]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/scripts/mifare_autopwn.lua
mf 1k sim reader attack cleanup
[proxmark3-svn] / client / scripts / mifare_autopwn.lua
index 8d0d358fa72590936992ac147dff9cab4c55d015..ce6db3c00767091c2ab5cd3a61e7d643bcea8d5a 100644 (file)
@@ -88,10 +88,35 @@ function mfcrack_inner()
        while not core.ukbhit() do              
                local result = core.WaitForResponseTimeout(cmds.CMD_ACK,1000)
                if result then
-                       -- Unpacking the three arg-parameters
-                       local count,cmd,isOK = bin.unpack('LL',result)
 
-                       if isOK ~= 1 then return nil, "Error occurred" end
+                       --[[
+                       I don't understand, they cmd and args are defined as uint32_t, however, 
+                       looking at the returned data, they all look like 64-bit things: 
+
+                       print("result", bin.unpack("HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH", result))
+
+                       FF      00      00      00      00      00      00      00      <-- 64 bits of data
+                       FE      FF      FF      FF      00      00      00      00      <-- 64 bits of data
+                       00      00      00      00      00      00      00      00      <-- 64 bits of data
+                       00      00      00      00      00      00      00      00      <-- 64 bits of data
+                       04      7F      12      E2      00             <-- this is where 'data' starts
+
+                       So below I use LI to pick out the "FEFF FFFF", don't know why it works.. 
+                       --]]
+                       -- Unpacking the arg-parameters
+                       local count,cmd,isOK = bin.unpack('LI',result)
+                       --print("response", isOK)--FF FF FF FF
+                       if isOK == 0xFFFFFFFF then
+                               return nil, "Button pressed. Aborted."
+                       elseif isOK == 0xFFFFFFFE then
+                               return nil, "Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests). You can try 'script run mfkeys' or 'hf mf chk' to test various known keys."
+                       elseif isOK == 0xFFFFFFFD then
+                               return nil, "Card is not vulnerable to Darkside attack (its random number generator is not predictable). You can try 'script run mfkeys' or 'hf mf chk' to test various known keys."
+                       elseif isOK == 0xFFFFFFFC then
+                               return nil, "The card's random number generator behaves somewhat weird (Mifare clone?). You can try 'script run mfkeys' or 'hf mf chk' to test various known keys."
+                       elseif isOK ~= 1 then 
+                               return nil, "Error occurred" 
+                       end
 
 
                        -- The data-part is left
@@ -133,6 +158,8 @@ function nested(key,sak)
                typ = 0
        elseif  0x10 == sak then-- "NXP MIFARE Plus 2k"
                typ = 2
+       elseif  0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
+               typ = 1
        else
                print("I don't know how many sectors there are on this type of card, defaulting to 16")
        end
Impressum, Datenschutz