Merge pull request #49 from micolous/less-verbose-mfsim

hf {14a,mf} sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45)

client/cmdhf14a.c

@@ -143,6 +143,7 @@ int usage_hf_14a_sim(void) {
 //	PrintAndLog("    u     : 4, 7 or 10 byte UID");
 	PrintAndLog("    u     : 4, 7 byte UID");
 	PrintAndLog("    x     : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
+	PrintAndLog("    v     : (Optional) show maths used for cracking reader. Useful for debugging.");
 	PrintAndLog("\n   sample : hf 14a sim t 1 u 11223344 x");
 	PrintAndLog("          : hf 14a sim t 1 u 11223344");
 	PrintAndLog("          : hf 14a sim t 1 u 11223344556677");
@@ -447,6 +448,7 @@ int CmdHF14ASim(const char *Cmd) {
 	uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
 	int uidlen = 0;
 	bool useUIDfromEML = TRUE;
+	bool showMaths = false;
 
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
@@ -477,6 +479,11 @@ int CmdHF14ASim(const char *Cmd) {
 				}
 				cmdp += 2;
 				break;
+			case 'v':
+			case 'V':
+				showMaths = true;
+				cmdp++;
+				break;
 			case 'x':
 			case 'X':
 				flags |= FLAG_NR_AR_ATTACK;
@@ -513,7 +520,7 @@ int CmdHF14ASim(const char *Cmd) {
 		if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 			
 		memcpy( data, resp.d.asBytes, sizeof(data) );
-		readerAttack(data, TRUE);
+		readerAttack(data, TRUE, showMaths);
 	}
 	return 0;
 }

client/cmdhfmf.c

@@ -32,6 +32,7 @@ int usage_hf14_mf1ksim(void){
 	PrintAndLog("      i    (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");
 	PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");
 	PrintAndLog("      e    (Optional) Fill simulator keys from what we crack");
+	PrintAndLog("      v    (Optional) Show maths used for cracking reader. Useful for debugging.");
 	PrintAndLog("samples:");
 	PrintAndLog("           hf mf sim u 0a0a0a0a");
 	PrintAndLog("           hf mf sim u 11223344556677");
@@ -1364,7 +1365,7 @@ int CmdHF14AMfChk(const char *Cmd) {
 #define ATTACK_KEY_COUNT 8
 sector *k_sector = NULL;
 uint8_t k_sectorsCount = 16;
-void readerAttack(nonces_t data[], bool setEmulatorMem) {
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths) {
 
 	// initialize storage for found keys
 	if (k_sector == NULL)
@@ -1413,7 +1414,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) {
 			}
 #endif
 			//moebius attack			
-			if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) {
+			if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, showMaths)) {
 				uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;
 				uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;
 
@@ -1449,11 +1450,14 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 	uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
 	uint8_t exitAfterNReads = 0;
 	uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);
-	int uidlen = 0;	
+	int uidlen = 0;
 	bool setEmulatorMem = false;
 	uint8_t cmdp = 0;
 	bool errors = false;
 
+	// If set to true, we should show our workings when doing NR_AR_ATTACK.
+	bool showMaths = false;
+
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'e':
@@ -1485,6 +1489,11 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 			}
 			cmdp +=2;
 			break;
+		case 'v':
+		case 'V':
+			showMaths = true;
+			cmdp++;
+			break;
 		case 'x':
 		case 'X':
 			flags |= FLAG_NR_AR_ATTACK;
@@ -1524,7 +1533,7 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 			if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 
 			memcpy( data, resp.d.asBytes, sizeof(data) );			
-			readerAttack(data, setEmulatorMem);
+			readerAttack(data, setEmulatorMem, showMaths);
 		}
 		
 		if (k_sector != NULL) {

client/cmdhfmf.h

@@ -28,19 +28,19 @@
 #include "nonce2key/nonce2key.h"
 
