foc> source code maintenance:
- upgrade to last libnfc devel API - removes various warnings - update debian package
This commit is contained in:
Romuald Conty
@@ -1,10 +1,10 @@
|
||||
AM_CFLAGS = @LIBNFC_CFLAGS@
|
||||
AM_CFLAGS = @libnfc_CFLAGS@
|
||||
|
||||
bin_PROGRAMS = mfoc
|
||||
|
||||
noinst_HEADERS = crapto1.h mfoc.h mifare.h nfc-utils.h
|
||||
|
||||
mfoc_SOURCES = crapto1.c crypto1.c mfoc.c mifare.c nfc-utils.c
|
||||
mfoc_LDADD = @LIBNFC_LIBS@
|
||||
mfoc_LDADD = @libnfc_LIBS@
|
||||
|
||||
dist_man_MANS = mfoc.1
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
#if !defined LOWMEM && defined __GNUC__
|
||||
static uint8_t filterlut[1 << 20];
|
||||
static void __attribute__((constructor)) fill_lut()
|
||||
static void __attribute__((constructor)) fill_lut(void)
|
||||
{
|
||||
uint32_t i;
|
||||
for(i = 0; i < 1 << 20; ++i)
|
||||
@@ -308,6 +308,11 @@ struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3)
|
||||
return statelist;
|
||||
}
|
||||
|
||||
uint8_t lfsr_rollback_bit(struct Crypto1State *s, uint32_t in, int fb);
|
||||
uint8_t lfsr_rollback_byte(struct Crypto1State *s, uint32_t in, int fb);
|
||||
uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb);
|
||||
uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd);
|
||||
|
||||
/** lfsr_rollback_bit
|
||||
* Rollback the shift register in order to get previous states
|
||||
*/
|
||||
@@ -444,6 +449,8 @@ check_pfx_parity(uint32_t prefix, uint32_t rresp, uint8_t parities[8][8],
|
||||
}
|
||||
|
||||
|
||||
struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8]);
|
||||
|
||||
/** lfsr_common_prefix
|
||||
* Implentation of the common prefix attack.
|
||||
* Requires the 29 bit constant prefix used as reader nonce (pfx)
|
||||
|
||||
27
src/mfoc.c
27
src/mfoc.c
@@ -32,11 +32,14 @@
|
||||
|
||||
/* vim: set ts=2 sw=2 et: */
|
||||
|
||||
#define _XOPEN_SOURCE 1 // To enable getopt
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
// NFC
|
||||
#include <nfc/nfc.h>
|
||||
|
||||
@@ -55,7 +58,7 @@ int main(int argc, char * const argv[]) {
|
||||
.nbr = NBR_106,
|
||||
};
|
||||
|
||||
int ch, i, k, n, j, m, o;
|
||||
int ch, i, k, n, j, m;
|
||||
int key, block;
|
||||
int succeed = 1;
|
||||
|
||||
@@ -120,12 +123,16 @@ int main(int argc, char * const argv[]) {
|
||||
// fprintf(stdout, "Number of probes: %d\n", probes);
|
||||
break;
|
||||
case 'T':
|
||||
{
|
||||
int res;
|
||||
// Nonce tolerance range
|
||||
if (!(d.tolerance = atoi(optarg)) || d.tolerance < 0) {
|
||||
if (((res = atoi(optarg)) != 0) || (res < 0)) {
|
||||
ERR ("The nonce distances range must be a zero or a positive number");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
d.tolerance = (uint32_t)res;
|
||||
// fprintf(stdout, "Tolerance number: %d\n", probes);
|
||||
}
|
||||
break;
|
||||
case 'k':
|
||||
// Add this key to the default keys
|
||||
@@ -235,15 +242,15 @@ int main(int argc, char * const argv[]) {
|
||||
bk->size = 0;
|
||||
}
|
||||
|
||||
d.distances = (void *) calloc(d.num_distances, sizeof(u_int32_t));
|
||||
d.distances = (void *) calloc(d.num_distances, sizeof(uint32_t));
|
||||
if (d.distances == NULL) {
|
||||
ERR ("Cannot allocate memory for t.distances");
|
||||
goto error;
|
||||
}
|
||||
|
||||
// Initialize t.sectors, keys are not known yet
|
||||
for (i = 0; i < (t.num_sectors); ++i) {
|
||||
t.sectors[i].foundKeyA = t.sectors[i].foundKeyB = false;
|
||||
for (uint8_t s = 0; s < (t.num_sectors); ++s) {
|
||||
t.sectors[s].foundKeyA = t.sectors[s].foundKeyB = false;
|
||||
}
|
||||
|
