X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0194ce8fc842da0e40b9d7bbfcb1837f508de9ce..fa5118e7308c1beebf84f4a6664be7923a6bea04:/client/cmdhf14a.c diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index d0486bd1..9f40e754 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -23,6 +23,7 @@ #include "common.h" #include "cmdmain.h" #include "mifare.h" +#include "cmdhfmf.h" #include "cmdhfmfu.h" #include "nonce2key/nonce2key.h" #include "cmdhf.h" @@ -142,9 +143,9 @@ int usage_hf_14a_sim(void) { // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); - PrintAndLog("\n sample : hf 14a sim t 1 u 1122344 x"); - PrintAndLog(" : hf 14a sim t 1 u 1122344"); - PrintAndLog(" : hf 14a sim t 1 u 1122344556677"); + PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); + PrintAndLog(" : hf 14a sim t 1 u 11223344"); + PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); // PrintAndLog(" : hf 14a sim t 1 u 11223445566778899AA\n"); return 0; } @@ -500,15 +501,13 @@ int CmdHF14ACUIDs(const char *Cmd) { // ## simulate iso14443a tag // ## greg - added ability to specify tag UID int CmdHF14ASim(const char *Cmd) { + #define ATTACK_KEY_COUNT 8 bool errors = FALSE; uint8_t flags = 0; uint8_t tagtype = 1; uint8_t cmdp = 0; uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; - uint8_t data[40]; - uint8_t key[6] = {0,0,0,0,0,0}; - UsbCommand resp; bool useUIDfromEML = TRUE; while(param_getchar(Cmd, cmdp) != 0x00) { @@ -562,30 +561,27 @@ int CmdHF14ASim(const char *Cmd) { PrintAndLog("Press pm3-button to abort simulation"); UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }}; - memcpy(c.d.asBytes, uid, uidlen); + memcpy(c.d.asBytes, uid, uidlen>>1); clearCommandBuffer(); SendCommand(&c); - while(!ukbhit()){ - if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){ - memset(data, 0x00, sizeof(data)); - memset(key, 0x00, sizeof(key)); - int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1]; - memcpy(data, resp.d.asBytes, len); - uint32_t cuid = bytes_to_num(data, 4); - tryMfk32(cuid, data, key); // 201604, iceman, errors! - //tryMfk32_moebius(cuid, data, key); - //tryMfk64(cuid, data, key); - } - } + nonces_t data[ATTACK_KEY_COUNT*2]; + UsbCommand resp; + + while( !ukbhit() ){ + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; + + if ( !(flags & FLAG_NR_AR_ATTACK) ) break; + if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; + + memcpy( data, resp.d.asBytes, sizeof(data) ); + readerAttack(data, TRUE); } return 0; } int CmdHF14ASniff(const char *Cmd) { - int param = 0; - + int param = 0; uint8_t ctmp = param_getchar(Cmd, 0) ; if (ctmp == 'h' || ctmp == 'H') return usage_hf_14a_sniff(); @@ -763,8 +759,7 @@ static void waitCmd(uint8_t iSelect) { } } -static command_t CommandTable[] = -{ +static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, @@ -776,11 +771,7 @@ static command_t CommandTable[] = }; int CmdHF14A(const char *Cmd) { - // flush clearCommandBuffer(); - //WaitForResponseTimeout(CMD_ACK,NULL,100); - - // parse CmdsParse(CommandTable, Cmd); return 0; }