Skip to content

Commit 617ae0c

Browse files
iceman1001iceman1001
authored
Merge pull request RfidResearchGroup#2586 from solletichino999/feature/staticnested
Static nested auto distance measurement for nonces
2 parents d2e29b2 + a1ca2fe commit 617ae0c

File tree

1 file changed

+28
-10
lines changed

1 file changed

+28
-10
lines changed

armsrc/mifarecmd.c

Lines changed: 28 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1465,7 +1465,7 @@ void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo,
14651465
LEDsoff();
14661466

14671467
uint64_t ui64Key = bytes_to_num(key, 6);
1468-
uint16_t len;
1468+
uint16_t len, dist1 = 160, dist2 = 320;
14691469
uint8_t uid[10] = { 0x00 };
14701470
uint32_t cuid = 0, nt1 = 0, nt2 = 0, nt3 = 0;
14711471
uint32_t target_nt[2] = {0x00}, target_ks[2] = {0x00};
@@ -1491,6 +1491,30 @@ void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo,
14911491
// Main loop - get crypted nonces for target sector
14921492
for (uint8_t rtr = 0; rtr < 2; rtr++) {
14931493

1494+
// distance measurement
1495+
if (mifare_classic_halt(pcs)) {
1496+
continue;
1497+
}
1498+
1499+
if (iso14443a_select_card(uid, NULL, &cuid, true, 0, true) == false) {
1500+
continue;
1501+
};
1502+
1503+
if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL)) {
1504+
continue;
1505+
};
1506+
1507+
if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, NULL)) {
1508+
continue;
1509+
};
1510+
1511+
if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt3, NULL)) {
1512+
continue;
1513+
};
1514+
1515+
dist1 = nonce_distance(nt1, nt2);
1516+
dist2 = nonce_distance(nt1, nt3);
1517+
14941518
if (mifare_classic_halt(pcs)) {
14951519
continue;
14961520
}
@@ -1509,8 +1533,8 @@ void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo,
15091533
target_nt[0] = prng_successor(nt1, 161);
15101534
target_nt[1] = prng_successor(nt1, 321);
15111535
} else {
1512-
target_nt[0] = prng_successor(nt1, 160);
1513-
target_nt[1] = prng_successor(nt1, 320);
1536+
target_nt[0] = prng_successor(nt1, dist1);
1537+
target_nt[1] = prng_successor(nt1, dist2);
15141538
}
15151539

15161540
len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + (targetKeyType & 0xF), targetBlockNo, receivedAnswer, sizeof(receivedAnswer), par, NULL);
@@ -1534,7 +1558,7 @@ void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo,
15341558
continue;
15351559
};
15361560

1537-
if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, NULL)) {
1561+
if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, NULL, NULL)) {
15381562
continue;
15391563
};
15401564

@@ -1544,12 +1568,6 @@ void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo,
15441568
};
15451569

15461570
nt3 = bytes_to_num(receivedAnswer, 4);
1547-
// fix for cards with distance 0
1548-
if (nt1 == nt2) {
1549-
target_nt[0] = nt1;
1550-
target_nt[1] = nt1;
1551-
target_ks[0] = nt3 ^ target_nt[0];
1552-
}
15531571
target_ks[1] = nt3 ^ target_nt[1];
15541572

15551573
isOK = PM3_SUCCESS;

0 commit comments

Comments
 (0)