X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/b070f4e4952834bc2a02d86c7954c12dac189bc6..d8b7a5f29453ba32c9486b97e5afc8fb5e3cba34:/armsrc/iso14443a.c?ds=sidebyside diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index ede8501e..a2014079 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -9,19 +9,7 @@ //----------------------------------------------------------------------------- // Routines to support ISO 14443 type A. //----------------------------------------------------------------------------- - -#include "proxmark3.h" -#include "apps.h" -#include "util.h" -#include "string.h" -#include "cmd.h" -#include "iso14443crc.h" #include "iso14443a.h" -#include "iso14443b.h" -#include "crapto1.h" -#include "mifareutil.h" -#include "BigBuf.h" -#include "parity.h" static uint32_t iso14a_timeout; int rsamples = 0; @@ -857,13 +845,10 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { //----------------------------------------------------------------------------- // Main loop of simulated tag: receive commands from reader, decide what // response to send, and send it. +// 'hf 14a sim' //----------------------------------------------------------------------------- void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { - //Here, we collect CUID, NT, NR, AR, CUID, NT2, NR2, AR2 - // This can be used in a reader-only attack. - uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0,0,0}; - uint8_t ar_nr_collected = 0; uint8_t sak = 0; uint32_t cuid = 0; uint32_t nonce = 0; @@ -875,6 +860,24 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { // The first response contains the ATQA (note: bytes are transmitted in reverse order). uint8_t response1[] = {0,0}; + + // Here, we collect CUID, block1, keytype1, NT1, NR1, AR1, CUID, block2, keytyp2, NT2, NR2, AR2 + // it should also collect block, keytype. + uint8_t cardAUTHSC = 0; + uint8_t cardAUTHKEY = 0xff; // no authentication + // allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys + #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() + nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius) + memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp)); + + uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius) + memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected)); + uint8_t nonce1_count = 0; + uint8_t nonce2_count = 0; + uint8_t moebius_n_count = 0; + bool gettingMoebius = false; + uint8_t mM = 0; //moebius_modifier for collection storage + switch (tagType) { case 1: { // MIFARE Classic 1k @@ -1080,14 +1083,18 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { if ( tagType == 7 || tagType == 2 ) { //first 12 blocks of emu are [getversion answer - check tearing - pack - 0x00 - signature] uint16_t start = 4 * (block+12); - uint8_t emdata[MAX_MIFARE_FRAME_SIZE]; - emlGetMemBt( emdata, start, 16); - AppendCrc14443a(emdata, 16); - EmSendCmdEx(emdata, sizeof(emdata), false); + uint8_t emdata[MAX_MIFARE_FRAME_SIZE]; + emlGetMemBt( emdata, start, 16); + AppendCrc14443a(emdata, 16); + EmSendCmdEx(emdata, sizeof(emdata), false); // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below p_response = NULL; } else { // all other tags (16 byte block tags) - EmSendCmdEx(data+(4*receivedCmd[1]),16,false); + uint8_t emdata[MAX_MIFARE_FRAME_SIZE]; + emlGetMemBt( emdata, block, 16); + AppendCrc14443a(emdata, 16); + EmSendCmdEx(emdata, sizeof(emdata), false); + //EmSendCmdEx(data+(4*receivedCmd[1]),16,false); // Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]); // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below p_response = NULL; @@ -1145,9 +1152,11 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { uint8_t emdata[10]; emlGetMemBt( emdata, 0, 8 ); AppendCrc14443a(emdata, sizeof(emdata)-2); - EmSendCmdEx(emdata, sizeof(emdata), false); + EmSendCmdEx(emdata, sizeof(emdata), false); p_response = NULL; } else { + cardAUTHSC = receivedCmd[1] / 4; // received block num + cardAUTHKEY = receivedCmd[0] - 0x60; p_response = &responses[5]; order = 7; } } else if(receivedCmd[0] == ISO14443A_CMD_RATS) { // Received a RATS request @@ -1162,32 +1171,68 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { uint32_t nr = bytes_to_num(receivedCmd,4); uint32_t ar = bytes_to_num(receivedCmd+4,4); + // Collect AR/NR per keytype & sector if ( (flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK ) { - if(ar_nr_collected < 2){ - ar_nr_responses[ar_nr_collected*4] = cuid; - ar_nr_responses[ar_nr_collected*4+1] = nonce; - ar_nr_responses[ar_nr_collected*4+2] = nr; - ar_nr_responses[ar_nr_collected*4+3] = ar; - ar_nr_collected++; - } - if(ar_nr_collected > 1 ) { - if (MF_DBGLEVEL >= 2 && !