// Therefore try in alternating directions.
int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
+ uint16_t i;
+ uint32_t nttmp1, nttmp2;
+
if (nt1 == nt2) return 0;
- uint16_t i;
- uint32_t nttmp1 = nt1;
- uint32_t nttmp2 = nt2;
+ nttmp1 = nt1;
+ nttmp2 = nt2;
for (i = 1; i < 32768; i++) {
nttmp1 = prng_successor(nttmp1, 1);
// Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
// (article by Nicolas T. Courtois, 2009)
//-----------------------------------------------------------------------------
-void ReaderMifare(bool first_try) {
+void ReaderMifare(bool first_try)
+{
+ // Mifare AUTH
+ uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
+ uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+ static uint8_t mf_nr_ar3;
+
+ uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
+ uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
+
// free eventually allocated BigBuf memory. We want all for tracing.
BigBuf_free();
clear_trace();
set_tracing(TRUE);
- // Mifare AUTH
- uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
- uint8_t mf_nr_ar[8] = { 0x00 }; //{ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
- static uint8_t mf_nr_ar3 = 0;
-
- uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = { 0x00 };
- uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = { 0x00 };
-
byte_t nt_diff = 0;
uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
static byte_t par_low = 0;
bool led_on = TRUE;
- uint8_t uid[10] = {0x00};
- //uint32_t cuid = 0x00;
+ uint8_t uid[10] ={0};
+ uint32_t cuid;
uint32_t nt = 0;
uint32_t previous_nt = 0;
uint16_t consecutive_resyncs = 0;
int isOK = 0;
- int numWrongDistance = 0;
-
if (first_try) {
mf_nr_ar3 = 0;
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
- LED_C_ON();
+
+
+ #define DARKSIDE_MAX_TRIES 32 // number of tries to sync on PRNG cycle. Then give up.
+ uint16_t unsuccessfull_tries = 0;
for(uint16_t i = 0; TRUE; i++) {
+ LED_C_ON();
WDT_HIT();
// Test if the action was cancelled
- if(BUTTON_PRESS()) break;
-
- if (numWrongDistance > 1000) {
- isOK = 0;
+ if(BUTTON_PRESS()) {
+ isOK = -1;
break;
}
- //if(!iso14443a_select_card(uid, NULL, &cuid)) {
- if(!iso14443a_select_card(uid, NULL, NULL)) {
+ if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card");
continue;
}
nt_attacked = nt;
}
else {
-
- // invalid nonce received, try again
- if (nt_distance == -99999) {
- numWrongDistance++;
- if (MF_DBGLEVEL >= 3) Dbprintf("The two nonces has invalid distance, tag could have good PRNG\n");
- continue;
+ if (nt_distance == -99999) { // invalid nonce received
+ unsuccessfull_tries++;
+ if (!nt_attacked && unsuccessfull_tries > DARKSIDE_MAX_TRIES) {
+ isOK = -3; // Card has an unpredictable PRNG. Give up
+ break;
+ } else {
+ continue; // continue trying...
+ }
}
-
sync_cycles = (sync_cycles - nt_distance);
if (MF_DBGLEVEL >= 3) Dbprintf("calibrating in cycle %d. nt_distance=%d, Sync_cycles: %d\n", i, nt_distance, sync_cycles);
continue;
if ((nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again...
catch_up_cycles = -dist_nt(nt_attacked, nt);
- if (catch_up_cycles >= 99999) { // invalid nonce received. Don't resync on that one.
+ if (catch_up_cycles == 99999) { // invalid nonce received. Don't resync on that one.
catch_up_cycles = 0;
continue;
}
if (nt_diff == 0 && first_try)
{
par[0]++;
+ if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK.
