From: iceman1001 Date: Tue, 16 Feb 2016 20:43:45 +0000 (+0100) Subject: Merge branch 'master' of https://github.com/iceman1001/proxmark3 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/7504dc50d539f1f9b0b99064f5c7d38e373890fa Merge branch 'master' of https://github.com/iceman1001/proxmark3 Conflicts: armsrc/crypto1.c --- 7504dc50d539f1f9b0b99064f5c7d38e373890fa diff --cc armsrc/iso14443a.c index c7fc06ec,c7fc06ec..c4298fcb --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@@ -750,7 -750,7 +750,7 @@@ static void CodeIso14443aAsTagPar(cons static void CodeIso14443aAsTag(const uint8_t *cmd, uint16_t len) { -- uint8_t par[MAX_PARITY_SIZE]; ++ uint8_t par[MAX_PARITY_SIZE] = {0}; GetParity(cmd, len, par); CodeIso14443aAsTagPar(cmd, len, par); @@@ -1428,24 -1428,24 +1428,26 @@@ void SimulateIso14443aTag(int tagType, // of bits specified in the delay parameter. void PrepareDelayedTransfer(uint16_t delay) { ++ delay &= 0x07; ++ if (!delay) return; ++ uint8_t bitmask = 0; uint8_t bits_to_shift = 0; uint8_t bits_shifted = 0; ++ uint16_t i = 0; ++ ++ for (i = 0; i < delay; ++i) ++ bitmask |= (0x01 << i); -- delay &= 0x07; -- if (delay) { -- for (uint16_t i = 0; i < delay; i++) { -- bitmask |= (1 << i); -- } ToSend[++ToSendMax] = 0x00; -- for (uint16_t i = 0; i < ToSendMax; i++) { ++ ++ for (i = 0; i < ToSendMax; ++i) { bits_to_shift = ToSend[i] & bitmask; ToSend[i] = ToSend[i] >> delay; ToSend[i] = ToSend[i] | (bits_shifted << (8 - delay)); bits_shifted = bits_to_shift; } } --} //------------------------------------------------------------------------------------- @@@ -1463,18 -1463,18 +1465,27 @@@ static void TransmitFor14443a(const uin uint32_t ThisTransferTime = 0; if (timing) { -- if(*timing == 0) { // Measure time ++ ++ if (*timing != 0) ++ // Delay transfer (fine tuning - up to 7 MF clock ticks) ++ PrepareDelayedTransfer(*timing & 0x00000007); ++ else ++ // Measure time *timing = (GetCountSspClk() + 8) & 0xfffffff8; -- } else { -- PrepareDelayedTransfer(*timing & 0x00000007); // Delay transfer (fine tuning - up to 7 MF clock ticks) -- } -- if(MF_DBGLEVEL >= 4 && GetCountSspClk() >= (*timing & 0xfffffff8)) Dbprintf("TransmitFor14443a: Missed timing"); ++ -- while(GetCountSspClk() < (*timing & 0xfffffff8)); // Delay transfer (multiple of 8 MF clock ticks) ++ if (MF_DBGLEVEL >= 4 && GetCountSspClk() >= (*timing & 0xfffffff8)) ++ Dbprintf("TransmitFor14443a: Missed timing"); ++ ++ // Delay transfer (multiple of 8 MF clock ticks) ++ while (GetCountSspClk() < (*timing & 0xfffffff8)); ++ LastTimeProxToAirStart = *timing; } else { ThisTransferTime = ((MAX(NextTransferTime, GetCountSspClk()) & 0xfffffff8) + 8); ++ while(GetCountSspClk() < ThisTransferTime); ++ LastTimeProxToAirStart = ThisTransferTime; } @@@ -2197,33 -2197,33 +2208,62 @@@ int32_t dist_nt(uint32_t nt1, uint32_t if (nt1 == nt2) return 0; ++ uint16_t i; uint32_t nttmp1 = nt1; uint32_t nttmp2 = nt2; -- for (uint16_t i = 1; i < 0xFFFF; i += 8) { -- nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i; -- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; -- -- nttmp1 = prng_successor(nttmp1, 2); if (nttmp1 == nt2) return i+1; -- nttmp2 = prng_successor(nttmp2, 2); if (nttmp2 == nt1) return -i-1; -- -- nttmp1 = prng_successor(nttmp1, 3); if (nttmp1 == nt2) return i+2; -- nttmp2 = prng_successor(nttmp2, 3); if (nttmp2 == nt1) return -i-2; -- -- nttmp1 = prng_successor(nttmp1, 4); if (nttmp1 == nt2) return i+3; -- nttmp2 = prng_successor(nttmp2, 4); if (nttmp2 == nt1) return -i-3; ++ for (i = 1; i < 0xFFFF; i += 8) { ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i; -- nttmp1 = prng_successor(nttmp1, 5); if (nttmp1 == nt2) return i+4; -- nttmp2 = prng_successor(nttmp2, 5); if (nttmp2 == nt1) return -i-4; -- -- nttmp1 = prng_successor(nttmp1, 6); if (nttmp1 == nt2) return i+5; -- nttmp2 = prng_successor(nttmp2, 6); if (nttmp2 == nt1) return -i-5; -- -- nttmp1 = prng_successor(nttmp1, 7); if (nttmp1 == nt2) return i+6; -- nttmp2 = prng_successor(nttmp2, 7); if (nttmp2 == nt1) return -i-6; -- -- nttmp1 = prng_successor(nttmp1, 8); if (nttmp1 == nt2) return i+7; -- nttmp2 = prng_successor(nttmp2, 8); if (nttmp2 == nt1) return -i-7; ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+1; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+1; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+2; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+2; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+3; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+3; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+4; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+4; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+5; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+5; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+6; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+6; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+7; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+7; ++ ++ nttmp1 = prng_successor_one(nttmp1); if (nttmp1 == nt2) return i+8; ++ nttmp2 = prng_successor_one(nttmp2); if (nttmp2 == nt1) return -i+8; ++/* ++ if ( prng_successor(nttmp1, i) == nt2) return i; ++ if ( prng_successor(nttmp2, i) == nt1) return -i; ++ ++ if ( prng_successor(nttmp1, i+2) == nt2) return i+2; ++ if ( prng_successor(nttmp2, i+2) == nt1) return -(i+2); ++ ++ if ( prng_successor(nttmp1, i+3) == nt2) return i+3; ++ if ( prng_successor(nttmp2, i+3) == nt1) return -(i+3); ++ ++ if ( prng_successor(nttmp1, i+4) == nt2) return i+4; ++ if ( prng_successor(nttmp2, i+4) == nt1) return -(i+4); ++ ++ if ( prng_successor(nttmp1, i+5) == nt2) return i+5; ++ if ( prng_successor(nttmp2, i+5) == nt1) return -(i+5); ++ ++ if ( prng_successor(nttmp1, i+6) == nt2) return i+6; ++ if ( prng_successor(nttmp2, i+6) == nt1) return -(i+6); ++ ++ if ( prng_successor(nttmp1, i+7) == nt2) return i+7; ++ if ( prng_successor(nttmp2, i+7) == nt1) return -(i+7); ++ ++ if ( prng_successor(nttmp1, i+8) == nt2) return i+8; ++ if ( prng_successor(nttmp2, i+8) == nt1) return -(i+8); ++*/ } return(-99999); // either nt1 or nt2 are invalid nonces @@@ -2349,7 -2349,7 +2389,7 @@@ void ReaderMifare(bool first_try, uint8 // if we missed the sync time already, advance to the next nonce repeat while(GetCountSspClk() > sync_time) { ++elapsed_prng_sequences; -- sync_time = (sync_time & 0xfffffff8) + sync_cycles; ++ sync_time += sync_cycles; } // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked) ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time); diff --cc armsrc/mifarecmd.c index 4c1fe1b6,4c1fe1b6..ad8655db --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@@ -771,7 -771,7 +771,7 @@@ void MifareNested(uint32_t arg0, uint32 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00}; uint32_t auth1_time, auth2_time; -- static uint16_t delta_time; ++ static uint16_t delta_time = 0; LED_A_ON(); LED_C_OFF(); @@@ -822,12 -822,12 +822,8 @@@ rtr--; continue; }; ++ auth2_time = (delta_time) ? auth1_time + delta_time : 0; -- if (delta_time) { -- auth2_time = auth1_time + delta_time; -- } else { -- auth2_time = 0; -- } if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) { if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error"); rtr--; @@@ -836,7 -836,7 +832,7 @@@ nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160 for (i = 101; i < 1200; i++) { -- nttmp = prng_successor(nttmp, 1); ++ nttmp = prng_successor_one(nttmp); if (nttmp == nt2) break; } @@@ -896,6 -896,6 +892,7 @@@ // nested authentication auth2_time = auth1_time + delta_time; ++ len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time); if (len != 4) { if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len); @@@ -906,14 -906,14 +903,18 @@@ if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]); // Parity validity check -- for (j = 0; j < 4; j++) { -- par_array[j] = (oddparity8(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01)); -- } ++// for (j = 0; j < 4; j++) { ++// par_array[j] = (oddparity8(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01)); ++// } ++ par_array[0] = (oddparity8(receivedAnswer[0]) != ((par[0] >> (7-0)) & 0x01)); ++ par_array[1] = (oddparity8(receivedAnswer[1]) != ((par[0] >> (7-1)) & 0x01)); ++ par_array[2] = (oddparity8(receivedAnswer[2]) != ((par[0] >> (7-2)) & 0x01)); ++ par_array[3] = (oddparity8(receivedAnswer[3]) != ((par[0] >> (7-3)) & 0x01)); ncount = 0; nttest = prng_successor(nt1, dmin - 1); for (j = dmin; j < dmax + 1; j++) { -- nttest = prng_successor(nttest, 1); ++ nttest = prng_successor_one(nttest); ks1 = nt2 ^ nttest; if (valid_nonce(nttest, nt2, ks1, par_array)){ @@@ -942,8 -942,8 +943,8 @@@ // ----------------------------- crypto1 destroy crypto1_destroy(pcs); -- byte_t buf[4 + 4 * 4]; -- memcpy(buf, &cuid, 4); ++ byte_t buf[4 + 4 * 4] = {0}; ++ num_to_bytes(cuid, 4, buf); memcpy(buf+4, &target_nt[0], 4); memcpy(buf+8, &target_ks[0], 4); memcpy(buf+12, &target_nt[1], 4); @@@ -986,9 -986,9 +987,9 @@@ void MifareChkKeys(uint16_t arg0, uint8 int OLD_MF_DBGLEVEL = MF_DBGLEVEL; MF_DBGLEVEL = MF_DBG_NONE; ++ LEDsoff(); LED_A_ON(); -- LED_B_OFF(); -- LED_C_OFF(); ++ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); if (clearTrace)