From fef399044428a047c9f998e408770e68610a4cbd Mon Sep 17 00:00:00 2001 From: douniwan5788 Date: Thu, 21 Apr 2016 15:44:24 +0800 Subject: [PATCH] support parity attack for any block --- armsrc/appmain.c | 2 +- armsrc/apps.h | 2 +- armsrc/iso14443a.c | 6 ++++-- client/cmdhfmf.c | 19 ++++++++++++++++++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 475b1c1b..4807bc1b 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1110,7 +1110,7 @@ void UsbPacketReceived(uint8_t *packet, int len) break; case CMD_READER_MIFARE: - ReaderMifare(c->arg[0]); + ReaderMifare(c->arg[0], c->arg[1], c->arg[2]); break; case CMD_MIFARE_READBL: MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); diff --git a/armsrc/apps.h b/armsrc/apps.h index 4d4c8083..bef48d3e 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -113,7 +113,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c); void EPA_PACE_Replay(UsbCommand *c); // mifarecmd.h -void ReaderMifare(bool first_try); +void ReaderMifare(bool first_try, uint8_t blockNo, uint8_t keyType); int32_t dist_nt(uint32_t nt1, uint32_t nt2); void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 27574dad..5a602c79 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2022,16 +2022,18 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) { // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime" // (article by Nicolas T. Courtois, 2009) //----------------------------------------------------------------------------- -void ReaderMifare(bool first_try) +void ReaderMifare(bool first_try, uint8_t blockNo, uint8_t keyType) { // Mifare AUTH - uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b }; + uint8_t mf_auth[] = { 0x60 + (keyType & 0x01), blockNo ,0x00,0x00 }; uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; static uint8_t mf_nr_ar3; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; + AppendCrc14443a(mf_auth, 2); + if (first_try) { iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 48e78b1c..181c9316 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -19,7 +19,24 @@ int CmdHF14AMifare(const char *Cmd) uint64_t par_list = 0, ks_list = 0, r_key = 0; int16_t isOK = 0; - UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}}; + uint8_t blockNo = 0, keyType = 0; + char cmdp = 0x00; + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mf mifare "); + PrintAndLog(" sample: hf mf mi 0 A"); + return 0; + } + + blockNo = param_get8(Cmd, 0); + cmdp = param_getchar(Cmd, 1); + if (cmdp == 0x00) { + PrintAndLog("Key type must be A or B"); + return 1; + } + if (cmdp != 'A' && cmdp != 'a') keyType = 1; + + UsbCommand c = {CMD_READER_MIFARE, {true, blockNo, keyType}}; // message printf("-------------------------------------------------------------------------\n"); -- 2.39.5