nfc: make dict attack more interactive (#1462)

* nfc: deduplify dict attack worker code * nfc: make dict attack more interactive Co-authored-by: gornekich <n.gorbadey@gmail.com> Co-authored-by: あく <alleteam@gmail.com>
2022-08-03 10:07:35 -07:00
parent 284c56718b
commit 3ee93e1a82
7 changed files with 107 additions and 28 deletions
--- a/lib/nfc/nfc_device.h
+++ b/lib/nfc/nfc_device.h
@@ -6,6 +6,7 @@
 #include <dialogs/dialogs.h>

 #include <furi_hal_nfc.h>
+#include <lib/nfc/helpers/mf_classic_dict.h>
 #include <lib/nfc/protocols/emv.h>
 #include <lib/nfc/protocols/mifare_ultralight.h>
 #include <lib/nfc/protocols/mifare_classic.h>
@@ -13,6 +14,7 @@

 #define NFC_DEV_NAME_MAX_LEN 22
 #define NFC_READER_DATA_MAX_SIZE 64
+#define NFC_DICT_KEY_BATCH_SIZE 50

 #define NFC_APP_FOLDER ANY_PATH("nfc")
 #define NFC_APP_EXTENSION ".nfc"
@@ -41,10 +43,17 @@ typedef struct {
    uint16_t size;
 } NfcReaderRequestData;

+typedef struct {
+    MfClassicDict* dict;
+} NfcMfClassicDictAttackData;
+
 typedef struct {
    FuriHalNfcDevData nfc_data;
    NfcProtocol protocol;
-    NfcReaderRequestData reader_data;
+    union {
+        NfcReaderRequestData reader_data;
+        NfcMfClassicDictAttackData mf_classic_dict_attack_data;
+    };
    union {
        EmvData emv_data;
        MfUltralightData mf_ul_data;
--- a/lib/nfc/nfc_worker.c
+++ b/lib/nfc/nfc_worker.c
@@ -101,10 +101,8 @@ int32_t nfc_worker_task(void* context) {
        nfc_worker_emulate_mf_ultralight(nfc_worker);
    } else if(nfc_worker->state == NfcWorkerStateMfClassicEmulate) {
        nfc_worker_emulate_mf_classic(nfc_worker);
-    } else if(nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) {
-        nfc_worker_mf_classic_dict_attack(nfc_worker, MfClassicDictTypeUser);
-    } else if(nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack) {
-        nfc_worker_mf_classic_dict_attack(nfc_worker, MfClassicDictTypeFlipper);
+    } else if(nfc_worker->state == NfcWorkerStateMfClassicDictAttack) {
+        nfc_worker_mf_classic_dict_attack(nfc_worker);
    }
    furi_hal_nfc_sleep();
    nfc_worker_change_state(nfc_worker, NfcWorkerStateReady);
@@ -397,11 +395,13 @@ void nfc_worker_emulate_mf_ultralight(NfcWorker* nfc_worker) {
    }
 }

-void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType type) {
+void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
    furi_assert(nfc_worker);
    furi_assert(nfc_worker->callback);

    MfClassicData* data = &nfc_worker->dev_data->mf_classic_data;
+    NfcMfClassicDictAttackData* dict_attack_data =
+        &nfc_worker->dev_data->mf_classic_dict_attack_data;
    uint32_t total_sectors = mf_classic_get_total_sectors_num(data->type);
    uint64_t key = 0;
    FuriHalNfcTxRxContext tx_rx = {};
@@ -409,15 +409,17 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
    bool card_removed_notified = false;

    // Load dictionary
-    MfClassicDict* dict = mf_classic_dict_alloc(type);
+    MfClassicDict* dict = dict_attack_data->dict;
    if(!dict) {
        FURI_LOG_E(TAG, "Dictionary not found");
        nfc_worker->callback(NfcWorkerEventNoDictFound, nfc_worker->context);
-        mf_classic_dict_free(dict);
        return;
    }

