chg: 'hf mf fchk' - depth first search

armsrc/mifarecmd.c

@@ -1131,12 +1131,12 @@ void chkKey_scanA(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, ui
 			found[(s*2)] = 1; 
 			++*foundkeys; 
 			
-			if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan A (%d)", c->block);
+			if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan A found (%d)", c->block);
 		}
 	} 
 }
 
- void chkKey_scanB(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, uint8_t *sectorcnt, uint8_t *foundkeys) { 
+void chkKey_scanB(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, uint8_t *sectorcnt, uint8_t *foundkeys) { 
 	uint8_t status;	
 	for (uint8_t s = 0; s < *sectorcnt; s++) { 
 
@@ -1151,7 +1151,7 @@ void chkKey_scanA(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, ui
 			found[(s*2)+1] = 1; 
 			++*foundkeys; 
 			
-			if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan B (%d)", c->block);
+			if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan B found (%d)", c->block);
 		}
 	} 
 }
@@ -1171,7 +1171,7 @@ void chkKey_loopBonly(struct chk_t *c, struct sector_t *k_sector, uint8_t *found
 				found[(s*2)+1] = 1;
 				++*foundkeys;
 
-				if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Loop B only (%d)", c->block);		
+				if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Reading B found (%d)", c->block);		
 
 				// try quick find all B?
 				// assume: keys comes in groups. Find one B, test against all B.
@@ -1256,54 +1256,65 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da
 	chk_data.pcs = pcs;
 	chk_data.block = 0;
 	
-	// keychunk loop - depth first for sector0.
+	
+	// keychunk loop - depth first one sector.
 	if ( strategy == 1 ) {
-		for (uint8_t i = 0; i < keyCount; ++i) {
-			// Allow button press / usb cmd to interrupt device
-			if (BUTTON_PRESS() && !usb_poll_validate_length()) {
-				goto OUT;
-			}
+		// Sector main loop
+		// keep track of how many sectors on card.
+		for (uint8_t s = 0; s < sectorcnt; ++s) {
+
+			if ( found[(s*2)] && found[(s*2)+1] )  
+				continue;
 
-			WDT_HIT();
-		
-			// new key
-			chk_data.key = bytes_to_num(datain + i * 6, 6);
-			// those scans messes with block.
-			chk_data.block = 0;
 			// assume: block0,1,2 has more read rights in accessbits than the sectortrailer. authenticating against block0 in each sector
+			chk_data.block = FirstBlockOfSector( s );
 
-			// skip already found A keys 
-			if( !found[0] ) {
-				chk_data.keyType = 0;
-				status = chkKey( &chk_data);
-				if ( status == 0 ) {
-					memcpy(k_sector[0].keyA, datain + i * 6, 6);
-					found[0] = 1;
-					++foundkeys;
-					
-					chkKey_scanA(&chk_data, k_sector, found, &sectorcnt, &foundkeys);
-					
-					// read Block B, if A is found.
-					chkKey_loopBonly( &chk_data, k_sector, found, &sectorcnt, &foundkeys);
-					
-					chk_data.block = 0;
+			for (uint8_t i = 0; i < keyCount; ++i) {
+				// Allow button press / usb cmd to interrupt device
+				if (BUTTON_PRESS() && !usb_poll_validate_length()) {
+					goto OUT;
 				}
-			}
+
+				WDT_HIT();
 			
-			// skip already found B keys 
-			if( !found[1] ) {
-				chk_data.keyType = 1;
-				status = chkKey( &chk_data);
-				if ( status == 0 ) {
-					memcpy(k_sector[0].keyB, datain + i * 6, 6);
-					found[1] = 1;
-					++foundkeys;
-					
-					chkKey_scanB(&chk_data, k_sector, found, &sectorcnt, &foundkeys);
+				// new key
+				chk_data.key = bytes_to_num(datain + i * 6, 6);
+
+				// assume: block0,1,2 has more read rights in accessbits than the sectortrailer. authenticating against block0 in each sector
+
+				// skip already found A keys 
+				if( !found[(s*2)] ) {
+					chk_data.keyType = 0;
+					status = chkKey( &chk_data);
+					if ( status == 0 ) {
+						memcpy(k_sector[s].keyA, datain + i * 6, 6);
+						found[(s*2)] = 1;
+						++foundkeys;
+						
+						chkKey_scanA(&chk_data, k_sector, found, &sectorcnt, &foundkeys);
+						
+						// read Block B, if A is found.
+						chkKey_loopBonly( &chk_data, k_sector, found, &sectorcnt, &foundkeys);
+						
+						chk_data.block = FirstBlockOfSector( s );
+					}
 				}
-			}
-		} // end look - depth first
-	} // strategy 1
+				
+				// skip already found B keys 
+				if( !found[(s*2)+1] ) {
+					chk_data.keyType = 1;
+					status = chkKey( &chk_data);
+					if ( status == 0 ) {
+						memcpy(k_sector[s].keyB, datain + i * 6, 6);
+						found[(s*2)+1] = 1;
+						++foundkeys;
+						
+						chkKey_scanB(&chk_data, k_sector, found, &sectorcnt, &foundkeys);
+					}
+				}
+			} // end loop - depth first
+		} // end loop - sector
+	} // end strategy 1
 
