Merge remote-tracking branch 'upstream/master'

client/cmdhf14a.c

@@ -143,6 +143,7 @@ int usage_hf_14a_sim(void) {
 //	PrintAndLog("    u     : 4, 7 or 10 byte UID");
 	PrintAndLog("    u     : 4, 7 byte UID");
 	PrintAndLog("    x     : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
+	PrintAndLog("    v     : (Optional) show maths used for cracking reader. Useful for debugging.");
 	PrintAndLog("\n   sample : hf 14a sim t 1 u 11223344 x");
 	PrintAndLog("          : hf 14a sim t 1 u 11223344");
 	PrintAndLog("          : hf 14a sim t 1 u 11223344556677");
@@ -447,6 +448,7 @@ int CmdHF14ASim(const char *Cmd) {
 	uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
 	int uidlen = 0;
 	bool useUIDfromEML = TRUE;
+	bool verbose = false;
 
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
@@ -477,6 +479,11 @@ int CmdHF14ASim(const char *Cmd) {
 				}
 				cmdp += 2;
 				break;
+			case 'v':
+			case 'V':
+				verbose = true;
+				cmdp++;
+				break;
 			case 'x':
 			case 'X':
 				flags |= FLAG_NR_AR_ATTACK;
@@ -513,7 +520,7 @@ int CmdHF14ASim(const char *Cmd) {
 		if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 			
 		memcpy( data, resp.d.asBytes, sizeof(data) );
-		readerAttack(data, TRUE);
+		readerAttack(data, TRUE, verbose);
 	}
 	return 0;
 }

client/cmdhfmf.c

@@ -32,6 +32,7 @@ int usage_hf14_mf1ksim(void){
 	PrintAndLog("      i    (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");
 	PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");
 	PrintAndLog("      e    (Optional) Fill simulator keys from what we crack");
+	PrintAndLog("      v    (Optional) Show maths used for cracking reader. Useful for debugging.");
 	PrintAndLog("samples:");
 	PrintAndLog("           hf mf sim u 0a0a0a0a");
 	PrintAndLog("           hf mf sim u 11223344556677");
@@ -1364,7 +1365,7 @@ int CmdHF14AMfChk(const char *Cmd) {
 #define ATTACK_KEY_COUNT 8
 sector *k_sector = NULL;
 uint8_t k_sectorsCount = 16;
-void readerAttack(nonces_t data[], bool setEmulatorMem) {
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {
 
 	// initialize storage for found keys
 	if (k_sector == NULL)
@@ -1388,7 +1389,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) {
 
 			// We can probably skip this, mfkey32v2 is more reliable.
 #ifdef HFMF_TRYMFK32
-			if (tryMfk32(data[i], &key)) {
+			if (tryMfk32(data[i], &key, verbose)) {
 				PrintAndLog("Found Key%s for sector %02d: [%012"llx"]"
 					, (data[i].keytype) ? "B" : "A"
 					, data[i].sector
@@ -1413,7 +1414,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) {
 			}
 #endif
 			//moebius attack			
-			if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) {
+			if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, verbose)) {
 				uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;
 				uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;
 
@@ -1449,11 +1450,14 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 	uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
 	uint8_t exitAfterNReads = 0;
 	uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);
-	int uidlen = 0;	
+	int uidlen = 0;
 	bool setEmulatorMem = false;
 	uint8_t cmdp = 0;
 	bool errors = false;
 
