mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-03-19 11:33:51 +08:00
Merge pull request #279 from McEloff/mf_sim_ac_fix
'hf mf sim' - wrong access rights to write key B in trailer
This commit is contained in:
commit
7ad7275ee9
3 changed files with 8 additions and 9 deletions
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Fix 'hf mf sim' - wrong access rights to write key B in trailer (@McEloff)
|
||||
- Add option -i to flasher to query Pm3 for its memory size (@doegox)
|
||||
- Add support for flashing 512K units (@slurdge)
|
||||
- Add a simple python tool to check the elf sizes (@slurdge)
|
||||
|
|
|
@ -743,7 +743,7 @@ static void Code4bitAnswerAsTag(uint8_t cmd) {
|
|||
|
||||
//-----------------------------------------------------------------------------
|
||||
// Wait for commands from reader
|
||||
// stop when button is pressed
|
||||
// stop when button is pressed or client usb connection resets
|
||||
// or return TRUE when command is captured
|
||||
//-----------------------------------------------------------------------------
|
||||
static bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len) {
|
||||
|
@ -1094,7 +1094,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) {
|
|||
#define ORDER_SELECT_CL2 30
|
||||
#define ORDER_EV1_COMP_WRITE 40
|
||||
#define ORDER_RATS 70
|
||||
int order = ORDER_NONE;
|
||||
uint8_t order = ORDER_NONE;
|
||||
|
||||
int retval = PM3_SUCCESS;
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t act
|
|||
}
|
||||
case AC_KEYB_WRITE: {
|
||||
if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("IsTrailerAccessAllowed: AC_KEYB_WRITE");
|
||||
return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x04))
|
||||
return ((keytype == AUTHKEYA && (AC == 0x00 || AC == 0x01))
|
||||
|| (keytype == AUTHKEYB && (AC == 0x04 || AC == 0x03)));
|
||||
}
|
||||
case AC_AC_READ: {
|
||||
|
@ -457,8 +457,6 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
|
|||
uint8_t *rats = NULL;
|
||||
uint8_t rats_len = 0;
|
||||
|
||||
uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
|
||||
|
||||
//Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
|
||||
// This will be used in the reader-only attack.
|
||||
|
||||
|
@ -713,7 +711,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
|
|||
crypto1_word(pcs, cuid ^ nonce, 0);
|
||||
// rAUTH_NT contains prepared nonce for authenticate
|
||||
EmSendCmd(rAUTH_NT, sizeof(rAUTH_NT));
|
||||
if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Reader authenticating for block %d (0x%02x) with key %c - nonce: %02X - ciud: %02X", receivedCmd_dec[1], receivedCmd_dec[1], (cardAUTHKEY == 0) ? 'A' : 'B', rAUTH_AT, cuid);
|
||||
if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Reader authenticating for block %d (0x%02x) with key %c - nonce: %02X - ciud: %02X", receivedCmd_dec[1], receivedCmd_dec[1], (cardAUTHKEY == 0) ? 'A' : 'B', rAUTH_NT, cuid);
|
||||
} else {
|
||||
// nested authentication
|
||||
/*
|
||||
|
@ -1044,9 +1042,9 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
|
|||
}
|
||||
|
||||
ans = prng_successor(nonce, 96);
|
||||
num_to_bytes(ans, 4, rAUTH_AT);
|
||||
mf_crypto1_encrypt(pcs, rAUTH_AT, 4, response_par);
|
||||
EmSendCmdPar(rAUTH_AT, 4, response_par);
|
||||
num_to_bytes(ans, 4, response);
|
||||
mf_crypto1_encrypt(pcs, response, 4, response_par);
|
||||
EmSendCmdPar(response, 4, response_par);
|
||||
|
||||
if (DBGLEVEL >= DBG_EXTENDED) {
|
||||
Dbprintf("[MFEMUL_AUTH1] AUTH COMPLETED for sector %d with key %c. time=%d",
|
||||
|
|
Loading…
Add table
Reference in a new issue