From dd024b53001ed7bf267f3ae09bac4e776995d0cc Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 11 Dec 2017 21:43:29 +0100 Subject: [PATCH] chg: 'hf mf fchk' - depth first search --- armsrc/mifarecmd.c | 101 ++++++++++++++++++++++++-------------------- client/cmdanalyse.c | 18 ++++++++ client/cmdanalyse.h | 1 + client/cmdcrc.c | 12 +++--- client/cmdhfmf.c | 6 +-- 5 files changed, 84 insertions(+), 54 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 7ce0b76a6..5e18e8838 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1131,12 +1131,12 @@ void chkKey_scanA(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, ui found[(s*2)] = 1; ++*foundkeys; - if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan A (%d)", c->block); + if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan A found (%d)", c->block); } } } - void chkKey_scanB(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, uint8_t *sectorcnt, uint8_t *foundkeys) { +void chkKey_scanB(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, uint8_t *sectorcnt, uint8_t *foundkeys) { uint8_t status; for (uint8_t s = 0; s < *sectorcnt; s++) { @@ -1151,7 +1151,7 @@ void chkKey_scanA(struct chk_t *c, struct sector_t *k_sector, uint8_t *found, ui found[(s*2)+1] = 1; ++*foundkeys; - if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan B (%d)", c->block); + if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Scan B found (%d)", c->block); } } } @@ -1171,7 +1171,7 @@ void chkKey_loopBonly(struct chk_t *c, struct sector_t *k_sector, uint8_t *found found[(s*2)+1] = 1; ++*foundkeys; - if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Loop B only (%d)", c->block); + if (MF_DBGLEVEL >= 3) Dbprintf("ChkKeys_fast: Reading B found (%d)", c->block); // try quick find all B? // assume: keys comes in groups. Find one B, test against all B. @@ -1256,54 +1256,65 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da chk_data.pcs = pcs; chk_data.block = 0; - // keychunk loop - depth first for sector0. + + // keychunk loop - depth first one sector. if ( strategy == 1 ) { - for (uint8_t i = 0; i < keyCount; ++i) { - // Allow button press / usb cmd to interrupt device - if (BUTTON_PRESS() && !usb_poll_validate_length()) { - goto OUT; - } + // Sector main loop + // keep track of how many sectors on card. + for (uint8_t s = 0; s < sectorcnt; ++s) { + + if ( found[(s*2)] && found[(s*2)+1] ) + continue; - WDT_HIT(); - - // new key - chk_data.key = bytes_to_num(datain + i * 6, 6); - // those scans messes with block. - chk_data.block = 0; // assume: block0,1,2 has more read rights in accessbits than the sectortrailer. authenticating against block0 in each sector + chk_data.block = FirstBlockOfSector( s ); - // skip already found A keys - if( !found[0] ) { - chk_data.keyType = 0; - status = chkKey( &chk_data); - if ( status == 0 ) { - memcpy(k_sector[0].keyA, datain + i * 6, 6); - found[0] = 1; - ++foundkeys; - - chkKey_scanA(&chk_data, k_sector, found, §orcnt, &foundkeys); - - // read Block B, if A is found. - chkKey_loopBonly( &chk_data, k_sector, found, §orcnt, &foundkeys); - - chk_data.block = 0; + for (uint8_t i = 0; i < keyCount; ++i) { + // Allow button press / usb cmd to interrupt device + if (BUTTON_PRESS() && !usb_poll_validate_length()) { + goto OUT; } - } + + WDT_HIT(); - // skip already found B keys - if( !found[1] ) { - chk_data.keyType = 1; - status = chkKey( &chk_data); - if ( status == 0 ) { - memcpy(k_sector[0].keyB, datain + i * 6, 6); - found[1] = 1; - ++foundkeys; - - chkKey_scanB(&chk_data, k_sector, found, §orcnt, &foundkeys); + // new key + chk_data.key = bytes_to_num(datain + i * 6, 6); + + // assume: block0,1,2 has more read rights in accessbits than the sectortrailer. authenticating against block0 in each sector + + // skip already found A keys + if( !found[(s*2)] ) { + chk_data.keyType = 0; + status = chkKey( &chk_data); + if ( status == 0 ) { + memcpy(k_sector[s].keyA, datain + i * 6, 6); + found[(s*2)] = 1; + ++foundkeys; + + chkKey_scanA(&chk_data, k_sector, found, §orcnt, &foundkeys); + + // read Block B, if A is found. + chkKey_loopBonly( &chk_data, k_sector, found, §orcnt, &foundkeys); + + chk_data.block = FirstBlockOfSector( s ); + } } - } - } // end look - depth first - } // strategy 1 + + // skip already found B keys + if( !found[(s*2)+1] ) { + chk_data.keyType = 1; + status = chkKey( &chk_data); + if ( status == 0 ) { + memcpy(k_sector[s].keyB, datain + i * 6, 6); + found[(s*2)+1] = 1; + ++foundkeys; + + chkKey_scanB(&chk_data, k_sector, found, §orcnt, &foundkeys); + } + } + } // end loop - depth first + } // end loop - sector + } // end strategy 1 if ( strategy == 2 ) { // Keychunk loop diff --git a/client/cmdanalyse.c b/client/cmdanalyse.c index 45659591c..0ad8cf709 100644 --- a/client/cmdanalyse.c +++ b/client/cmdanalyse.c @@ -418,6 +418,24 @@ int CmdAnalyseTEASelfTest(const char *Cmd){ int CmdAnalyseA(const char *Cmd){ + bool term = !isatty(STDIN_FILENO); + if (!term) { + char star[4]; + star[0] = '-'; + star[1] = '\\'; + star[2] = '|'; + star[4] = '/'; + + for (uint8_t k=0; k<5; k = (k+1) % 4 ) { + printf("\e[s%c\e[u", star[k]); + fflush(stdout); + if (ukbhit()) { + int gc = getchar(); (void)gc; + break; + } + } + } + //piwi // uid(2e086b1a) nt(230736f6) ks(0b0008000804000e) nr(000000000) // uid(2e086b1a) nt(230736f6) ks(0e0b0e0b090c0d02) nr(000000001) diff --git a/client/cmdanalyse.h b/client/cmdanalyse.h index 2cfbd2c19..2249028ff 100644 --- a/client/cmdanalyse.h +++ b/client/cmdanalyse.h @@ -13,6 +13,7 @@ #include //size_t #include +#include #include "cmdmain.h" #include "proxmark3.h" #include "ui.h" // PrintAndLog diff --git a/client/cmdcrc.c b/client/cmdcrc.c index fc0b80312..fcf5ae309 100644 --- a/client/cmdcrc.c +++ b/client/cmdcrc.c @@ -89,10 +89,10 @@ int GetModels(char *Models[], int *count, uint8_t *width){ int Cnt = 0; if (width[0] == 0) { //reveng -D *count = mcount(); - if(!*count) + if (!*count) return uerr("no preset models available"); - for(int mode = 0; mode < *count; ++mode) { + for (int mode = 0; mode < *count; ++mode) { mbynum(&model, mode); mcanon(&model); size_t size = (model.name && *model.name) ? strlen(model.name) : 6; @@ -107,20 +107,20 @@ int GetModels(char *Models[], int *count, uint8_t *width){ mfree(&model); } else { //reveng -s - if(~model.flags & P_MULXN) + if (~model.flags & P_MULXN) return uerr("cannot search for non-Williams compliant models"); praloc(&model.spoly, (unsigned long)width[0]); praloc(&model.init, (unsigned long)width[0]); praloc(&model.xorout, (unsigned long)width[0]); - if(!plen(model.spoly)) + if (!plen(model.spoly)) palloc(&model.spoly, (unsigned long)width[0]); else width[0] = (uint8_t)plen(model.spoly); /* special case if qpoly is zero, search to end of range */ - if(!ptst(qpoly)) + if (!ptst(qpoly)) rflags &= ~R_HAVEQ; /* if endianness not specified, try @@ -135,7 +135,7 @@ int GetModels(char *Models[], int *count, uint8_t *width){ do { psets = mcount(); - while(psets) { + while (psets) { mbynum(&pset, --psets); /* skip if different width, or refin or refout don't match */ diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index dcff829b6..2ebfb388c 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1272,7 +1272,7 @@ int CmdHF14AMfChk_fast(const char *Cmd) { if ( keyitems - keycnt < 2) { p = realloc(keyBlock, 6 * (keyitems += 64)); if (!p) { - PrintAndLog("Cannot allocate memory for defKeys"); + PrintAndLog("Cannot allocate memory for default keys"); free(keyBlock); fclose(f); return 2; @@ -1372,11 +1372,11 @@ int CmdHF14AMfChk_fast(const char *Cmd) { // all keys? if ( curr_keys == SectorsCnt*2 || lastChunk ) { memcpy(e_sector, resp.d.asBytes, SectorsCnt * sizeof(icesector_t) ); - break; + goto out; } } } - +out: t1 = msclock() - t1; PrintAndLog("[+] Time in checkkeys (fast): %.1fs\n", (float)(t1/1000.0));