mirror of
https://github.com/DarkFlippers/unleashed-firmware
synced 2024-11-23 13:03:13 +00:00
Merge remote-tracking branch 'flipperdevices/astra/3284-mifare-classic-fix-read' into dev
This commit is contained in:
commit
3b02dd316d
2 changed files with 36 additions and 8 deletions
|
@ -741,7 +741,8 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
|
|||
if(mf_classic_authenticate_skip_activate(
|
||||
&tx_rx, block_num, key, MfClassicKeyA, !deactivated, cuid)) {
|
||||
mf_classic_set_key_found(data, i, MfClassicKeyA, key);
|
||||
FURI_LOG_D(TAG, "Key A found");
|
||||
FURI_LOG_D(
|
||||
TAG, "Key A found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
|
||||
nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context);
|
||||
|
||||
uint64_t found_key;
|
||||
|
@ -763,8 +764,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
|
|||
deactivated = true;
|
||||
} else {
|
||||
// If the key A is marked as found and matches the searching key, invalidate it
|
||||
uint8_t found_key[6];
|
||||
memcpy(found_key, data->block[i].value, 6);
|
||||
|
||||
uint8_t current_key[6];
|
||||
memcpy(current_key, &key, 6);
|
||||
|
||||
if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
|
||||
data->block[i].value[0] == key) {
|
||||
found_key == current_key) {
|
||||
mf_classic_set_key_not_found(data, i, MfClassicKeyA);
|
||||
is_key_a_found = false;
|
||||
FURI_LOG_D(TAG, "Key %dA not found in attack", i);
|
||||
|
@ -774,7 +781,8 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
|
|||
is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB);
|
||||
if(mf_classic_authenticate_skip_activate(
|
||||
&tx_rx, block_num, key, MfClassicKeyB, !deactivated, cuid)) {
|
||||
FURI_LOG_D(TAG, "Key B found");
|
||||
FURI_LOG_D(
|
||||
TAG, "Key B found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
|
||||
mf_classic_set_key_found(data, i, MfClassicKeyB, key);
|
||||
nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context);
|
||||
nfc_worker_mf_classic_key_attack(nfc_worker, key, &tx_rx, i + 1);
|
||||
|
@ -782,8 +790,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
|
|||
deactivated = true;
|
||||
} else {
|
||||
// If the key B is marked as found and matches the searching key, invalidate it
|
||||
uint8_t found_key[6];
|
||||
memcpy(found_key, data->block[i].value + 10, 6);
|
||||
|
||||
uint8_t current_key[6];
|
||||
memcpy(current_key, &key, 6);
|
||||
|
||||
if(mf_classic_is_key_found(data, i, MfClassicKeyB) &&
|
||||
data->block[i].value[10] == key) {
|
||||
found_key == current_key) {
|
||||
mf_classic_set_key_not_found(data, i, MfClassicKeyB);
|
||||
is_key_b_found = false;
|
||||
FURI_LOG_D(TAG, "Key %dB not found in attack", i);
|
||||
|
|
|
@ -892,11 +892,25 @@ bool mf_classic_emulator(MfClassicEmulator* emulator, FuriHalNfcTxRxContext* tx_
|
|||
MfClassicSectorTrailer* sector_trailer =
|
||||
(MfClassicSectorTrailer*)emulator->data.block[sector_trailer_block].value;
|
||||
if(cmd == MF_CLASSIC_AUTH_KEY_A_CMD) {
|
||||
key = nfc_util_bytes2num(sector_trailer->key_a, 6);
|
||||
access_key = MfClassicKeyA;
|
||||
if(mf_classic_is_key_found(
|
||||
&emulator->data, mf_classic_get_sector_by_block(block), MfClassicKeyA)) {
|
||||
key = nfc_util_bytes2num(sector_trailer->key_a, 6);
|
||||
access_key = MfClassicKeyA;
|
||||
} else {
|
||||
FURI_LOG_D(TAG, "Key not known");
|
||||
command_processed = true;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
key = nfc_util_bytes2num(sector_trailer->key_b, 6);
|
||||
access_key = MfClassicKeyB;
|
||||
if(mf_classic_is_key_found(
|
||||
&emulator->data, mf_classic_get_sector_by_block(block), MfClassicKeyB)) {
|
||||
key = nfc_util_bytes2num(sector_trailer->key_b, 6);
|
||||
access_key = MfClassicKeyB;
|
||||
} else {
|
||||
FURI_LOG_D(TAG, "Key not known");
|
||||
command_processed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
uint32_t nonce = prng_successor(DWT->CYCCNT, 32) ^ 0xAA;
|
||||
|
|
Loading…
Reference in a new issue