liz/flipperzero-firmware
liz/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mifare dictionary attack performance improvements. (#2173)

Browse Source 
* NFC dictionary attack performance improvements.
* Remove unnecessary assignment
This commit is contained in:
Thomas Roth 2022-12-29 06:20:01 +01:00 committed by GitHub
parent ea054423b0
commit 26e5527a93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
firmware/targets/f7/api_symbols.csv
View File

@ -1854,6 +1854,7 @@ Function,+,menu_set_selected_item,void,"Menu*, uint32_t"
Function,-,mf_classic_auth_attempt,_Bool,"FuriHalNfcTxRxContext*, MfClassicAuthContext*, uint64_t"
Function,-,mf_classic_auth_init_context,void,"MfClassicAuthContext*, uint8_t"
Function,-,mf_classic_authenticate,_Bool,"FuriHalNfcTxRxContext*, uint8_t, uint64_t, MfClassicKey"
Function,-,mf_classic_authenticate_skip_activate,_Bool,"FuriHalNfcTxRxContext*, uint8_t, uint64_t, MfClassicKey, _Bool, uint32_t"
Function,-,mf_classic_check_card_type,_Bool,"uint8_t, uint8_t, uint8_t"
Function,-,mf_classic_dict_add_key,_Bool,"MfClassicDict*, uint8_t*"
Function,-,mf_classic_dict_add_key_str,_Bool,"MfClassicDict*, FuriString*"

1 entry status name type params
1854 Function - mf_classic_auth_attempt _Bool FuriHalNfcTxRxContext*, MfClassicAuthContext*, uint64_t
1855 Function - mf_classic_auth_init_context void MfClassicAuthContext*, uint8_t
1856 Function - mf_classic_authenticate _Bool FuriHalNfcTxRxContext*, uint8_t, uint64_t, MfClassicKey
1857 Function - mf_classic_authenticate_skip_activate _Bool FuriHalNfcTxRxContext*, uint8_t, uint64_t, MfClassicKey, _Bool, uint32_t
1858 Function - mf_classic_check_card_type _Bool uint8_t, uint8_t, uint8_t
1859 Function - mf_classic_dict_add_key _Bool MfClassicDict*, uint8_t*
1860 Function - mf_classic_dict_add_key_str _Bool MfClassicDict*, FuriString*

14
lib/nfc/nfc_worker.c
View File

@ -680,13 +680,15 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
nfc_worker->callback(NfcWorkerEventNewDictKeyBatch, nfc_worker->context);
}
furi_hal_nfc_sleep();
if(furi_hal_nfc_activate_nfca(200, NULL)) {
furi_hal_nfc_sleep();
uint32_t cuid;
if(furi_hal_nfc_activate_nfca(200, &cuid)) {
bool deactivated = false;
if(!card_found_notified) {
nfc_worker->callback(NfcWorkerEventCardDetected, nfc_worker->context);
card_found_notified = true;
card_removed_notified = false;
nfc_worker_mf_classic_key_attack(nfc_worker, prev_key, &tx_rx, i);
deactivated = true;
}
FURI_LOG_D(
TAG,
@ -696,22 +698,26 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
(uint32_t)key);
if(!is_key_a_found) {
is_key_a_found = mf_classic_is_key_found(data, i, MfClassicKeyA);
if(mf_classic_authenticate(&tx_rx, block_num, key, MfClassicKeyA)) {
if(mf_classic_authenticate_skip_activate(
&tx_rx, block_num, key, MfClassicKeyA, !deactivated, cuid)) {
mf_classic_set_key_found(data, i, MfClassicKeyA, key);
FURI_LOG_D(TAG, "Key found");
nfc_worker->callback(NfcWorkerEventFoundKeyA, nfc_worker->context);
nfc_worker_mf_classic_key_attack(nfc_worker, key, &tx_rx, i + 1);
}
furi_hal_nfc_sleep();
deactivated = true;
}
if(!is_key_b_found) {
is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB);
if(mf_classic_authenticate(&tx_rx, block_num, key, MfClassicKeyB)) {
if(mf_classic_authenticate_skip_activate(
&tx_rx, block_num, key, MfClassicKeyB, !deactivated, cuid)) {
FURI_LOG_D(TAG, "Key found");
mf_classic_set_key_found(data, i, MfClassicKeyB, key);
nfc_worker->callback(NfcWorkerEventFoundKeyB, nfc_worker->context);
nfc_worker_mf_classic_key_attack(nfc_worker, key, &tx_rx, i + 1);
}
deactivated = true;
}
if(is_key_a_found && is_key_b_found) break;
if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;

