From f6f7e7a9f62de7ef37e44b2001a50f4c6900219b Mon Sep 17 00:00:00 2001 From: Eloff Date: Sun, 14 Jul 2019 23:12:39 +0300 Subject: [PATCH 1/5] hf_mf_sim. Really tags not respond NACK on invalid authentication --- armsrc/mifaresim.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 8f21882be..36f5c3593 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -1036,8 +1036,9 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) { ); } cardAUTHKEY = AUTHKEYNONE; // not authenticated - EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); cardSTATE_TO_IDLE(); + // Really tags not respond NACK on invalid authentication + LogTrace(uart->output, uart->len, uart->startTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->endTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->parity, true); break; } From a28e359095f395ee7153c1eeda39d825bb35be97 Mon Sep 17 00:00:00 2001 From: Eloff Date: Sun, 14 Jul 2019 23:18:07 +0300 Subject: [PATCH 2/5] Fix. More flexible anti-collision frame check --- armsrc/mifaresim.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 8f21882be..f17381ecd 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -625,7 +625,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) { } // Incoming anti-collision frame - if (receivedCmd_len >= 2 && receivedCmd_len <= 6 && receivedCmd[1] == 0x50) { + // receivedCmd[1] indicates number of byte and bit collision, supports only for bit collision is zero + if (receivedCmd_len >= 3 && receivedCmd_len <= 6 && (receivedCmd[1] & 0x0f) == 0) { // we can process only full-byte frame anti-collision procedure if (memcmp(&receivedCmd[2], responses[uid_index].response, receivedCmd_len - 2) == 0) { // response missing part of UID via relative array index From 0a845df8c3fee8db399268b2b8658a594b3518e2 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 14 Jul 2019 22:52:34 +0200 Subject: [PATCH 3/5] chg: 'script run read_pwd_mem' - now can correctly deal with more than 4096 bytes when printing mifare classic keys --- client/scripts/read_pwd_mem.lua | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/client/scripts/read_pwd_mem.lua b/client/scripts/read_pwd_mem.lua index 4aa2e6299..7dbfa6fba 100644 --- a/client/scripts/read_pwd_mem.lua +++ b/client/scripts/read_pwd_mem.lua @@ -81,18 +81,19 @@ local function main(args) if o == 'o' then offset = tonumber(a) end -- num of bytes to read - if o == 'l' then length = tonumber(a) end + if o == 'l' then + length = tonumber(a) + if length < 0 or length > 256 then + return oops('Error: Length is not valid. Must be less than 256') + end + end -- keylength if o == 'k' then keylength = tonumber(a); usedkey = true end - if o == 'm' then keylength =6; usedkey = true; offset = 0x3F000-0x6000; end - if o == 't' then keylength =4; usedkey = true; offset = 0x3F000-0x3000; end - if o == 'i' then keylength =8; usedkey = true; offset = 0x3F000-0x4000; end - end - - if length < 0 or length > 256 then - return oops('Error: Length is not valid. Must be less than 256') + if o == 'm' then keylength = 6; usedkey = true; length = 8192; offset = 0x3F000-0x6000; end + if o == 't' then keylength = 4; usedkey = true; length = 4096; offset = 0x3F000-0x3000; end + if o == 'i' then keylength = 8; usedkey = true; length = 4096; offset = 0x3F000-0x4000; end end if (offset < 0) or (offset % 4 ~= 0) then @@ -102,9 +103,7 @@ local function main(args) print('Memory offset', offset) print('Length ', length) print('Key length ', keylength) - print( string.rep('--',20) ) - - if usedkey then length = 4096 end + print( string.rep('--', 20) ) data, err = core.GetFromFlashMem(offset, length) if err then return oops(err) end @@ -116,7 +115,6 @@ local function main(args) local kl = keylength * 2 for i = 1, keys do - key = string.sub(s, (i - 1) * kl + 1, i * kl ) print(string.format('[%02d] %s',i, key)) end From 0c3d2cee2baf7c18d98e027b3a902aba467240a5 Mon Sep 17 00:00:00 2001 From: Eloff Date: Mon, 15 Jul 2019 00:00:34 +0300 Subject: [PATCH 4/5] Changelog for PR #245, #246 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dd057c73..3b9a41a37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix Mifare Classic simulation more flexible anti-collision check (@McEloff) + - Change: Mifare Classic simulation not respond NACK on invalid authentication request (@McEloff) - Change: Don't clear trace log during 'hf mf chk', to save whole process history (@McEloff) - Add support for WSL in proxmark.sh (@doegox) - Add documentation for usage of Proxmark3 under WSL (@doegox) From 1f9eb10d15ee648a5a75c3f0a1964abd9eaa6557 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 14 Jul 2019 23:02:24 +0200 Subject: [PATCH 5/5] textual --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dd057c73..7cb72cea9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Change: 'read_pwd_mem.lua' now handles Mifare Classic dictionaries large than 4096 bytes (@iceman) - Change: Don't clear trace log during 'hf mf chk', to save whole process history (@McEloff) - Add support for WSL in proxmark.sh (@doegox) - Add documentation for usage of Proxmark3 under WSL (@doegox)