Fix inconsistent assignment of known key and known key type/sector

2025-12-12 04:34:43 +04:00 · 2024-10-18 00:33:49 -04:00
parent 2be0cfb04b
commit 897817a829
4 changed files with 24 additions and 2 deletions
--- a/lib/nfc/protocols/mf_classic/mf_classic.c
+++ b/lib/nfc/protocols/mf_classic/mf_classic.c
@@ -543,6 +543,22 @@ void mf_classic_set_key_not_found(
    }
 }

+MfClassicKey
+    mf_classic_get_key(const MfClassicData* data, uint8_t sector_num, MfClassicKeyType key_type) {
+    furi_check(data);
+    furi_check(sector_num < mf_classic_get_total_sectors_num(data->type));
+    furi_check(key_type == MfClassicKeyTypeA || key_type == MfClassicKeyTypeB);
+
+    const MfClassicSectorTrailer* sector_trailer =
+        mf_classic_get_sector_trailer_by_sector(data, sector_num);
+
+    if(key_type == MfClassicKeyTypeA) {
+        return sector_trailer->key_a;
+    } else {
+        return sector_trailer->key_b;
+    }
+}
+
 bool mf_classic_is_block_read(const MfClassicData* data, uint8_t block_num) {
    furi_check(data);

--- a/lib/nfc/protocols/mf_classic/mf_classic.h
+++ b/lib/nfc/protocols/mf_classic/mf_classic.h
@@ -213,6 +213,9 @@ void mf_classic_set_key_not_found(
    uint8_t sector_num,
    MfClassicKeyType key_type);

+MfClassicKey
+    mf_classic_get_key(const MfClassicData* data, uint8_t sector_num, MfClassicKeyType key_type);
+
 bool mf_classic_is_block_read(const MfClassicData* data, uint8_t block_num);

 void mf_classic_set_block_read(MfClassicData* data, uint8_t block_num, MfClassicBlock* block_data);
--- a/lib/nfc/protocols/mf_classic/mf_classic_poller.c
+++ b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
@@ -10,6 +10,7 @@
 // TODO: Store target key in CUID dictionary
 // TODO: Dead code for malloc returning NULL?
 // TODO: Auth1 static encrypted exists (rare)
+// TODO: Use keys found by NFC plugins, cached keys

 #define MF_CLASSIC_MAX_BUFF_SIZE (64)

@@ -1817,12 +1818,13 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
    bool initial_dict_attack_iter = false;
    if(dict_attack_ctx->nested_phase == MfClassicNestedPhaseNone) {
        dict_attack_ctx->auth_passed = true;
-        dict_attack_ctx->nested_known_key = dict_attack_ctx->current_key;
        bool backdoor_present = (dict_attack_ctx->backdoor != MfClassicBackdoorNone);
        if(!(backdoor_present)) {
            for(uint8_t sector = 0; sector < instance->sectors_total; sector++) {
                for(uint8_t key_type = 0; key_type < 2; key_type++) {
                    if(mf_classic_is_key_found(instance->data, sector, key_type)) {
+                        dict_attack_ctx->nested_known_key =
+                            mf_classic_get_key(instance->data, sector, key_type);
                        dict_attack_ctx->nested_known_key_sector = sector;
                        dict_attack_ctx->nested_known_key_type = key_type;
                        break;