From: Michael Farrell Date: Thu, 27 Oct 2016 10:38:53 +0000 (+1100) Subject: hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue... X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/dfdbfa0702c77877a5b5b9bdf6dcef2d6b550cdf hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45) --- diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index b404d449..41528b8e 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -143,6 +143,7 @@ int usage_hf_14a_sim(void) { // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); + PrintAndLog(" m : (Optional) Show maths used for cracking reader. Useful for debugging."); PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); PrintAndLog(" : hf 14a sim t 1 u 11223344"); PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); @@ -447,12 +448,18 @@ int CmdHF14ASim(const char *Cmd) { uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; bool useUIDfromEML = TRUE; + bool showMaths = false; while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'h': case 'H': return usage_hf_14a_sim(); + case 'm': + case 'M': + showMaths = true; + cmdp++; + break; case 't': case 'T': // Retrieve the tag type @@ -513,7 +520,7 @@ int CmdHF14ASim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, TRUE); + readerAttack(data, TRUE, showMaths); } return 0; } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 99a91ced..36896c89 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -32,6 +32,7 @@ int usage_hf14_mf1ksim(void){ PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted"); PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); PrintAndLog(" e (Optional) Fill simulator keys from what we crack"); + PrintAndLog(" m (Optional) Show maths used for cracking reader. Useful for debugging."); PrintAndLog("samples:"); PrintAndLog(" hf mf sim u 0a0a0a0a"); PrintAndLog(" hf mf sim u 11223344556677"); @@ -1364,7 +1365,7 @@ int CmdHF14AMfChk(const char *Cmd) { #define ATTACK_KEY_COUNT 8 sector *k_sector = NULL; uint8_t k_sectorsCount = 16; -void readerAttack(nonces_t data[], bool setEmulatorMem) { +void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths) { // initialize storage for found keys if (k_sector == NULL) @@ -1413,7 +1414,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) { } #endif //moebius attack - if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) { + if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, showMaths)) { uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector; uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype; @@ -1449,11 +1450,14 @@ int CmdHF14AMf1kSim(const char *Cmd) { uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; uint8_t exitAfterNReads = 0; uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA); - int uidlen = 0; + int uidlen = 0; bool setEmulatorMem = false; uint8_t cmdp = 0; bool errors = false; + // If set to true, we should show our workings when doing NR_AR_ATTACK. + bool showMaths = false; + while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'e': @@ -1469,6 +1473,11 @@ int CmdHF14AMf1kSim(const char *Cmd) { flags |= FLAG_INTERACTIVE; cmdp++; break; + case 'm': + case 'M': + showMaths = true; + cmdp++; + break; case 'n': case 'N': exitAfterNReads = param_get8(Cmd, cmdp+1); @@ -1524,7 +1533,7 @@ int CmdHF14AMf1kSim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, setEmulatorMem); + readerAttack(data, setEmulatorMem, showMaths); } if (k_sector != NULL) { diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h index 738b3432..d381a852 100644 --- a/client/cmdhfmf.h +++ b/client/cmdhfmf.h @@ -28,19 +28,19 @@ #include "nonce2key/nonce2key.h" int CmdHFMF(const char *Cmd); - -int CmdHF14AMfDbg(const char* cmd); -int CmdHF14AMfRdBl(const char* cmd); -int CmdHF14AMfURdBl(const char* cmd); -int CmdHF14AMfRdSc(const char* cmd); -int CmdHF14SMfURdCard(const char* cmd); -int CmdHF14AMfDump(const char* cmd); -int CmdHF14AMfRestore(const char* cmd); -int CmdHF14AMfWrBl(const char* cmd); -int CmdHF14AMfUWrBl(const char* cmd); -int CmdHF14AMfChk(const char* cmd); -int CmdHF14AMifare(const char* cmd); -int CmdHF14AMfNested(const char* cmd); + +int CmdHF14AMfDbg(const char* cmd); +int CmdHF14AMfRdBl(const char* cmd); +int CmdHF14AMfURdBl(const char* cmd); +int CmdHF14AMfRdSc(const char* cmd); +int CmdHF14SMfURdCard(const char* cmd); +int CmdHF14AMfDump(const char* cmd); +int CmdHF14AMfRestore(const char* cmd); +int CmdHF14AMfWrBl(const char* cmd); +int CmdHF14AMfUWrBl(const char* cmd); +int CmdHF14AMfChk(const char* cmd); +int CmdHF14AMifare(const char* cmd); +int CmdHF14AMfNested(const char* cmd); int CmdHF14AMfNestedHard(const char *Cmd); int CmdHF14AMfSniff(const char* cmd); int CmdHF14AMf1kSim(const char* cmd); @@ -60,6 +60,6 @@ int CmdHF14AMfCLoad(const char* cmd); int CmdHF14AMfCSave(const char* cmd); int CmdHf14MfDecryptBytes(const char *Cmd); -void readerAttack(nonces_t data[], bool setEmulatorMem); +void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths); void printKeyTable( uint8_t sectorscnt, sector *e_sector ); #endif diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index 14b03bcb..aeaecbe6 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -208,7 +208,7 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) { return isSuccess; } -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths) { struct Crypto1State *s, *t; uint64_t outkey = 0; uint64_t key = 0; // recovered key @@ -223,24 +223,28 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { bool isSuccess = FALSE; int counter = 0; - printf("Recovering key for:\n"); - printf(" uid: %08x\n",uid); - printf(" nt_0: %08x\n",nt0); - printf(" {nr_0}: %08x\n",nr0_enc); - printf(" {ar_0}: %08x\n",ar0_enc); - printf(" nt_1: %08x\n",nt1); - printf(" {nr_1}: %08x\n",nr1_enc); - printf(" {ar_1}: %08x\n",ar1_enc); + if (showMaths) { + printf("Recovering key for:\n"); + printf(" uid: %08x\n", uid); + printf(" nt_0: %08x\n", nt0); + printf(" {nr_0}: %08x\n", nr0_enc); + printf(" {ar_0}: %08x\n", ar0_enc); + printf(" nt_1: %08x\n", nt1); + printf(" {nr_1}: %08x\n", nr1_enc); + printf(" {ar_1}: %08x\n", ar1_enc); + } //PrintAndLog("Enter mfkey32_moebius"); clock_t t1 = clock(); - printf("\nLFSR succesors of the tag challenge:\n"); uint32_t p640 = prng_successor(nt0, 64); uint32_t p641 = prng_successor(nt1, 64); - printf(" nt': %08x\n", p640); - printf(" nt'': %08x\n", prng_successor(p640, 32)); + if (showMaths) { + printf("\nLFSR succesors of the tag challenge:\n"); + printf(" nt': %08x\n", p640); + printf(" nt'': %08x\n", prng_successor(p640, 32)); + } s = lfsr_recovery32(ar0_enc ^ p640, 0); diff --git a/client/nonce2key/nonce2key.h b/client/nonce2key/nonce2key.h index e8e2a01b..b274feca 100644 --- a/client/nonce2key/nonce2key.h +++ b/client/nonce2key/nonce2key.h @@ -28,7 +28,7 @@ extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t //iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim" bool tryMfk32(nonces_t data, uint64_t *outputkey ); -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey ); // <<-- this one has best success +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths ); // <<-- this one has best success int tryMfk64_ex(uint8_t *data, uint64_t *outputkey ); int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey); #endif