@iceman1001 s updates + some of my own.
still more to do:
-auto demod responses
-figure out config block
-figure out block 0 info / serial # in block 1
-figure out block 3 protection data
-add dump all blocks cmd
- Don't increment the nonce when random mode is disabled (this breaks the
standard attack).
- Don't attempt the standard attack when random mode is enabled (there's no
point as it won't work, per comments from @pwpiwi).
- Attempt the moebius attack if the standard attack fails.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
rawdemod parameter length test too short for help text
amp option should amp prior to ST check
ST check adjusted to make room for rf/32 clock instead of rf/64 (so will
have extra room if clock is higher than 32)
ST check improved to better account for low drift
Minor fix of data type corrections.
gcc -std=c99 -I. -I../include -I../common -I../zlib -I/opt/local/include -I../liblua -Wall -g -O4 -DHAVE_GUI -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED -c -o obj/fpga_compress.o fpga_compress.c
fpga_compress.c: I funktion "zlib_compress":
fpga_compress.c:90:20: varning: format "%lu" förväntar sig argument av typen "long unsigned int", men argument 3 har typen "int" [-Wformat=]
fprintf(stderr, "Input files too big (total > %lu bytes). These are probably not PM3 FPGA config files.\n", num_infiles*FPGA_CONF
^
fpga_compress.c:142:18: varning: format "%lu" förväntar sig argument av typen "long unsigned int", men argument 3 har typen "uint32_t {även unsigned int}" [-Wformat=]
fprintf(stderr, "compressed %lu input bytes to %lu output bytes\n", i, compressed_fpga_stream.total_out);
Moebius attack didn't yield any better results in my testing so
disabling it, but allowing it to be re-enabled at will.
also disabled the auto logging of all keys with uid delimited file
stats.txt - can be uncommented when needed
also cleaned up some comments
note previous update added the creation of a stats.txt file to generate
statistics of the differences between std mfkey32 and the moebius
version.