(flags & FLAG_INTERACTIVE)) { - Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:"); - Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x", - ar_nr_responses[0], // CUID - ar_nr_responses[1], // NT - ar_nr_responses[2], // AR1 - ar_nr_responses[3], // NR1 - ar_nr_responses[6], // AR2 - ar_nr_responses[7] // NR2 - ); + for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { + if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) { + // if first auth for sector, or matches sector and keytype of previous auth + if (ar_nr_collected[i+mM] < 2) { + // if we haven't already collected 2 nonces for this sector + if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) { + // Avoid duplicates... probably not necessary, ar should vary. + if (ar_nr_collected[i+mM]==0) { + // first nonce collect + ar_nr_resp[i+mM].cuid = cuid; + ar_nr_resp[i+mM].sector = cardAUTHSC; + ar_nr_resp[i+mM].keytype = cardAUTHKEY; + ar_nr_resp[i+mM].nonce = nonce; + ar_nr_resp[i+mM].nr = nr; + ar_nr_resp[i+mM].ar = ar; + nonce1_count++; + // add this nonce to first moebius nonce + ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid; + ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC; + ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY; + ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce; + ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr; + ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar; + ar_nr_collected[i+ATTACK_KEY_COUNT]++; + } else { // second nonce collect (std and moebius) + ar_nr_resp[i+mM].nonce2 = nonce; + ar_nr_resp[i+mM].nr2 = nr; + ar_nr_resp[i+mM].ar2 = ar; + if (!gettingMoebius) { + nonce2_count++; + // check if this was the last second nonce we need for std attack + if ( nonce2_count == nonce1_count ) { + // done collecting std test switch to moebius + // first finish incrementing last sample + ar_nr_collected[i+mM]++; + // switch to moebius collection + gettingMoebius = true; + mM = ATTACK_KEY_COUNT; + break; + } + } else { + moebius_n_count++; + // if we've collected all the nonces we need - finish. + if (nonce1_count == moebius_n_count) { + cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp)); + nonce1_count = 0; + nonce2_count = 0; + moebius_n_count = 0; + gettingMoebius = false; + } + } + } + ar_nr_collected[i+mM]++; + } + } + // we found right spot for this nonce stop looking + break; + } } - uint8_t len = ar_nr_collected*4*4; - cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len); - ar_nr_collected = 0; - memset(ar_nr_responses, 0x00, len); } - } } else if (receivedCmd[0] == MIFARE_ULC_AUTH_1 ) { // ULC authentication, or Desfire Authentication } else if (receivedCmd[0] == MIFARE_ULEV1_AUTH) { // NTAG / EV-1 authentication @@ -1315,6 +1360,36 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { BigBuf_free_keep_EM(); LED_A_OFF(); + if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) { + for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { + if (ar_nr_collected[i] == 2) { + Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i= 4){ Dbprintf("-[ Wake ups after halt [%d]", happened); Dbprintf("-[ Messages after halt [%d]", happened2); @@ -1396,8 +1471,7 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing //----------------------------------------------------------------------------- // Prepare reader command (in bits, support short frames) to send to FPGA //----------------------------------------------------------------------------- -void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity) -{ +void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity) { int i, j; int last = 0; uint8_t b; @@ -2101,8 +2175,9 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) { // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime" // (article by Nicolas T. Courtois, 2009) //----------------------------------------------------------------------------- -void ReaderMifare(bool first_try, uint8_t block ) { - uint8_t mf_auth[] = { MIFARE_AUTH_KEYA, block, 0x00, 0x00 }; +void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) { + + uint8_t mf_auth[] = { keytype, block, 0x00, 0x00 }; uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; uint8_t par_list[8] = {0,0,0,0,0,0,0,0}; @@ -2135,13 +2210,14 @@ void ReaderMifare(bool first_try, uint8_t block ) { #define PRNG_SEQUENCE_LENGTH (1 << 16) #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up. #define MAX_SYNC_TRIES 32 - + + AppendCrc14443a(mf_auth, 2); + BigBuf_free(); BigBuf_Clear_ext(false); clear_trace(); set_tracing(TRUE); iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - AppendCrc14443a(mf_auth, 2); if (first_try) { sync_time = GetCountSspClk() & 0xfffffff8;