 int CmdHFMF(const char *Cmd);
-
+
-int CmdHF14AMfDbg(const char* cmd);
+int CmdHF14AMfDbg(const char* cmd);
-int CmdHF14AMfRdBl(const char* cmd);
+int CmdHF14AMfRdBl(const char* cmd);
-int CmdHF14AMfURdBl(const char* cmd);
+int CmdHF14AMfURdBl(const char* cmd);
-int CmdHF14AMfRdSc(const char* cmd);
+int CmdHF14AMfRdSc(const char* cmd);
-int CmdHF14SMfURdCard(const char* cmd);
+int CmdHF14SMfURdCard(const char* cmd);
-int CmdHF14AMfDump(const char* cmd);
+int CmdHF14AMfDump(const char* cmd);
-int CmdHF14AMfRestore(const char* cmd);
+int CmdHF14AMfRestore(const char* cmd);
-int CmdHF14AMfWrBl(const char* cmd);
+int CmdHF14AMfWrBl(const char* cmd);
-int CmdHF14AMfUWrBl(const char* cmd);
+int CmdHF14AMfUWrBl(const char* cmd);
-int CmdHF14AMfChk(const char* cmd);
+int CmdHF14AMfChk(const char* cmd);
-int CmdHF14AMifare(const char* cmd);
+int CmdHF14AMifare(const char* cmd);
-int CmdHF14AMfNested(const char* cmd);
+int CmdHF14AMfNested(const char* cmd);
 int CmdHF14AMfNestedHard(const char *Cmd);
 int CmdHF14AMfSniff(const char* cmd);
 int CmdHF14AMf1kSim(const char* cmd);
@@ -60,6 +60,6 @@ int CmdHF14AMfCLoad(const char* cmd);
 int CmdHF14AMfCSave(const char* cmd);
 int CmdHf14MfDecryptBytes(const char *Cmd);
 
-void readerAttack(nonces_t data[], bool setEmulatorMem);
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths);
 void printKeyTable( uint8_t sectorscnt, sector *e_sector );
 #endif

client/nonce2key/nonce2key.c

@@ -208,7 +208,7 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) {
 	return isSuccess;
 }
 
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths) {
 	struct Crypto1State *s, *t;
 	uint64_t outkey  = 0;
 	uint64_t key 	 = 0;			     // recovered key
@@ -223,24 +223,28 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
 	bool isSuccess = FALSE;
 	int counter = 0;
 	
-	printf("Recovering key for:\n");
+	if (showMaths) {
-	printf("    uid: %08x\n",uid);
+		printf("Recovering key for:\n");
-	printf("   nt_0: %08x\n",nt0);
+		printf("    uid: %08x\n", uid);
-	printf(" {nr_0}: %08x\n",nr0_enc);
+		printf("   nt_0: %08x\n", nt0);
-	printf(" {ar_0}: %08x\n",ar0_enc);
+		printf(" {nr_0}: %08x\n", nr0_enc);
-	printf("   nt_1: %08x\n",nt1);
+		printf(" {ar_0}: %08x\n", ar0_enc);
-	printf(" {nr_1}: %08x\n",nr1_enc);
+		printf("   nt_1: %08x\n", nt1);
-	printf(" {ar_1}: %08x\n",ar1_enc);
+		printf(" {nr_1}: %08x\n", nr1_enc);
+		printf(" {ar_1}: %08x\n", ar1_enc);
+	}
 
 	//PrintAndLog("Enter mfkey32_moebius");
 	clock_t t1 = clock();
 
-	printf("\nLFSR succesors of the tag challenge:\n");
 	uint32_t p640 = prng_successor(nt0, 64);
 	uint32_t p641 = prng_successor(nt1, 64);
 	
-	printf("  nt': %08x\n", p640);
+	if (showMaths) {
-	printf(" nt'': %08x\n", prng_successor(p640, 32));
+		printf("\nLFSR succesors of the tag challenge:\n");
+		printf("  nt': %08x\n", p640);
+		printf(" nt'': %08x\n", prng_successor(p640, 32));
+	}
 	
 	s = lfsr_recovery32(ar0_enc ^ p640, 0);
   

client/nonce2key/nonce2key.h

@@ -28,7 +28,7 @@ extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t
 
 //iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim"
 bool tryMfk32(nonces_t data, uint64_t *outputkey );
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey );  // <<-- this one has best success
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths );  // <<-- this one has best success
 int tryMfk64_ex(uint8_t *data, uint64_t *outputkey );
 int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
 #endif