Merge pull request #209 from micolous/14a-random-nonce
authorpwpiwi <pwpiwi@users.noreply.github.com>
Sat, 28 Jan 2017 16:11:13 +0000 (17:11 +0100)
committerGitHub <noreply@github.com>
Sat, 28 Jan 2017 16:11:13 +0000 (17:11 +0100)
Adds random nonce (r) option to `hf mf sim`.

armsrc/iso14443a.c
armsrc/util.c
armsrc/util.h
client/cmdhfmf.c
include/usb_cmd.h

index 70dc54f17a39495cb8e374807015c3f2ce53aa63..83907fce18b72c9b5407949c460b5e85d16a593a 100644 (file)
@@ -2329,6 +2329,7 @@ typedef struct {
   * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
   * FLAG_10B_UID_IN_DATA       - use 10-byte UID in the data-section not finished
   *    FLAG_NR_AR_ATTACK  - means we should collect NR_AR responses for bruteforcing later
+  * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
   *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
   * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
   */
@@ -2387,7 +2388,12 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        uint8_t mM = 0; //moebius_modifier for collection storage
 
        // Authenticate response - nonce
-       uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
+       uint32_t nonce;
+       if (flags & FLAG_RANDOM_NONCE) {
+               nonce = prand();
+       } else {
+               nonce = bytes_to_num(rAUTH_NT, 4);
+       }
        
        //-- Determine the UID
        // Can be set from emulator memory, incoming data
@@ -2535,6 +2541,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                        LED_C_OFF();
                        crypto1_destroy(pcs);
                        cardAUTHKEY = 0xff;
+                       if (flags & FLAG_RANDOM_NONCE) {
+                               nonce = prand();
+                       }
                        continue;
                }
                
@@ -2656,7 +2665,11 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                                                                // switch to moebius collection
                                                                                                gettingMoebius = true;
                                                                                                mM = ATTACK_KEY_COUNT;
-                                                                                               nonce = nonce*7;
+                                                                                               if (flags & FLAG_RANDOM_NONCE) {
+                                                                                                       nonce = prand();
+                                                                                               } else {
+                                                                                                       nonce = nonce*7;
+                                                                                               }
                                                                                                break;
                                                                                        }
                                                                                } else {
index 1dd8dc7544fe1cb2989548692f8449f19b6ca621..be41bad8aa2a351a8d9ef059aecc1e6104921c2a 100644 (file)
@@ -431,3 +431,19 @@ uint32_t RAMFUNC GetCountSspClk(){
        }
 }
 
+static uint64_t next_random = 1;
+
+/* Generates a (non-cryptographically secure) 32-bit random number.
+ *
+ * We don't have an implementation of the "rand" function or a clock to seed it
+ * with, so we just call GetTickCount the first time to seed ourselves.
+ */
+uint32_t prand() {
+       if (next_random == 1) {
+               next_random = GetTickCount();
+       }
+
+       next_random = next_random * 6364136223846793005 + 1;
+       return (uint32_t)(next_random >> 32) % 0xffffffff;
+}
+
index bf5d0cc81fc01477ea2526379948a71b5ce470dd..e919764bcc5a4cbac14081ae233557cd93fb46ea 100644 (file)
@@ -54,4 +54,6 @@ uint32_t RAMFUNC GetDeltaCountUS();
 void StartCountSspClk();
 uint32_t RAMFUNC GetCountSspClk();
 
