X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/b6e05350b2826c6d43fd8e7363de8a1eeef149a6..bdebc8dbab9ca3867faf32532c4db32966fce56a:/armsrc/iso14443a.c diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 570f028c..d0695501 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -849,6 +849,8 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { //----------------------------------------------------------------------------- void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { + #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() + uint8_t sak = 0; uint32_t cuid = 0; uint32_t nonce = 0; @@ -866,7 +868,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { uint8_t cardAUTHSC = 0; uint8_t cardAUTHKEY = 0xff; // no authentication // allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys - #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() + nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius) memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp)); @@ -972,16 +974,17 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { response3a[0] = sak & 0xFB; ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); - uint8_t response5[] = { 0x01, 0x01, 0x01, 0x01 }; // Very random tag nonce + // Tag NONCE. + uint8_t response5[4]; + nonce = prand(); + num_to_bytes(nonce, 4, response5); + uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS: // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1 // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us) // TC(1) = 0x02: CID supported, NAD not supported ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]); - - // the randon nonce - nonce = bytes_to_num(response5, 4); // Prepare GET_VERSION (different for UL EV-1 / NTAG) // uint8_t response7_EV1[] = {0x00, 0x04, 0x03, 0x01, 0x01, 0x00, 0x0b, 0x03, 0xfd, 0xf7}; //EV1 48bytes VERSION. @@ -1058,7 +1061,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { } // incease nonce at every command recieved - nonce++; + nonce = prand(); num_to_bytes(nonce, 4, response5); p_response = NULL; @@ -1173,8 +1176,16 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { // Collect AR/NR per keytype & sector if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) { + for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { - if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) { + + if ( ar_nr_collected[i+mM] == 0 || ( + (cardAUTHSC == ar_nr_resp[i+mM].sector) && + (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && + (ar_nr_collected[i+mM] > 0) + ) + ) { + // if first auth for sector, or matches sector and keytype of previous auth if (ar_nr_collected[i+mM] < 2) { // if we haven't already collected 2 nonces for this sector @@ -1360,7 +1371,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { BigBuf_free_keep_EM(); LED_A_OFF(); - if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) { + if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) { for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { if (ar_nr_collected[i] == 2) { Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (iats_len = len; } - // reset the PCB block number - iso14_pcb_blocknum = 0; - // set default timeout based on ATS iso14a_set_ATS_timeout(resp); - return 1; } @@ -2086,17 +2096,17 @@ void ReaderIso14443a(UsbCommand *c) { } if (param & ISO14A_RAW) { - if(param & ISO14A_APPEND_CRC) { - if(param & ISO14A_TOPAZMODE) { + if (param & ISO14A_APPEND_CRC) { + if (param & ISO14A_TOPAZMODE) AppendCrc14443b(cmd,len); - } else { + else AppendCrc14443a(cmd,len); - } + len += 2; if (lenbits) lenbits += 16; } - if(lenbits>0) { // want to send a specific number of bits (e.g. short commands) - if(param & ISO14A_TOPAZMODE) { + if (lenbits>0) { // want to send a specific number of bits (e.g. short commands) + if (param & ISO14A_TOPAZMODE) { int bits_to_send = lenbits; uint16_t i = 0; ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity @@ -2110,7 +2120,7 @@ void ReaderIso14443a(UsbCommand *c) { ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity } } else { // want to send complete bytes only - if(param & ISO14A_TOPAZMODE) { + if (param & ISO14A_TOPAZMODE) { uint16_t i = 0; ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy while (i < len) { @@ -2145,29 +2155,24 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) { uint32_t nttmp1 = nt1; uint32_t nttmp2 = nt2; - for (uint16_t i = 1; i < 32768/8; ++i) { + // 0xFFFF -- Half up and half down to find distance between nonces + for (uint16_t i = 1; i < 32768/8; i += 8) { nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+1; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+2; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+3; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+4; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+5; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+6; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+7; + + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6); nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+7); } // either nt1 or nt2 are invalid nonces @@ -2221,14 +2226,14 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) { BigBuf_free(); BigBuf_Clear_ext(false); clear_trace(); - set_tracing(TRUE); + set_tracing(FALSE); iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); sync_time = GetCountSspClk() & 0xfffffff8; sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces). nt_attacked = 0; - if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %08x", sync_time); + if (MF_DBGLEVEL >= 4) Dbprintf("Mifare::Sync %u", sync_time); if (first_try) { mf_nr_ar3 = 0; @@ -2478,10 +2483,14 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; - uint8_t rAUTH_NT[] = {0x01, 0x01, 0x01, 0x01}; // very random nonce + // TAG Nonce - Authenticate response + uint8_t rAUTH_NT[4]; + uint32_t nonce = prand(); + num_to_bytes(nonce, 4, rAUTH_NT); + // uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this? uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00}; - + // Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2 // This can be used in a reader-only attack. nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius) @@ -2496,9 +2505,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint8_t mM = 0; // moebius_modifier for collection storage bool doBufResetNext = false; - // Authenticate response - nonce - uint32_t nonce = bytes_to_num(rAUTH_NT, 4); - // -- Determine the UID // Can be set from emulator memory or incoming data // Length: 4,7,or 10 bytes @@ -2634,7 +2640,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * crypto1_destroy(pcs); cardAUTHKEY = 0xff; LEDsoff(); - nonce++; + nonce = prand(); continue; } @@ -2749,7 +2755,13 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { - if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) { + + if ( ar_nr_collected[i+mM] == 0 || ( + (cardAUTHSC == ar_nr_resp[i+mM].sector) && + (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && + (ar_nr_collected[i+mM] > 0) + ) + ) { // if first auth for sector, or matches sector and keytype of previous auth if (ar_nr_collected[i+mM] < 2) { @@ -2794,7 +2806,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * // if we've collected all the nonces we need - finish. if (nonce1_count == moebius_n_count) { - cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp)); + cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_resp, sizeof(ar_nr_resp)); nonce1_count = 0; nonce2_count = 0; moebius_n_count = 0; @@ -3064,13 +3076,13 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * // Interactive mode flag, means we need to send ACK /* - if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE) { + if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE && flags & FLAG_NR_AR_ATTACK == FLAG_NR_AR_ATTACK) { // May just aswell send the collected ar_nr in the response aswell uint8_t len = ar_nr_collected * 4 * 4; cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len); } + */ - */ if( ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) && MF_DBGLEVEL >= 1 ) { for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { if (ar_nr_collected[i] == 2) { @@ -3099,10 +3111,10 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * ); } } - } - + } - if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen()); + if (MF_DBGLEVEL >= 1) + Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen()); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff();