mount/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NFC: Fix MFC key invalidation (#2912)

Browse Source 
* NFC: Fix key invalidation (again~)
* NFC: shouldn't be there
This code get called each time we check for B key

Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
AloneLiberty 2023-08-02 15:06:38 +00:00 committed by GitHub
parent 3e8e999909
commit a7aef0bfc2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
lib/nfc/nfc_worker.c
View File

@ -810,16 +810,10 @@ static void nfc_worker_mf_classic_key_attack(
uint8_t block_num = mf_classic_get_sector_trailer_block_num_by_sector(i); uint8_t block_num = mf_classic_get_sector_trailer_block_num_by_sector(i);
if(mf_classic_is_sector_read(data, i)) continue; if(mf_classic_is_sector_read(data, i)) continue;
if(!mf_classic_is_key_found(data, i, MfClassicKeyA)) { if(!mf_classic_is_key_found(data, i, MfClassicKeyA)) {
FURI_LOG_D( FURI_LOG_D(TAG, "Trying A key for sector %d, key: %012llX", i, key);
TAG,
"Trying A key for sector %d, key: %04lx%08lx",
i,
(uint32_t)(key >> 32),
(uint32_t)key);
if(mf_classic_authenticate(tx_rx, block_num, key, MfClassicKeyA)) { if(mf_classic_authenticate(tx_rx, block_num, key, MfClassicKeyA)) {
mf_classic_set_key_found(data, i, MfClassicKeyA, key); mf_classic_set_key_found(data, i, MfClassicKeyA, key);
FURI_LOG_D( FURI_LOG_D(TAG, "Key A found: %012llX", key);
TAG, "Key A found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context); nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context);
uint64_t found_key; uint64_t found_key;
@ -832,18 +826,13 @@ static void nfc_worker_mf_classic_key_attack(
} }
} }
} }
furi_hal_nfc_sleep();
} }
if(!mf_classic_is_key_found(data, i, MfClassicKeyB)) { if(!mf_classic_is_key_found(data, i, MfClassicKeyB)) {
FURI_LOG_D( FURI_LOG_D(TAG, "Trying B key for sector %d, key: %012llX", i, key);
TAG,
"Trying B key for sector %d, key: %04lx%08lx",
i,
(uint32_t)(key >> 32),
(uint32_t)key);
if(mf_classic_authenticate(tx_rx, block_num, key, MfClassicKeyB)) { if(mf_classic_authenticate(tx_rx, block_num, key, MfClassicKeyB)) {
mf_classic_set_key_found(data, i, MfClassicKeyB, key); mf_classic_set_key_found(data, i, MfClassicKeyB, key);
FURI_LOG_D( FURI_LOG_D(TAG, "Key B found: %012llX", key);
TAG, "Key B found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context); nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context);
} }
} }
@ -891,8 +880,9 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
nfc_worker->callback(NfcWorkerEventNewSector, nfc_worker->context); nfc_worker->callback(NfcWorkerEventNewSector, nfc_worker->context);
uint8_t block_num = mf_classic_get_sector_trailer_block_num_by_sector(i); uint8_t block_num = mf_classic_get_sector_trailer_block_num_by_sector(i);
if(mf_classic_is_sector_read(data, i)) continue; if(mf_classic_is_sector_read(data, i)) continue;
bool is_key_a_found = mf_classic_is_key_found(data, i, MfClassicKeyA); if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
bool is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB); mf_classic_is_key_found(data, i, MfClassicKeyB))
continue;
uint16_t key_index = 0; uint16_t key_index = 0;
while(mf_classic_dict_get_next_key(dict, &key)) { while(mf_classic_dict_get_next_key(dict, &key)) {
FURI_LOG_T(TAG, "Key %d", key_index); FURI_LOG_T(TAG, "Key %d", key_index);
@ -910,19 +900,12 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
nfc_worker_mf_classic_key_attack(nfc_worker, prev_key, &tx_rx, i); nfc_worker_mf_classic_key_attack(nfc_worker, prev_key, &tx_rx, i);
