X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/8556b852ed769280d1b63054ab1bd08fa19b746a..254b70a4afb07e6ec0f8b1b300df488337bbebc3:/armsrc/mifarecmd.c?ds=inline diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index fca4f69b..b2b38edf 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -298,7 +298,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) uint8_t uid[8]; uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1; uint8_t par_array[4]; - nestedVector nvector[NES_MAX_INFO + 1][10]; + nestedVector nvector[NES_MAX_INFO + 1][11]; int nvectorcount[NES_MAX_INFO + 1]; int ncount = 0; UsbCommand ack = {CMD_ACK, {0, 0, 0}}; @@ -417,8 +417,9 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) } ncount = 0; - for (m = dmin - NS_TOLERANCE; m < dmax + NS_TOLERANCE; m++) { - nttest = prng_successor(nt1, m); + nttest = prng_successor(nt1, dmin - NS_TOLERANCE); + for (m = dmin - NS_TOLERANCE + 1; m < dmax + NS_TOLERANCE; m++) { + nttest = prng_successor(nttest, 1); ks1 = nt2 ^ nttest; if (valid_nonce(nttest, nt2, ks1, par_array) && (ncount < 11)){ @@ -636,6 +637,7 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // variables byte_t dataoutbuf[16]; + byte_t dataoutbuf2[16]; uint8_t uid[8]; // clear trace @@ -687,6 +689,15 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai break; }; emlSetMem(dataoutbuf, sectorNo * 4 + 2, 1); + + // get block 3 bytes 6-9 + if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 3, dataoutbuf)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Read block 3 error"); + break; + }; + emlGetMem(dataoutbuf2, sectorNo * 4 + 3, 1); + memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4); + emlSetMem(dataoutbuf2, sectorNo * 4 + 3, 1); } if(mifare_classic_halt(pcs, cuid)) { @@ -699,14 +710,15 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // ----------------------------- crypto1 destroy crypto1_destroy(pcs); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED"); // add trace trailer memset(uid, 0x44, 4); LogTrace(uid, 4, 0, 0, TRUE); - - Dbprintf("Loaded."); } //-----------------------------------------------------------------------------