||||
print_nfc_iso14443a_info (t.nt.nti.nai, true);
|
||||
@@ -332,7 +339,7 @@ int main(int argc, char * const argv[]) {
|
||||
|
||||
// First, try already broken keys
|
||||
skip = false;
|
||||
for (o = 0; o < bk->size; o++) {
|
||||
for (uint32_t o = 0; o < bk->size; o++) {
|
||||
num_to_bytes(bk->brokenKeys[o], 6, mp.mpa.abtKey);
|
||||
mc = dumpKeysA ? 0x60 : 0x61;
|
||||
if (!nfc_initiator_mifare_cmd(r.pdi,mc,t.sectors[j].trailer,&mp)) {
|
||||
@@ -662,7 +669,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
|
||||
uint8_t RxPar[MAX_FRAME_LEN]; // Tag response
|
||||
size_t RxLen;
|
||||
|
||||
u_int32_t Nt, NtLast, NtProbe, NtEnc, Ks1;
|
||||
uint32_t Nt, NtLast, NtProbe, NtEnc, Ks1;
|
||||
|
||||
int i, m;
|
||||
|
||||
@@ -685,7 +692,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (nfc_initiator_transceive_bytes(r.pdi, Auth, 4, Rx, &RxLen, 0) < 0) {
|
||||
if (nfc_initiator_transceive_bytes(r.pdi, Auth, 4, Rx, sizeof(Rx), 0) < 0) {
|
||||
fprintf(stdout, "Error while requesting plain tag-nonce\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -900,7 +907,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
|
||||
// Return the median value from the nonce distances array
|
||||
uint32_t median(denonce d) {
|
||||
int middle = (int) d.num_distances / 2;
|
||||
qsort(d.distances, d.num_distances, sizeof(u_int32_t), compar_int);
|
||||
qsort(d.distances, d.num_distances, sizeof(uint32_t), compar_int);
|
||||
|
||||
if (d.num_distances % 2 == 1) {
|
||||
// Odd number of elements
|
||||
|
||||
12
src/mfoc.h
12
src/mfoc.h
@@ -32,10 +32,10 @@ typedef struct {
|
||||
} sector;
|
||||
|
||||
typedef struct {
|
||||
u_int32_t *distances;
|
||||
int32_t median;
|
||||
int32_t num_distances;
|
||||
int32_t tolerance;
|
||||
uint32_t *distances;
|
||||
uint32_t median;
|
||||
uint32_t num_distances;
|
||||
uint32_t tolerance;
|
||||
uint8_t parity[3]; // used for 3 bits of parity information
|
||||
} denonce; // Revealed information about nonce
|
||||
|
||||
@@ -43,8 +43,8 @@ typedef struct {
|
||||
nfc_target nt;
|
||||
sector * sectors; // Allocate later, we do not know the number of sectors yet
|
||||
sector e_sector; // Exploit sector
|
||||
int32_t num_sectors;
|
||||
int32_t num_blocks;
|
||||
uint8_t num_sectors;
|
||||
uint8_t num_blocks;
|
||||
uint32_t uid;
|
||||
bool b4K;
|
||||
} mftag;
|
||||
|
||||
@@ -51,7 +51,6 @@ bool
|
||||
nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui8Block, mifare_param *pmp)
|
||||
{
|
||||
uint8_t abtRx[265];
|
||||
size_t szRx = sizeof(abtRx);
|
||||
size_t szParamLen;
|
||||
uint8_t abtCmd[265];
|
||||
//bool bEasyFraming;
|
||||
@@ -102,7 +101,7 @@ nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui
|
||||
}
|
||||
// Fire the mifare command
|
||||
int res;
|
||||
if ((res = nfc_initiator_transceive_bytes (pnd, abtCmd, 2 + szParamLen, abtRx, &szRx, -1)) < 0) {
|
||||
if ((res = nfc_initiator_transceive_bytes (pnd, abtCmd, 2 + szParamLen, abtRx, sizeof(abtRx), -1)) < 0) {
|
||||
if (res == NFC_ERFTRANS) {
|
||||
// "Invalid received frame", usual means we are
|
||||
// authenticated on a sector but the requested MIFARE cmd (read, write)
|
||||
@@ -123,7 +122,7 @@ nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui
|
||||
|
||||
// When we have executed a read command, copy the received bytes into the param
|
||||
if (mc == MC_READ) {
|
||||
if (szRx == 16) {
|
||||
if (res == 16) {
|
||||
memcpy (pmp->mpd.abtData, abtRx, 16);
|
||||
} else {
|
||||
return false;
|
||||
|
||||
Reference in New Issue
Block a user