- printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);\r
+ // 20160116 If Sector A is found, but not Sector B, try just reading it of the tag?\r
+ PrintAndLog("testing to read B...");\r
+ for (i = 0; i < SectorsCnt; i++) {\r
+ // KEY A but not KEY B\r
+ if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) {\r
+ \r
+ uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
+ \r
+ UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};\r
+ num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) continue;\r
+ \r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ uint8_t *data = resp.d.asBytes;\r
+\r
+ if (isOK) {\r
+\r
+ key64 = bytes_to_num(data+10, 6);\r
+ if (key64) {\r
+ PrintAndLog("Data:%s", sprint_hex(data+10, 6));\r
+ e_sector[i].foundKey[1] = 1;\r
+ e_sector[i].Key[1] = key64;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ \r
+ t1 = clock() - t1;\r
+ if ( t1 > 0 ) {\r
+ PrintAndLog("Time in nested: %f ticks %1.2f sec (%1.2f sec per key)\n\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC, ((float)t1)/iterations/CLOCKS_PER_SEC);\r
+ }\r
- while(!ukbhit() ){\r
- if ( WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {\r
- if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){\r
- memset(data, 0x00, sizeof(data));\r
- memset(key, 0x00, sizeof(key));\r
- int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];\r
- \r
- memcpy(data, resp.d.asBytes, len);\r
- \r
- uint64_t corr_uid = 0;\r
- if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) {\r
- corr_uid = (data[3] << 24) | (data[2] << 16) | (data[1] << 8) | data[0];\r
- }\r
- else {\r
- corr_uid |= (uint64_t)data[2] << 48; \r
- corr_uid |= (uint64_t)data[1] << 40; \r
- corr_uid |= (uint64_t)data[0] << 32;\r
- corr_uid |= data[7] << 24;\r
- corr_uid |= data[6] << 16;\r
- corr_uid |= data[5] << 8;\r
- corr_uid |= data[4];\r
- }\r
+ PrintAndLog("Press pm3-button or send another cmd to abort simulation");\r
+\r
+ while( !ukbhit() ){\r
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;\r
+\r
+ if ( !(flags & FLAG_NR_AR_ATTACK) ) break;\r
+ \r
+ if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;\r
+\r
+ memset(data, 0x00, sizeof(data));\r
+ memset(key, 0x00, sizeof(key));\r
+ int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];\r
+ \r
+ memcpy(data, resp.d.asBytes, len);\r
+ \r
+ uint64_t corr_uid = 0;\r
+ \r
+ // this IF? what was I thinking of?\r
+ if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) {\r
+ corr_uid = ((uint64_t)(data[3] << 24)) | (data[2] << 16) | (data[1] << 8) | data[0];\r
-static command_t CommandTable[] =\r
-{\r
- {"help", CmdHelp, 1, "This help"},\r
- {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r
- {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r
- {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r
- {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r
- {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r
- {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r
- {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
- {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r
- {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
+static command_t CommandTable[] = {\r
+ {"help", CmdHelp, 1, "This help"},\r
+ {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r
+ {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r
+ {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r
+ {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r
+ {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r
+ {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r
+ {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
+ {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r
+ {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
- {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
- {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
- {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
- {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r
- {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r
- {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r
- {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r
- {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r
- {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r
- {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r
- {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r
- {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r
- {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
- {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
- {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
- {"decrypt", CmdHf14MfDecryptBytes, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
- {NULL, NULL, 0, NULL}\r
+ {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
+ {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
+ {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
+ {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r
+ {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r
+ {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r
+ {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r
+ {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r
+ {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r
+ {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r
+ {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r
+ {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r
+ {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
+ {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
+ {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
+ {"decrypt", CmdHf14MfDecryptBytes, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+ {NULL, NULL, 0, NULL}\r
projects / proxmark3-svn / blobdiff