From: Iceman Date: Thu, 27 Oct 2016 12:50:19 +0000 (+0200) Subject: Merge pull request #49 from micolous/less-verbose-mfsim X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/bc7846f4376472abdc9ced23436dfe3b6dd20e7f?hp=650cd714c4527d6c6d054d12e7202bf3587393d0 Merge pull request #49 from micolous/less-verbose-mfsim hf {14a,mf} sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45) --- diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index b404d449..c5585386 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -143,6 +143,7 @@ int usage_hf_14a_sim(void) { // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); + PrintAndLog(" v : (Optional) show maths used for cracking reader. Useful for debugging."); PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); PrintAndLog(" : hf 14a sim t 1 u 11223344"); PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); @@ -447,6 +448,7 @@ int CmdHF14ASim(const char *Cmd) { uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; bool useUIDfromEML = TRUE; + bool showMaths = false; while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { @@ -477,6 +479,11 @@ int CmdHF14ASim(const char *Cmd) { } cmdp += 2; break; + case 'v': + case 'V': + showMaths = true; + cmdp++; + break; case 'x': case 'X': flags |= FLAG_NR_AR_ATTACK; @@ -513,7 +520,7 @@ int CmdHF14ASim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, TRUE); + readerAttack(data, TRUE, showMaths); } return 0; } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 99a91ced..ea73bf95 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -32,6 +32,7 @@ int usage_hf14_mf1ksim(void){ PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted"); PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); PrintAndLog(" e (Optional) Fill simulator keys from what we crack"); + PrintAndLog(" v (Optional) Show maths used for cracking reader. Useful for debugging."); PrintAndLog("samples:"); PrintAndLog(" hf mf sim u 0a0a0a0a"); PrintAndLog(" hf mf sim u 11223344556677"); @@ -1364,7 +1365,7 @@ int CmdHF14AMfChk(const char *Cmd) { #define ATTACK_KEY_COUNT 8 sector *k_sector = NULL; uint8_t k_sectorsCount = 16; -void readerAttack(nonces_t data[], bool setEmulatorMem) { +void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths) { // initialize storage for found keys if (k_sector == NULL) @@ -1413,7 +1414,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) { } #endif //moebius attack - if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) { + if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, showMaths)) { uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector; uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype; @@ -1449,11 +1450,14 @@ int CmdHF14AMf1kSim(const char *Cmd) { uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; uint8_t exitAfterNReads = 0; uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA); - int uidlen = 0; + int uidlen = 0; bool setEmulatorMem = false; uint8_t cmdp = 0; bool errors = false; + // If set to true, we should show our workings when doing NR_AR_ATTACK. + bool showMaths = false; + while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'e': @@ -1485,6 +1489,11 @@ int CmdHF14AMf1kSim(const char *Cmd) { } cmdp +=2; break; + case 'v': + case 'V': + showMaths = true; + cmdp++; + break; case 'x': case 'X': flags |= FLAG_NR_AR_ATTACK; @@ -1524,7 +1533,7 @@ int CmdHF14AMf1kSim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, setEmulatorMem); + readerAttack(data, setEmulatorMem, showMaths); } if (k_sector != NULL) { diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h index 738b3432..d381a852 100644 --- a/client/cmdhfmf.h +++ b/client/cmdhfmf.h @@ -28,19 +28,19 @@ #include "nonce2key/nonce2key.h" int CmdHFMF(const char *Cmd); - -int CmdHF14AMfDbg(const char* cmd); -int CmdHF14AMfRdBl(const char* cmd); -int CmdHF14AMfURdBl(const char* cmd); -int CmdHF14AMfRdSc(const char* cmd); -int CmdHF14SMfURdCard(const char* cmd); -int CmdHF14AMfDump(const char* cmd); -int CmdHF14AMfRestore(const char* cmd); -int CmdHF14AMfWrBl(const char* cmd); -int CmdHF14AMfUWrBl(const char* cmd); -int CmdHF14AMfChk(const char* cmd); -int CmdHF14AMifare(const char* cmd); -int CmdHF14AMfNested(const char* cmd); + +int CmdHF14AMfDbg(const char* cmd); +int CmdHF14AMfRdBl(const char* cmd); +int CmdHF14AMfURdBl(const char* cmd); +int CmdHF14AMfRdSc(const char* cmd); +int CmdHF14SMfURdCard(const char* cmd); +int CmdHF14AMfDump(const char* cmd); +int CmdHF14AMfRestore(const char* cmd); +int CmdHF14AMfWrBl(const char* cmd); +int CmdHF14AMfUWrBl(const char* cmd); +int CmdHF14AMfChk(const char* cmd); +int CmdHF14AMifare(const char* cmd); +int CmdHF14AMfNested(const char* cmd); int CmdHF14AMfNestedHard(const char *Cmd); int CmdHF14AMfSniff(const char* cmd); int CmdHF14AMf1kSim(const char* cmd); @@ -60,6 +60,6 @@ int CmdHF14AMfCLoad(const char* cmd); int CmdHF14AMfCSave(const char* cmd); int CmdHf14MfDecryptBytes(const char *Cmd); -void readerAttack(nonces_t data[], bool setEmulatorMem); +void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths); void printKeyTable( uint8_t sectorscnt, sector *e_sector ); #endif diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index 14b03bcb..aeaecbe6 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -208,7 +208,7 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) { return isSuccess; } -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths) { struct Crypto1State *s, *t; uint64_t outkey = 0; uint64_t key = 0; // recovered key @@ -223,24 +223,28 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { bool isSuccess = FALSE; int counter = 0; - printf("Recovering key for:\n"); - printf(" uid: %08x\n",uid); - printf(" nt_0: %08x\n",nt0); - printf(" {nr_0}: %08x\n",nr0_enc); - printf(" {ar_0}: %08x\n",ar0_enc); - printf(" nt_1: %08x\n",nt1); - printf(" {nr_1}: %08x\n",nr1_enc); - printf(" {ar_1}: %08x\n",ar1_enc); + if (showMaths) { + printf("Recovering key for:\n"); + printf(" uid: %08x\n", uid); + printf(" nt_0: %08x\n", nt0); + printf(" {nr_0}: %08x\n", nr0_enc); + printf(" {ar_0}: %08x\n", ar0_enc); + printf(" nt_1: %08x\n", nt1); + printf(" {nr_1}: %08x\n", nr1_enc); + printf(" {ar_1}: %08x\n", ar1_enc); + } //PrintAndLog("Enter mfkey32_moebius"); clock_t t1 = clock(); - printf("\nLFSR succesors of the tag challenge:\n"); uint32_t p640 = prng_successor(nt0, 64); uint32_t p641 = prng_successor(nt1, 64); - printf(" nt': %08x\n", p640); - printf(" nt'': %08x\n", prng_successor(p640, 32)); + if (showMaths) { + printf("\nLFSR succesors of the tag challenge:\n"); + printf(" nt': %08x\n", p640); + printf(" nt'': %08x\n", prng_successor(p640, 32)); + } s = lfsr_recovery32(ar0_enc ^ p640, 0); diff --git a/client/nonce2key/nonce2key.h b/client/nonce2key/nonce2key.h index e8e2a01b..b274feca 100644 --- a/client/nonce2key/nonce2key.h +++ b/client/nonce2key/nonce2key.h @@ -28,7 +28,7 @@ extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t //iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim" bool tryMfk32(nonces_t data, uint64_t *outputkey ); -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey ); // <<-- this one has best success +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths ); // <<-- this one has best success int tryMfk64_ex(uint8_t *data, uint64_t *outputkey ); int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey); #endif