 	if ( strategy == 2 ) {
 		// Keychunk loop

client/cmdanalyse.c

@@ -418,6 +418,24 @@ int CmdAnalyseTEASelfTest(const char *Cmd){
 
 int CmdAnalyseA(const char *Cmd){
 	
+	bool term = !isatty(STDIN_FILENO);
+	if (!term) {
+		char star[4];
+		star[0] = '-';
+		star[1] = '\\';
+		star[2] = '|';
+		star[4] = '/';
+		
+		for (uint8_t k=0; k<5; k = (k+1) % 4 ) {
+			printf("\e[s%c\e[u", star[k]);
+			fflush(stdout);
+			if (ukbhit()) {
+				int gc = getchar(); (void)gc;
+				break;
+			}
+		}
+	}
+	
 //piwi
 // uid(2e086b1a) nt(230736f6) ks(0b0008000804000e) nr(000000000)
 // uid(2e086b1a) nt(230736f6) ks(0e0b0e0b090c0d02) nr(000000001)

client/cmdanalyse.h

@@ -13,6 +13,7 @@
 
 #include <stdlib.h>  //size_t
 #include <string.h>
+#include <unistd.h>
 #include "cmdmain.h"
 #include "proxmark3.h"
 #include "ui.h"		// PrintAndLog

client/cmdcrc.c

@@ -89,10 +89,10 @@ int GetModels(char *Models[], int *count, uint8_t *width){
 	int Cnt = 0;
 	if (width[0] == 0) { //reveng -D
 		*count = mcount();
-		if(!*count)
+		if (!*count)
 			return uerr("no preset models available");
 
-		for(int mode = 0; mode < *count; ++mode) {
+		for (int mode = 0; mode < *count; ++mode) {
 			mbynum(&model, mode);
 			mcanon(&model);
 			size_t size = (model.name && *model.name) ? strlen(model.name) : 6;
@@ -107,20 +107,20 @@ int GetModels(char *Models[], int *count, uint8_t *width){
 		mfree(&model);
 	} else { //reveng -s
 
-		if(~model.flags & P_MULXN)
+		if (~model.flags & P_MULXN)
 			return uerr("cannot search for non-Williams compliant models");
 
 		praloc(&model.spoly, (unsigned long)width[0]);
 		praloc(&model.init, (unsigned long)width[0]);
 		praloc(&model.xorout, (unsigned long)width[0]);
 
-		if(!plen(model.spoly))
+		if (!plen(model.spoly))
 			palloc(&model.spoly, (unsigned long)width[0]);
 		else
 			width[0] = (uint8_t)plen(model.spoly);
 
 		/* special case if qpoly is zero, search to end of range */
-		if(!ptst(qpoly))
+		if (!ptst(qpoly))
 			rflags &= ~R_HAVEQ;
 
 		/* if endianness not specified, try
@@ -135,7 +135,7 @@ int GetModels(char *Models[], int *count, uint8_t *width){
 			do {
 				psets = mcount();
 
-				while(psets) {
+				while (psets) {
 					mbynum(&pset, --psets);
 					
 					/* skip if different width, or refin or refout don't match */

client/cmdhfmf.c

@@ -1272,7 +1272,7 @@ int CmdHF14AMfChk_fast(const char *Cmd) {
 					if ( keyitems - keycnt < 2) {
 						p = realloc(keyBlock, 6 * (keyitems += 64));
 						if (!p) {
-							PrintAndLog("Cannot allocate memory for defKeys");
+							PrintAndLog("Cannot allocate memory for default keys");
 							free(keyBlock);
 							fclose(f);
 							return 2;
@@ -1372,11 +1372,11 @@ int CmdHF14AMfChk_fast(const char *Cmd) {
 			// all keys?		
 			if ( curr_keys == SectorsCnt*2 || lastChunk ) {
 				memcpy(e_sector, resp.d.asBytes, SectorsCnt * sizeof(icesector_t) );
-				break;
+				goto out;
 			}
 		}
 	}
-
+out: 
 	t1 = msclock() - t1;
 	PrintAndLog("[+] Time in checkkeys (fast):  %.1fs\n", (float)(t1/1000.0));