[FL-2759], [FL-2766] NFC collect params for mfkey32 attack (#1643)

* nfc: start nfc over rpc * nfc: add detect reader state * nfc: add reader analyzer * nfc: rework reader analyzer * reader_analyzer: print collected nonces to debug * reader analyzer: add save on SD card * reader_analyzer: separate mfkey related part to different file * mfkey32: add logic for collecting parameters * nfc: rework pcap with reader analyzer * nfc: add logger for reader * nfc: clean up * nfc: add detect reader view * nfc: add detect reader and mfkey nonces scenes * nfc: add mfkey comlplete scene * nfc: add new assets * nfc: fix gui * nfc: fix iso14443-4 UID emulation * nfc: add no sd card notification * nfc: fix grammar Co-authored-by: あく <alleteam@gmail.com>
2022-09-03 15:25:36 +03:00
parent ed2c607dd3
commit 1853359d78
24 changed files with 1154 additions and 251 deletions
--- a/applications/nfc/nfc.c
+++ b/applications/nfc/nfc.c
@@ -94,6 +94,11 @@ Nfc* nfc_alloc() {
    view_dispatcher_add_view(
        nfc->view_dispatcher, NfcViewDictAttack, dict_attack_get_view(nfc->dict_attack));

+    // Detect Reader
+    nfc->detect_reader = detect_reader_alloc();
+    view_dispatcher_add_view(
+        nfc->view_dispatcher, NfcViewDetectReader, detect_reader_get_view(nfc->detect_reader));
+
    // Generator
    nfc->generator = NULL;

@@ -158,6 +163,10 @@ void nfc_free(Nfc* nfc) {
    view_dispatcher_remove_view(nfc->view_dispatcher, NfcViewDictAttack);
    dict_attack_free(nfc->dict_attack);

+    // Detect Reader
+    view_dispatcher_remove_view(nfc->view_dispatcher, NfcViewDetectReader);
+    detect_reader_free(nfc->detect_reader);
+
    // Worker
    nfc_worker_stop(nfc->worker);
    nfc_worker_free(nfc->worker);
--- a/applications/nfc/nfc_i.h
+++ b/applications/nfc/nfc_i.h
@@ -28,6 +28,7 @@
 #include <lib/nfc/parsers/nfc_supported_card.h>

 #include "views/dict_attack.h"
+#include "views/detect_reader.h"

 #include <nfc/scenes/nfc_scene.h>
 #include <nfc/helpers/nfc_custom_event.h>
@@ -71,6 +72,7 @@ struct Nfc {
    TextBox* text_box;
    Widget* widget;
    DictAttack* dict_attack;
+    DetectReader* detect_reader;

    const NfcGenerator* generator;
 };
@@ -85,6 +87,7 @@ typedef enum {
    NfcViewTextBox,
    NfcViewWidget,
    NfcViewDictAttack,
+    NfcViewDetectReader,
 } NfcView;

 Nfc* nfc_alloc();
--- a/applications/nfc/scenes/nfc_scene_config.h
+++ b/applications/nfc/scenes/nfc_scene_config.h
@@ -48,4 +48,6 @@ ADD_SCENE(nfc, rpc, Rpc)
 ADD_SCENE(nfc, exit_confirm, ExitConfirm)
 ADD_SCENE(nfc, retry_confirm, RetryConfirm)
 ADD_SCENE(nfc, detect_reader, DetectReader)
+ADD_SCENE(nfc, mfkey_nonces_info, MfkeyNoncesInfo)
+ADD_SCENE(nfc, mfkey_complete, MfkeyComplete)
 ADD_SCENE(nfc, nfc_data_info, NfcDataInfo)
--- a/applications/nfc/scenes/nfc_scene_detect_reader.c
+++ b/applications/nfc/scenes/nfc_scene_detect_reader.c
@@ -1,126 +1,48 @@
 #include "../nfc_i.h"
 #include <dolphin/dolphin.h>

-#define NFC_SCENE_DETECT_READER_LOG_SIZE_MAX (200)
-
-enum {
-    NfcSceneDetectReaderStateWidget,
-    NfcSceneDetectReaderStateTextBox,
-};
-
 bool nfc_detect_reader_worker_callback(NfcWorkerEvent event, void* context) {
    UNUSED(event);
    furi_assert(context);
    Nfc* nfc = context;
-    view_dispatcher_send_custom_event(nfc->view_dispatcher, NfcCustomEventWorkerExit);
+    view_dispatcher_send_custom_event(nfc->view_dispatcher, event);
    return true;
 }

