mount/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nfc: make dict attack more interactive (#1462)

Browse Source 
* nfc: deduplify dict attack worker code
* nfc: make dict attack more interactive

Co-authored-by: gornekich <n.gorbadey@gmail.com>
Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
Fedor Indutny 2022-08-03 10:07:35 -07:00 committed by GitHub
parent 284c56718b
commit 3ee93e1a82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 107 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
applications/nfc/scenes/nfc_scene_mf_classic_dict_attack.c
View File

@ -1,5 +1,7 @@
#include "../nfc_i.h"
#define TAG "NfcMfClassicDictAttack"
typedef enum {
DictAttackStateIdle,
DictAttackStateUserDictInProgress,
@ -32,7 +34,9 @@ static void nfc_scene_mf_classic_dict_attack_update_view(Nfc* nfc) {
static void nfc_scene_mf_classic_dict_attack_prepare_view(Nfc* nfc, DictAttackState state) {
MfClassicData* data = &nfc->dev->dev_data.mf_classic_data;
NfcMfClassicDictAttackData* dict_attack_data = &nfc->dev->dev_data.mf_classic_dict_attack_data;
NfcWorkerState worker_state = NfcWorkerStateReady;
MfClassicDict* dict = NULL;
// Identify scene state
if(state == DictAttackStateIdle) {
@ -47,16 +51,36 @@ static void nfc_scene_mf_classic_dict_attack_prepare_view(Nfc* nfc, DictAttackSt
// Setup view
if(state == DictAttackStateUserDictInProgress) {
worker_state = NfcWorkerStateMfClassicUserDictAttack;
worker_state = NfcWorkerStateMfClassicDictAttack;
dict_attack_set_header(nfc->dict_attack, "Mf Classic User Dict.");
} else if(state == DictAttackStateFlipperDictInProgress) {
worker_state = NfcWorkerStateMfClassicFlipperDictAttack;
dict_attack_set_header(nfc->dict_attack, "Mf Classic Flipper Dict.");
dict = mf_classic_dict_alloc(MfClassicDictTypeUser);
// If failed to load user dictionary - try flipper dictionary
if(!dict) {
FURI_LOG_E(TAG, "User dictionary not found");
state = DictAttackStateFlipperDictInProgress;
}
}
if(state == DictAttackStateFlipperDictInProgress) {
worker_state = NfcWorkerStateMfClassicDictAttack;
dict_attack_set_header(nfc->dict_attack, "Mf Classic Flipper Dict.");
dict = mf_classic_dict_alloc(MfClassicDictTypeFlipper);
if(!dict) {
FURI_LOG_E(TAG, "Flipper dictionary not found");
// Pass through to let worker handle the failure
}
}
// Free previous dictionary
if(dict_attack_data->dict) {
mf_classic_dict_free(dict_attack_data->dict);
}
dict_attack_data->dict = dict;
scene_manager_set_scene_state(nfc->scene_manager, NfcSceneMfClassicDictAttack, state);
dict_attack_set_callback(nfc->dict_attack, nfc_dict_attack_dict_attack_result_callback, nfc);
dict_attack_set_current_sector(nfc->dict_attack, 0);
dict_attack_set_card_detected(nfc->dict_attack, data->type);
dict_attack_set_total_dict_keys(
nfc->dict_attack, dict ? mf_classic_dict_get_total_keys(dict) : 0);
nfc_scene_mf_classic_dict_attack_update_view(nfc);
nfc_worker_start(
nfc->worker, worker_state, &nfc->dev->dev_data, nfc_dict_attack_worker_callback, nfc);
@ -112,6 +136,10 @@ bool nfc_scene_mf_classic_dict_attack_on_event(void* context, SceneManagerEvent
nfc_scene_mf_classic_dict_attack_update_view(nfc);
dict_attack_inc_current_sector(nfc->dict_attack);
consumed = true;
} else if(event.event == NfcWorkerEventNewDictKeyBatch) {
nfc_scene_mf_classic_dict_attack_update_view(nfc);
dict_attack_inc_current_dict_key(nfc->dict_attack, NFC_DICT_KEY_BATCH_SIZE);
consumed = true;
} else if(event.event == NfcCustomEventDictAttackSkip) {
if(state == DictAttackStateUserDictInProgress) {
nfc_worker_stop(nfc->worker);
@ -130,8 +158,13 @@ bool nfc_scene_mf_classic_dict_attack_on_event(void* context, SceneManagerEvent
void nfc_scene_mf_classic_dict_attack_on_exit(void* context) {
Nfc* nfc = context;
NfcMfClassicDictAttackData* dict_attack_data = &nfc->dev->dev_data.mf_classic_dict_attack_data;
// Stop worker
nfc_worker_stop(nfc->worker);
if(dict_attack_data->dict) {
mf_classic_dict_free(dict_attack_data->dict);
dict_attack_data->dict = NULL;
}
dict_attack_reset(nfc->dict_attack);
nfc_blink_stop(nfc);
}

