X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2b1f4228c2987459445d30443f92038f9ea080c6..93b0bbd2dc1e5e7c5719db58761ae38c0a90c0f4:/client/cmdhfmf.c

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index b2d5494f..177d2632 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -29,6 +29,7 @@ int CmdHF14AMifare(const char *Cmd)
 	printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n");
 	printf("-------------------------------------------------------------------------\n");
 
+	time_t time1 = clock();
 	
 start:
     clearCommandBuffer();
@@ -86,6 +87,7 @@ start:
 		PrintAndLog("Found valid key: %012"llx" \n", r_key);
 	}
 	
+	PrintAndLog("Time in darkside: %1.0f seconds", (float)(clock() - time1)/CLOCKS_PER_SEC);
 	PrintAndLog("");
 	return 0;
 }
@@ -662,8 +664,7 @@ int CmdHF14AMfNested(const char *Cmd)
 		}
 	}
 	else { // ------------------------------------  multiple sectors working
-		clock_t time1;
-		time1 = clock();
+		clock_t time1 = clock();
 
 		e_sector = calloc(SectorsCnt, sizeof(sector));
 		if (e_sector == NULL) return 1;
@@ -733,7 +734,38 @@ int CmdHF14AMfNested(const char *Cmd)
 			}
 		}
 
-		printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);
+		// 20160116 If Sector A is found, but not Sector B,  try just reading it of the tag?
+		PrintAndLog("testing to read B...");
+		for (i = 0; i < SectorsCnt; i++) {
+			// KEY A  but not KEY B
+			if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) {
+				
+				uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
+				
+				UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};
+				num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A
+				clearCommandBuffer();
+				SendCommand(&c);
+
+				UsbCommand resp;
+				if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) continue;
+					
+				uint8_t isOK  = resp.arg[0] & 0xff;
+				uint8_t *data = resp.d.asBytes;
+
+				if (isOK) {
+
+					key64 = bytes_to_num(data+10, 6);
+					if (key64) {
+						PrintAndLog("Data:%s", sprint_hex(data+10, 6));
+						e_sector[i].foundKey[1] = 1;
+						e_sector[i].Key[1] = key64;
+					}
+				}
+			}
+		}
+		
+		PrintAndLog("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);
 		
 		PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations);
 		//print them
@@ -742,7 +774,11 @@ int CmdHF14AMfNested(const char *Cmd)
 		PrintAndLog("|---|----------------|---|----------------|---|");
 		for (i = 0; i < SectorsCnt; i++) {
 			PrintAndLog("|%03d|  %012"llx"  | %d |  %012"llx"  | %d |", i,
-				e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);
+				e_sector[i].Key[0], 
+				e_sector[i].foundKey[0], 
+				e_sector[i].Key[1], 
+				e_sector[i].foundKey[1]
+			);
 		}
 		PrintAndLog("|---|----------------|---|----------------|---|");
 		
@@ -804,7 +840,7 @@ int CmdHF14AMfNestedHard(const char *Cmd)
 	char ctmp;
 	ctmp = param_getchar(Cmd, 0);
 
-	if (ctmp != 'R' && ctmp != 'r' && strlen(Cmd) < 20) {
+	if (ctmp != 'R' && ctmp != 'r' && ctmp != 'T' && ctmp != 't' && strlen(Cmd) < 20) {
 		PrintAndLog("Usage:");
 		PrintAndLog("      hf mf hardnested <block number> <key A|B> <key (12 hex symbols)>");
 		PrintAndLog("                       <target block number> <target key A|B> [known target key (12 hex symbols)] [w] [s]");
@@ -829,15 +865,17 @@ int CmdHF14AMfNestedHard(const char *Cmd)
 	bool nonce_file_read = false;
 	bool nonce_file_write = false;
 	bool slow = false;
+	int tests = 0;
+	
 	
 	if (ctmp == 'R' || ctmp == 'r') {
 		nonce_file_read = true;
 		if (!param_gethex(Cmd, 1, trgkey, 12)) {
 			know_target_key = true;
 		}
-
+	} else if (ctmp == 'T' || ctmp == 't') {
+		tests = param_get32ex(Cmd, 1, 100, 10);
 	} else {
-
 		blockNo = param_get8(Cmd, 0);
 		ctmp = param_getchar(Cmd, 1);
 		if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {
@@ -883,15 +921,16 @@ int CmdHF14AMfNestedHard(const char *Cmd)
 		}
 	}
 
