#include <stdint.h>\r
\r
#include "proxmark3.h"\r
-#include "cmd.h"\r
+#include "usb_cdc.h"\r
#include "crapto1/crapto1.h"\r
#include "iso14443a.h"\r
#include "BigBuf.h"\r
break;\r
};\r
\r
- if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+ if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
break;\r
};\r
}\r
\r
\r
- if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
+ if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST, NULL)) {\r
isOK = 0;\r
if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
}\r
break;\r
};\r
\r
- if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+ if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
break;\r
};\r
}\r
\r
uint32_t nt1;\r
- if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL)) {\r
+ if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("AcquireNonces: Auth1 error");\r
continue;\r
}\r
// MIFARE nested authentication.\r
//\r
//-----------------------------------------------------------------------------\r
-void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)\r
-{\r
- // params\r
+void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain) {\r
+\r
uint8_t blockNo = arg0 & 0xff;\r
uint8_t keyType = (arg0 >> 8) & 0xff;\r
uint8_t targetBlockNo = arg1 & 0xff;\r
\r
ui64Key = bytes_to_num(datain, 6);\r
\r
- // variables\r
uint16_t rtr, i, j, len;\r
uint16_t davg;\r
static uint16_t dmin, dmax;\r
uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;\r
uint8_t par[1];\r
uint32_t target_nt[2], target_ks[2];\r
+ uint8_t target_nt_duplicate_count = 0;\r
\r
uint8_t par_array[4];\r
uint16_t ncount = 0;\r
pcs = &mpcs;\r
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
\r
- uint32_t auth1_time, auth2_time;\r
+ uint32_t auth1_time, auth2_time, authentication_timeout = 0;\r
static uint16_t delta_time;\r
\r
LED_A_ON();\r
- LED_C_OFF();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// free eventually allocated BigBuf memory\r
\r
for (rtr = 0; rtr < 17; rtr++) {\r
\r
- // Test if the action was cancelled\r
- if(BUTTON_PRESS()) {\r
- isOK = -2;\r
- break;\r
- }\r
-\r
// prepare next select. No need to power down the card.\r
- if(mifare_classic_halt(pcs, cuid)) {\r
+ if (mifare_classic_halt(pcs, cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");\r
rtr--;\r
continue;\r
}\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
+ // Test if the action was cancelled\r
+ if (BUTTON_PRESS()) {\r
+ isOK = -2;\r
+ break;\r
+ }\r
+\r
+ if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
rtr--;\r
continue;\r
};\r
\r
auth1_time = 0;\r
- if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
+ if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");\r
rtr--;\r
continue;\r
} else {\r
auth2_time = 0;\r
}\r
- if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {\r
+ if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");\r
rtr--;\r
continue;\r
LED_C_ON();\r
\r
// get crypted nonces for target sector\r
- for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
+ for (i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
\r
target_nt[i] = 0;\r
- while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
+ while (target_nt[i] == 0 && !isOK) { // continue until we have an unambiguous nonce\r
\r
// prepare next select. No need to power down the card.\r
if(mifare_classic_halt(pcs, cuid)) {\r
continue;\r
}\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
+ // break out of the loop on button press\r
+ if (BUTTON_PRESS()) {\r
+ isOK = -2;\r
+ break;\r
+ }\r
+\r
+ if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
continue;\r
- };\r
+ }\r
\r
auth1_time = 0;\r
- if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");\r
+ authentication_timeout = 0;\r
+ if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time, &authentication_timeout)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");\r
continue;\r
- };\r
+ }\r
\r
// nested authentication\r
auth2_time = auth1_time + delta_time;\r
if (len != 4) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);\r
continue;\r
- };\r
+ }\r
\r
nt2 = bytes_to_num(receivedAnswer, 4);\r
if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);\r
target_ks[i] = ks1;\r
ncount++;\r
if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces\r
