From d32691f1da1dd27190f0ece96b17080ae46f835d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 25 Feb 2017 23:00:20 +0100 Subject: [PATCH] FIX: `hf mf sim` - authentication works again. CHG: `lf em`- renamed. CHG: removed functionality in whereami.c, not needed. --- armsrc/iso14443a.c | 51 +++++++++++++++++++++++++-------------------- armsrc/mifareutil.c | 2 +- client/cmdlf.c | 5 ++--- client/whereami.c | 5 +++-- 4 files changed, 34 insertions(+), 29 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 425352b9a..877b9591f 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1,4 +1,4 @@ - //----------------------------------------------------------------------------- + //----------------------------------------------------------------------------- // Merlok - June 2011, 2012 // Gerhard de Koning Gans - May 2008 // Hagen Fritsch - June 2010 @@ -2791,34 +2791,37 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } } - /* - // Interactive mode flag, means we need to send ACK + crypto1_word(pcs, nr , 1); + uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0); - crypto1_word(pcs, ar , 1); - cardRr = nr ^ crypto1_word(pcs, 0, 0); - - test if auth OK + //test if auth OK if (cardRr != prng_successor(nonce, 64)){ - if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", - cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B', - cardRr, prng_successor(nonce, 64)); - Shouldn't we respond anything here? - Right now, we don't nack or anything, which causes the - reader to do a WUPA after a while. /Martin - -- which is the correct response. /piwi + if (MF_DBGLEVEL >= 3) + Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x cardRr=%08x] [nt=%08x succ=%08x]" + , cardAUTHSC + , (cardAUTHKEY == 0) ? 'A' : 'B' + , nr + , cardRr + , nonce // nt + , prng_successor(nonce, 64) + + ); + // Shouldn't we respond anything here? + // Right now, we don't nack or anything, which causes the + // reader to do a WUPA after a while. /Martin + // -- which is the correct response. /piwi cardSTATE_TO_IDLE(); LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); break; } - */ ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0); num_to_bytes(ans, 4, rAUTH_AT); EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT)); LED_C_ON(); - if (MF_DBGLEVEL >= 4) { + if (MF_DBGLEVEL >= 1) { Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d", cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B', @@ -2842,24 +2845,26 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * receivedCmd[0] == MIFARE_AUTH_KEYB) ) { authTimer = GetTickCount(); - cardAUTHSC = receivedCmd[1] / 4; // received block num - cardAUTHKEY = receivedCmd[0] - 0x60; // & 1 + cardAUTHSC = receivedCmd[1] / 4; // received block -> sector + cardAUTHKEY = receivedCmd[0] & 0x1; crypto1_destroy(pcs); + + // load key into crypto crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY)); if (!encrypted_data) { // first authentication - crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state - num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce - - if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY ); + // Update crypto state init (UID ^ NONCE) + crypto1_word(pcs, cuid ^ nonce, 0); + num_to_bytes(nonce, 4, rAUTH_AT); + } } else { // nested authentication ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); num_to_bytes(ans, 4, rAUTH_AT); - if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY ); + if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", receivedCmd[1], receivedCmd[1], cardAUTHKEY == 0 ? 'A' : 'B'); } EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT)); diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 434227ba5..5d4aa88dc 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -157,7 +157,7 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN // some statistic if (!ntptr && (MF_DBGLEVEL >= 3)) - Dbprintf("auth uid: %08x nt: %08x", uid, nt); + Dbprintf("auth uid: %08x | nr: %08x | nt: %08x", uid, nr, nt); // save Nt if (ntptr) diff --git a/client/cmdlf.c b/client/cmdlf.c index 7b908e9f4..b3debf1c7 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -1226,13 +1226,12 @@ int CmdLFfind(const char *Cmd) { return 0; } -static command_t CommandTable[] = -{ +static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"animal", CmdLFFdx, 1, "{ Animal RFIDs... }"}, {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"}, {"cotag", CmdLFCOTAG, 1, "{ COTAG RFIDs... }"}, - {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, + {"em", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, {"guard", CmdLFGuard, 1, "{ Guardall RFIDs... }"}, {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"}, diff --git a/client/whereami.c b/client/whereami.c index 05f58e253..8f4c71916 100644 --- a/client/whereami.c +++ b/client/whereami.c @@ -135,6 +135,7 @@ int WAI_PREFIX(getExecutablePath)(char* out, int capacity, int* dirname_length) return WAI_PREFIX(getModulePath_)(NULL, out, capacity, dirname_length); } +/* WAI_NOINLINE WAI_FUNCSPEC int WAI_PREFIX(getModulePath)(char* out, int capacity, int* dirname_length) @@ -146,8 +147,7 @@ int WAI_PREFIX(getModulePath)(char* out, int capacity, int* dirname_length) #pragma warning(push) #pragma warning(disable: 4054) #endif -// if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCTSTR)WAI_RETURN_ADDRESS(), &module)) - module = GetModuleHandle("proxmark3.exe"); + if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCTSTR)WAI_RETURN_ADDRESS(), &module)) #if defined(_MSC_VER) #pragma warning(pop) #endif @@ -157,6 +157,7 @@ int WAI_PREFIX(getModulePath)(char* out, int capacity, int* dirname_length) return length; } +*/ #elif defined(__linux__)