]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
ADD: @micolous random nonce, adjusted to fit in. Icemanfork only uses Moebius attac...
authoriceman1001 <iceman@iuse.se>
Thu, 26 Jan 2017 13:21:51 +0000 (14:21 +0100)
committericeman1001 <iceman@iuse.se>
Thu, 26 Jan 2017 13:21:51 +0000 (14:21 +0100)
ref: https://github.com/Proxmark/proxmark3/pull/209

appveyor.yml
armsrc/Makefile
armsrc/iso14443a.c
armsrc/iso14443a.h
common/random.c [new file with mode: 0644]
common/random.h [new file with mode: 0644]
include/mifare.h
include/usb_cmd.h

index 248bbe4ce18bac196c8f35aafaab01a76b58c423..cac45bd4212e62dcefd91f5e2fe5b0aba48a4fb5 100644 (file)
@@ -1,14 +1,15 @@
 os: Windows Server 2012
-platform: x64
+platform: mingw
+qt: mingw492_32
 
 branches:
   only:
     - master
 
 install:
- - cinst make
- - cinst mingw
-
+ - set QTDIR=C:\Qt\5.5\mingw492_32
+ - set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin
+  
 before_build:
  - make clean
  
index 40923a8b7383e8cee555111b63fe88b2049e3876..08252565d3ce11de9752d2fea1eafb98eeed46c1 100644 (file)
@@ -54,7 +54,8 @@ THUMBSRC = start.c \
        string.c \
        BigBuf.c \
        ticks.c \
-       hfsnoop.c
+       hfsnoop.c \
+       random.c
 
 # These are to be compiled in ARM mode
 ARMSRC = fpgaloader.c \
index 81e45960fea652f2e331d9dda035487efcb5d1ec..d069550144251d8d08772a3590b5deb7fac3d7d6 100644 (file)
@@ -849,6 +849,8 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) {
 //-----------------------------------------------------------------------------
 void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
 
+       #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
+       
        uint8_t sak = 0;
        uint32_t cuid = 0;                      
        uint32_t nonce = 0;
@@ -866,7 +868,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
        uint8_t cardAUTHSC = 0;
        uint8_t cardAUTHKEY = 0xff;  // no authentication
        // allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
-       #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
+
        nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
        memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
 
@@ -972,16 +974,17 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
        response3a[0] = sak & 0xFB;
        ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
 
-       uint8_t response5[] = { 0x01, 0x01, 0x01, 0x01 };                               // Very random tag nonce
+       // Tag NONCE.
+       uint8_t response5[4]; 
+       nonce = prand();
+       num_to_bytes(nonce, 4, response5);
+       
        uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 };   // dummy ATS (pseudo-ATR), answer to RATS: 
        // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, 
        // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
        // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us)
        // TC(1) = 0x02: CID supported, NAD not supported
        ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
-
-       // the randon nonce
-       nonce = bytes_to_num(response5, 4);     
        
        // Prepare GET_VERSION (different for UL EV-1 / NTAG)
        // uint8_t response7_EV1[] = {0x00, 0x04, 0x03, 0x01, 0x01, 0x00, 0x0b, 0x03, 0xfd, 0xf7};  //EV1 48bytes VERSION.
@@ -1058,7 +1061,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
                }
                
                // incease nonce at every command recieved
-               nonce++;
+               nonce = prand();
                num_to_bytes(nonce, 4, response5);
                
                p_response = NULL;
@@ -1173,8 +1176,16 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
 
                        // Collect AR/NR per keytype & sector
                        if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) {
+                               
                                        for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
-                                               if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
+                                               
+                                               if ( ar_nr_collected[i+mM] == 0 || (
+                                                                       (cardAUTHSC == ar_nr_resp[i+mM].sector) && 
+                                                                       (cardAUTHKEY == ar_nr_resp[i+mM].keytype) &&
+                                                                       (ar_nr_collected[i+mM] > 0)
+                                                               )
+                                                       ) {
+                                                               
                                                        // if first auth for sector, or matches sector and keytype of previous auth
                                                        if (ar_nr_collected[i+mM] < 2) {
                                                                // if we haven't already collected 2 nonces for this sector
@@ -1360,7 +1371,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
        BigBuf_free_keep_EM();
        LED_A_OFF();
        
-               if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
+       if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
                for ( uint8_t   i = 0; i < ATTACK_KEY_COUNT; i++) {
                        if (ar_nr_collected[i] == 2) {
                                Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
@@ -2472,10 +2483,14 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; 
        uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
 
-       uint8_t rAUTH_NT[] = {0x01, 0x01, 0x01, 0x01};  // very random nonce
+       // TAG Nonce - Authenticate response
+       uint8_t rAUTH_NT[4];
+       uint32_t nonce = prand();
+       num_to_bytes(nonce, 4, rAUTH_NT);
+       
        // uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this?
        uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
-               
+       
        // Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2
        // This can be used in a reader-only attack.
        nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
@@ -2490,9 +2505,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        uint8_t mM = 0; // moebius_modifier for collection storage
        bool doBufResetNext = false;
 