- target_nt[i] = 0;\r
+ if( ++target_nt_duplicate_count >= NESTED_MAX_TRIES ) { // unable to get a 2nd nonce after NESTED_MAX_TRIES tries, probably a fixed nonce\r
+ if (MF_DBGLEVEL >= 2) Dbprintf("Nonce#2: cannot get nonce that != nonce#1, continuing anyway with single nonce! ntdist=%d", j);\r
+ break;\r
+ }\r
+\r
+ target_nt[1] = 0;\r
if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);\r
break;\r
}\r
// ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
- byte_t buf[4 + 4 * 4];\r
+ uint8_t buf[4 + 4 * 4 + 4];\r
memcpy(buf, &cuid, 4);\r
memcpy(buf+4, &target_nt[0], 4);\r
memcpy(buf+8, &target_ks[0], 4);\r
memcpy(buf+12, &target_nt[1], 4);\r
memcpy(buf+16, &target_ks[1], 4);\r
+ memcpy(buf+20, &authentication_timeout, 4);\r
\r
LED_B_ON();\r
cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
LEDsoff();\r
}\r
\r
+\r
//-----------------------------------------------------------------------------\r
// MIFARE check keys. key count up to 85.\r
//\r
//-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
-{\r
+void MifareChkKeys(uint16_t arg0, uint32_t arg1, uint8_t arg2, uint8_t *datain) {\r
+\r
uint8_t blockNo = arg0 & 0xff;\r
- uint8_t keyType = (arg0 >> 8) & 0xff;\r
+ uint8_t keyType = arg0 >> 8;\r
bool clearTrace = arg1 & 0x01;\r
bool multisectorCheck = arg1 & 0x02;\r
- uint8_t set14aTimeout = (arg1 >> 8) & 0xff;\r
+ bool init = arg1 & 0x04;\r
+ bool drop_field = arg1 & 0x08;\r
+ uint32_t auth_timeout = arg1 >> 16;\r
uint8_t keyCount = arg2;\r
\r
LED_A_ON();\r
\r
- // clear debug level\r
- int OLD_MF_DBGLEVEL = MF_DBGLEVEL;\r
- MF_DBGLEVEL = MF_DBG_NONE;\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
+ if (init) {\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ }\r
+ \r
if (clearTrace) {\r
clear_trace();\r
}\r
set_tracing(true);\r
\r
- if (set14aTimeout){\r
- iso14a_set_timeout(set14aTimeout * 10); // timeout: ms = x/106 35-minimum, 50-OK 106-recommended 500-safe\r
- }\r
+ // clear debug level. We are expecting lots of authentication failures...\r
+ int OLD_MF_DBGLEVEL = MF_DBGLEVEL;\r
+ MF_DBGLEVEL = MF_DBG_NONE;\r
\r
+ int res = 0;\r
if (multisectorCheck) {\r
TKeyIndex keyIndex = {{0}};\r
uint8_t sectorCnt = blockNo;\r
- int res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, OLD_MF_DBGLEVEL, &keyIndex);\r
-\r
+ res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, &auth_timeout, OLD_MF_DBGLEVEL, &keyIndex);\r
if (res >= 0) {\r
- cmd_send(CMD_ACK, 1, 0, 0, keyIndex, 80);\r
+ cmd_send(CMD_ACK, 1, res, 0, keyIndex, 80);\r
} else {\r
- cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
+ cmd_send(CMD_ACK, 0, res, 0, NULL, 0);\r
}\r
} else { \r
- int res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, OLD_MF_DBGLEVEL);\r
- \r
+ res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, &auth_timeout, OLD_MF_DBGLEVEL);\r
if (res > 0) {\r
- cmd_send(CMD_ACK, 1, 0, 0, datain + (res - 1) * 6, 6);\r
+ cmd_send(CMD_ACK, 1, res, 0, datain + (res - 1) * 6, 6);\r
} else {\r
- cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
+ cmd_send(CMD_ACK, 0, res, 0, NULL, 0);\r
}\r
}\r
\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- LED_D_OFF();\r
+ if (drop_field || res != 0) {\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LED_D_OFF();\r
+ }\r
\r
// restore debug level\r
MF_DBGLEVEL = OLD_MF_DBGLEVEL;\r
- \r
+\r
LED_A_OFF();\r
}\r
\r
\r
uint8_t block_number = 0;\r
uint64_t key = bytes_to_num(data, 6);\r
- if (mifare_classic_auth(pcs, cuid, block_number, keyType, key, AUTH_FIRST)) {\r
+ if (mifare_classic_auth(pcs, cuid, block_number, keyType, key, AUTH_FIRST, NULL)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
break;\r
}\r
for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
ui64Key = emlGetKey(sectorNo, keyType);\r
if (sectorNo == 0){\r
- if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
+ if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST, NULL)) {\r
isOK = false;\r
if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);\r
break;\r
}\r
} else {\r
- if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {\r
+ if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED, NULL)) {\r
isOK = false;\r
if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);\r
break;\r