X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/f07ffa7672ccff152875a5560fd7d2e3edbd6165..c24364a8a4932f51a9b9e255d2ed0c67b9e37c74:/client/cmdhfmfhard.c diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index 58bfbf04..2e504675 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -165,14 +165,17 @@ static int add_nonce(uint32_t nonce_enc, uint8_t par_enc) } else { // add new entry at end of existing list. p2 = p2->next = malloc(sizeof(noncelistentry_t)); } - } else if ((p1->nonce_enc & 0x00ff0000) != (nonce_enc & 0x00ff0000)) { // found distinct 2nd byte. Need to insert. + if (p2 == NULL) return 0; // memory allocation failed + } + else if ((p1->nonce_enc & 0x00ff0000) != (nonce_enc & 0x00ff0000)) { // found distinct 2nd byte. Need to insert. if (p2 == NULL) { // need to insert at start of list p2 = nonces[first_byte].first = malloc(sizeof(noncelistentry_t)); } else { p2 = p2->next = malloc(sizeof(noncelistentry_t)); } - } else { // we have seen this 2nd byte before. Nothing to add or insert. - return (0); + if (p2 == NULL) return 0; // memory allocation failed + } else { + return 0; // we have seen this 2nd byte before. Nothing to add or insert. } // add or insert new data @@ -189,7 +192,7 @@ static int add_nonce(uint32_t nonce_enc, uint8_t par_enc) nonces[first_byte].Sum += evenparity32((nonce_enc & 0x00ff0000) | (par_enc & 0x04)); nonces[first_byte].updated = true; // indicates that we need to recalculate the Sum(a8) probability for this first byte - return (1); // new nonce added + return 1; // new nonce added } static void init_nonce_memory(void) @@ -720,8 +723,8 @@ static void simulate_acquire_nonces() cuid = (rand() & 0xff) << 24 | (rand() & 0xff) << 16 | (rand() & 0xff) << 8 | (rand() & 0xff); known_target_key = ((uint64_t)rand() & 0xfff) << 36 | ((uint64_t)rand() & 0xfff) << 24 | ((uint64_t)rand() & 0xfff) << 12 | ((uint64_t)rand() & 0xfff); - printf("Simulating nonce acquisition for target key %012"llx", cuid %08x ...\n", known_target_key, cuid); - fprintf(fstats, "%012"llx";%08x;", known_target_key, cuid); + printf("Simulating nonce acquisition for target key %012" PRIx64 ", cuid %08x ...\n", known_target_key, cuid); + fprintf(fstats, "%012" PRIx64 ";%08x;", known_target_key, cuid); do { uint32_t nt_enc = 0; @@ -762,20 +765,8 @@ static void simulate_acquire_nonces() } -static void free_candidates_memory(statelist_t *sl) -{ - if (sl == NULL) { - return; - } else { - free_candidates_memory(sl->next); - free(sl); - } -} - static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, bool nonce_file_write, bool slow) { - uint8_t three_in_row = 0; - uint8_t prev_best = 0; clock_t time1 = clock(); bool initialize = true; bool finished = false; @@ -786,6 +777,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ uint32_t next_fivehundred = 500; uint32_t total_added_nonces = 0; uint32_t idx = 1; + uint32_t timeout = 0; FILE *fnonces = NULL; field_off = false; UsbCommand resp; @@ -798,8 +790,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ do { flags = 0; - //flags |= initialize ? 0x0001 : 0; - flags |= 0x0001; + flags |= initialize ? 0x0001 : 0; flags |= slow ? 0x0002 : 0; flags |= field_off ? 0x0004 : 0; c.arg[2] = flags; @@ -809,10 +800,15 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ if (field_off) break; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 6000)) { - if (fnonces) fclose(fnonces); - return 1; - } + while(!