uint8_t cardAUTHKEY = 0xff; // no authentication
// allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types (nml, moebius)
+ nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; //*2 for 2nd attack type (moebius)
+ uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
uint8_t nonce1_count = 0;
uint8_t nonce2_count = 0;
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
-
- if (first_try) {
- sync_time = GetCountSspClk() & 0xfffffff8;
- sync_cycles = PRNG_SEQUENCE_LENGTH + 1130; //65536; //0x10000 // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
+ sync_time = GetCountSspClk() & 0xfffffff8;
+ // iceman, i add 1130 because during my observations this makse the syncronization much fast to sync.
+ sync_cycles = PRNG_SEQUENCE_LENGTH + 1130; //65536; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
+
+ if (first_try) {
mf_nr_ar3 = 0;
nt_attacked = 0;
par_low = 0;
WDT_HIT();
LED_B_ON();
- if (first_try && previous_nt && !nt_attacked) { // we didn't calibrate our clock yet
+ // we didn't calibrate our clock yet,
+ // iceman: has to be calibrated every time.
+ if (previous_nt && !nt_attacked) {
nt_distance = dist_nt(previous_nt, nt);
if (isOK == -4 && par_list == 0) {\r
// this special attack when parities is zero, uses checkkeys. Which now with block/keytype option also needs. \r
// but it uses 0|1 instead of 0x60|0x61...\r
- if (!nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+ if (nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){\r
+ PrintAndLog("Key not found (lfsr_common_prefix list is null)."); \r
+ PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
+ c.arg[0] = false;\r
+ goto start;\r
+ } else {\r
PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
goto END;\r
}\r
s = check_pfx_parity_ex(pfx, *o, *e, s);\r
}\r
\r
- s->odd = s->even = 0;\r
+ // in this version, -1 signifies end of states \r
+ s->odd = s->even = -1;\r
\r
out:\r
free(odd);\r
state = lfsr_common_prefix_ex(nr, ks3x);
state_s = (int64_t*)state;
- PrintAndLog("Prefix");
for (i = 0; (state) && ((state + i)->odd != -1); i++) {
lfsr_rollback_word(state + i, uid ^ nt, 0);
}
}
+
free(last_keylist);
last_keylist = state_s;
return 1;
projects / proxmark3-svn / commitdiff