-       // Authenticate response - nonce
-       uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
-       
        // -- Determine the UID
        // Can be set from emulator memory or incoming data
        // Length: 4,7,or 10 bytes
@@ -2628,7 +2640,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                        crypto1_destroy(pcs);
                        cardAUTHKEY = 0xff;
                        LEDsoff();
-                       nonce++
+                       nonce = prand()
                        continue;
                }
                
@@ -2743,7 +2755,13 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                }
 
                                for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
-                                       if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
+                                       
+                                       if ( ar_nr_collected[i+mM] == 0 || (
+                                                               (cardAUTHSC == ar_nr_resp[i+mM].sector) && 
+                                                               (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && 
+                                                               (ar_nr_collected[i+mM] > 0)
+                                                       )
+                                               ) {
 
                                                // if first auth for sector, or matches sector and keytype of previous auth
                                                if (ar_nr_collected[i+mM] < 2) {
@@ -2788,7 +2806,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                                                // if we've collected all the nonces we need - finish.
 
                                                                                if (nonce1_count == moebius_n_count) {
-                                                                                       cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
+                                                                                       cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_resp, sizeof(ar_nr_resp));
                                                                                        nonce1_count = 0;
                                                                                        nonce2_count = 0;
                                                                                        moebius_n_count = 0;
@@ -3058,13 +3076,13 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 
        // Interactive mode flag, means we need to send ACK
        /*
-       if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE) {
+       if((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE && flags & FLAG_NR_AR_ATTACK == FLAG_NR_AR_ATTACK) {
                // May just aswell send the collected ar_nr in the response aswell
                uint8_t len = ar_nr_collected * 4 * 4;
                cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
        }
+       */
        
-   */
        if( ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) && MF_DBGLEVEL >= 1 ) {
                for ( uint8_t   i = 0; i < ATTACK_KEY_COUNT; i++) {
                        if (ar_nr_collected[i] == 2) {
@@ -3093,10 +3111,10 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                );
                        }
                }
-       }
-       
+       }       
        
-       if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ", tracing, BigBuf_get_traceLen());
+       if (MF_DBGLEVEL >= 1) 
+               Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ", tracing, BigBuf_get_traceLen());
        
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        LEDsoff();
index 2128f6ec5c1e8d79e88bcaf12b6a80b6789d2731..82d3aa975e32e35aa7329b79c8bda300c8ef62c0 100644 (file)
@@ -26,6 +26,7 @@ extern "C" {
 #include "crapto1.h"
 #include "mifareutil.h"
 #include "parity.h"
+#include "random.h"
 
 typedef struct {
        enum {
diff --git a/common/random.c b/common/random.c
new file mode 100644 (file)
index 0000000..62d0cbe
--- /dev/null
@@ -0,0 +1,19 @@
+#include "random.h"
+
+static uint64_t next_random = 1;
+
+/* Generates a (non-cryptographically secure) 32-bit random number.
+ *
+ * We don't have an implementation of the "rand" function. Instead we use a
+ * method of seeding with the time it took to call "autoseed" from first run.
+ * 
+ * https://github.com/Proxmark/proxmark3/pull/209/commits/f9c1dcd9f6e68a8c07cffed697a9c4c8caed6015
+ */
+uint32_t prand() {
+       if (next_random == 1)
+               next_random = GetTickCount();
+
+       next_random = next_random * 6364136223846793005 + 1;
+       return (uint32_t)(next_random >> 32) % 0xffffffff;
+}
+
diff --git a/common/random.h b/common/random.h
new file mode 100644 (file)
index 0000000..45f176d
--- /dev/null
@@ -0,0 +1,21 @@
+//-----------------------------------------------------------------------------
+// Micolous Jan 2017
+// Iceman Jan 2017
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// pseudo rng generator.  To be used when PM3 simulates Mifare tag.
+// i.e.  'hf mf sim'  
+//       'hf 14a sim'
+//-----------------------------------------------------------------------------
+
+#ifndef __RANDOM_H
+#define __RANDOM_H
+
+#include "common.h"
+#include "ticks.h"
+
+uint32_t prand();
+
+#endif
\ No newline at end of file
index bd78dda6b671cff4e9d4b171e03d691c4206cd7c..11c977d579626a028500ccb1d668c56961519982 100644 (file)
@@ -66,14 +66,14 @@ typedef enum ISO14B_COMMAND {
 //-----------------------------------------------------------------------------
 typedef struct {
   uint32_t cuid;
-  uint8_t  sector;
-  uint8_t  keytype;
   uint32_t nonce;
   uint32_t ar;
   uint32_t nr;
   uint32_t nonce2;
   uint32_t ar2;
   uint32_t nr2;
+  uint8_t  sector;
+  uint8_t  keytype;
 } nonces_t;
 
 #endif // _MIFARE_H_
index 0cb6ed93d723bef093a83cf42da430ea9862a610..53ac18e7a8c21bfcec585a811f3769109fc30a02 100644 (file)
@@ -239,6 +239,7 @@ typedef struct{
 #define FLAG_10B_UID_IN_DATA   0x08
 #define FLAG_UID_IN_EMUL               0x10
 #define FLAG_NR_AR_ATTACK              0x20
+//#define FLAG_RANDOM_NONCE            0x40
 
 //Iclass reader flags
 #define FLAG_ICLASS_READER_ONLY_ONCE 0x01
Impressum, Datenschutz