draft for a Mifare classic NACK bug detection.

the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug.

-in short, ref  https://github.com/iceman1001/proxmark3/issues/141
NACK bug;  when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct.

This is a strong oracle which is used in the darkside attack.

client/cmdhfmf.c

@@ -2848,6 +2848,36 @@ int CmdHf14AMfSetMod(const char *Cmd) {
 	return 0;
 }
 
+// Mifare NACK bug detection
+int CmdHf14AMfNack(const char *Cmd) {
+
+	UsbCommand c = {CMD_MIFARE_NACK_DETECT, {0, 0, 0}};
+	clearCommandBuffer();
+	SendCommand(&c);
+	UsbCommand resp;
+	
+	while (true) {
+		
+		printf(".");
+		fflush(stdout);
+		if (ukbhit()) {
+			int gc = getchar(); (void)gc;
+			return -1;
+			break;
+		}
+	
+		if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
+			uint8_t ok = resp.arg[0] & 0xff;
+			PrintAndLog("isOk:%02x", ok);
+			if (!ok) {
+				PrintAndLog("Failed.");
+			}
+			break;
+		}
+	}
+	return 0;
+}
+
 int CmdHF14AMfice(const char *Cmd) {
 
 	uint8_t blockNo = 0;
@@ -2957,6 +2987,7 @@ static command_t CommandTable[] = {
 	{"decrypt",		CmdHf14AMfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},
 	{"setmod",		CmdHf14AMfSetMod, 		0, "Set MIFARE Classic EV1 load modulation strength"},
 	{"ice",			CmdHF14AMfice,			0, "collect Mifare Classic nonces to file"},
+	{"nack",		CmdHf14AMfNack,			0, "Test for Mifare NACK bug"},
 	{NULL, NULL, 0, NULL}
 };
 

client/cmdhfmf.h

@@ -63,6 +63,7 @@ extern int CmdHF14AMfCLoad(const char* cmd);
 extern int CmdHF14AMfCSave(const char* cmd);
 extern int CmdHf14MfDecryptBytes(const char *Cmd);
 extern int CmdHf14AMfSetMod(const char *Cmd);
+extern int CmdHf14AMfNack(const char *Cmd);
 
 void showSectorTable(void);
 void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose);