// PrintAndLog(" u : 4, 7 or 10 byte UID");
PrintAndLog(" u : 4, 7 byte UID");
PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
+ PrintAndLog(" m : (Optional) Show maths used for cracking reader. Useful for debugging.");
PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x");
PrintAndLog(" : hf 14a sim t 1 u 11223344");
PrintAndLog(" : hf 14a sim t 1 u 11223344556677");
uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
int uidlen = 0;
bool useUIDfromEML = TRUE;
+ bool showMaths = false;
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_hf_14a_sim();
+ case 'm':
+ case 'M':
+ showMaths = true;
+ cmdp++;
+ break;
case 't':
case 'T':
// Retrieve the tag type
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
memcpy( data, resp.d.asBytes, sizeof(data) );
- readerAttack(data, TRUE);
+ readerAttack(data, TRUE, showMaths);
}
return 0;
}
PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
PrintAndLog(" e (Optional) Fill simulator keys from what we crack");\r
+ PrintAndLog(" m (Optional) Show maths used for cracking reader. Useful for debugging.");\r
PrintAndLog("samples:");\r
PrintAndLog(" hf mf sim u 0a0a0a0a");\r
PrintAndLog(" hf mf sim u 11223344556677");\r
#define ATTACK_KEY_COUNT 8\r
sector *k_sector = NULL;\r
uint8_t k_sectorsCount = 16;\r
-void readerAttack(nonces_t data[], bool setEmulatorMem) {\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths) {\r
\r
// initialize storage for found keys\r
if (k_sector == NULL)\r
}\r
#endif\r
//moebius attack \r
- if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) {\r
+ if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, showMaths)) {\r
uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;\r
uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;\r
\r
uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
uint8_t exitAfterNReads = 0;\r
uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);\r
- int uidlen = 0; \r
+ int uidlen = 0;\r
bool setEmulatorMem = false;\r
uint8_t cmdp = 0;\r
bool errors = false;\r
\r
+ // If set to true, we should show our workings when doing NR_AR_ATTACK.\r
+ bool showMaths = false;\r
+\r
while(param_getchar(Cmd, cmdp) != 0x00) {\r
switch(param_getchar(Cmd, cmdp)) {\r
case 'e':\r
flags |= FLAG_INTERACTIVE;\r
cmdp++;\r
break;\r
+ case 'm':\r
+ case 'M':\r
+ showMaths = true;\r
+ cmdp++;\r
+ break;\r
case 'n':\r
case 'N':\r
exitAfterNReads = param_get8(Cmd, cmdp+1);\r
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;\r
\r
memcpy( data, resp.d.asBytes, sizeof(data) ); \r
- readerAttack(data, setEmulatorMem);\r
+ readerAttack(data, setEmulatorMem, showMaths);\r
}\r
\r
if (k_sector != NULL) {\r
#include "nonce2key/nonce2key.h"\r
\r
int CmdHFMF(const char *Cmd);\r
-
-int CmdHF14AMfDbg(const char* cmd);
-int CmdHF14AMfRdBl(const char* cmd);
-int CmdHF14AMfURdBl(const char* cmd);
-int CmdHF14AMfRdSc(const char* cmd);
-int CmdHF14SMfURdCard(const char* cmd);
-int CmdHF14AMfDump(const char* cmd);
-int CmdHF14AMfRestore(const char* cmd);
-int CmdHF14AMfWrBl(const char* cmd);
-int CmdHF14AMfUWrBl(const char* cmd);
-int CmdHF14AMfChk(const char* cmd);
-int CmdHF14AMifare(const char* cmd);
-int CmdHF14AMfNested(const char* cmd);
+\r
+int CmdHF14AMfDbg(const char* cmd);\r
+int CmdHF14AMfRdBl(const char* cmd);\r
+int CmdHF14AMfURdBl(const char* cmd);\r
+int CmdHF14AMfRdSc(const char* cmd);\r
+int CmdHF14SMfURdCard(const char* cmd);\r
+int CmdHF14AMfDump(const char* cmd);\r
+int CmdHF14AMfRestore(const char* cmd);\r
+int CmdHF14AMfWrBl(const char* cmd);\r
+int CmdHF14AMfUWrBl(const char* cmd);\r
+int CmdHF14AMfChk(const char* cmd);\r
+int CmdHF14AMifare(const char* cmd);\r
+int CmdHF14AMfNested(const char* cmd);\r
int CmdHF14AMfNestedHard(const char *Cmd);\r
int CmdHF14AMfSniff(const char* cmd);\r
int CmdHF14AMf1kSim(const char* cmd);\r
int CmdHF14AMfCSave(const char* cmd);\r
int CmdHf14MfDecryptBytes(const char *Cmd);\r
\r
-void readerAttack(nonces_t data[], bool setEmulatorMem);\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths);\r
void printKeyTable( uint8_t sectorscnt, sector *e_sector );\r
#endif\r
return isSuccess;
}
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths) {
struct Crypto1State *s, *t;
uint64_t outkey = 0;
uint64_t key = 0; // recovered key
bool isSuccess = FALSE;
int counter = 0;
- printf("Recovering key for:\n");
- printf(" uid: %08x\n",uid);
- printf(" nt_0: %08x\n",nt0);
- printf(" {nr_0}: %08x\n",nr0_enc);
- printf(" {ar_0}: %08x\n",ar0_enc);
- printf(" nt_1: %08x\n",nt1);
- printf(" {nr_1}: %08x\n",nr1_enc);
- printf(" {ar_1}: %08x\n",ar1_enc);
+ if (showMaths) {
+ printf("Recovering key for:\n");
+ printf(" uid: %08x\n", uid);
+ printf(" nt_0: %08x\n", nt0);
+ printf(" {nr_0}: %08x\n", nr0_enc);
+ printf(" {ar_0}: %08x\n", ar0_enc);
+ printf(" nt_1: %08x\n", nt1);
+ printf(" {nr_1}: %08x\n", nr1_enc);
+ printf(" {ar_1}: %08x\n", ar1_enc);
+ }
//PrintAndLog("Enter mfkey32_moebius");
clock_t t1 = clock();
- printf("\nLFSR succesors of the tag challenge:\n");
uint32_t p640 = prng_successor(nt0, 64);
uint32_t p641 = prng_successor(nt1, 64);
- printf(" nt': %08x\n", p640);
- printf(" nt'': %08x\n", prng_successor(p640, 32));
+ if (showMaths) {
+ printf("\nLFSR succesors of the tag challenge:\n");
+ printf(" nt': %08x\n", p640);
+ printf(" nt'': %08x\n", prng_successor(p640, 32));
+ }
s = lfsr_recovery32(ar0_enc ^ p640, 0);
//iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim"
bool tryMfk32(nonces_t data, uint64_t *outputkey );
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey ); // <<-- this one has best success
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths ); // <<-- this one has best success
int tryMfk64_ex(uint8_t *data, uint64_t *outputkey );
int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
#endif
projects / proxmark3-svn / commitdiff