-	PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s ", 
+	PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s, Tests: %d ", 
 			trgBlockNo, 
 			trgKeyType?'B':'A', 
 			trgkey[0], trgkey[1], trgkey[2], trgkey[3], trgkey[4], trgkey[5],
 			know_target_key?"":" (not set)",
 			nonce_file_write?"write":nonce_file_read?"read":"none",
-			slow?"Yes":"No");
+			slow?"Yes":"No",
+			tests);
 
-	int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow);
+	int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow, tests);
 
 	if (isOK) {
 		switch (isOK) {
@@ -988,6 +1027,7 @@ int CmdHF14AMfChk(const char *Cmd)
 		break;
 	default:
 		PrintAndLog("Key type must be A , B or ?");
+		free(keyBlock);
 		return 1;
 	};
 	
@@ -1039,6 +1079,7 @@ int CmdHF14AMfChk(const char *Cmd)
 						if (!p) {
 							PrintAndLog("Cannot allocate memory for defKeys");
 							free(keyBlock);
+							fclose(f);
 							return 2;
 						}
 						keyBlock = p;
@@ -1078,7 +1119,9 @@ int CmdHF14AMfChk(const char *Cmd)
 			}
 		}
 	}
-	
+	// time
+	time_t time1 = clock();
+		
 	for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) {
 		int b=blockNo;
 		for (int i = 0; i < SectorsCnt; ++i) {
@@ -1100,6 +1143,8 @@ int CmdHF14AMfChk(const char *Cmd)
 			b<127?(b+=4):(b+=16);	
 		}
 	}
+	printf("Time in checkkeys: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/keycnt/CLOCKS_PER_SEC);
+		
 
 	if (transferToEml) {
 		uint8_t block[16];
@@ -1218,16 +1263,16 @@ int CmdHF14AMf1kSim(const char *Cmd)
 					
 					uint64_t corr_uid = 0;
 					if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) {
-						corr_uid = (data[3] << 24) | (data[2] << 16) | (data[1] << 8) | data[0];
+						corr_uid = ((uint64_t)(data[3] << 24)) | (data[2] << 16) | (data[1] << 8) | data[0];
 				tryMfk32(corr_uid, data, key);
 			} else {
 						corr_uid |= (uint64_t)data[2] << 48; 
 						corr_uid |= (uint64_t)data[1] << 40; 
 						corr_uid |= (uint64_t)data[0] << 32;
-						corr_uid |= data[7] << 24;
-						corr_uid |= data[6] << 16;
-						corr_uid |= data[5] << 8;
-						corr_uid |= data[4];
+						corr_uid |= (uint64_t)data[7] << 24;
+						corr_uid |= (uint64_t)data[6] << 16;
+						corr_uid |= (uint64_t)data[5] << 8;
+						corr_uid |= (uint64_t)data[4];
 				tryMfk64(corr_uid, data, key);
 					}
 					PrintAndLog("--");
@@ -1364,7 +1409,7 @@ int CmdHF14AMfELoad(const char *Cmd)
 
 	len = param_getstr(Cmd,nameParamNo,filename);
 	
-	if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+	if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 
 	fnameptr += len;
 
@@ -1461,7 +1506,7 @@ int CmdHF14AMfESave(const char *Cmd)
 
 	len = param_getstr(Cmd,nameParamNo,filename);
 	
