mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-01 05:07:03 +08:00
FIX: some adjustments to prng detection
This commit is contained in:
parent
cb7ececdce
commit
3ca3d401c0
4 changed files with 12 additions and 17 deletions
|
@ -134,7 +134,6 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
|
||||||
|
|
||||||
// Transmit MIFARE_CLASSIC_AUTH
|
// Transmit MIFARE_CLASSIC_AUTH
|
||||||
len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);
|
len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);
|
||||||
if (MF_DBGLEVEL >= 4) Dbprintf("rand tag nonce len: %x", len);
|
|
||||||
if (len != 4) return 1;
|
if (len != 4) return 1;
|
||||||
|
|
||||||
// Save the tag nonce (nt)
|
// Save the tag nonce (nt)
|
||||||
|
|
|
@ -247,14 +247,14 @@ int CmdHF14AReader(const char *Cmd) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
|
case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
|
||||||
case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
|
case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); isMifareClassic = false; break;
|
||||||
case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
|
case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
|
||||||
case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
|
case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
|
||||||
case 0x10: PrintAndLog("TYPE : NXP MIFARE Plus 2k SL2"); break;
|
case 0x10: PrintAndLog("TYPE : NXP MIFARE Plus 2k SL2"); break;
|
||||||
case 0x11: PrintAndLog("TYPE : NXP MIFARE Plus 4k SL2"); break;
|
case 0x11: PrintAndLog("TYPE : NXP MIFARE Plus 4k SL2"); break;
|
||||||
case 0x18: PrintAndLog("TYPE : NXP MIFARE Classic 4k | Plus 4k SL1"); break;
|
case 0x18: PrintAndLog("TYPE : NXP MIFARE Classic 4k | Plus 4k SL1"); break;
|
||||||
case 0x20: PrintAndLog("TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41"); break;
|
case 0x20: PrintAndLog("TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41"); isMifareClassic = false; break;
|
||||||
case 0x24: PrintAndLog("TYPE : NXP MIFARE DESFire | DESFire EV1"); break;
|
case 0x24: PrintAndLog("TYPE : NXP MIFARE DESFire | DESFire EV1"); isMifareClassic = false; break;
|
||||||
case 0x28: PrintAndLog("TYPE : JCOP31 or JCOP41 v2.3.1"); break;
|
case 0x28: PrintAndLog("TYPE : JCOP31 or JCOP41 v2.3.1"); break;
|
||||||
case 0x38: PrintAndLog("TYPE : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); break;
|
case 0x38: PrintAndLog("TYPE : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); break;
|
||||||
case 0x88: PrintAndLog("TYPE : Infineon MIFARE CLASSIC 1K"); break;
|
case 0x88: PrintAndLog("TYPE : Infineon MIFARE CLASSIC 1K"); break;
|
||||||
|
@ -414,7 +414,7 @@ int CmdHF14AReader(const char *Cmd) {
|
||||||
|
|
||||||
if (isMifareClassic) {
|
if (isMifareClassic) {
|
||||||
if ( detect_classic_prng() )
|
if ( detect_classic_prng() )
|
||||||
PrintAndLog("Prng detection: WEAK (darkside)");
|
PrintAndLog("Prng detection: WEAK");
|
||||||
else
|
else
|
||||||
PrintAndLog("Prng detection: HARDEND (hardnested)");
|
PrintAndLog("Prng detection: HARDEND (hardnested)");
|
||||||
}
|
}
|
||||||
|
|
|
@ -182,6 +182,8 @@ start:
|
||||||
(void)tmpchar;
|
(void)tmpchar;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
UsbCommand resp;
|
||||||
|
|
||||||
// wait cycle
|
// wait cycle
|
||||||
while (true) {
|
while (true) {
|
||||||
printf(".");
|
printf(".");
|
||||||
|
@ -193,7 +195,6 @@ start:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
UsbCommand resp;
|
|
||||||
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
|
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
|
||||||
isOK = resp.arg[0];
|
isOK = resp.arg[0];
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
@ -238,8 +239,7 @@ start:
|
||||||
PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");
|
PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");
|
||||||
c.arg[0] = false;
|
c.arg[0] = false;
|
||||||
goto start;
|
goto start;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// nonce2key found a candidate key. Lets verify it.
|
// nonce2key found a candidate key. Lets verify it.
