add psk to em4x05 reads and tweak psk demod

[proxmark3-svn] / armsrc / iso14443a.c
diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c

index f47c8a798f1334f72bf02912ff9008136e790906..83907fce18b72c9b5407949c460b5e85d16a593a 100644 (file)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -2329,6 +2329,7 @@ typedef struct {
    * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
    * FLAG_10B_UID_IN_DATA       - use 10-byte UID in the data-section not finished
    *    FLAG_NR_AR_ATTACK  - means we should collect NR_AR responses for bruteforcing later
    * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
    * FLAG_10B_UID_IN_DATA       - use 10-byte UID in the data-section not finished
    *    FLAG_NR_AR_ATTACK  - means we should collect NR_AR responses for bruteforcing later
+  * FLAG_RANDOM_NONCE - means we should generate some pseudo-random nonce data (only allows moebius attack)
    *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
    * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
    */
    *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
    * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
    */
@@ -2375,19 +2376,24 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
  
         //allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
         #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
  
         //allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
         #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
-       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types
+       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
         memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
  
         memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
  
-       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2];
+       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
         memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
         memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
-       bool gettingMoebius = false;
         uint8_t nonce1_count = 0;
         uint8_t nonce2_count = 0;
         uint8_t moebius_n_count = 0;
         uint8_t nonce1_count = 0;
         uint8_t nonce2_count = 0;
         uint8_t moebius_n_count = 0;
+       bool gettingMoebius = false;
         uint8_t mM = 0; //moebius_modifier for collection storage
  
         // Authenticate response - nonce
         uint8_t mM = 0; //moebius_modifier for collection storage
  
         // Authenticate response - nonce
-       uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
+       uint32_t nonce;
+       if (flags & FLAG_RANDOM_NONCE) {
+               nonce = prand();
+       } else {
+               nonce = bytes_to_num(rAUTH_NT, 4);
+       }
         
         //-- Determine the UID
         // Can be set from emulator memory, incoming data
         
         //-- Determine the UID
         // Can be set from emulator memory, incoming data
@@ -2511,7 +2517,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                 cardSTATE_TO_IDLE();
                                 LED_A_ON();
                         }
                                 cardSTATE_TO_IDLE();
                                 LED_A_ON();
                         }
-               } 
+               }
                 if (cardSTATE == MFEMUL_NOFIELD) continue;
  
                 //Now, get data
                 if (cardSTATE == MFEMUL_NOFIELD) continue;
  
                 //Now, get data
@@ -2523,7 +2529,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                 } else if (res == 1) {
                         break;  //return value 1 means button press
                 }
                 } else if (res == 1) {
                         break;  //return value 1 means button press
                 }
-                       
+
                 // REQ or WUP request in ANY state and WUP in HALTED state
                 if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
                         selTimer = GetTickCount();
                 // REQ or WUP request in ANY state and WUP in HALTED state
                 if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
                         selTimer = GetTickCount();
@@ -2535,6 +2541,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                         LED_C_OFF();
                         crypto1_destroy(pcs);
                         cardAUTHKEY = 0xff;
                         LED_C_OFF();
                         crypto1_destroy(pcs);
                         cardAUTHKEY = 0xff;
+                       if (flags & FLAG_RANDOM_NONCE) {
+                               nonce = prand();
+                       }
                         continue;
                 }
                 
                         continue;
                 }
                 
@@ -2656,7 +2665,11 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                                                                                 // switch to moebius collection
                                                                                                 gettingMoebius = true;
                                                                                                 mM = ATTACK_KEY_COUNT;
                                                                                                 // switch to moebius collection
                                                                                                 gettingMoebius = true;
                                                                                                 mM = ATTACK_KEY_COUNT;
-                                                                                               nonce = nonce*7;
+                                                                                               if (flags & FLAG_RANDOM_NONCE) {
+                                                                                                       nonce = prand();
+                                                                                               } else {
+                                                                                                       nonce = nonce*7;
+                                                                                               }
                                                                                                 break;
                                                                                         }
                                                                                 } else {
                                                                                                 break;
                                                                                         }
                                                                                 } else {
@@ -2992,7 +3005,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                 //Send the collected ar_nr in the response
                 cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
         }
                 //Send the collected ar_nr in the response
                 cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,button_pushed,0,&ar_nr_resp,sizeof(ar_nr_resp));
         }
-       
  }
  
  
  }