diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index a5cf56bf3..d33feeff2 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2348,29 +2348,29 @@ OUT: void MifareHasStaticNonce(void) { // variables - int retval = PM3_SUCCESS, len; - - uint32_t nt = 0 ; - uint8_t rec[1] = {0x00}; - uint8_t recpar[1] = {0x00}; + int retval = PM3_SUCCESS; + uint32_t nt = 0; uint8_t *uid = BigBuf_malloc(10); - uint8_t data[1] = {0x00}; - + uint8_t data[1] = { NONCE_FAIL }; struct Crypto1State mpcs = {0, 0}; struct Crypto1State *pcs; pcs = &mpcs; - iso14a_card_select_t card_info; - + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - for (int i = 0; i < 3; i++) { + uint8_t counter = 0; + for (uint8_t i = 0; i < 3; i++) { + + iso14a_card_select_t card_info; if (!iso14443a_select_card(uid, &card_info, NULL, true, 0, true)) { retval = PM3_ESOFT; goto OUT; } + uint8_t rec[1] = {0x00}; + uint8_t recpar[1] = {0x00}; // Transmit MIFARE_CLASSIC_AUTH 0x60, block 0 - len = mifare_sendcmd_short(pcs, false, MIFARE_AUTH_KEYA, 0, rec, recpar, NULL); + int len = mifare_sendcmd_short(pcs, false, MIFARE_AUTH_KEYA, 0, rec, recpar, NULL); if (len != 4) { retval = PM3_ESOFT; goto OUT; @@ -2378,7 +2378,7 @@ void MifareHasStaticNonce(void) { // Save the tag nonce (nt) if (nt == bytes_to_num(rec, 4)) { - data[0]++; + counter++; } nt = bytes_to_num(rec, 4); @@ -2389,6 +2389,13 @@ void MifareHasStaticNonce(void) { CHK_TIMEOUT(); } + if (counter) { + Dbprintf("%u static nonce %08x", data[0], nt); + data[0] = NONCE_STATIC; + } else { + data[0] = NONCE_NORMAL; + } + OUT: reply_ng(CMD_HF_MIFARE_STATIC_NONCE, retval, data, sizeof(data)); // turns off diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 698f1871e..9170d2fd7 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -1956,12 +1956,17 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { isMagic = detect_classic_magic(); if (isMifareClassic) { + int res = detect_classic_static_nonce(); - if (res == 1) + if (res == NONCE_STATIC) PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes")); - if (res == 2 && verbose) - PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("fail")); - if (res != 1) { // not static + + if (res == NONCE_FAIL && verbose) + PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("read failed")); + + if (res == NONCE_NORMAL) { + + // not static res = detect_classic_prng(); if (res == 1) PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("weak")); diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 821eaaf85..ed83a6498 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1144,19 +1144,14 @@ int detect_classic_static_nonce(void) { clearCommandBuffer(); SendCommandNG(CMD_HF_MIFARE_STATIC_NONCE, NULL, 0); PacketResponseNG resp; - - if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_NONCE, &resp, 500)) { + if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_NONCE, &resp, 1000)) { if (resp.status == PM3_ESOFT) - return 2; + return NONCE_FAIL; - if (resp.data.asBytes[0] == 0) - return 0; - - if (resp.data.asBytes[0] != 0) - return 1; + return resp.data.asBytes[0]; } - return 2; + return NONCE_FAIL; } /* try to see if card responses to "chinese magic backdoor" commands. */ diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index dd11d49d5..78fca9c62 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -710,6 +710,11 @@ typedef struct { #define MODE_EXIT_AFTER_MAC 1 #define MODE_FULLSIM 2 +// Static Nonce detection +#define NONCE_FAIL 0x01 +#define NONCE_NORMAL 0x02 +#define NONCE_STATIC 0x03 + // Dbprintf flags #define FLAG_RAWPRINT 0x00 #define FLAG_LOG 0x01