+	// If set to true, we should show our workings when doing NR_AR_ATTACK.
+	bool verbose = false;
+
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'e':
@@ -1485,6 +1489,11 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 			}
 			cmdp +=2;
 			break;
+		case 'v':
+		case 'V':
+			verbose = true;
+			cmdp++;
+			break;
 		case 'x':
 		case 'X':
 			flags |= FLAG_NR_AR_ATTACK;
@@ -1524,7 +1533,7 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 			if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 
 			memcpy( data, resp.d.asBytes, sizeof(data) );			
-			readerAttack(data, setEmulatorMem);
+			readerAttack(data, setEmulatorMem, verbose);
 		}
 		
 		if (k_sector != NULL) {

client/cmdhfmf.h

@@ -28,19 +28,19 @@
 #include "nonce2key/nonce2key.h"
 
 int CmdHFMF(const char *Cmd);
-
-int CmdHF14AMfDbg(const char* cmd);
-int CmdHF14AMfRdBl(const char* cmd);
-int CmdHF14AMfURdBl(const char* cmd);
-int CmdHF14AMfRdSc(const char* cmd);
-int CmdHF14SMfURdCard(const char* cmd);
-int CmdHF14AMfDump(const char* cmd);
-int CmdHF14AMfRestore(const char* cmd);
-int CmdHF14AMfWrBl(const char* cmd);
-int CmdHF14AMfUWrBl(const char* cmd);
-int CmdHF14AMfChk(const char* cmd);
-int CmdHF14AMifare(const char* cmd);
-int CmdHF14AMfNested(const char* cmd);
+
+int CmdHF14AMfDbg(const char* cmd);
+int CmdHF14AMfRdBl(const char* cmd);
+int CmdHF14AMfURdBl(const char* cmd);
+int CmdHF14AMfRdSc(const char* cmd);
+int CmdHF14SMfURdCard(const char* cmd);
+int CmdHF14AMfDump(const char* cmd);
+int CmdHF14AMfRestore(const char* cmd);
+int CmdHF14AMfWrBl(const char* cmd);
+int CmdHF14AMfUWrBl(const char* cmd);
+int CmdHF14AMfChk(const char* cmd);
+int CmdHF14AMifare(const char* cmd);
+int CmdHF14AMfNested(const char* cmd);
 int CmdHF14AMfNestedHard(const char *Cmd);
 int CmdHF14AMfSniff(const char* cmd);
 int CmdHF14AMf1kSim(const char* cmd);
@@ -60,6 +60,6 @@ int CmdHF14AMfCLoad(const char* cmd);
 int CmdHF14AMfCSave(const char* cmd);
 int CmdHf14MfDecryptBytes(const char *Cmd);
 
-void readerAttack(nonces_t data[], bool setEmulatorMem);
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose);
 void printKeyTable( uint8_t sectorscnt, sector *e_sector );
 #endif

client/cmdhfmfhard.c

@@ -261,7 +261,10 @@ static double p_hypergeometric(uint16_t N, uint16_t K, uint16_t n, uint16_t k)
 		for (int16_t i = N; i >= N-n+1; i--) {
 			log_result -= log(i);
 		}
-		return exp(log_result);
+		if ( log_result > 0 )
+			return exp(log_result);
+		else 
+			return 0.0;
 	} else {
 		if (n-k == N-K) {	// special case. The published recursion below would fail with a divide by zero exception
 			double log_result = 0.0;
@@ -1312,7 +1315,7 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8)
 
 	if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
 
-	printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2.0));
+	printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2));
 	
 	init_statelist_cache();
 	
@@ -1329,9 +1332,9 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8)
 							// and eliminate the need to calculate the other part
 							if (MIN(partial_statelist[p].len[ODD_STATE], partial_statelist[r].len[ODD_STATE]) 
 									< MIN(partial_statelist[q].len[EVEN_STATE], partial_statelist[s].len[EVEN_STATE])) { 
-							add_matching_states(current_candidates, p, r, ODD_STATE);
+								add_matching_states(current_candidates, p, r, ODD_STATE);
 								if(current_candidates->len[ODD_STATE]) {
-							add_matching_states(current_candidates, q, s, EVEN_STATE);
+									add_matching_states(current_candidates, q, s, EVEN_STATE);
 								} else {
 									current_candidates->len[EVEN_STATE] = 0;
 									uint32_t *p = current_candidates->states[EVEN_STATE] = malloc(sizeof(uint32_t));
@@ -1363,7 +1366,7 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8)
 
 	if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
 
-	float kcalc = log(maximum_states)/log(2.0);
+	float kcalc = log(maximum_states)/log(2);
 	printf("Number of remaining possible keys: %"PRIu64" (2^%1.1f)\n", maximum_states, kcalc);
 	if (write_stats) {
 		if (maximum_states != 0) {
@@ -1703,7 +1706,7 @@ static bool brute_force(void)
 		crypto1_bs_init();
 