-void nfc_scene_detect_reader_widget_callback(GuiButtonType result, InputType type, void* context) {
-    furi_assert(context);
-    Nfc* nfc = context;
-    if(type == InputTypeShort) {
-        view_dispatcher_send_custom_event(nfc->view_dispatcher, result);
-    }
-}
-
-void nfc_detect_reader_textbox_callback(void* context) {
+void nfc_scene_detect_reader_callback(void* context) {
    furi_assert(context);
    Nfc* nfc = context;
    view_dispatcher_send_custom_event(nfc->view_dispatcher, NfcCustomEventViewExit);
 }

-// Add widget with device name or inform that data received
-static void nfc_scene_detect_reader_widget_config(Nfc* nfc, bool data_received) {
-    Widget* widget = nfc->widget;
-    widget_reset(widget);
-
-    widget_add_icon_element(widget, 0, 14, &I_Reader_detect);
-    widget_add_string_element(
-        widget, 64, 3, AlignCenter, AlignTop, FontSecondary, "Hold Near Reader");
-    widget_add_string_element(widget, 55, 22, AlignLeft, AlignTop, FontPrimary, "Emulating...");
-
-    if(data_received) {
-        widget_add_button_element(
-            widget, GuiButtonTypeCenter, "Log", nfc_scene_detect_reader_widget_callback, nfc);
-    }
-}
-
 void nfc_scene_detect_reader_on_enter(void* context) {
    Nfc* nfc = context;
    DOLPHIN_DEED(DolphinDeedNfcEmulate);
-    FuriHalNfcDevData nfc_params = {
-        .uid = {0x36, 0x9C, 0xe7, 0xb1, 0x0A, 0xC1, 0x34},
-        .uid_len = 7,
-        .atqa = {0x44, 0x00},
-        .sak = 0x08,
-        .type = FuriHalNfcTypeA,
-    };
-    nfc->dev->dev_data.nfc_data = nfc_params;

-    // Setup Widget
-    nfc_scene_detect_reader_widget_config(nfc, false);
-    // Setup TextBox
-    TextBox* text_box = nfc->text_box;
-    text_box_set_font(text_box, TextBoxFontHex);
-    text_box_set_focus(text_box, TextBoxFocusEnd);
-    string_reset(nfc->text_box_store);
-
-    // Set Widget state and view
-    scene_manager_set_scene_state(
-        nfc->scene_manager, NfcSceneDetectReader, NfcSceneDetectReaderStateWidget);
-    view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);
-    // Start worker
-    memset(&nfc->dev->dev_data.reader_data, 0, sizeof(NfcReaderRequestData));
+    detect_reader_set_callback(nfc->detect_reader, nfc_scene_detect_reader_callback, nfc);
    nfc_worker_start(
        nfc->worker,
-        NfcWorkerStateUidEmulate,
+        NfcWorkerStateAnalyzeReader,
        &nfc->dev->dev_data,
        nfc_detect_reader_worker_callback,
        nfc);

+    view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewDetectReader);
+
    nfc_blink_start(nfc);
 }

 bool nfc_scene_detect_reader_on_event(void* context, SceneManagerEvent event) {
    Nfc* nfc = context;
-    NfcReaderRequestData* reader_data = &nfc->dev->dev_data.reader_data;
-    uint32_t state = scene_manager_get_scene_state(nfc->scene_manager, NfcSceneDetectReader);
    bool consumed = false;

    if(event.type == SceneManagerEventTypeCustom) {
-        if(event.event == NfcCustomEventWorkerExit) {
-            // Add data button to widget if data is received for the first time
-            if(!string_size(nfc->text_box_store)) {
-                nfc_scene_detect_reader_widget_config(nfc, true);
-            }
-            // Update TextBox data
-            if(string_size(nfc->text_box_store) < NFC_SCENE_DETECT_READER_LOG_SIZE_MAX) {
-                string_cat_printf(nfc->text_box_store, "R:");
-                for(uint16_t i = 0; i < reader_data->size; i++) {
-                    string_cat_printf(nfc->text_box_store, " %02X", reader_data->data[i]);
-                }
-                string_push_back(nfc->text_box_store, '\n');
-                text_box_set_text(nfc->text_box, string_get_cstr(nfc->text_box_store));
-            }
-            memset(reader_data, 0, sizeof(NfcReaderRequestData));
+        if(event.event == NfcCustomEventViewExit) {
+            nfc_worker_stop(nfc->worker);
+            scene_manager_next_scene(nfc->scene_manager, NfcSceneMfkeyNoncesInfo);
            consumed = true;
-        } else if(event.event == GuiButtonTypeCenter && state == NfcSceneDetectReaderStateWidget) {
-            view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewTextBox);
-            scene_manager_set_scene_state(
-                nfc->scene_manager, NfcSceneDetectReader, NfcSceneDetectReaderStateTextBox);
-            consumed = true;
-        } else if(event.event == NfcCustomEventViewExit && state == NfcSceneDetectReaderStateTextBox) {
-            view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);
-            scene_manager_set_scene_state(
-                nfc->scene_manager, NfcSceneDetectReader, NfcSceneDetectReaderStateWidget);
-            consumed = true;
-        }
-    } else if(event.type == SceneManagerEventTypeBack) {
-        if(state == NfcSceneDetectReaderStateTextBox) {
-            view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);
-            scene_manager_set_scene_state(
-                nfc->scene_manager, NfcSceneDetectReader, NfcSceneDetectReaderStateWidget);
+        } else if(event.event == NfcWorkerEventDetectReaderMfkeyCollected) {
+            detect_reader_inc_nonce_cnt(nfc->detect_reader);
            consumed = true;
        }
    }
@@ -135,9 +57,7 @@ void nfc_scene_detect_reader_on_exit(void* context) {
    nfc_worker_stop(nfc->worker);

    // Clear view
-    widget_reset(nfc->widget);
-    text_box_reset(nfc->text_box);
-    string_reset(nfc->text_box_store);
+    detect_reader_reset(nfc->detect_reader);