deactivated = true; deactivated = true;
} }
FURI_LOG_D( FURI_LOG_D(TAG, "Try to auth to sector %d with key %012llX", i, key);
TAG, if(!mf_classic_is_key_found(data, i, MfClassicKeyA)) {
"Try to auth to sector %d with key %04lx%08lx",
i,
(uint32_t)(key >> 32),
(uint32_t)key);
if(!is_key_a_found) {
is_key_a_found = mf_classic_is_key_found(data, i, MfClassicKeyA);
if(mf_classic_authenticate_skip_activate( if(mf_classic_authenticate_skip_activate(
&tx_rx, block_num, key, MfClassicKeyA, !deactivated, cuid)) { &tx_rx, block_num, key, MfClassicKeyA, !deactivated, cuid)) {
mf_classic_set_key_found(data, i, MfClassicKeyA, key); mf_classic_set_key_found(data, i, MfClassicKeyA, key);
FURI_LOG_D( FURI_LOG_D(TAG, "Key A found: %012llX", key);
TAG, "Key A found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context); nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context);
uint64_t found_key; uint64_t found_key;
@ -952,17 +935,19 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
if(mf_classic_is_key_found(data, i, MfClassicKeyA) && if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
memcmp(sec_trailer->key_a, current_key, 6) == 0) { memcmp(sec_trailer->key_a, current_key, 6) == 0) {
mf_classic_set_key_not_found(data, i, MfClassicKeyA); if(!mf_classic_authenticate_skip_activate(
is_key_a_found = false; &tx_rx, block_num, key, MfClassicKeyA, !deactivated, cuid)) {
FURI_LOG_D(TAG, "Key %dA not found in attack", i); mf_classic_set_key_not_found(data, i, MfClassicKeyA);
FURI_LOG_D(TAG, "Key %dA not found in attack", i);
}
} }
furi_hal_nfc_sleep();
deactivated = true;
} }
if(!is_key_b_found) { if(!mf_classic_is_key_found(data, i, MfClassicKeyB)) {
is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB);
if(mf_classic_authenticate_skip_activate( if(mf_classic_authenticate_skip_activate(
&tx_rx, block_num, key, MfClassicKeyB, !deactivated, cuid)) { &tx_rx, block_num, key, MfClassicKeyB, !deactivated, cuid)) {
FURI_LOG_D( FURI_LOG_D(TAG, "Key B found: %012llX", key);
TAG, "Key B found: %04lx%08lx", (uint32_t)(key >> 32), (uint32_t)key);
mf_classic_set_key_found(data, i, MfClassicKeyB, key); mf_classic_set_key_found(data, i, MfClassicKeyB, key);
nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context); nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context);
nfc_worker_mf_classic_key_attack(nfc_worker, key, &tx_rx, i + 1); nfc_worker_mf_classic_key_attack(nfc_worker, key, &tx_rx, i + 1);
@ -978,12 +963,18 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
if(mf_classic_is_key_found(data, i, MfClassicKeyB) && if(mf_classic_is_key_found(data, i, MfClassicKeyB) &&
memcmp(sec_trailer->key_b, current_key, 6) == 0) { memcmp(sec_trailer->key_b, current_key, 6) == 0) {
mf_classic_set_key_not_found(data, i, MfClassicKeyB); if(!mf_classic_authenticate_skip_activate(
is_key_b_found = false; &tx_rx, block_num, key, MfClassicKeyB, !deactivated, cuid)) {
FURI_LOG_D(TAG, "Key %dB not found in attack", i); mf_classic_set_key_not_found(data, i, MfClassicKeyB);
FURI_LOG_D(TAG, "Key %dB not found in attack", i);
}
furi_hal_nfc_sleep();
deactivated = true;
} }
} }
if(is_key_a_found && is_key_b_found) break; if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
mf_classic_is_key_found(data, i, MfClassicKeyB))
break;
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break; if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;
} else { } else {
if(!card_removed_notified) { if(!card_removed_notified) {