//-----------------------------------------------------------------------------\r
\r
#include "cmdhfmf.h"\r
+#include "cmdhfmfhard.h"\r
#include "nonce2key/nonce2key.h"\r
\r
static int CmdHelp(const char *Cmd);\r
case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).\n"); break;\r
case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable).\n"); break;\r
case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown");\r
- PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour.\n"); break;\r
+ PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour.\n"); break;\r
default: ;\r
}\r
break;\r
return 0;\r
}\r
\r
+int CmdHF14AMfNestedHard(const char *Cmd)\r
+{\r
+ uint8_t blockNo = 0;\r
+ uint8_t keyType = 0;\r
+ uint8_t trgBlockNo = 0;\r
+ uint8_t trgKeyType = 0;\r
+ uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
+ \r
+ char ctmp;\r
+ ctmp = param_getchar(Cmd, 0);\r
+ if (ctmp != 'R' && ctmp != 'r' && strlen(Cmd) < 20) {\r
+ PrintAndLog("Usage:");\r
+ PrintAndLog(" hf mf hardnested <block number> <key A|B> <key (12 hex symbols)>");\r
+ PrintAndLog(" <target block number> <target key A|B> [w] [s]");\r
+ PrintAndLog(" or hf mf hardnested r");\r
+ PrintAndLog(" ");\r
+ PrintAndLog("Options: ");\r
+ PrintAndLog(" w: Acquire nonces and write them to binary file nonces.bin");\r
+ PrintAndLog(" s: Slower acquisition (required by some non standard cards)");\r
+ PrintAndLog(" r: Read nonces.bin and start attack");\r
+ PrintAndLog(" ");\r
+ PrintAndLog(" sample1: hf mf hardnested 0 A FFFFFFFFFFFF 4 A");\r
+ PrintAndLog(" sample2: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w");\r
+ PrintAndLog(" sample3: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w s");\r
+ PrintAndLog(" sample4: hf mf hardnested r");\r
+\r
+ return 0;\r
+ } \r
+ \r
+ bool nonce_file_read = false;\r
+ bool nonce_file_write = false;\r
+ bool slow = false;\r
+ \r
+ if (ctmp == 'R' || ctmp == 'r') {\r
+\r
+ nonce_file_read = true;\r
+\r
+ } else {\r
+\r
+ blockNo = param_get8(Cmd, 0);\r
+ ctmp = param_getchar(Cmd, 1);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a') { \r
+ keyType = 1;\r
+ }\r
+ \r
+ if (param_gethex(Cmd, 2, key, 12)) {\r
+ PrintAndLog("Key must include 12 HEX symbols");\r
+ return 1;\r
+ }\r
+ \r
+ trgBlockNo = param_get8(Cmd, 3);\r
+ ctmp = param_getchar(Cmd, 4);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Target key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a') {\r
+ trgKeyType = 1;\r
+ }\r
+\r
+ uint16_t i = 5;\r
+ while ((ctmp = param_getchar(Cmd, i))) {\r
+ if (ctmp == 's' || ctmp == 'S') {\r
+ slow = true;\r
+ } else if (ctmp == 'w' || ctmp == 'W') {\r
+ nonce_file_write = true;\r
+ } else {\r
+ PrintAndLog("Possible options are w and/or s");\r
+ return 1;\r
+ }\r
+ i++;\r
+ }\r
+ }\r
+\r
+ PrintAndLog("--target block no:%3d, target key type:%c, file action: %s, Slow: %s ", \r
+ trgBlockNo, \r
+ trgKeyType?'B':'A', \r
+ nonce_file_write?"write":nonce_file_read?"read":"none",\r
+ slow?"Yes":"No");\r
+ int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, nonce_file_read, nonce_file_write, slow);\r
+ if (isOK) {\r
+ switch (isOK) {\r
+ case 1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+ case 2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+ default : break;\r
+ }\r
+ return 2;\r
+ }\r
+\r
+ return 0;\r
+}\r
+\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
{"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
{"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r
{"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
+ {"hardnested", CmdHF14AMfNestedHard, 0, "Nested attack for hardened Mifare cards"},\r
{"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
{"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
{"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
projects / proxmark3-svn / blobdiff