    nfc_blink_stop(nfc);
 }
--- a/applications/nfc/scenes/nfc_scene_mfkey_complete.c
+++ b/applications/nfc/scenes/nfc_scene_mfkey_complete.c
@@ -0,0 +1,49 @@
+#include "../nfc_i.h"
+
+void nfc_scene_mfkey_complete_callback(GuiButtonType result, InputType type, void* context) {
+    Nfc* nfc = context;
+    if(type == InputTypeShort) {
+        view_dispatcher_send_custom_event(nfc->view_dispatcher, result);
+    }
+}
+
+void nfc_scene_mfkey_complete_on_enter(void* context) {
+    Nfc* nfc = context;
+
+    widget_add_string_element(nfc->widget, 64, 0, AlignCenter, AlignTop, FontPrimary, "Complete!");
+    widget_add_string_multiline_element(
+        nfc->widget,
+        64,
+        32,
+        AlignCenter,
+        AlignCenter,
+        FontSecondary,
+        "Now use mfkey32v2\nto extract keys");
+    widget_add_button_element(
+        nfc->widget, GuiButtonTypeCenter, "OK", nfc_scene_mfkey_complete_callback, nfc);
+
+    view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);
+}
+
+bool nfc_scene_mfkey_complete_on_event(void* context, SceneManagerEvent event) {
+    Nfc* nfc = context;
+    bool consumed = false;
+
+    if(event.type == SceneManagerEventTypeCustom) {
+        if(event.event == GuiButtonTypeCenter) {
+            consumed = scene_manager_search_and_switch_to_previous_scene(
+                nfc->scene_manager, NfcSceneStart);
+        }
+    } else if(event.event == SceneManagerEventTypeBack) {
+        consumed =
+            scene_manager_search_and_switch_to_previous_scene(nfc->scene_manager, NfcSceneStart);
+    }
+
+    return consumed;
+}
+
+void nfc_scene_mfkey_complete_on_exit(void* context) {
+    Nfc* nfc = context;
+
+    widget_reset(nfc->widget);
+}
--- a/applications/nfc/scenes/nfc_scene_mfkey_nonces_info.c
+++ b/applications/nfc/scenes/nfc_scene_mfkey_nonces_info.c
@@ -0,0 +1,55 @@
+#include "../nfc_i.h"
+#include <lib/nfc/helpers/mfkey32.h>
+
+void nfc_scene_mfkey_nonces_info_callback(GuiButtonType result, InputType type, void* context) {
+    Nfc* nfc = context;
+    if(type == InputTypeShort) {
+        view_dispatcher_send_custom_event(nfc->view_dispatcher, result);
+    }
+}
+
+void nfc_scene_mfkey_nonces_info_on_enter(void* context) {
+    Nfc* nfc = context;
+
+    string_t temp_str;
+    string_init(temp_str);
+
+    uint16_t nonces_saved = mfkey32_get_auth_sectors(temp_str);
+    widget_add_text_scroll_element(nfc->widget, 0, 22, 128, 42, string_get_cstr(temp_str));
+    string_printf(temp_str, "Nonces saved %d", nonces_saved);
+    widget_add_string_element(
+        nfc->widget, 0, 0, AlignLeft, AlignTop, FontPrimary, string_get_cstr(temp_str));
+    widget_add_string_element(
+        nfc->widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "Authenticated sectors:");
+
+    widget_add_button_element(
+        nfc->widget, GuiButtonTypeRight, "Next", nfc_scene_mfkey_nonces_info_callback, nfc);
+
+    string_clear(temp_str);
+
+    view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);
+}
+
+bool nfc_scene_mfkey_nonces_info_on_event(void* context, SceneManagerEvent event) {
+    Nfc* nfc = context;
+    bool consumed = false;
+
+    if(event.type == SceneManagerEventTypeCustom) {
+        if(event.event == GuiButtonTypeRight) {
+            scene_manager_next_scene(nfc->scene_manager, NfcSceneMfkeyComplete);
+            consumed = true;
+        }
+    } else if(event.type == SceneManagerEventTypeBack) {
+        consumed =
+            scene_manager_search_and_switch_to_previous_scene(nfc->scene_manager, NfcSceneStart);
+    }
+
+    return consumed;
+}
+
+void nfc_scene_mfkey_nonces_info_on_exit(void* context) {
+    Nfc* nfc = context;
+
+    // Clear view
+    widget_reset(nfc->widget);
+}
--- a/applications/nfc/scenes/nfc_scene_start.c
+++ b/applications/nfc/scenes/nfc_scene_start.c
@@ -49,7 +49,12 @@ bool nfc_scene_start_on_event(void* context, SceneManagerEvent event) {
            scene_manager_next_scene(nfc->scene_manager, NfcSceneRead);
            consumed = true;
        } else if(event.event == SubmenuIndexDetectReader) {
-            scene_manager_next_scene(nfc->scene_manager, NfcSceneDetectReader);
+            bool sd_exist = storage_sd_status(nfc->dev->storage) == FSE_OK;
+            if(sd_exist) {
+                scene_manager_next_scene(nfc->scene_manager, NfcSceneDetectReader);
+            } else {
+                scene_manager_next_scene(nfc->scene_manager, NfcSceneDictNotFound);
+            }
            consumed = true;
        } else if(event.event == SubmenuIndexSaved) {
            scene_manager_next_scene(nfc->scene_manager, NfcSceneFileSelect);
@@ -61,7 +66,6 @@ bool nfc_scene_start_on_event(void* context, SceneManagerEvent event) {
            scene_manager_next_scene(nfc->scene_manager, NfcSceneSetType);