 		PrintAndLog("Using %u-bit bitslices", MAX_BITSLICES);
-		PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02x...", best_first_bytes[0]^(cuid>>24));
+		PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02X ...", best_first_bytes[0]^(cuid>>24));
 		// convert to 32 bit little-endian
 		crypto1_bs_bitslice_value32((best_first_bytes[0]<<24)^cuid, bitsliced_rollback_byte, 8);
 
@@ -1744,14 +1747,14 @@ static bool brute_force(void)
 		}
 
 		time(&end);
-		double elapsed_time = difftime(end, start);
+		unsigned long  elapsed_time = difftime(end, start);
 
 		if (keys_found && TestIfKeyExists(foundkey)) {
-			PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %.f seconds", total_states_tested, keys_found, elapsed_time);
+			PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time);
 			PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey);
 			ret = true;
 		} else {
-			PrintAndLog("Fail! Tested %"PRIu32" states, in %.f seconds", total_states_tested, elapsed_time);
+			PrintAndLog("Fail! Tested %"PRIu32" states, in %u seconds", total_states_tested, elapsed_time);
 		}
 
 		// reset this counter for the next call

client/cmdlf.c

@@ -1019,10 +1019,17 @@ int CmdLFfind(const char *Cmd) {
 	}
 	if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
 
+	// if ( justNoise(GraphBuffer, GraphTraceLen) ) {
+		// PrintAndLog("Signal looks just like noise. Quitting.");
+		// return 0;
+	// }
+	
 	PrintAndLog("NOTE: some demods output possible binary\n  if it finds something that looks like a tag");
 	PrintAndLog("False Positives ARE possible\n");  
 	PrintAndLog("\nChecking for known tags:\n");
 
+
+		
 	ans=CmdFSKdemodIO("");
 	if (ans>0) {
 		PrintAndLog("\nValid IO Prox ID Found!");

client/nonce2key/nonce2key.c

@@ -156,7 +156,7 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
 }
 
 // 32 bit recover key from 2 nonces
-bool tryMfk32(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose) {
 	struct Crypto1State *s,*t;
 	uint64_t outkey = 0;
 	uint64_t key=0;     // recovered key
@@ -166,22 +166,24 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) {
 	uint32_t ar0_enc = data.ar;  // first encrypted reader response
 	uint32_t nr1_enc = data.nr2; // second encrypted reader challenge
 	uint32_t ar1_enc = data.ar2; // second encrypted reader response
-	clock_t t1 = clock();
 	bool isSuccess = FALSE;
 	uint8_t counter = 0;
-
-	printf("Recovering key for:\n");
-	printf("    uid: %08x\n",uid);
-	printf("     nt: %08x\n",nt);
-	printf(" {nr_0}: %08x\n",nr0_enc);
-	printf(" {ar_0}: %08x\n",ar0_enc);
-	printf(" {nr_1}: %08x\n",nr1_enc);
-	printf(" {ar_1}: %08x\n",ar1_enc);
-
-	printf("\nLFSR succesors of the tag challenge:\n");
+	
+	clock_t t1 = clock();
 	uint32_t p64 = prng_successor(nt, 64);
-	printf("  nt': %08x\n", p64);
-	printf(" nt'': %08x\n", prng_successor(p64, 32));
+		
+	if ( verbose ) {
+		printf("Recovering key for:\n");
+		printf("    uid: %08x\n",uid);
+		printf("     nt: %08x\n",nt);
+		printf(" {nr_0}: %08x\n",nr0_enc);
+		printf(" {ar_0}: %08x\n",ar0_enc);
+		printf(" {nr_1}: %08x\n",nr1_enc);
+		printf(" {ar_1}: %08x\n",ar1_enc);
+		printf("\nLFSR succesors of the tag challenge:\n");
+		printf("  nt': %08x\n", p64);
+		printf(" nt'': %08x\n", prng_successor(p64, 32));
+	}
 	
