RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-23 13:37:35 +08:00
Code Issues Projects Releases Packages Wiki Activity

FIX: 'hf 14a reader' - detection of magic refactored, all test now assumes turn on/off readerfield.

Browse source
This commit is contained in:
iceman1001 2017-10-30 12:01:34 +01:00
parent 59fbf1e354
commit fdf1566c23
3 changed files with 29 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
client/cmdhf14a.c
View file

@ -169,14 +169,13 @@ int CmdHF14AList(const char *Cmd) {
int CmdHF14AReader(const char *Cmd) { int CmdHF14AReader(const char *Cmd) {
bool silent = (Cmd[0] == 's' || Cmd[0] == 'S'); bool silent = (Cmd[0] == 's' || Cmd[0] == 'S');
UsbCommand cDisconnect = {CMD_READER_ISO_14443a, {0,0,0}};
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
UsbCommand resp; UsbCommand resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
if (!silent) PrintAndLog("iso14443a card select failed"); if (!silent) PrintAndLog("iso14443a card select failed");
SendCommand(&cDisconnect); ul_switch_off_field();
return 0; return 0;
} }
@ -193,14 +192,14 @@ int CmdHF14AReader(const char *Cmd) {
if (select_status == 0) { if (select_status == 0) {
if (!silent) PrintAndLog("iso14443a card select failed"); if (!silent) PrintAndLog("iso14443a card select failed");
SendCommand(&cDisconnect); ul_switch_off_field();
return 0; return 0;
} }
if (select_status == 3) { if (select_status == 3) {
PrintAndLog("Card doesn't support standard iso14443-3 anticollision"); PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
SendCommand(&cDisconnect); ul_switch_off_field();
return 0; return 0;
} }
@ -384,27 +383,7 @@ int CmdHF14AReader(const char *Cmd) {
PrintAndLog("proprietary non iso14443-4 card found, RATS not supported"); PrintAndLog("proprietary non iso14443-4 card found, RATS not supported");
} }
detect_classic_magic();
// try to see if card responses to "chinese magic backdoor" commands.
uint8_t isGeneration = 0;
clearCommandBuffer();
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500))
isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break;
case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break;
//case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break;
default: PrintAndLog("Answers to magic commands: NO"); break;
}
// disconnect
//SendCommand(&cDisconnect);
if (isMifareClassic) { if (isMifareClassic) {
if ( detect_classic_prng() ) if ( detect_classic_prng() )
@ -706,7 +685,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
// Max buffer is USB_CMD_DATA_SIZE // Max buffer is USB_CMD_DATA_SIZE
datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen; datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
c.arg[1] = (datalen & 0xFFFF) | (uint32_t)(numbits << 16); c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)(numbits << 16));
memcpy(c.d.asBytes, data, datalen); memcpy(c.d.asBytes, data, datalen);
clearCommandBuffer(); clearCommandBuffer();

26
client/mifarehost.c
View file

@ -826,7 +826,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack) * TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key) * FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
*/ */
bool detect_classic_prng(){ bool detect_classic_prng(void){
UsbCommand resp, respA; UsbCommand resp, respA;
uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00}; uint8_t cmd[] = {MIFARE_AUTH_KEYA, 0x00};
@ -849,10 +849,8 @@ bool detect_classic_prng(){
uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);
return validate_prng_nonce(nonce); return validate_prng_nonce(nonce);
} }
/* Detect Mifare Classic NACK bug /* Detect Mifare Classic NACK bug */
* bool detect_classic_nackbug(void){
*/
bool detect_classic_nackbug(){
// get nonce? // get nonce?
@ -861,3 +859,21 @@ bool detect_classic_nackbug(){
return false; return false;
} }
/* try to see if card responses to "chinese magic backdoor" commands. */
void detect_classic_magic(void) {
uint8_t isGeneration = 0;
UsbCommand resp;
UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500))
isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break;
case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break;
//case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break;
default: PrintAndLog("Answers to magic commands: NO"); break;
}
}

4
client/mifarehost.h
View file

@ -94,5 +94,7 @@ extern int loadTraceCard(uint8_t *tuid, uint8_t uidlen);
extern int saveTraceCard(void); extern int saveTraceCard(void);
extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);
extern bool detect_classic_prng(); extern bool detect_classic_prng(void);
extern bool detect_classic_nackbug(void);
extern void detect_classic_magic(void);
#endif #endif