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + timeout++; + printf("."); + if (timeout > 3) { + PrintAndLog("\nNo response from Proxmark. Aborting..."); + if (fnonces) fclose(fnonces); + return 1; + } + } if (resp.arg[0]) { if (fnonces) fclose(fnonces); @@ -878,31 +874,14 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ ); } - if ( num_good_first_bytes > 0 ) { - - if ( prev_best == best_first_bytes[0] ){ - ++three_in_row; - } else { - three_in_row = 0; - } - prev_best = best_first_bytes[0]; - - //printf("GOOD BYTES: %s \n", sprint_hex(best_first_bytes, num_good_first_bytes) ); - if ( total_added_nonces >= (NONCES_THRESHOLD * idx) || three_in_row >= 3) { - - bool cracking = generate_candidates(first_byte_Sum, nonces[best_first_bytes[0]].Sum8_guess); - if (cracking || known_target_key != -1) { - - UsbCommand cOff = {CMD_FPGA_MAJOR_MODE_OFF, {0,0,0} }; - SendCommand(&cOff); - field_off = brute_force(); + if (total_added_nonces >= (NONCES_THRESHOLD * idx)) { + if (num_good_first_bytes > 0) { + if (generate_candidates(first_byte_Sum, nonces[best_first_bytes[0]].Sum8_guess) || known_target_key != -1) { + field_off = brute_force(); // switch off field with next SendCommand and then finish } - three_in_row = 0; } + idx++; } - - if ( total_added_nonces >= (NONCES_THRESHOLD * idx)) - ++idx; } } while (!finished); @@ -1268,12 +1247,8 @@ static bool TestIfKeyExists(uint64_t key) uint32_t state_odd = pcs->odd & 0x00ffffff; uint32_t state_even = pcs->even & 0x00ffffff; - //printf("Tests: searching for key %llx after first byte 0x%02x (state_odd = 0x%06x, state_even = 0x%06x) ...\n", key, best_first_bytes[0], state_odd, state_even); - printf("Validating keysearch space\n"); - if ( candidates == NULL ) { - printf("candidates list is NULL\n"); - return false; - } + //printf("Tests: searching for key %" PRIx64 " after first byte 0x%02x (state_odd = 0x%06x, state_even = 0x%06x) ...\n", key, best_first_bytes[0], state_odd, state_even); + printf("Validating key search space\n"); uint64_t count = 0; for (statelist_t *p = candidates; p != NULL; p = p->next) { bool found_odd = false; @@ -1296,7 +1271,7 @@ static bool TestIfKeyExists(uint64_t key) count += (p_odd - p->states[ODD_STATE]) * (p_even - p->states[EVEN_STATE]); if (found_odd && found_even) { if (known_target_key != -1) { - PrintAndLog("Key Found after testing %llu (2^%1.1f) out of %lld (2^%1.1f) keys.", + PrintAndLog("Key Found after testing %" PRIu64 " (2^%1.1f) out of %lld (2^%1.1f) keys.", count, log(count)/log(2), maximum_states, @@ -1400,6 +1375,16 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8) return false; } +static void free_candidates_memory(statelist_t *sl) +{ + if (sl == NULL) { + return; + } else { + free_candidates_memory(sl->next); + free(sl); + } +} + static void free_statelist_cache(void) { for (uint16_t i = 0; i < 17; i+=2) { @@ -1649,19 +1634,23 @@ static void* crack_states_thread(void* x){ const uint64_t key = crack_states_bitsliced(bucket); if (keys_found) break; - else if(key != -1 && TestIfKeyExists(key)) { + else if(key != -1) { + if (TestIfKeyExists(key)) { __sync_fetch_and_add(&keys_found, 1); __sync_fetch_and_add(&foundkey, key); + printf("*"); + fflush(stdout); break; + } + printf("!"); + fflush(stdout); } else { printf("."); fflush(stdout); } } - current_bucket += thread_count; } - return NULL; } @@ -1740,12 +1729,14 @@ static bool brute_force(void) { return ret; } -int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests) +int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests, uint64_t *found_key) { // initialize Random number generator time_t t; srand((unsigned) time(&t)); + *found_key = 0; + if (trgkey != NULL) { known_target_key = bytes_to_num(trgkey, 6); } else { @@ -1797,6 +1788,10 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc } else { // acquire nonces. uint16_t is_OK = acquire_nonces(blockNo, keyType, key, trgBlockNo, trgKeyType, nonce_file_write, slow); if (is_OK != 0) { + free_nonces_memory(); + //free_statelist_cache(); + free_candidates_memory(candidates); + candidates = NULL; return is_OK; } } @@ -1807,5 +1802,6 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc free_candidates_memory(candidates); candidates = NULL; } + *found_key = foundkey; return 0; -} +} \ No newline at end of file