FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :(

client/cmdhfmf.c

@@ -217,7 +217,12 @@ start:
 	if (isOK == -4 && par_list == 0) {
 		// this special attack when parities is zero, uses checkkeys. Which now with block/keytype option also needs. 
 		// but it uses 0|1 instead of 0x60|0x61...
-		if (!nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){
+		if (nonce2key_ex(blockNo, keytype - 0x60 , uid, nt, nr, ks_list, &r_key) ){
+			PrintAndLog("Key not found (lfsr_common_prefix list is null).");	
+			PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");
+			c.arg[0] = false;
+			goto start;
+		} else {
 			PrintAndLog("Found valid key: %012"llx" \n", r_key);
 			goto END;
 		}

client/nonce2key/crapto1.c

@@ -549,7 +549,8 @@ struct Crypto1State* lfsr_common_prefix_ex(uint32_t pfx, uint8_t ks[8])
 				s = check_pfx_parity_ex(pfx, *o, *e, s);
 			}
 
-	s->odd = s->even = 0;
+	// in this version, -1 signifies end of states 
+	s->odd = s->even = -1;
 
 out:
 	free(odd);

client/nonce2key/nonce2key.c

@@ -94,7 +94,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
 	
 	state = lfsr_common_prefix_ex(nr, ks3x);
 	state_s = (int64_t*)state;
-	PrintAndLog("Prefix");
 	
 	for (i = 0; (state) && ((state + i)->odd != -1); i++) {
 		lfsr_rollback_word(state + i, uid ^ nt, 0);
@@ -152,6 +151,7 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
 		}
 	}	
 	
+	
 	free(last_keylist);
 	last_keylist = state_s;
 	return 1;