improved staticnonce tristate processing

armsrc/mifarecmd.c

@@ -2348,29 +2348,29 @@ OUT:
 void MifareHasStaticNonce(void) {
 
     // variables
-    int retval = PM3_SUCCESS, len;
-
-    uint32_t nt = 0 ;
-    uint8_t rec[1] = {0x00};
-    uint8_t recpar[1] = {0x00};
+    int retval = PM3_SUCCESS;
+    uint32_t nt = 0;
     uint8_t *uid = BigBuf_malloc(10);
-    uint8_t data[1] = {0x00};
-
+    uint8_t data[1] = { NONCE_FAIL };
     struct Crypto1State mpcs = {0, 0};
     struct Crypto1State *pcs;
     pcs = &mpcs;
-    iso14a_card_select_t card_info;
-
+        
     iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 
-    for (int i = 0; i < 3; i++) {
+    uint8_t counter = 0;
+    for (uint8_t i = 0; i < 3; i++) {
+
+        iso14a_card_select_t card_info;
         if (!iso14443a_select_card(uid, &card_info, NULL, true, 0, true)) {
             retval = PM3_ESOFT;
             goto OUT;
         }
 
+        uint8_t rec[1] = {0x00};
+        uint8_t recpar[1] = {0x00};
         // Transmit MIFARE_CLASSIC_AUTH 0x60, block 0
-        len = mifare_sendcmd_short(pcs, false, MIFARE_AUTH_KEYA, 0, rec, recpar, NULL);
+        int len = mifare_sendcmd_short(pcs, false, MIFARE_AUTH_KEYA, 0, rec, recpar, NULL);
         if (len != 4) {
             retval = PM3_ESOFT;
             goto OUT;
@@ -2378,7 +2378,7 @@ void MifareHasStaticNonce(void) {
 
         // Save the tag nonce (nt)
         if (nt == bytes_to_num(rec, 4)) {
-            data[0]++;
+            counter++;
         }
 
         nt = bytes_to_num(rec, 4);
@@ -2389,6 +2389,13 @@ void MifareHasStaticNonce(void) {
         CHK_TIMEOUT();
     }
 
+    if (counter) {
+        Dbprintf("%u static nonce %08x", data[0], nt);
+        data[0] = NONCE_STATIC;
+    } else {
+        data[0] = NONCE_NORMAL;
+    }
+
 OUT:
     reply_ng(CMD_HF_MIFARE_STATIC_NONCE, retval, data, sizeof(data));
     // turns off

client/src/cmdhf14a.c

@@ -1956,12 +1956,17 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
         isMagic = detect_classic_magic();
 
         if (isMifareClassic) {
+
             int res = detect_classic_static_nonce();
-            if (res == 1)
+            if (res == NONCE_STATIC)
                 PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes"));
-            if (res == 2 && verbose)
-                PrintAndLogEx(SUCCESS, "Static nonce:  " _RED_("fail"));
-            if (res != 1) { // not static
+
+            if (res == NONCE_FAIL && verbose)
+                PrintAndLogEx(SUCCESS, "Static nonce:  " _RED_("read failed"));
+
+            if (res == NONCE_NORMAL) {
+
+                // not static
                 res = detect_classic_prng();
                 if (res == 1)
                     PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("weak"));

client/src/mifare/mifarehost.c

@@ -1144,19 +1144,14 @@ int detect_classic_static_nonce(void) {
     clearCommandBuffer();
     SendCommandNG(CMD_HF_MIFARE_STATIC_NONCE, NULL, 0);
     PacketResponseNG resp;
-
-    if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_NONCE, &resp, 500)) {
+    if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_NONCE, &resp, 1000)) {
 
         if (resp.status == PM3_ESOFT)
-            return 2;
+            return NONCE_FAIL;
 
-        if (resp.data.asBytes[0] == 0)
-            return 0;
-
-        if (resp.data.asBytes[0] != 0)
-            return 1;
+        return resp.data.asBytes[0];
     }
-    return 2;
+    return NONCE_FAIL;
 }
 
 /* try to see if card responses to "chinese magic backdoor" commands. */

include/pm3_cmd.h

@@ -710,6 +710,11 @@ typedef struct {
 #define MODE_EXIT_AFTER_MAC 1
 #define MODE_FULLSIM        2
 
+// Static Nonce detection
+#define NONCE_FAIL      0x01
+#define NONCE_NORMAL    0x02
+#define NONCE_STATIC    0x03
+
 // Dbprintf flags
 #define FLAG_RAWPRINT    0x00
 #define FLAG_LOG         0x01