From 810a89c4df8098b58d24ae29b94b866fc38ca8c3 Mon Sep 17 00:00:00 2001 From: Jin Jia Date: Wed, 4 Jan 2023 07:11:48 +0000 Subject: [PATCH 1/3] Added Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 --- armsrc/mifaresim.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index c2f81df21..ad975381b 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -46,6 +46,15 @@ #include "dbprint.h" #include "ticks.h" +static bool IsKeyBReadable(uint8_t blockNo) { + uint8_t sector_trailer[16]; + emlGetMem(sector_trailer, SectorTrailer(blockNo), 1); + uint8_t AC = ((sector_trailer[7] >> 5) & 0x04) + | ((sector_trailer[8] >> 2) & 0x02) + | ((sector_trailer[8] >> 7) & 0x01); + return (AC == 0x00 || AC == 0x01 || AC == 0x02); +} + static bool IsTrailerAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) { uint8_t sector_trailer[16]; emlGetMem(sector_trailer, blockNo, 1); @@ -881,6 +890,17 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 Dbprintf("[MFEMUL_WORK] Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], cardAUTHSC); break; } + + // Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 + // If access bits show that key B is Readable, any subsequent memory access will be refused. + if (cardAUTHKEY == keyB && IsKeyBReadable(blockNo)) { + EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); + FpgaDisableTracing(); + + if (g_dbglevel >= DBG_ERROR) + Dbprintf("[MFEMUL_WORK] Access denied: Reader tried to access memory on authentication with key B while key B is readable in sector (0x%02x)", cardAUTHSC); + break; + } } // case MFEMUL_WORK => CMD READ block From 949ef8435e9eba27e7766c917d5cbb7c23ef1782 Mon Sep 17 00:00:00 2001 From: Jin Jia Date: Wed, 4 Jan 2023 07:19:29 +0000 Subject: [PATCH 2/3] changed keyB in line 896 to the correct macro --- armsrc/mifaresim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index ad975381b..71195aa62 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -893,7 +893,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 // Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 // If access bits show that key B is Readable, any subsequent memory access will be refused. - if (cardAUTHKEY == keyB && IsKeyBReadable(blockNo)) { + if (cardAUTHKEY == AUTHKEYB && IsKeyBReadable(blockNo)) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); FpgaDisableTracing(); From 303dbae85bd9c88c8e34726c6fb0f818ec89c315 Mon Sep 17 00:00:00 2001 From: Jin Jia Date: Fri, 6 Jan 2023 06:26:21 +0000 Subject: [PATCH 3/3] Fixed a warning on uninitialized variable --- armsrc/mifaresim.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 71195aa62..81f26c5cb 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -881,8 +881,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 break; } */ - - if (MifareBlockToSector(receivedCmd_dec[1]) != cardAUTHSC) { + blockNo = receivedCmd_dec[1]; + if (MifareBlockToSector(blockNo) != cardAUTHSC) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); FpgaDisableTracing(); @@ -893,6 +893,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 // Compliance of MIFARE Classic EV1 1K Datasheet footnote of Table 8 // If access bits show that key B is Readable, any subsequent memory access will be refused. + if (cardAUTHKEY == AUTHKEYB && IsKeyBReadable(blockNo)) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); FpgaDisableTracing();