mirrors/unleashed-firmware
1
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware.git synced 2025-12-12 12:42:30 +04:00
Code Issues Activity

Merge remote-tracking branch 'noproto/nestednonces' into dev

Browse Source
This commit is contained in:
MX
2024-10-31 02:27:33 +03:00
parent b462329dd5 907019c136
commit 86813d1b60
2 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c
View File

@@ -5,8 +5,8 @@
#define TAG "NfcMfClassicDictAttack" #define TAG "NfcMfClassicDictAttack"
// TODO: Fix lag when leaving the dictionary attack view after Hardnested // TODO FL-3926: Fix lag when leaving the dictionary attack view after Hardnested
// TODO: Re-enters backdoor detection between user and system dictionary if no backdoor is found // TODO FL-3926: Re-enters backdoor detection between user and system dictionary if no backdoor is found
typedef enum { typedef enum {
DictAttackStateCUIDDictInProgress, DictAttackStateCUIDDictInProgress,

32
lib/nfc/protocols/mf_classic/mf_classic_poller.c
View File

@@ -6,11 +6,11 @@
#define TAG "MfClassicPoller" #define TAG "MfClassicPoller"
// TODO: Buffer writes for Hardnested, set state to Log when finished and sum property matches // TODO FL-3926: Buffer writes for Hardnested, set state to Log when finished and sum property matches
// TODO: Store target key in CUID dictionary // TODO FL-3926: Store target key in CUID dictionary
// TODO: Dead code for malloc returning NULL? // TODO FL-3926: Dead code for malloc returning NULL?
// TODO: Auth1 static encrypted exists (rare) // TODO FL-3926: Auth1 static encrypted exists (rare)
// TODO: Use keys found by NFC plugins, cached keys // TODO FL-3926: Use keys found by NFC plugins, cached keys
#define MF_CLASSIC_MAX_BUFF_SIZE (64) #define MF_CLASSIC_MAX_BUFF_SIZE (64)
@@ -606,7 +606,7 @@ NfcCommand mf_classic_poller_handler_analyze_backdoor(MfClassicPoller* instance)
} }
NfcCommand mf_classic_poller_handler_backdoor_read_sector(MfClassicPoller* instance) { NfcCommand mf_classic_poller_handler_backdoor_read_sector(MfClassicPoller* instance) {
// TODO: Reauth not needed // TODO FL-3926: Reauth not needed
NfcCommand command = NfcCommandContinue; NfcCommand command = NfcCommandContinue;
MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx;
MfClassicError error = MfClassicErrorNone; MfClassicError error = MfClassicErrorNone;
@@ -1289,8 +1289,6 @@ NfcCommand mf_classic_poller_handler_nested_calibrate(MfClassicPoller* instance)
float std_dev = sqrtf(variance); float std_dev = sqrtf(variance);
// Filter out values over 3 standard deviations away from the median // Filter out values over 3 standard deviations away from the median
dict_attack_ctx->d_min = UINT16_MAX;
dict_attack_ctx->d_max = 0;
for(uint8_t i = 0; i < valid_distances; i++) { for(uint8_t i = 0; i < valid_distances; i++) {
if(fabsf((float)distances[i] - median) <= 3 * std_dev) { if(fabsf((float)distances[i] - median) <= 3 * std_dev) {
if(distances[i] < dict_attack_ctx->d_min) dict_attack_ctx->d_min = distances[i]; if(distances[i] < dict_attack_ctx->d_min) dict_attack_ctx->d_min = distances[i];
@@ -1328,8 +1326,8 @@ static inline bool is_byte_found(uint8_t* found, uint8_t byte) {
} }
NfcCommand mf_classic_poller_handler_nested_collect_nt_enc(MfClassicPoller* instance) { NfcCommand mf_classic_poller_handler_nested_collect_nt_enc(MfClassicPoller* instance) {
// TODO: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) // TODO FL-3926: Handle when nonce is not collected (retry counter? Do not increment nested_target_key)
// TODO: Look into using MfClassicNt more // TODO FL-3926: Look into using MfClassicNt more
NfcCommand command = NfcCommandContinue; NfcCommand command = NfcCommandContinue;
MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx;
@@ -1563,8 +1561,8 @@ static MfClassicKey* search_dicts_for_nonce_key(
