DarkFlippers/unleashed-firmware
1
1
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware.git synced 2024-11-30 07:06:12 +03:00
Code Issues Projects Releases Wiki Activity

Fix regression for regular nested attack

Browse Source
This commit is contained in:
noproto 2024-09-02 10:28:50 -04:00
parent 90d0c3d095
commit 2abeb071fd
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/nfc/protocols/mf_classic/mf_classic_poller.c
View File

@ -1770,13 +1770,20 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
// TODO: Need to think about how this works for NXP/Fudan backdoored tags. // TODO: Need to think about how this works for NXP/Fudan backdoored tags.
// We could reset the .calibration field every sector to re-calibrate. Calibration function handles backdoor calibration too. // We could reset the .calibration field every sector to re-calibrate. Calibration function handles backdoor calibration too.
// Calibration // Calibration
bool initial_collect_nt_enc_iter = false;
if(!(dict_attack_ctx->calibrated)) { if(!(dict_attack_ctx->calibrated)) {
if(dict_attack_ctx->prng_type == MfClassicPrngTypeWeak) { if(dict_attack_ctx->prng_type == MfClassicPrngTypeWeak) {
instance->state = MfClassicPollerStateNestedCalibrate; instance->state = MfClassicPollerStateNestedCalibrate;
return command; return command;
} }
initial_collect_nt_enc_iter = true;
dict_attack_ctx->auth_passed = true;
dict_attack_ctx->current_key_checked = false;
dict_attack_ctx->nested_phase = MfClassicNestedPhaseCollectNtEnc; dict_attack_ctx->nested_phase = MfClassicNestedPhaseCollectNtEnc;
} else if(dict_attack_ctx->nested_phase == MfClassicNestedPhaseCalibrate) { } else if(dict_attack_ctx->nested_phase == MfClassicNestedPhaseCalibrate) {
initial_collect_nt_enc_iter = true;
dict_attack_ctx->auth_passed = true;
dict_attack_ctx->current_key_checked = false;
dict_attack_ctx->nested_phase = MfClassicNestedPhaseCollectNtEnc; dict_attack_ctx->nested_phase = MfClassicNestedPhaseCollectNtEnc;
} }
// Collect and log nonces // Collect and log nonces
@ -1807,7 +1814,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
if(!(dict_attack_ctx->auth_passed)) { if(!(dict_attack_ctx->auth_passed)) {
dict_attack_ctx->attempt_count++; dict_attack_ctx->attempt_count++;
} else { } else {
if(is_weak) { if(is_weak && !(initial_collect_nt_enc_iter)) {
dict_attack_ctx->nested_target_key++; dict_attack_ctx->nested_target_key++;
if(dict_attack_ctx->nested_target_key % 2 == 0) { if(dict_attack_ctx->nested_target_key % 2 == 0) {
dict_attack_ctx->current_key_checked = false; dict_attack_ctx->current_key_checked = false;
@ -1850,6 +1857,7 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
} }
dict_attack_ctx->attempt_count = 0; dict_attack_ctx->attempt_count = 0;
} }
dict_attack_ctx->auth_passed = false;
instance->state = MfClassicPollerStateNestedCollectNtEnc; instance->state = MfClassicPollerStateNestedCollectNtEnc;
return command; return command;
} }

2
lib/nfc/protocols/mf_classic/mf_classic_poller_i.h
View File

@ -19,7 +19,7 @@ extern "C" {
#define NFC_ASSETS_FOLDER EXT_PATH("nfc/assets") #define NFC_ASSETS_FOLDER EXT_PATH("nfc/assets")
#define MF_CLASSIC_NESTED_ANALYZE_NT_COUNT (5) #define MF_CLASSIC_NESTED_ANALYZE_NT_COUNT (5)
#define MF_CLASSIC_NESTED_NT_HARD_MINIMUM (3) #define MF_CLASSIC_NESTED_NT_HARD_MINIMUM (3)
#define MF_CLASSIC_NESTED_RETRY_MAXIMUM (20) #define MF_CLASSIC_NESTED_RETRY_MAXIMUM (60)
#define MF_CLASSIC_NESTED_HARD_RETRY_MAXIMUM (3) #define MF_CLASSIC_NESTED_HARD_RETRY_MAXIMUM (3)
#define MF_CLASSIC_NESTED_CALIBRATION_COUNT (21) #define MF_CLASSIC_NESTED_CALIBRATION_COUNT (21)
#define MF_CLASSIC_NESTED_LOGS_FILE_NAME ".nested.log" #define MF_CLASSIC_NESTED_LOGS_FILE_NAME ".nested.log"