} \r
printf("\n");\r
\r
- // par == 0\r
- if (isOK == -1 && par_list == 0) {\r
- if (!nonce2key_ex(uid, nt, nr, ks_list, &r_key) ){\r
+ // par == 0, and -4\r
+ if (isOK == -4 && par_list == 0) {\r
+ // this special attack when parities is zero, uses checkkeys. Which now with block/keytype option also needs. \r
+ // but it uses 0|1 instead of 0x60|0x61...\r
+ if (nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+ PrintAndLog("Key not found (lfsr_common_prefix list is null)."); \r
+ PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
+ c.arg[0] = false;\r
+ goto start;\r
+ } else {\r
PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
goto END;\r
}\r
c.arg[0] = false;\r
goto start;\r
} else {\r
+ \r
+ // nonce2key found a candidate key. Lets verify it.\r
+ uint8_t keyblock[] = {0,0,0,0,0,0};\r
+ num_to_bytes(r_key, 6, keyblock);\r
+ uint64_t key64 = 0;\r
+ int res = mfCheckKeys(blockNo, keytype - 0x60 , false, 1, keyblock, &key64);\r
+ if ( res > 0 ) {\r
+ PrintAndLog("Candidate Key found (%012"llx") - Test authentication failed. Starting over darkside attack", r_key); \r
+ goto start;\r
+ }\r
PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
}\r
END:\r
projects / proxmark3-svn / blobdiff