From 2282587c15291246baa608744e9bbcbaed9b2a6d Mon Sep 17 00:00:00 2001 From: noproto Date: Tue, 29 Oct 2024 14:07:16 -0400 Subject: [PATCH 1/4] Mark TODOs for next PR --- .../scenes/nfc_scene_mf_classic_dict_attack.c | 4 +-- .../protocols/mf_classic/mf_classic_poller.c | 26 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c b/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c index 526a89a74..024bc5c1e 100644 --- a/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c +++ b/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c @@ -5,8 +5,8 @@ #define TAG "NfcMfClassicDictAttack" -// TODO: Fix lag when leaving the dictionary attack view after Hardnested -// TODO: Re-enters backdoor detection between user and system dictionary if no backdoor is found +// TODO FL-3926: Fix lag when leaving the dictionary attack view after Hardnested +// TODO FL-3926: Re-enters backdoor detection between user and system dictionary if no backdoor is found typedef enum { DictAttackStateCUIDDictInProgress, diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c index edfdb2a95..1eaf2579c 100644 --- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c +++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c @@ -6,11 +6,11 @@ #define TAG "MfClassicPoller" -// TODO: Buffer writes for Hardnested, set state to Log when finished and sum property matches -// TODO: Store target key in CUID dictionary -// TODO: Dead code for malloc returning NULL? -// TODO: Auth1 static encrypted exists (rare) -// TODO: Use keys found by NFC plugins, cached keys +// TODO FL-3926: Buffer writes for Hardnested, set state to Log when finished and sum property matches +// TODO FL-3926: Store target key in CUID dictionary +// TODO FL-3926: Dead code for malloc returning NULL? +// TODO FL-3926: Auth1 static encrypted exists (rare) +// TODO FL-3926: Use keys found by NFC plugins, cached keys #define MF_CLASSIC_MAX_BUFF_SIZE (64) @@ -606,7 +606,7 @@ NfcCommand mf_classic_poller_handler_analyze_backdoor(MfClassicPoller* instance) } NfcCommand mf_classic_poller_handler_backdoor_read_sector(MfClassicPoller* instance) { - // TODO: Reauth not needed + // TODO FL-3926: Reauth not needed NfcCommand command = NfcCommandContinue; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; MfClassicError error = MfClassicErrorNone; @@ -1328,8 +1328,8 @@ static inline bool is_byte_found(uint8_t* found, uint8_t byte) { } NfcCommand mf_classic_poller_handler_nested_collect_nt_enc(MfClassicPoller* instance) { - // TODO: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) - // TODO: Look into using MfClassicNt more + // TODO FL-3926: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) + // TODO FL-3926: Look into using MfClassicNt more NfcCommand command = NfcCommandContinue; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; @@ -1563,8 +1563,8 @@ static MfClassicKey* search_dicts_for_nonce_key( } NfcCommand mf_classic_poller_handler_nested_dict_attack(MfClassicPoller* instance) { - // TODO: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) - // TODO: Look into using MfClassicNt more + // TODO FL-3926: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) + // TODO FL-3926: Look into using MfClassicNt more NfcCommand command = NfcCommandContinue; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; @@ -1722,7 +1722,7 @@ NfcCommand mf_classic_poller_handler_nested_log(MfClassicPoller* instance) { bool params_write_success = true; for(size_t i = 0; i < nonce_pair_count; i++) { MfClassicNestedNonce* nonce = &dict_attack_ctx->nested_nonce.nonces[i]; - // TODO: Avoid repeating logic here + // TODO FL-3926: Avoid repeating logic here uint8_t nonce_sector = nonce->key_idx / (weak_prng ? 4 : 2); MfClassicKeyType nonce_key_type = (nonce->key_idx % (weak_prng ? 4 : 2) < (weak_prng ? 2 : 1)) ? MfClassicKeyTypeA : @@ -1857,7 +1857,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance } else if(dict_attack_ctx->prng_type == MfClassicPrngTypeNoTag) { FURI_LOG_E(TAG, "No tag detected"); // Free nonce array - // TODO: Consider using .count here + // TODO FL-3926: Consider using .count here if(dict_attack_ctx->nested_nonce.nonces) { free(dict_attack_ctx->nested_nonce.nonces); dict_attack_ctx->nested_nonce.nonces = NULL; @@ -1868,7 +1868,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance } if(dict_attack_ctx->nested_nonce.nonces) { // Free nonce array - // TODO: Consider using .count here + // TODO FL-3926: Consider using .count here free(dict_attack_ctx->nested_nonce.nonces); dict_attack_ctx->nested_nonce.nonces = NULL; dict_attack_ctx->nested_nonce.count = 0; From eb1aabbec4819b02c430ad62013723063fe941ca Mon Sep 17 00:00:00 2001 From: noproto Date: Tue, 29 Oct 2024 14:56:40 -0400 Subject: [PATCH 2/4] Remove redundant assignment --- lib/nfc/protocols/mf_classic/mf_classic_poller.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c index 1eaf2579c..1a4c93d41 100644 --- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c +++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c @@ -1289,8 +1289,6 @@ NfcCommand mf_classic_poller_handler_nested_calibrate(MfClassicPoller* instance) float std_dev = sqrtf(variance); // Filter out values over 3 standard deviations away from the median - dict_attack_ctx->d_min = UINT16_MAX; - dict_attack_ctx->d_max = 0; for(uint8_t i = 0; i < valid_distances; i++) { if(fabsf((float)distances[i] - median) <= 3 * std_dev) { if(distances[i] < dict_attack_ctx->d_min) dict_attack_ctx->d_min = distances[i]; From c24007755a192ce4cd925e5c65a83a5b00813244 Mon Sep 17 00:00:00 2001 From: noproto Date: Tue, 29 Oct 2024 15:19:30 -0400 Subject: [PATCH 3/4] Fix size_t format specifier --- lib/nfc/protocols/mf_classic/mf_classic_poller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c index 1a4c93d41..dd78b88f3 100644 --- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c +++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c @@ -1704,7 +1704,7 @@ NfcCommand mf_classic_poller_handler_nested_log(MfClassicPoller* instance) { if(weak_prng && (!(static_encrypted)) && (dict_attack_ctx->nested_nonce.count != 2)) { FURI_LOG_E( TAG, - "MfClassicPollerStateNestedLog expected 2 nonces, received %u", + "MfClassicPollerStateNestedLog expected 2 nonces, received %zu", dict_attack_ctx->nested_nonce.count); break; } From 907019c136d57ef727e75291869a94e746db3af1 Mon Sep 17 00:00:00 2001 From: noproto Date: Tue, 29 Oct 2024 15:35:40 -0400 Subject: [PATCH 4/4] Simplify auth_passed condition --- lib/nfc/protocols/mf_classic/mf_classic_poller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c index dd78b88f3..ec37c8015 100644 --- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c +++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c @@ -1933,7 +1933,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance } if(!(dict_attack_ctx->auth_passed)) { dict_attack_ctx->attempt_count++; - } else if(dict_attack_ctx->auth_passed && !(initial_dict_attack_iter)) { + } else if(!(initial_dict_attack_iter)) { dict_attack_ctx->nested_target_key++; dict_attack_ctx->attempt_count = 0; }