]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmf.c
UPD: got the latest updates (@badboy) from @zhovner mfdread.
[proxmark3-svn] / client / cmdhfmf.c
index 5465c4d4ca1a6abdb53cc268e4eb6b3e6d60e4c7..6ddf845aa446ab7fbaf00117eb9e7631d694e404 100644 (file)
@@ -217,7 +217,12 @@ start:
        if (isOK == -4 && par_list == 0) {\r
                // this special attack when parities is zero, uses checkkeys. Which now with block/keytype option also needs. \r
                // but it uses 0|1 instead of 0x60|0x61...\r
-               if (!nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+               if (nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+                       PrintAndLog("Key not found (lfsr_common_prefix list is null).");        \r
+                       PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
+                       c.arg[0] = false;\r
+                       goto start;\r
+               } else {\r
                        PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
                        goto END;\r
                }\r
@@ -234,6 +239,16 @@ start:
                c.arg[0] = false;\r
                goto start;\r
        } else {\r
+               \r
+               // nonce2key found a candidate key.  Lets verify it.\r
+               uint8_t keyblock[] = {0,0,0,0,0,0};\r
+               num_to_bytes(r_key, 6, keyblock);\r
+               uint64_t key64 = 0;\r
+               int res = mfCheckKeys(blockNo, keytype - 0x60 , false, 1, keyblock, &key64);\r
+               if ( res > 0 ) {\r
+                       PrintAndLog("Candidate Key found (%012"llx") - Test authentication failed. Starting over darkside attack", r_key);      \r
+                       goto start;\r
+               }\r
                PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
        }\r
 END:\r
@@ -1035,7 +1050,7 @@ int CmdHF14AMfNestedHard(const char *Cmd) {
                        slow ? "Yes" : "No",\r
                        tests);\r
 \r
-       int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow, tests);\r
+       int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key ? trgkey : NULL, nonce_file_read, nonce_file_write, slow, tests);\r
 \r
        if (isOK) {\r
                switch (isOK) {\r
@@ -2433,9 +2448,9 @@ static command_t CommandTable[] = {
        {"dump",                CmdHF14AMfDump,                 0, "Dump MIFARE classic tag to binary file"},\r
        {"restore",             CmdHF14AMfRestore,              0, "Restore MIFARE classic binary file to BLANK tag"},\r
        {"wrbl",                CmdHF14AMfWrBl,                 0, "Write MIFARE classic block"},\r
-       {"chk",                 CmdHF14AMfChk,                  0, "Test block keys"},\r
-       {"mifare",              CmdHF14AMifare,                 0, "Read parity error messages."},\r
-       {"nested",              CmdHF14AMfNested,               0, "Test nested authentication"},\r
+       {"chk",                 CmdHF14AMfChk,                  0, "Check keys"},\r
+       {"mifare",              CmdHF14AMifare,                 0, "Darkside attack. read parity error messages."},\r
+       {"nested",              CmdHF14AMfNested,               0, "Nested attack. Test nested authentication"},\r
        {"hardnested",  CmdHF14AMfNestedHard,   0, "Nested attack for hardened Mifare cards"},\r
        {"keybrute",    CmdHF14AMfKeyBrute,             0, "J_Run's 2nd phase of multiple sector nested authentication key recovery"},\r
        {"sniff",               CmdHF14AMfSniff,                0, "Sniff card-reader communication"},\r
Impressum, Datenschutz