+uint32_t prand();
+
 #endif
index 36c8e6c370eb121fab1ecb8c0b6027b210b640ad..cdac64764dd33dd554c6dbd1a7c785f7038db7ef 100644 (file)
@@ -1016,7 +1016,7 @@ int CmdHF14AMfChk(const char *Cmd)
        return 0;\r
 }\r
 \r
-void readerAttack(nonces_t ar_resp[], bool setEmulatorMem) {\r
+void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {\r
        #define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim()\r
        uint64_t key = 0;\r
        typedef struct {\r
@@ -1034,7 +1034,7 @@ void readerAttack(nonces_t ar_resp[], bool setEmulatorMem) {
        for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r
                if (ar_resp[i].ar2 > 0) {\r
                        //PrintAndLog("DEBUG: Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r
-                       if (mfkey32(ar_resp[i], &key)) {\r
+                       if (doStandardAttack && mfkey32(ar_resp[i], &key)) {\r
                                PrintAndLog("  Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
 \r
                                for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r
@@ -1054,6 +1054,34 @@ void readerAttack(nonces_t ar_resp[], bool setEmulatorMem) {
                                                }\r
                                        }\r
                                }\r
+                       } else if (tryMfk32_moebius(ar_resp[i+ATTACK_KEY_COUNT], &key)) {\r
+                               uint8_t sectorNum = ar_resp[i+ATTACK_KEY_COUNT].sector;\r
+                               uint8_t keyType = ar_resp[i+ATTACK_KEY_COUNT].keytype;\r
+\r
+                               PrintAndLog("M-Found Key%s for sector %02d: [%012"llx"]"\r
+                                       , keyType ? "B" : "A"\r
+                                       , sectorNum\r
+                                       , key\r
+                               );\r
+\r
+                               for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r
+                                       if (key_cnt[ii]==0 || stSector[ii]==sectorNum) {\r
+                                               if (keyType==0) {\r
+                                                       //keyA\r
+                                                       sector_trailer[ii].keyA = key;\r
+                                                       stSector[ii] = sectorNum;\r
+                                                       key_cnt[ii]++;\r
+                                                       break;\r
+                                               } else {\r
+                                                       //keyB\r
+                                                       sector_trailer[ii].keyB = key;\r
+                                                       stSector[ii] = sectorNum;\r
+                                                       key_cnt[ii]++;\r
+                                                       break;\r
+                                               }\r
+                                       }\r
+                               }\r
+                               continue;\r
                        }\r
                }\r
        }\r
@@ -1100,6 +1128,7 @@ int usage_hf14_mf1ksim(void) {
        PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
        PrintAndLog("      e    (Optional) set keys found from 'reader attack' to emulator memory (implies x and i)");\r
        PrintAndLog("      f    (Optional) get UIDs to use for 'reader attack' from file 'f <filename.txt>' (implies x and i)");\r
+       PrintAndLog("      r    (Optional) Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works.");\r
        PrintAndLog("samples:");\r
        PrintAndLog("           hf mf sim u 0a0a0a0a");\r
        PrintAndLog("           hf mf sim u 11223344556677");\r
@@ -1164,6 +1193,11 @@ int CmdHF14AMf1kSim(const char *Cmd) {
                        exitAfterNReads = param_get8(Cmd, pnr+1);\r
                        cmdp += 2;\r
                        break;\r
+               case 'r':\r
+               case 'R':\r
+                       flags |= FLAG_RANDOM_NONCE;\r
+                       cmdp++;\r
+                       break;\r
                case 'u':\r
                case 'U':\r
                        param_gethex_ex(Cmd, cmdp+1, uid, &uidlen);\r
@@ -1246,7 +1280,8 @@ int CmdHF14AMf1kSim(const char *Cmd) {
                        //got a response\r
                        nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r
                        memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp));\r
-                       readerAttack(ar_resp, setEmulatorMem);\r
+                       // We can skip the standard attack if we have RANDOM_NONCE set.\r
+                       readerAttack(ar_resp, setEmulatorMem, !(flags & FLAG_RANDOM_NONCE));\r
                        if ((bool)resp.arg[1]) {\r
                                PrintAndLog("Device button pressed - quitting");\r
                                fclose(f);\r
@@ -1278,7 +1313,8 @@ int CmdHF14AMf1kSim(const char *Cmd) {
                        if (flags & FLAG_NR_AR_ATTACK) {\r
                                nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r
                                memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp));\r
-                               readerAttack(ar_resp, setEmulatorMem);\r
+                               // We can skip the standard attack if we have RANDOM_NONCE set.\r
+                               readerAttack(ar_resp, setEmulatorMem, !(flags & FLAG_RANDOM_NONCE));\r
                        }\r
                }\r
        }\r
index 66e6cf91cea3529422532a746d8ac2185eee993d..16d1c5ddeb2aea165197b993d7b66870b443a4a3 100644 (file)
@@ -217,6 +217,7 @@ typedef struct{
 #define FLAG_7B_UID_IN_DATA   0x04
 #define FLAG_10B_UID_IN_DATA  0x08
 #define FLAG_NR_AR_ATTACK     0x10
+#define FLAG_RANDOM_NONCE     0x20
 
 
 //Iclass reader flags
Impressum, Datenschutz