+ isOK = -2;
+ break;
+ }
} else {
par[0] = ((par[0] & 0x1F) + 1) | par_low;
}
}
}
+
mf_nr_ar[3] &= 0x1F;
byte_t buf[28] = {0x00};
#include "mifarecmd.h"\r
#include "apps.h"\r
#include "util.h"\r
-\r
#include "crc.h"\r
\r
//-----------------------------------------------------------------------------\r
\r
\r
// statistics on nonce distance\r
+ int16_t isOK = 0;\r
+ #define NESTED_MAX_TRIES 12\r
+ uint16_t unsuccessfull_tries = 0;\r
if (calibrate) { // for first call only. Otherwise reuse previous calibration\r
LED_B_ON();\r
WDT_HIT();\r
\r
for (rtr = 0; rtr < 17; rtr++) {\r
\r
+ // Test if the action was cancelled\r
+ if(BUTTON_PRESS()) {\r
+ isOK = -2;\r
+ break;\r
+ }\r
+\r
// prepare next select. No need to power down the card.\r
if(mifare_classic_halt(pcs, cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");\r
delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing\r
}\r
if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
+ } else {\r
+ unsuccessfull_tries++;\r
+ if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable)\r
+ isOK = -3;\r
+ }\r
}\r
}\r
- \r
- if (rtr <= 1) return;\r
\r
davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
\r
- if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);\r
+ if (MF_DBGLEVEL >= 3) Dbprintf("rtr=%d isOK=%d min=%d max=%d avg=%d, delta_time=%d", rtr, isOK, dmin, dmax, davg, delta_time);\r
\r
dmin = davg - 2;\r
dmax = davg + 2;\r
LED_C_ON();\r
\r
// get crypted nonces for target sector\r
- for(i=0; i < 2; i++) { // look for exactly two different nonces\r
+ for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
\r
target_nt[i] = 0;\r
while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
memcpy(buf+16, &target_ks[1], 4);\r
\r
LED_B_ON();\r
- cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
+ cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
LED_B_OFF();\r
\r
if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");\r
uint32_t uid = 0;\r
uint32_t nt = 0, nr = 0;\r
uint64_t par_list = 0, ks_list = 0, r_key = 0;\r
- uint8_t isOK = 0;\r
+ int16_t isOK = 0;\r
uint8_t keyBlock[8] = {0};\r
\r
UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};\r
// message\r
printf("-------------------------------------------------------------------------\n");\r
printf("Executing command. Expected execution time: 25sec on average :-)\n");\r
- printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
+ printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n");\r
printf("-------------------------------------------------------------------------\n");\r
\r
\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {\r
- isOK = resp.arg[0] & 0xff;\r
+ isOK = resp.arg[0];\r
uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);\r
nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);\r
par_list = bytes_to_num(resp.d.asBytes + 8, 8);\r
ks_list = bytes_to_num(resp.d.asBytes + 16, 8);\r
nr = bytes_to_num(resp.d.asBytes + 24, 4);\r
printf("\n\n");\r
- if (!isOK) PrintAndLog("Proxmark can't get statistic info. Execution aborted.\n");\r
+ switch (isOK) {\r
+ case -1 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+ case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).\n"); break;\r
+ case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable).\n"); break;\r
+ default: ;\r
+ }\r
break;\r
}\r
} \r
\r
if (cmdp == 'o') {\r
PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A');\r
- if (mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true)) {\r
- PrintAndLog("Nested error.");\r
+ int16_t isOK = mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true);\r
+ if (isOK) {\r
+ switch (isOK) {\r
+ case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+ case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+ case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
+ default : PrintAndLog("Unknown Error.\n");\r
+ }\r
return 2;\r
}\r
key64 = bytes_to_num(keyBlock, 6);\r
for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) { \r
if (e_sector[sectorNo].foundKey[trgKeyType]) continue;\r
PrintAndLog("-----------------------------------------------");\r
- if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {\r
- PrintAndLog("Nested error.\n");\r
+ int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);\r
+ if(isOK) {\r
+ switch (isOK) {\r
+ case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+ case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+ case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
+ default : PrintAndLog("Unknown Error.\n");\r
+ }\r
free(e_sector);\r
- return 2; }\r
- else {\r
+ return 2;\r
+ } else {\r
calibrate = false;\r
}\r
\r
\r
int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate) \r
{\r
- uint16_t i, len;\r
+ uint16_t i;\r
uint32_t uid;\r
UsbCommand resp;\r
+\r
StateList_t statelists[2];\r
struct Crypto1State *p1, *p2, *p3, *p4;\r
\r
memcpy(c.d.asBytes, key, 6);\r
SendCommand(&c);\r
\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- len = resp.arg[1];\r
- if (len == 2) { \r
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {\r
+ return -1;\r
+ }\r
+\r
+ if (resp.arg[0]) {\r
+ return resp.arg[0]; // error during nested\r
+ }\r
+ \r
memcpy(&uid, resp.d.asBytes, 4);\r
- PrintAndLog("uid:%08x len=%d trgbl=%d trgkey=%x", uid, len, (uint16_t)resp.arg[2] & 0xff, (uint16_t)resp.arg[2] >> 8);\r
+ PrintAndLog("uid:%08x trgbl=%d trgkey=%x", uid, (uint16_t)resp.arg[2] & 0xff, (uint16_t)resp.arg[2] >> 8);\r
\r
for (i = 0; i < 2; i++) {\r
statelists[i].blockNo = resp.arg[2] & 0xff;\r
statelists[i].keyType = (resp.arg[2] >> 8) & 0xff;\r
statelists[i].uid = uid;\r
-\r
memcpy(&statelists[i].nt, (void *)(resp.d.asBytes + 4 + i * 8 + 0), 4);\r
memcpy(&statelists[i].ks1, (void *)(resp.d.asBytes + 4 + i * 8 + 4), 4);\r
}\r
- }\r
- else {\r
- PrintAndLog("Got 0 keys from proxmark."); \r
- return 1;\r
- }\r
- }\r
\r
// calc keys\r
\r