]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmf.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
some text changes.
[proxmark3-svn] / client / cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index d6e394442c4c9cfcb5a95c42d5ae71f7f023d276..a8a1eb804400d93912139187c53298fff95ff6ec 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -213,9 +213,16 @@ start:
        }       \r
        printf("\n");\r
        \r
        }       \r
        printf("\n");\r
        \r
-       // par == 0\r
-       if (isOK == -1 && par_list == 0) {\r
-               if (!nonce2key_ex(uid, nt, nr, ks_list, &r_key) ){\r
+       // par == 0,  and -4\r
+       if (isOK == -4 && par_list == 0) {\r
+               // this special attack when parities is zero, uses checkkeys. Which now with block/keytype option also needs. \r
+               // but it uses 0|1 instead of 0x60|0x61...\r
+               if (nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+                       PrintAndLog("Key not found (lfsr_common_prefix list is null).");        \r
+                       PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
+                       c.arg[0] = false;\r
+                       goto start;\r
+               } else {\r
                        PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
                        goto END;\r
                }\r
                        PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
                        goto END;\r
                }\r
@@ -232,6 +239,16 @@ start:
                c.arg[0] = false;\r
                goto start;\r
        } else {\r
                c.arg[0] = false;\r
                goto start;\r
        } else {\r
+               \r
+               // nonce2key found a candidate key.  Lets verify it.\r
+               uint8_t keyblock[] = {0,0,0,0,0,0};\r
+               num_to_bytes(r_key, 6, keyblock);\r
+               uint64_t key64 = 0;\r
+               int res = mfCheckKeys(blockNo, keytype - 0x60 , false, 1, keyblock, &key64);\r
+               if ( res > 0 ) {\r
+                       PrintAndLog("Candidate Key found (%012"llx") - Test authentication failed. Starting over darkside attack", r_key);      \r
+                       goto start;\r
+               }\r
                PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
        }\r
 END:\r
                PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
        }\r
 END:\r
Proxmark3 GIT tracking
Impressum, Datenschutz