41
lib/nfc/protocols/mifare_classic.c
View File

@ -403,15 +403,16 @@ static bool mf_classic_auth(
uint32_t block,
uint64_t key,
MfClassicKey key_type,
Crypto1* crypto) {
Crypto1* crypto,
bool skip_activate,
uint32_t cuid) {
bool auth_success = false;
uint32_t cuid = 0;
memset(tx_rx->tx_data, 0, sizeof(tx_rx->tx_data));
memset(tx_rx->tx_parity, 0, sizeof(tx_rx->tx_parity));
tx_rx->tx_rx_type = FuriHalNfcTxRxTypeDefault;
do {
if(!furi_hal_nfc_activate_nfca(200, &cuid)) break;
if(!skip_activate && !furi_hal_nfc_activate_nfca(200, &cuid)) break;
if(key_type == MfClassicKeyA) {
tx_rx->tx_data[0] = MF_CLASSIC_AUTH_KEY_A_CMD;
} else {
@ -460,7 +461,23 @@ bool mf_classic_authenticate(
furi_assert(tx_rx);
Crypto1 crypto = {};
bool key_found = mf_classic_auth(tx_rx, block_num, key, key_type, &crypto);
bool key_found = mf_classic_auth(tx_rx, block_num, key, key_type, &crypto, false, 0);
furi_hal_nfc_sleep();
return key_found;
}
bool mf_classic_authenticate_skip_activate(
FuriHalNfcTxRxContext* tx_rx,
uint8_t block_num,
uint64_t key,
MfClassicKey key_type,
bool skip_activate,
uint32_t cuid) {
furi_assert(tx_rx);
Crypto1 crypto = {};
bool key_found =
mf_classic_auth(tx_rx, block_num, key, key_type, &crypto, skip_activate, cuid);
furi_hal_nfc_sleep();
return key_found;
}
@ -483,7 +500,9 @@ bool mf_classic_auth_attempt(
mf_classic_get_first_block_num_of_sector(auth_ctx->sector),
key,
MfClassicKeyA,
&crypto)) {
&crypto,
false,
0)) {
auth_ctx->key_a = key;
found_key = true;
}
@ -500,7 +519,9 @@ bool mf_classic_auth_attempt(
mf_classic_get_first_block_num_of_sector(auth_ctx->sector),
key,
MfClassicKeyB,
&crypto)) {
&crypto,
false,
0)) {
auth_ctx->key_b = key;
found_key = true;
}
@ -568,7 +589,7 @@ void mf_classic_read_sector(FuriHalNfcTxRxContext* tx_rx, MfClassicData* data, u
if(!key_a_found) break;
FURI_LOG_D(TAG, "Try to read blocks with key A");
key = nfc_util_bytes2num(sec_tr->key_a, sizeof(sec_tr->key_a));
if(!mf_classic_auth(tx_rx, start_block, key, MfClassicKeyA, &crypto)) break;
if(!mf_classic_auth(tx_rx, start_block, key, MfClassicKeyA, &crypto, false, 0)) break;
for(size_t i = start_block; i < start_block + total_blocks; i++) {
if(!mf_classic_is_block_read(data, i)) {
if(mf_classic_read_block(tx_rx, &crypto, i, &block_tmp)) {
@ -587,7 +608,7 @@ void mf_classic_read_sector(FuriHalNfcTxRxContext* tx_rx, MfClassicData* data, u
FURI_LOG_D(TAG, "Try to read blocks with key B");
key = nfc_util_bytes2num(sec_tr->key_b, sizeof(sec_tr->key_b));
furi_hal_nfc_sleep();
if(!mf_classic_auth(tx_rx, start_block, key, MfClassicKeyB, &crypto)) break;
if(!mf_classic_auth(tx_rx, start_block, key, MfClassicKeyB, &crypto, false, 0)) break;
for(size_t i = start_block; i < start_block + total_blocks; i++) {
if(!mf_classic_is_block_read(data, i)) {
if(mf_classic_read_block(tx_rx, &crypto, i, &block_tmp)) {
@ -631,7 +652,7 @@ static bool mf_classic_read_sector_with_reader(
}
// Auth to first block in sector
if(!mf_classic_auth(tx_rx, first_block, key, key_type, crypto)) {
if(!mf_classic_auth(tx_rx, first_block, key, key_type, crypto, false, 0)) {
// Set key to MF_CLASSIC_NO_KEY to prevent further attempts
if(key_type == MfClassicKeyA) {
sector_reader->key_a = MF_CLASSIC_NO_KEY;
@ -961,7 +982,7 @@ bool mf_classic_write_block(
do {
furi_hal_nfc_sleep();
if(!mf_classic_auth(tx_rx, block_num, key, key_type, &crypto)) {
if(!mf_classic_auth(tx_rx, block_num, key, key_type, &crypto, false, 0)) {
FURI_LOG_D(TAG, "Auth fail");
break;
}

8
lib/nfc/protocols/mifare_classic.h
View File

@ -156,6 +156,14 @@ bool mf_classic_authenticate(
uint64_t key,
MfClassicKey key_type);
bool mf_classic_authenticate_skip_activate(
FuriHalNfcTxRxContext* tx_rx,
uint8_t block_num,
uint64_t key,
MfClassicKey key_type,
bool skip_activate,
uint32_t cuid);
bool mf_classic_auth_attempt(
FuriHalNfcTxRxContext* tx_rx,
MfClassicAuthContext* auth_ctx,