From bfe2cff383eef5caacda3392a0519c5d31df7e9e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 15 May 2019 07:47:46 -0400 Subject: [PATCH] chg: hf mf nack - now uses NG --- armsrc/iso14443a.c | 18 ++++++++++++++---- armsrc/mifarecmd.c | 2 +- client/mifare/mifarehost.c | 17 ++++++++++------- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 4560348b3..aace17db7 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2806,8 +2806,8 @@ void DetectNACKbug() { uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough uint32_t nt = 0, previous_nt = 0, nt_attacked = 0, cuid = 0; - int32_t isOK = 0, catch_up_cycles = 0, last_catch_up = 0; - uint8_t cascade_levels = 0, num_nacks = 0; + int32_t catch_up_cycles = 0, last_catch_up = 0; + uint8_t cascade_levels = 0, num_nacks = 0, isOK = 0; uint16_t elapsed_prng_sequences = 1; uint16_t consecutive_resyncs = 0; uint16_t unexpected_random = 0; @@ -2816,6 +2816,8 @@ void DetectNACKbug() { bool have_uid = false; bool received_nack; + int32_t status = PM3_SUCCESS; + // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces). int32_t sync_cycles = PRNG_SEQUENCE_LENGTH; @@ -2843,7 +2845,7 @@ void DetectNACKbug() { // Test if the action was cancelled if (BUTTON_PRESS()) { - isOK = 99; + status = PM3_EOPABORTED; break; } @@ -3001,6 +3003,7 @@ void DetectNACKbug() { // tried all 256 possible parities without success. if (par[0] == 0) { + // did we get one NACK? if (num_nacks == 1) isOK = 1; break; @@ -3012,8 +3015,15 @@ void DetectNACKbug() { // num_nacks = number of nacks recieved. should be only 1. if not its a clone card which always sends NACK (parity == 0) ? // i = number of authentications sent. Not always 256, since we are trying to sync but close to it. - reply_mix(CMD_ACK, isOK, num_nacks, i, 0, 0); + uint8_t *data = BigBuf_malloc(4); + data[0] = isOK; + data[1] = num_nacks; + num_to_bytes(i, 2, data + 2); + reply_ng(CMD_MIFARE_NACK_DETECT, status, data, 4); + + //reply_mix(CMD_ACK, isOK, num_nacks, i, 0, 0); + BigBuf_free(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); set_tracing(false); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 52e08f83e..df041683f 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1998,7 +1998,7 @@ void OnSuccessMagic() { } void OnErrorMagic(uint8_t reason) { // ACK, ISOK, reason,0,0,0 - reply_old(CMD_ACK, 0, reason, 0, 0, 0); + reply_mix(CMD_ACK, 0, reason, 0, 0, 0); OnSuccessMagic(); } diff --git a/client/mifare/mifarehost.c b/client/mifare/mifarehost.c index 078eb467a..2fa5b0775 100644 --- a/client/mifare/mifarehost.c +++ b/client/mifare/mifarehost.c @@ -921,10 +921,16 @@ int detect_classic_nackbug(bool verbose) { return PM3_EOPABORTED; } - if (WaitForResponseTimeout(CMD_ACK, &resp, 500)) { - int32_t ok = resp.oldarg[0]; - uint32_t nacks = resp.oldarg[1]; - uint32_t auths = resp.oldarg[2]; + if (WaitForResponseTimeout(CMD_MIFARE_NACK_DETECT, &resp, 500)) { + + if ( resp.status == PM3_EOPABORTED ) { + PrintAndLogEx(WARNING, "button pressed. Aborted."); + return PM3_EOPABORTED; + } + + uint8_t ok = resp.data.asBytes[0]; + uint8_t nacks = resp.data.asBytes[1]; + uint16_t auths = bytes_to_num(resp.data.asBytes + 2, 2); PrintAndLogEx(NORMAL, ""); if (verbose) { @@ -932,9 +938,6 @@ int detect_classic_nackbug(bool verbose) { PrintAndLogEx(SUCCESS, "num of received NACK : %u", nacks); } switch (ok) { - case 99 : - PrintAndLogEx(WARNING, "button pressed. Aborted."); - return PM3_EOPABORTED; case 96 : case 98 : { if (verbose)