mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-03-17 18:50:32 +08:00
fix: 'hf mf mifare - wrongly executed the parity-zero when not needed.
This commit is contained in:
parent
c6a7cbfc1e
commit
8a69488582
2 changed files with 17 additions and 16 deletions
|
@ -33,8 +33,8 @@ uint32_t intersection(uint64_t *listA, uint64_t *listB) {
|
||||||
p2++;
|
p2++;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
while (compare_uint64(p1, p2) == -1) ++p1;
|
while (compare_uint64(p1, p2) < 0) ++p1;
|
||||||
while (compare_uint64(p1, p2) == 1) ++p2;
|
while (compare_uint64(p1, p2) > 0) ++p2;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*p3 = -1;
|
*p3 = -1;
|
||||||
|
@ -70,7 +70,6 @@ uint32_t nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, ui
|
||||||
states = lfsr_common_prefix(nr, rr, ks3x, par, (par_info == 0));
|
states = lfsr_common_prefix(nr, rr, ks3x, par, (par_info == 0));
|
||||||
|
|
||||||
if (!states) {
|
if (!states) {
|
||||||
printf("Failed getting states\n");
|
|
||||||
*keys = NULL;
|
*keys = NULL;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -78,7 +77,7 @@ uint32_t nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, ui
|
||||||
keylist = (uint64_t*)states;
|
keylist = (uint64_t*)states;
|
||||||
|
|
||||||
for (i = 0; keylist[i]; i++) {
|
for (i = 0; keylist[i]; i++) {
|
||||||
lfsr_rollback_word(states+i, uid^nt, 0);
|
lfsr_rollback_word(states+i, uid ^ nt, 0);
|
||||||
crypto1_get_lfsr(states+i, &key_recovered);
|
crypto1_get_lfsr(states+i, &key_recovered);
|
||||||
keylist[i] = key_recovered;
|
keylist[i] = key_recovered;
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,10 +51,10 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
|
||||||
return isOK;
|
return isOK;
|
||||||
|
|
||||||
uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);
|
uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);
|
||||||
nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);
|
nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);
|
||||||
par_list = bytes_to_num(resp.d.asBytes + 8, 8);
|
par_list = bytes_to_num(resp.d.asBytes + 8, 8);
|
||||||
ks_list = bytes_to_num(resp.d.asBytes + 16, 8);
|
ks_list = bytes_to_num(resp.d.asBytes + 16, 8);
|
||||||
nr = bytes_to_num(resp.d.asBytes + 24, 4);
|
nr = (uint32_t)bytes_to_num(resp.d.asBytes + 24, 4);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -73,12 +73,15 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
qsort(keylist, keycount, sizeof(*keylist), compare_uint64);
|
// only parity zero attack
|
||||||
keycount = intersection(last_keylist, keylist);
|
if (par_list == 0 ) {
|
||||||
if (keycount == 0) {
|
qsort(keylist, keycount, sizeof(*keylist), compare_uint64);
|
||||||
free(last_keylist);
|
keycount = intersection(last_keylist, keylist);
|
||||||
last_keylist = keylist;
|
if (keycount == 0) {
|
||||||
continue;
|
free(last_keylist);
|
||||||
|
last_keylist = keylist;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keycount > 1) {
|
if (keycount > 1) {
|
||||||
|
@ -112,6 +115,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
|
||||||
PrintAndLog("Test authentication failed. Restarting darkside attack");
|
PrintAndLog("Test authentication failed. Restarting darkside attack");
|
||||||
free(last_keylist);
|
free(last_keylist);
|
||||||
last_keylist = keylist;
|
last_keylist = keylist;
|
||||||
|
c.arg[0] = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -183,8 +187,7 @@ int Compare16Bits(const void * a, const void * b) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// wrapper function for multi-threaded lfsr_recovery32
|
// wrapper function for multi-threaded lfsr_recovery32
|
||||||
void* nested_worker_thread(void *arg)
|
void* nested_worker_thread(void *arg) {
|
||||||
{
|
|
||||||
struct Crypto1State *p1;
|
struct Crypto1State *p1;
|
||||||
StateList_t *statelist = arg;
|
StateList_t *statelist = arg;
|
||||||
statelist->head.slhead = lfsr_recovery32(statelist->ks1, statelist->nt ^ statelist->uid);
|
statelist->head.slhead = lfsr_recovery32(statelist->ks1, statelist->nt ^ statelist->uid);
|
||||||
|
@ -198,8 +201,7 @@ void* nested_worker_thread(void *arg)
|
||||||
return statelist->head.slhead;
|
return statelist->head.slhead;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate)
|
int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate) {
|
||||||
{
|
|
||||||
uint16_t i;
|
uint16_t i;
|
||||||
uint32_t uid;
|
uint32_t uid;
|
||||||
UsbCommand resp;
|
UsbCommand resp;
|
||||||
|
|
Loading…
Reference in a new issue