37
applications/nfc/views/dict_attack.c
View File

@ -23,6 +23,8 @@ typedef struct {
uint8_t sector_current;
uint8_t keys_total;
uint8_t keys_found;
uint16_t dict_keys_total;
uint16_t dict_keys_current;
} DictAttackViewModel;
static void dict_attack_draw_callback(Canvas* canvas, void* model) {
@ -38,8 +40,15 @@ static void dict_attack_draw_callback(Canvas* canvas, void* model) {
canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 64, 2, AlignCenter, AlignTop, string_get_cstr(m->header));
canvas_set_font(canvas, FontSecondary);
float progress =
m->sectors_total == 0 ? 0 : (float)(m->sector_current) / (float)(m->sectors_total);
float dict_progress = m->dict_keys_total == 0 ?
0 :
(float)(m->dict_keys_current) / (float)(m->dict_keys_total);
float progress = m->sectors_total == 0 ? 0 :
((float)(m->sector_current) + dict_progress) /
(float)(m->sectors_total);
if(progress > 1.0) {
progress = 1.0;
}
elements_progress_bar(canvas, 5, 15, 120, progress);
canvas_set_font(canvas, FontSecondary);
snprintf(draw_str, sizeof(draw_str), "Keys found: %d/%d", m->keys_found, m->keys_total);
@ -100,6 +109,8 @@ void dict_attack_reset(DictAttack* dict_attack) {
model->sector_current = 0;
model->keys_total = 0;
model->keys_found = 0;
model->dict_keys_total = 0;
model->dict_keys_current = 0;
string_reset(model->header);
return false;
});
@ -171,6 +182,7 @@ void dict_attack_set_current_sector(DictAttack* dict_attack, uint8_t curr_sec) {
with_view_model(
dict_attack->view, (DictAttackViewModel * model) {
model->sector_current = curr_sec;
model->dict_keys_current = 0;
return true;
});
}
@ -181,6 +193,7 @@ void dict_attack_inc_current_sector(DictAttack* dict_attack) {
dict_attack->view, (DictAttackViewModel * model) {
if(model->sector_current < model->sectors_total) {
model->sector_current++;
model->dict_keys_current = 0;
}
return true;
});
@ -196,3 +209,23 @@ void dict_attack_inc_keys_found(DictAttack* dict_attack) {
return true;
});
}
void dict_attack_set_total_dict_keys(DictAttack* dict_attack, uint16_t dict_keys_total) {
furi_assert(dict_attack);
with_view_model(
dict_attack->view, (DictAttackViewModel * model) {
model->dict_keys_total = dict_keys_total;
return true;
});
}
void dict_attack_inc_current_dict_key(DictAttack* dict_attack, uint16_t keys_tried) {
furi_assert(dict_attack);
with_view_model(
dict_attack->view, (DictAttackViewModel * model) {
if(model->dict_keys_current + keys_tried < model->dict_keys_total) {
model->dict_keys_current += keys_tried;
}
return true;
});
}

4
applications/nfc/views/dict_attack.h
View File

@ -34,3 +34,7 @@ void dict_attack_set_current_sector(DictAttack* dict_attack, uint8_t curr_sec);
void dict_attack_inc_current_sector(DictAttack* dict_attack);
void dict_attack_inc_keys_found(DictAttack* dict_attack);
void dict_attack_set_total_dict_keys(DictAttack* dict_attack, uint16_t dict_keys_total);
void dict_attack_inc_current_dict_key(DictAttack* dict_attack, uint16_t keys_tried);

11
lib/nfc/nfc_device.h
View File

@ -6,6 +6,7 @@
#include <dialogs/dialogs.h>
#include <furi_hal_nfc.h>
#include <lib/nfc/helpers/mf_classic_dict.h>
#include <lib/nfc/protocols/emv.h>
#include <lib/nfc/protocols/mifare_ultralight.h>
#include <lib/nfc/protocols/mifare_classic.h>
@ -13,6 +14,7 @@
#define NFC_DEV_NAME_MAX_LEN 22
#define NFC_READER_DATA_MAX_SIZE 64
#define NFC_DICT_KEY_BATCH_SIZE 50
#define NFC_APP_FOLDER ANY_PATH("nfc")
#define NFC_APP_EXTENSION ".nfc"
@ -41,10 +43,17 @@ typedef struct {
uint16_t size;
} NfcReaderRequestData;
typedef struct {
MfClassicDict* dict;
} NfcMfClassicDictAttackData;
typedef struct {
FuriHalNfcDevData nfc_data;
NfcProtocol protocol;
NfcReaderRequestData reader_data;
union {
NfcReaderRequestData reader_data;
NfcMfClassicDictAttackData mf_classic_dict_attack_data;
};
union {
EmvData emv_data;
MfUltralightData mf_ul_data;

