//allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types
+ nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2];
+ uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- bool gettingMoebius = false;
uint8_t nonce1_count = 0;
uint8_t nonce2_count = 0;
uint8_t moebius_n_count = 0;
+ bool gettingMoebius = false;
uint8_t mM = 0; //moebius_modifier for collection storage
// Authenticate response - nonce
cardSTATE_TO_IDLE();
LED_A_ON();
}
- }
+ }
if (cardSTATE == MFEMUL_NOFIELD) continue;
//Now, get data
} else if (res == 1) {
break; //return value 1 means button press
}
-
+
// REQ or WUP request in ANY state and WUP in HALTED state
if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
selTimer = GetTickCount();
//Send the collected ar_nr in the response
cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
}
-
}
memset(filename, 0x00, sizeof(filename));\r
int len = 0;\r
char buf[64];\r
- uint8_t uidBuffer[64];\r
\r
uint8_t cmdp = 0;\r
bool errors = false;\r
PrintAndLog("Loading file and simulating. Press keyboard to abort");\r
while(!feof(f) && !ukbhit()){\r
memset(buf, 0, sizeof(buf));\r
- memset(uidBuffer, 0, sizeof(uidBuffer));\r
+ memset(uid, 0, sizeof(uid));\r
\r
if (fgets(buf, sizeof(buf), f) == NULL) { \r
if (count > 0) break;\r
fclose(f);\r
return 2;\r
}\r
- if(strlen(buf) && feof(f)) break;\r
+ if(!strlen(buf) && feof(f)) break;\r
\r
- uidlen = strlen(buf);\r
+ uidlen = strlen(buf)-1;\r
switch(uidlen) {\r
- case 20: flags = FLAG_10B_UID_IN_DATA; break; //not complete\r
- case 14: flags = FLAG_7B_UID_IN_DATA; break;\r
- case 8: flags = FLAG_4B_UID_IN_DATA; break;\r
+ case 20: flags |= FLAG_10B_UID_IN_DATA; break; //not complete\r
+ case 14: flags |= FLAG_7B_UID_IN_DATA; break;\r
+ case 8: flags |= FLAG_4B_UID_IN_DATA; break;\r
default: \r
- PrintAndLog("uid in file wrong length at %d",count);\r
+ PrintAndLog("uid in file wrong length at %d (length: %d) [%s]",count, uidlen, buf);\r
fclose(f);\r
return 2;\r
}\r
\r
for (uint8_t i = 0; i < uidlen; i += 2) {\r
- sscanf(&buf[i], "%02x", (unsigned int *)&uidBuffer[i / 2]);\r
+ sscanf(&buf[i], "%02x", (unsigned int *)&uid[i / 2]);\r
}\r
\r
PrintAndLog("mf 1k sim uid: %s, numreads:%d, flags:%d (0x%02x) - press button to abort",\r
projects / proxmark3-svn / commitdiff