-	if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+	if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 	
 	// user supplied filename?
 	if (len < 1) {
@@ -1738,7 +1783,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
 		return 0;
 	} else {
 		len = strlen(Cmd);
-		if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+		if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 
 		memcpy(filename, Cmd, len);
 		fnameptr += len;
@@ -1779,6 +1824,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
 
 			if (mfCSetBlock(blockNum, buf8, NULL, flags)) {
 				PrintAndLog("Can't set magic card block: %d", blockNum);
+				fclose(f);
 				return 3;
 			}
 			blockNum++;
@@ -1908,7 +1954,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
 		return 0;
 	} else {
 		len = strlen(Cmd);
-		if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+		if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
 	
 		// get filename based on UID
 		if (len < 1) {
@@ -2027,7 +2073,10 @@ int CmdHF14AMfSniff(const char *Cmd){
 			uint16_t traceLen = resp.arg[1];
 			len = resp.arg[2];
 
-			if (res == 0) return 0;						// we are done
+			if (res == 0) {
+				free(buf);
+				return 0;						// we are done
+			}
 
 			if (res == 1) {								// there is (more) data to be transferred
 				if (pckNum == 0) {						// first packet, (re)allocate necessary buffer
@@ -2049,6 +2098,11 @@ int CmdHF14AMfSniff(const char *Cmd){
 					bufsize = traceLen;
 					memset(buf, 0x00, traceLen);
 				}
+				if (bufPtr == NULL) {
+					PrintAndLog("Cannot allocate memory for trace");
+					free(buf);
+					return 2;
+				}
 				memcpy(bufPtr, resp.d.asBytes, len);
 				bufPtr += len;
 				pckNum++;
@@ -2125,48 +2179,46 @@ int CmdHf14MfDecryptBytes(const char *Cmd){
 	return tryDecryptWord( nt, ar_enc, at_enc, data, len);
 }
 
