From d1e197e9ec44affdf3ad9ef0ea6a221d0c30aa6d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 22 Nov 2016 01:58:11 +0100 Subject: [PATCH] FIX: the changes to uart.c timings seems to have fixed my problem with the pm3 device getting unresponsive. CHG: "script run hard" now iterates all sectors on the tag and output the table style like "hf mf chkkey" do. --- client/cmdhfmfhard.c | 6 ++- client/loclass/elite_crack.c | 2 - client/proxmark3.c | 1 - client/scripts/hard.lua | 96 ++++++++++++++++++++++++++++++------ client/uart.c | 6 +-- 5 files changed, 89 insertions(+), 22 deletions(-) diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index f9c1415c..3fed7c95 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -803,7 +803,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ while(!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { timeout++; printf("."); - if (timeout > 7) { + if (timeout > 3) { PrintAndLog("\nNo response from Proxmark. Aborting..."); if (fnonces) fclose(fnonces); return 1; @@ -1788,6 +1788,10 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc } else { // acquire nonces. uint16_t is_OK = acquire_nonces(blockNo, keyType, key, trgBlockNo, trgKeyType, nonce_file_write, slow); if (is_OK != 0) { + free_nonces_memory(); + //free_statelist_cache(); + free_candidates_memory(candidates); + candidates = NULL; return is_OK; } } diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index 2395a178..29b7f04d 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -71,7 +71,6 @@ */ void permutekey(uint8_t key[8], uint8_t dest[8]) { - int i; for(i = 0 ; i < 8 ; i++) { @@ -84,7 +83,6 @@ void permutekey(uint8_t key[8], uint8_t dest[8]) (((key[1] & (0x80 >> i)) >> (7-i)) << 1) | (((key[0] & (0x80 >> i)) >> (7-i)) << 0); } - return; } /** diff --git a/client/proxmark3.c b/client/proxmark3.c index 3a654e7a..14674016 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -104,7 +104,6 @@ static void *uart_receiver(void *targ) { txcmd_pending = false; } } - pthread_exit(NULL); return NULL; } diff --git a/client/scripts/hard.lua b/client/scripts/hard.lua index 7671c9d6..93d07a72 100644 --- a/client/scripts/hard.lua +++ b/client/scripts/hard.lua @@ -54,6 +54,38 @@ function ExitMsg(msg) print(msg) print() end +-- A little helper to place an item first in the list +local function placeFirst(akey, list) + akey = akey:lower() + if list[1] == akey then + -- Already at pole position + return list + end + local result = {akey} + --print(("Putting '%s' first"):format(akey)) + for i,v in ipairs(list) do + if v ~= akey then + result[#result+1] = v + end + end + return result +end +-- A function to display the results +-- TODO: iceman 2016, still screws up output when a key is not found. +local function displayresults(results) + local sector, blockNo, keyA, keyB, succA, succB, _ + + print("|---|----------------|---|----------------|---|") + print("|sec|key A |res|key B |res|") + print("|---|----------------|---|----------------|---|") + + for sector,_ in pairs(results) do + succA, succB, keyA, keyB = unpack(_) + print(("|%03d| %s | %s | %s | %s |"):format(sector, keyA, succA, keyB, succB)) + end + print("|---|----------------|---|----------------|---|") + +end --- -- a simple selftest function, local function selftest() @@ -68,13 +100,12 @@ function main(args) local keytype = 0 --A 01==B local key = 'fc00018778f7' local trgkey = '' + local numSectors = 16 - local data -- Read the parameters - for o, a in getopt.getopt(args, 'hk:t') do + for o, a in getopt.getopt(args, 'hk:') do if o == "h" then return help() end if o == "k" then key = a end - if o == "t" then return selftest() end end -- Turn off Debug @@ -90,20 +121,55 @@ function main(args) -- Show tag info print((' Found tag %s'):format(result.name)) - local keys = {} - -- loop - for i=4, 12 , 4 do - for trgkeytype=0,1 do - local trgblockno = ("%02d"):format(i) - local err, found_key = core.hardnested(blockno, keytype, key, trgblockno, trgkeytype, trgkey, 0,0,0,0) - - table.insert( keys , { ["success"] = err, ["sector"] = i, ["type"] = trgkeytype, ["key"] = utils.ConvertAsciiToHex(found_key) } ) - end + if 0x18 == result.sak then --NXP MIFARE Classic 4k | Plus 4k + -- IFARE Classic 4K offers 4096 bytes split into forty sectors, + -- of which 32 are same size as in the 1K with eight more that are quadruple size sectors. + numSectors = 40 + elseif 0x08 == result.sak then -- NXP MIFARE CLASSIC 1k | Plus 2k + -- 1K offers 1024 bytes of data storage, split into 16 sector + numSectors = 16 + elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k + -- MIFARE Classic mini offers 320 bytes split into five sectors. + numSectors = 5 + elseif 0x10 == result.sak then-- "NXP MIFARE Plus 2k" + numSectors = 32 + else + print("I don't know how many sectors there are on this type of card, defaulting to 16") end - --print - for k,v in pairs(keys) do - for a,b in pairs(v) do print(a,b) end + + result = {} + for sector=1,numSectors do + + --[[ + The mifare Classic 1k card has 16 sectors of 4 data blocks each. + The first 32 sectors of a mifare Classic 4k card consists of 4 data blocks and the remaining + 8 sectors consist of 16 data blocks. + --]] + local trgblockno = sector * 4 - 1 + if sector > 32 then + trgblockno = 32 * 4 + (sector-32) * 16 -1 + end + + trgblockno = ("%02d"):format(trgblockno) + + local succA = 1 + local succB = 1 + local errA, keyA = core.hardnested(blockno, keytype, key, trgblockno, '0', trgkey, 0,0,0,0) + keyA = keyA or "" + if errA > 0 then succA = 0 end + + local errB, keyB = core.hardnested(blockno, keytype, key, trgblockno, '1', trgkey, 0,0,0,0) + keyB = keyB or "" + if errB > 0 then succB = 0 end + result[sector] = { succA, succB, utils.ConvertAsciiToHex(keyA), utils.ConvertAsciiToHex(keyB) } + + -- Check if user aborted + if core.ukbhit() then + print("Aborted by user") + break + end end + displayresults(result) end main(args) \ No newline at end of file diff --git a/client/uart.c b/client/uart.c index e538499b..5870ebae 100644 --- a/client/uart.c +++ b/client/uart.c @@ -385,10 +385,10 @@ serial_port uart_open(const char* pcPortName) { return INVALID_SERIAL_PORT; } - sp->ct.ReadIntervalTimeout = 0; - sp->ct.ReadTotalTimeoutMultiplier = 0; + sp->ct.ReadIntervalTimeout = 1; + sp->ct.ReadTotalTimeoutMultiplier = 1; sp->ct.ReadTotalTimeoutConstant = 30; - sp->ct.WriteTotalTimeoutMultiplier = 0; + sp->ct.WriteTotalTimeoutMultiplier = 1; sp->ct.WriteTotalTimeoutConstant = 30; if(!SetCommTimeouts(sp->hPort,&sp->ct)) { -- 2.39.2