            consumed = true;
        } else if(event.event == SubmenuIndexDebug) {
-            scene_manager_set_scene_state(nfc->scene_manager, NfcSceneStart, SubmenuIndexDebug);
            scene_manager_next_scene(nfc->scene_manager, NfcSceneDebug);
            consumed = true;
        }
--- a/applications/nfc/views/detect_reader.c
+++ b/applications/nfc/views/detect_reader.c
@@ -0,0 +1,115 @@
+#include "detect_reader.h"
+
+#include <gui/elements.h>
+
+struct DetectReader {
+    View* view;
+    DetectReaderDoneCallback callback;
+    void* context;
+};
+
+typedef struct {
+    uint16_t nonces;
+} DetectReaderViewModel;
+
+static void detect_reader_draw_callback(Canvas* canvas, void* model) {
+    DetectReaderViewModel* m = model;
+    char text[32] = {};
+
+    snprintf(text, sizeof(text), "Tap the reader several times");
+    canvas_draw_str_aligned(canvas, 64, 0, AlignCenter, AlignTop, "Tap the reader several times");
+
+    if(m->nonces == 0) {
+        canvas_set_font(canvas, FontPrimary);
+        canvas_draw_str_aligned(canvas, 52, 22, AlignLeft, AlignTop, "Emulating...");
+        canvas_set_font(canvas, FontSecondary);
+        canvas_draw_str_aligned(canvas, 52, 35, AlignLeft, AlignTop, "MIFARE Classic");
+        canvas_draw_icon(canvas, 0, 13, &I_Tap_reader_36x38);
+    } else {
+        canvas_set_font(canvas, FontPrimary);
+        canvas_draw_str_aligned(canvas, 54, 22, AlignLeft, AlignTop, "Collecting...");
+        canvas_set_font(canvas, FontSecondary);
+        snprintf(text, sizeof(text), "Nonces: %d", m->nonces);
+        canvas_draw_str_aligned(canvas, 54, 35, AlignLeft, AlignTop, text);
+        elements_button_right(canvas, "Next");
+        canvas_draw_icon(canvas, 6, 15, &I_ArrowC_1_36x36);
+    }
+}
+
+static bool detect_reader_input_callback(InputEvent* event, void* context) {
+    DetectReader* detect_reader = context;
+    furi_assert(detect_reader->callback);
+    bool consumed = false;
+
+    uint8_t nonces = 0;
+    with_view_model(
+        detect_reader->view, (DetectReaderViewModel * model) {
+            nonces = model->nonces;
+            return false;
+        });
+
+    if(event->type == InputTypeShort) {
+        if(event->key == InputKeyRight) {
+            if(nonces > 0) {
+                detect_reader->callback(detect_reader->context);
+                consumed = true;
+            }
+        }
+    }
+
+    return consumed;
+}
+
+DetectReader* detect_reader_alloc() {
+    DetectReader* detect_reader = malloc(sizeof(DetectReader));
+    detect_reader->view = view_alloc();
+    view_allocate_model(detect_reader->view, ViewModelTypeLocking, sizeof(DetectReaderViewModel));
+    view_set_draw_callback(detect_reader->view, detect_reader_draw_callback);
+    view_set_input_callback(detect_reader->view, detect_reader_input_callback);
+    view_set_context(detect_reader->view, detect_reader);
+
+    return detect_reader;
+}
+
+void detect_reader_free(DetectReader* detect_reader) {
+    furi_assert(detect_reader);
+
+    view_free(detect_reader->view);
+    free(detect_reader);
+}
+
+void detect_reader_reset(DetectReader* detect_reader) {
+    furi_assert(detect_reader);
+
+    with_view_model(
+        detect_reader->view, (DetectReaderViewModel * model) {
+            model->nonces = 0;
+            return false;
+        });
+}
+
+View* detect_reader_get_view(DetectReader* detect_reader) {
+    furi_assert(detect_reader);
+
+    return detect_reader->view;
+}
+
+void detect_reader_set_callback(
+    DetectReader* detect_reader,
+    DetectReaderDoneCallback callback,
+    void* context) {
+    furi_assert(detect_reader);
+    furi_assert(callback);
+
+    detect_reader->callback = callback;
+    detect_reader->context = context;
+}
+
+void detect_reader_inc_nonce_cnt(DetectReader* detect_reader) {
+    furi_assert(detect_reader);
+    with_view_model(
+        detect_reader->view, (DetectReaderViewModel * model) {
+            model->nonces++;
+            return false;
+        });
+}
--- a/applications/nfc/views/detect_reader.h
+++ b/applications/nfc/views/detect_reader.h
@@ -0,0 +1,23 @@
+#pragma once
+#include <stdint.h>
+#include <gui/view.h>
+#include <gui/modules/widget.h>
+
+typedef struct DetectReader DetectReader;
+
+typedef void (*DetectReaderDoneCallback)(void* context);
+
+DetectReader* detect_reader_alloc();
+
+void detect_reader_free(DetectReader* detect_reader);
+
+void detect_reader_reset(DetectReader* detect_reader);
+
+View* detect_reader_get_view(DetectReader* detect_reader);
+
+void detect_reader_set_callback(
+    DetectReader* detect_reader,
+    DetectReaderDoneCallback callback,
+    void* context);
+
+void detect_reader_inc_nonce_cnt(DetectReader* detect_reader);