-    FURI_LOG_D(TAG, "Start Dictionary attack");
+    FURI_LOG_D(
+        TAG,
+        "Start Dictionary attack, Key Count %d",
+        mf_classic_dict_get_total_keys(dict));
    for(size_t i = 0; i < total_sectors; i++) {
        FURI_LOG_I(TAG, "Sector %d", i);
        nfc_worker->callback(NfcWorkerEventNewSector, nfc_worker->context);
@@ -425,7 +427,11 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
        if(mf_classic_is_sector_read(data, i)) continue;
        bool is_key_a_found = mf_classic_is_key_found(data, i, MfClassicKeyA);
        bool is_key_b_found = mf_classic_is_key_found(data, i, MfClassicKeyB);
+        uint16_t key_index = 0;
        while(mf_classic_dict_get_next_key(dict, &key)) {
+            if(++key_index % NFC_DICT_KEY_BATCH_SIZE == 0) {
+                nfc_worker->callback(NfcWorkerEventNewDictKeyBatch, nfc_worker->context);
+            }
            furi_hal_nfc_sleep();
            if(furi_hal_nfc_activate_nfca(200, NULL)) {
                furi_hal_nfc_sleep();
@@ -456,8 +462,7 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
                    }
                }
                if(is_key_a_found && is_key_b_found) break;
-                if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
-                     (nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
+                if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
                    break;
            } else {
                if(!card_removed_notified) {
@@ -465,20 +470,16 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType
                    card_removed_notified = true;
                    card_found_notified = false;
                }
-                if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
-                     (nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
+                if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
                    break;
            }
        }
-        if(!((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
-             (nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)))
+        if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack)
            break;
        mf_classic_read_sector(&tx_rx, data, i);
        mf_classic_dict_rewind(dict);
    }
-    mf_classic_dict_free(dict);
-    if((nfc_worker->state == NfcWorkerStateMfClassicUserDictAttack) ||
-       (nfc_worker->state == NfcWorkerStateMfClassicFlipperDictAttack)) {
+    if(nfc_worker->state == NfcWorkerStateMfClassicDictAttack) {
        nfc_worker->callback(NfcWorkerEventSuccess, nfc_worker->context);
    } else {
        nfc_worker->callback(NfcWorkerEventAborted, nfc_worker->context);
--- a/lib/nfc/nfc_worker.h
+++ b/lib/nfc/nfc_worker.h
@@ -14,8 +14,7 @@ typedef enum {
    NfcWorkerStateUidEmulate,
    NfcWorkerStateMfUltralightEmulate,
    NfcWorkerStateMfClassicEmulate,
-    NfcWorkerStateMfClassicUserDictAttack,
-    NfcWorkerStateMfClassicFlipperDictAttack,
+    NfcWorkerStateMfClassicDictAttack,
    // Debug
    NfcWorkerStateEmulateApdu,
    NfcWorkerStateField,
@@ -49,6 +48,7 @@ typedef enum {
    // Mifare Classic events
    NfcWorkerEventNoDictFound,
    NfcWorkerEventNewSector,
+    NfcWorkerEventNewDictKeyBatch,
    NfcWorkerEventFoundKeyA,
    NfcWorkerEventFoundKeyB,
 } NfcWorkerEvent;
--- a/lib/nfc/nfc_worker_i.h
+++ b/lib/nfc/nfc_worker_i.h
@@ -13,7 +13,6 @@
 #include <lib/nfc/protocols/mifare_desfire.h>
 #include <lib/nfc/protocols/nfca.h>

-#include "helpers/mf_classic_dict.h"
 #include "helpers/nfc_debug_pcap.h"

 struct NfcWorker {
@@ -43,6 +42,6 @@ void nfc_worker_emulate_mf_ultralight(NfcWorker* nfc_worker);

 void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker);

-void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker, MfClassicDictType type);
+void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker);

 void nfc_worker_emulate_apdu(NfcWorker* nfc_worker);