35
lib/nfc/nfc_worker.c
View File

@ -101,10 +101,8 @@ int32_t nfc_worker_task(void* context) {
nfc_worker_emulate_mf_ultralight(nfc_worker);
} else if(nfc_worker->state == NfcWorkerStateMfClassicEmulate) {
nfc_worker_emulate_mf_classic(nfc_worker);
} else if(nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) {
nfc_worker_mf_classic_dict_attack(nfc_worker, MfClassicDictTypeUser);
} else if(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack) {
nfc_worker_mf_classic_dict_attack(nfc_worker, MfClassicDictTypeFlipper);
} else if(nfc_worker->state == NfcWorkerStateMfClassicDictAttack) {
nfc_worker_mf_classic_dict_attack(nfc_worker);
}
furi_hal_nfc_sleep();
nfc_worker_change_state(nfc_worker, NfcWorkerStateReady);
@ -397,11 +395,13 @@ void nfc_worker_emulate_mf_ultralight(NfcWorker* nfc_worker) {
}
}
void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType type) {
void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
furi_assert(nfc_worker);
furi_assert(nfc_worker->callback);
MfClassicData* data = &nfc_worker->dev_data->mf_classic_data;
NfcMfClassicDictAttackData* dict_attack_data =
&nfc_worker->dev_data->mf_classic_dict_attack_data;
uint32_t total_sectors = mf_classic_get_total_sectors_num(data->type);
uint64_t key = 0;
FuriHalNfcTxRxContext tx_rx = {};
@ -409,15 +409,17 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
bool card_removed_notified = false;
// Load dictionary
MfClassicDict* dict = mf_classic_dict_alloc(type);
MfClassicDict* dict = dict_attack_data->dict;
if(!dict) {
FURI_LOG_E(TAG, "Dictionary not found");
nfc_worker->callback(NfcWorkerEventNoDictFound, nfc_worker->context);
mf_classic_dict_free(dict);
return;
}
FURI_LOG_D(TAG, "Start Dictionary attack");
FURI_LOG_D(
TAG,
"Start Dictionary attack, Key Count %d",
mf_classic_dict_get_total_keys(dict));
for(size_t i = 0; i < total_sectors; i++) {
FURI_LOG_I(TAG, "Sector %d", i);
nfc_worker->callback(NfcWorkerEventNewSector, nfc_worker->context);
@ -425,7 +427,11 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
if(mf_classic_is_sector_read(data, i)) continue;
bool is_key_a_found = mf_classic_is_key_found(data, i, MfClassicKeyA);
bool is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB);
uint16_t key_index = 0;
while(mf_classic_dict_get_next_key(dict, &key)) {
if(++key_index % NFC_DICT_KEY_BATCH_SIZE == 0) {
nfc_worker->callback(NfcWorkerEventNewDictKeyBatch, nfc_worker->context);
}
furi_hal_nfc_sleep();
if(furi_hal_nfc_activate_nfca(200, NULL)) {
furi_hal_nfc_sleep();
@ -456,8 +462,7 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
}
}
if(is_key_a_found && is_key_b_found) break;
if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
break;
} else {
if(!card_removed_notified) {
@ -465,20 +470,16 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
card_removed_notified = true;
card_found_notified = false;
}
if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
break;
}
}
if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
break;
mf_classic_read_sector(&tx_rx, data, i);
mf_classic_dict_rewind(dict);
}
mf_classic_dict_free(dict);
if((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)) {
if(nfc_worker->state == NfcWorkerStateMfClassicDictAttack) {
nfc_worker->callback(NfcWorkerEventSuccess, nfc_worker->context);
} else {
nfc_worker->callback(NfcWorkerEventAborted, nfc_worker->context);

4
lib/nfc/nfc_worker.h
View File

@ -14,8 +14,7 @@ typedef enum {
NfcWorkerStateUidEmulate,
NfcWorkerStateMfUltralightEmulate,
NfcWorkerStateMfClassicEmulate,
NfcWorkerStateMfClassicUserDictAttack,
NfcWorkerStateMfClassicFlipperDictAttack,
NfcWorkerStateMfClassicDictAttack,
// Debug
NfcWorkerStateEmulateApdu,
NfcWorkerStateField,
@ -49,6 +48,7 @@ typedef enum {
// Mifare Classic events
NfcWorkerEventNoDictFound,
NfcWorkerEventNewSector,
NfcWorkerEventNewDictKeyBatch,
NfcWorkerEventFoundKeyA,
NfcWorkerEventFoundKeyB,
} NfcWorkerEvent;

3
lib/nfc/nfc_worker_i.h
View File

@ -13,7 +13,6 @@
#include <lib/nfc/protocols/mifare_desfire.h>
#include <lib/nfc/protocols/nfca.h>
#include "helpers/mf_classic_dict.h"
#include "helpers/nfc_debug_pcap.h"
struct NfcWorker {
@ -43,6 +42,6 @@ void nfc_worker_emulate_mf_ultralight(NfcWorker* nfc_worker);
void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker);
void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType type);
void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker);
void nfc_worker_emulate_apdu(NfcWorker* nfc_worker);