} }
NfcCommand mf_classic_poller_handler_nested_dict_attack(MfClassicPoller* instance) { NfcCommand mf_classic_poller_handler_nested_dict_attack(MfClassicPoller* instance) {
// TODO: Handle when nonce is not collected (retry counter? Do not increment nested_target_key) // TODO FL-3926: Handle when nonce is not collected (retry counter? Do not increment nested_target_key)
// TODO: Look into using MfClassicNt more // TODO FL-3926: Look into using MfClassicNt more
NfcCommand command = NfcCommandContinue; NfcCommand command = NfcCommandContinue;
MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx; MfClassicPollerDictAttackContext* dict_attack_ctx = &instance->mode_ctx.dict_attack_ctx;
@@ -1706,7 +1704,7 @@ NfcCommand mf_classic_poller_handler_nested_log(MfClassicPoller* instance) {
if(weak_prng && (!(static_encrypted)) && (dict_attack_ctx->nested_nonce.count != 2)) { if(weak_prng && (!(static_encrypted)) && (dict_attack_ctx->nested_nonce.count != 2)) {
FURI_LOG_E( FURI_LOG_E(
TAG, TAG,
"MfClassicPollerStateNestedLog expected 2 nonces, received %u", "MfClassicPollerStateNestedLog expected 2 nonces, received %zu",
dict_attack_ctx->nested_nonce.count); dict_attack_ctx->nested_nonce.count);
break; break;
} }
@@ -1722,7 +1720,7 @@ NfcCommand mf_classic_poller_handler_nested_log(MfClassicPoller* instance) {
bool params_write_success = true; bool params_write_success = true;
for(size_t i = 0; i < nonce_pair_count; i++) { for(size_t i = 0; i < nonce_pair_count; i++) {
MfClassicNestedNonce* nonce = &dict_attack_ctx->nested_nonce.nonces[i]; MfClassicNestedNonce* nonce = &dict_attack_ctx->nested_nonce.nonces[i];
// TODO: Avoid repeating logic here // TODO FL-3926: Avoid repeating logic here
uint8_t nonce_sector = nonce->key_idx / (weak_prng ? 4 : 2); uint8_t nonce_sector = nonce->key_idx / (weak_prng ? 4 : 2);
MfClassicKeyType nonce_key_type = MfClassicKeyType nonce_key_type =
(nonce->key_idx % (weak_prng ? 4 : 2) < (weak_prng ? 2 : 1)) ? MfClassicKeyTypeA : (nonce->key_idx % (weak_prng ? 4 : 2) < (weak_prng ? 2 : 1)) ? MfClassicKeyTypeA :
@@ -1857,7 +1855,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
} else if(dict_attack_ctx->prng_type == MfClassicPrngTypeNoTag) { } else if(dict_attack_ctx->prng_type == MfClassicPrngTypeNoTag) {
FURI_LOG_E(TAG, "No tag detected"); FURI_LOG_E(TAG, "No tag detected");
// Free nonce array // Free nonce array
// TODO: Consider using .count here // TODO FL-3926: Consider using .count here
if(dict_attack_ctx->nested_nonce.nonces) { if(dict_attack_ctx->nested_nonce.nonces) {
free(dict_attack_ctx->nested_nonce.nonces); free(dict_attack_ctx->nested_nonce.nonces);
dict_attack_ctx->nested_nonce.nonces = NULL; dict_attack_ctx->nested_nonce.nonces = NULL;
@@ -1868,7 +1866,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
} }
if(dict_attack_ctx->nested_nonce.nonces) { if(dict_attack_ctx->nested_nonce.nonces) {
// Free nonce array // Free nonce array
// TODO: Consider using .count here // TODO FL-3926: Consider using .count here
free(dict_attack_ctx->nested_nonce.nonces); free(dict_attack_ctx->nested_nonce.nonces);
dict_attack_ctx->nested_nonce.nonces = NULL; dict_attack_ctx->nested_nonce.nonces = NULL;
dict_attack_ctx->nested_nonce.count = 0; dict_attack_ctx->nested_nonce.count = 0;
@@ -1935,7 +1933,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
} }
if(!(dict_attack_ctx->auth_passed)) { if(!(dict_attack_ctx->auth_passed)) {
dict_attack_ctx->attempt_count++; dict_attack_ctx->attempt_count++;
} else if(dict_attack_ctx->auth_passed && !(initial_dict_attack_iter)) { } else if(!(initial_dict_attack_iter)) {
dict_attack_ctx->nested_target_key++; dict_attack_ctx->nested_target_key++;
dict_attack_ctx->attempt_count = 0; dict_attack_ctx->attempt_count = 0;
} }