64); @@ -1203,13 +1212,13 @@ int CmdHF14AMfELoad(const char *Cmd) uint8_t buf8[64] = {0x00}; int i, len, blockNum, numBlocks; int nameParamNo = 1; - + uint8_t blockWidth = 32; char ctmp = param_getchar(Cmd, 0); if ( ctmp == 'h' || ctmp == 0x00) { PrintAndLog("It loads emul dump from the file `filename.eml`"); PrintAndLog("Usage: hf mf eload [card memory] "); - PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL"); PrintAndLog(""); PrintAndLog(" sample: hf mf eload filename"); PrintAndLog(" hf mf eload 4 filename"); @@ -1222,6 +1231,8 @@ int CmdHF14AMfELoad(const char *Cmd) case '\0': numBlocks = 16*4; break; case '2' : numBlocks = 32*4; break; case '4' : numBlocks = 256; break; + case 'U' : // fall through , NTAG 215 has 135blocks a 540 bytes. + case 'u' : numBlocks = 135; blockWidth = 8; break; default: { numBlocks = 16*4; nameParamNo = 0; @@ -1256,19 +1267,18 @@ int CmdHF14AMfELoad(const char *Cmd) return 2; } - if (strlen(buf) < 32){ + if (strlen(buf) < blockWidth){ if(strlen(buf) && feof(f)) break; - PrintAndLog("File content error. Block data must include 32 HEX symbols"); + PrintAndLog("File content error. Block data must include %d HEX symbols", blockWidth); fclose(f); return 2; } - for (i = 0; i < 32; i += 2) { + for (i = 0; i < blockWidth; i += 2) { sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); } - - if (mfEmlSetMem(buf8, blockNum, 1)) { + if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) { PrintAndLog("Cant set emul block: %3d", blockNum); fclose(f); return 3; @@ -1627,7 +1637,6 @@ int CmdHF14AMfCLoad(const char *Cmd) if (fgets(buf, sizeof(buf), f) == NULL) { fclose(f); PrintAndLog("File reading error."); - fclose(f); return 2; } @@ -1952,7 +1961,6 @@ int CmdHF14AMfSniff(const char *Cmd){ } if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile); - } else { PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len)); if (wantLogToFile) @@ -1973,6 +1981,25 @@ int CmdHF14AMfSniff(const char *Cmd){ return 0; } +//needs nt, ar, at, Data to decrypt +int CmdDecryptTraceCmds(const char *Cmd){ + uint8_t data[50]; + + uint32_t nt = param_get32ex(Cmd,0,0,16); + uint32_t ar_enc = param_get32ex(Cmd,1,0,16); + uint32_t at_enc = param_get32ex(Cmd,2,0,16); + + int len = 0; + param_gethex_ex(Cmd, 3, data, &len); + + len /= 2; + int limit = sizeof(data) / 2; + + if ( len >= limit ) + len = limit; + + return tryDecryptWord( nt, ar_enc, at_enc, data, len); +} static command_t CommandTable[] = { @@ -2001,6 +2028,7 @@ static command_t CommandTable[] = {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"}, {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"}, {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"}, + {"decrypt", CmdDecryptTraceCmds, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"}, {NULL, NULL, 0, NULL} };