|
||||||
uint8_t keyblock[] = {0,0,0,0,0,0};
|
uint8_t keyblock[] = {0,0,0,0,0,0};
|
||||||
num_to_bytes(r_key, 6, keyblock);
|
num_to_bytes(r_key, 6, keyblock);
|
||||||
|
|
|
@ -212,7 +212,7 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
|
||||||
#define KEYS_IN_BLOCK 85
|
#define KEYS_IN_BLOCK 85
|
||||||
#define KEYBLOCK_SIZE 510
|
#define KEYBLOCK_SIZE 510
|
||||||
#define CANDIDATE_SIZE 0xFFFF * 6
|
#define CANDIDATE_SIZE 0xFFFF * 6
|
||||||
uint8_t found = FALSE;
|
uint8_t found = false;
|
||||||
uint64_t key64 = 0;
|
uint64_t key64 = 0;
|
||||||
uint8_t candidates[CANDIDATE_SIZE] = {0x00};
|
uint8_t candidates[CANDIDATE_SIZE] = {0x00};
|
||||||
uint8_t keyBlock[KEYBLOCK_SIZE] = {0x00};
|
uint8_t keyBlock[KEYBLOCK_SIZE] = {0x00};
|
||||||
|
@ -239,9 +239,9 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk
|
||||||
memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE);
|
memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE);
|
||||||
|
|
||||||
// check a block of generated candidate keys.
|
// check a block of generated candidate keys.
|
||||||
if (!mfCheckKeys(blockNo, keyType, TRUE, KEYS_IN_BLOCK, keyBlock, &key64)) {
|
if (!mfCheckKeys(blockNo, keyType, true, KEYS_IN_BLOCK, keyBlock, &key64)) {
|
||||||
*resultkey = key64;
|
*resultkey = key64;
|
||||||
found = TRUE;
|
found = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -414,7 +414,6 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
||||||
PrintAndLog("No trace file found or reading error.");
|
PrintAndLog("No trace file found or reading error.");
|
||||||
if (f) {
|
if (f) {
|
||||||
fclose(f);
|
fclose(f);
|
||||||
f = NULL;
|
|
||||||
}
|
}
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
@ -424,7 +423,6 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
||||||
PrintAndLog("File content error. Block data must include 32 HEX symbols");
|
PrintAndLog("File content error. Block data must include 32 HEX symbols");
|
||||||
if (f) {
|
if (f) {
|
||||||
fclose(f);
|
fclose(f);
|
||||||
f = NULL;
|
|
||||||
}
|
}
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
@ -437,7 +435,6 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
|
||||||
}
|
}
|
||||||
if (f) {
|
if (f) {
|
||||||
fclose(f);
|
fclose(f);
|
||||||
f = NULL;
|
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -458,7 +455,6 @@ int saveTraceCard(void) {
|
||||||
fflush(f);
|
fflush(f);
|
||||||
if (f) {
|
if (f) {
|
||||||
fclose(f);
|
fclose(f);
|
||||||
f = NULL;
|
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -670,7 +666,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
|
||||||
ks2 = ar_enc ^ prng_successor(nt, 64);
|
ks2 = ar_enc ^ prng_successor(nt, 64);
|
||||||
ks3 = at_enc ^ prng_successor(nt, 96);
|
ks3 = at_enc ^ prng_successor(nt, 96);
|
||||||
s = lfsr_recovery64(ks2, ks3);
|
s = lfsr_recovery64(ks2, ks3);
|
||||||
mf_crypto1_decrypt(s, data, len, FALSE);
|
mf_crypto1_decrypt(s, data, len, false);
|
||||||
PrintAndLog("Decrypted data: [%s]", sprint_hex(data, len) );
|
PrintAndLog("Decrypted data: [%s]", sprint_hex(data, len) );
|
||||||
crypto1_destroy(s);
|
crypto1_destroy(s);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -680,7 +676,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
|
||||||
* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce.
|
* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce.
|
||||||
* the tag nonce is check to see if it has a predictable PRNG.
|
* the tag nonce is check to see if it has a predictable PRNG.
|
||||||
* @returns
|
* @returns
|
||||||
* TRUE if tag uses WEAK prng (ie Darkside attack possible)
|
* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
|
||||||
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
|
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
|
||||||
*/
|
*/
|
||||||
bool detect_classic_prng(){
|
bool detect_classic_prng(){
|
||||||
|
|
Loading…
Reference in a new issue