mount/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NFC: Fix key invalidation logic (#2782)

Browse Source 
* NFC: Fix key invalidation logic
* NFC: Fix crash in CLI with empty response
* Fix incorrect key conversions
* Proper call to nfc_util

Co-authored-by: あく <alleteam@gmail.com>
Co-authored-by: Astra <me@astrra.space>
This commit is contained in:
AloneLiberty 2023-06-29 11:24:13 +03:00 committed by GitHub
parent c10c45616d
commit e5ae3e22b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
applications/main/nfc/nfc_cli.c
View File

@ -144,6 +144,10 @@ static void nfc_cli_apdu(Cli* cli, FuriString* args) {
break; break;
} }
resp_size = (tx_rx.rx_bits / 8) * 2; resp_size = (tx_rx.rx_bits / 8) * 2;
if(!resp_size) {
printf("No response\r\n");
break;
}
resp_buffer = malloc(resp_size); resp_buffer = malloc(resp_size);
uint8_to_hex_chars(tx_rx.rx_data, resp_buffer, resp_size); uint8_to_hex_chars(tx_rx.rx_data, resp_buffer, resp_size);
resp_buffer[resp_size] = 0; resp_buffer[resp_size] = 0;

18
lib/nfc/nfc_worker.c
View File

@ -940,14 +940,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
deactivated = true; deactivated = true;
} else { } else {
// If the key A is marked as found and matches the searching key, invalidate it // If the key A is marked as found and matches the searching key, invalidate it
uint8_t found_key[6]; MfClassicSectorTrailer* sec_trailer =
memcpy(found_key, data->block[i].value, 6); mf_classic_get_sector_trailer_by_sector(data, i);
uint8_t current_key[6]; uint8_t current_key[6];
memcpy(current_key, &key, 6); nfc_util_num2bytes(key, 6, current_key);
if(mf_classic_is_key_found(data, i, MfClassicKeyA) && if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
memcmp(found_key, current_key, 6) == 0) { memcmp(sec_trailer->key_a, current_key, 6) == 0) {
mf_classic_set_key_not_found(data, i, MfClassicKeyA); mf_classic_set_key_not_found(data, i, MfClassicKeyA);
is_key_a_found = false; is_key_a_found = false;
FURI_LOG_D(TAG, "Key %dA not found in attack", i); FURI_LOG_D(TAG, "Key %dA not found in attack", i);
@ -966,14 +966,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
deactivated = true; deactivated = true;
} else { } else {
// If the key B is marked as found and matches the searching key, invalidate it // If the key B is marked as found and matches the searching key, invalidate it
uint8_t found_key[6]; MfClassicSectorTrailer* sec_trailer =
memcpy(found_key, data->block[i].value + 10, 6); mf_classic_get_sector_trailer_by_sector(data, i);
uint8_t current_key[6]; uint8_t current_key[6];
memcpy(current_key, &key, 6); nfc_util_num2bytes(key, 6, current_key);
if(mf_classic_is_key_found(data, i, MfClassicKeyB) && if(mf_classic_is_key_found(data, i, MfClassicKeyB) &&
memcmp(found_key, current_key, 6) == 0) { memcmp(sec_trailer->key_b, current_key, 6) == 0) {
mf_classic_set_key_not_found(data, i, MfClassicKeyB); mf_classic_set_key_not_found(data, i, MfClassicKeyB);
is_key_b_found = false; is_key_b_found = false;
FURI_LOG_D(TAG, "Key %dB not found in attack", i); FURI_LOG_D(TAG, "Key %dB not found in attack", i);
@ -989,7 +989,7 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
} }
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break; if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;
} }
memcpy(&prev_key, &key, sizeof(key)); prev_key = key;
} }
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break; if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;
mf_classic_read_sector(&tx_rx, data, i); mf_classic_read_sector(&tx_rx, data, i);