-static command_t CommandTable[] =
-{
-  {"help",		CmdHelp,				1, "This help"},
-  {"dbg",		CmdHF14AMfDbg,			0, "Set default debug mode"},
-  {"rdbl",		CmdHF14AMfRdBl,			0, "Read MIFARE classic block"},
-  {"rdsc",		CmdHF14AMfRdSc,			0, "Read MIFARE classic sector"},
-  {"dump",		CmdHF14AMfDump,			0, "Dump MIFARE classic tag to binary file"},
-  {"restore",	CmdHF14AMfRestore,		0, "Restore MIFARE classic binary file to BLANK tag"},
-  {"wrbl",		CmdHF14AMfWrBl,			0, "Write MIFARE classic block"},
-  {"chk",		CmdHF14AMfChk,			0, "Test block keys"},
-  {"mifare",	CmdHF14AMifare,			0, "Read parity error messages."},
-  {"nested",	CmdHF14AMfNested,		0, "Test nested authentication"},
+static command_t CommandTable[] = {
+	{"help",		CmdHelp,				1, "This help"},
+	{"dbg",			CmdHF14AMfDbg,			0, "Set default debug mode"},
+	{"rdbl",		CmdHF14AMfRdBl,			0, "Read MIFARE classic block"},
+	{"rdsc",		CmdHF14AMfRdSc,			0, "Read MIFARE classic sector"},
+	{"dump",		CmdHF14AMfDump,			0, "Dump MIFARE classic tag to binary file"},
+	{"restore",		CmdHF14AMfRestore,		0, "Restore MIFARE classic binary file to BLANK tag"},
+	{"wrbl",		CmdHF14AMfWrBl,			0, "Write MIFARE classic block"},
+	{"chk",			CmdHF14AMfChk,			0, "Test block keys"},
+	{"mifare",		CmdHF14AMifare,			0, "Read parity error messages."},
+	{"nested",		CmdHF14AMfNested,		0, "Test nested authentication"},
 	{"hardnested", 	CmdHF14AMfNestedHard, 	0, "Nested attack for hardened Mifare cards"},
-  {"sniff",		CmdHF14AMfSniff,		0, "Sniff card-reader communication"},
-  {"sim",		CmdHF14AMf1kSim,		0, "Simulate MIFARE card"},
-  {"eclr",		CmdHF14AMfEClear,		0, "Clear simulator memory block"},
-  {"eget",		CmdHF14AMfEGet,			0, "Get simulator memory block"},
-  {"eset",		CmdHF14AMfESet,			0, "Set simulator memory block"},
-  {"eload",		CmdHF14AMfELoad,		0, "Load from file emul dump"},
-  {"esave",		CmdHF14AMfESave,		0, "Save to file emul dump"},
-  {"ecfill",	CmdHF14AMfECFill,		0, "Fill simulator memory with help of keys from simulator"},
-  {"ekeyprn",	CmdHF14AMfEKeyPrn,		0, "Print keys from simulator memory"},
-  {"csetuid",	CmdHF14AMfCSetUID,		0, "Set UID for magic Chinese card"},
-  {"csetblk",	CmdHF14AMfCSetBlk,		0, "Write block - Magic Chinese card"},
-  {"cgetblk",	CmdHF14AMfCGetBlk,		0, "Read block - Magic Chinese card"},
-  {"cgetsc",	CmdHF14AMfCGetSc,		0, "Read sector - Magic Chinese card"},
-  {"cload",		CmdHF14AMfCLoad,		0, "Load dump into magic Chinese card"},
-  {"csave",		CmdHF14AMfCSave,		0, "Save dump from magic Chinese card into file or emulator"},
-  {"decrypt",   CmdHf14MfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},
-  {NULL, NULL, 0, NULL}
+	{"sniff",		CmdHF14AMfSniff,		0, "Sniff card-reader communication"},
+	{"sim",			CmdHF14AMf1kSim,		0, "Simulate MIFARE card"},
+	{"eclr",		CmdHF14AMfEClear,		0, "Clear simulator memory block"},
+	{"eget",		CmdHF14AMfEGet,			0, "Get simulator memory block"},
+	{"eset",		CmdHF14AMfESet,			0, "Set simulator memory block"},
+	{"eload",		CmdHF14AMfELoad,		0, "Load from file emul dump"},
+	{"esave",		CmdHF14AMfESave,		0, "Save to file emul dump"},
+	{"ecfill",		CmdHF14AMfECFill,		0, "Fill simulator memory with help of keys from simulator"},
+	{"ekeyprn",		CmdHF14AMfEKeyPrn,		0, "Print keys from simulator memory"},
+	{"csetuid",		CmdHF14AMfCSetUID,		0, "Set UID for magic Chinese card"},
+	{"csetblk",		CmdHF14AMfCSetBlk,		0, "Write block - Magic Chinese card"},
+	{"cgetblk",		CmdHF14AMfCGetBlk,		0, "Read block - Magic Chinese card"},
+	{"cgetsc",		CmdHF14AMfCGetSc,		0, "Read sector - Magic Chinese card"},
+	{"cload",		CmdHF14AMfCLoad,		0, "Load dump into magic Chinese card"},
+	{"csave",		CmdHF14AMfCSave,		0, "Save dump from magic Chinese card into file or emulator"},
+	{"decrypt",		CmdHf14MfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},
+	{NULL, NULL, 0, NULL}
 };
 
-int CmdHFMF(const char *Cmd)
-{
+int CmdHFMF(const char *Cmd) {
 	// flush
-	WaitForResponseTimeout(CMD_ACK,NULL,100);
+	clearCommandBuffer();
+	//WaitForResponseTimeout(CMD_ACK,NULL,100);
 	CmdsParse(CommandTable, Cmd);
 	return 0;
 }
 
-int CmdHelp(const char *Cmd)
-{
+int CmdHelp(const char *Cmd) {
 	CmdsHelp(CommandTable);
 	return 0;
 }