 	s = lfsr_recovery32(ar0_enc ^ p64, 0);
   
@@ -193,7 +195,6 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) {
 		crypto1_word(t, uid ^ nt, 0);
 		crypto1_word(t, nr1_enc, 1);
 		if (ar1_enc == (crypto1_word(t, 0, 0) ^ p64)) {
-			//PrintAndLog("Found Key: [%012"llx"]", key);
 			outkey = key;
 			++counter;
 			if (counter==20) break;
@@ -208,7 +209,7 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) {
 	return isSuccess;
 }
 
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose) {
 	struct Crypto1State *s, *t;
 	uint64_t outkey  = 0;
 	uint64_t key 	 = 0;			     // recovered key
@@ -222,25 +223,25 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
 	uint32_t ar1_enc = data.ar2; // second encrypted reader response	
 	bool isSuccess = FALSE;
 	int counter = 0;
-	
-	printf("Recovering key for:\n");
-	printf("    uid: %08x\n",uid);
-	printf("   nt_0: %08x\n",nt0);
-	printf(" {nr_0}: %08x\n",nr0_enc);
-	printf(" {ar_0}: %08x\n",ar0_enc);
-	printf("   nt_1: %08x\n",nt1);
-	printf(" {nr_1}: %08x\n",nr1_enc);
-	printf(" {ar_1}: %08x\n",ar1_enc);
 
-	//PrintAndLog("Enter mfkey32_moebius");
 	clock_t t1 = clock();
 
-	printf("\nLFSR succesors of the tag challenge:\n");
 	uint32_t p640 = prng_successor(nt0, 64);
 	uint32_t p641 = prng_successor(nt1, 64);
 	
-	printf("  nt': %08x\n", p640);
-	printf(" nt'': %08x\n", prng_successor(p640, 32));
+	if (verbose) {
+		printf("Recovering key for:\n");
+		printf("    uid: %08x\n", uid);
+		printf("   nt_0: %08x\n", nt0);
+		printf(" {nr_0}: %08x\n", nr0_enc);
+		printf(" {ar_0}: %08x\n", ar0_enc);
+		printf("   nt_1: %08x\n", nt1);
+		printf(" {nr_1}: %08x\n", nr1_enc);
+		printf(" {ar_1}: %08x\n", ar1_enc);
+		printf("\nLFSR succesors of the tag challenge:\n");
+		printf("  nt': %08x\n", p640);
+		printf(" nt'': %08x\n", prng_successor(p640, 32));
+	}
 	
 	s = lfsr_recovery32(ar0_enc ^ p640, 0);
   
@@ -253,7 +254,6 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
 		crypto1_word(t, uid ^ nt1, 0);
 		crypto1_word(t, nr1_enc, 1);
 		if (ar1_enc == (crypto1_word(t, 0, 0) ^ p641)) {
-			//PrintAndLog("Found Key: [%012"llx"]",key);
 			outkey=key;
 			++counter;
 			if (counter==20) break;

client/nonce2key/nonce2key.h

@@ -27,8 +27,8 @@ extern int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info,
 extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, uint32_t nr, uint64_t ks_info, uint64_t * key);
 
 //iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim"
-bool tryMfk32(nonces_t data, uint64_t *outputkey );
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey );  // <<-- this one has best success
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose );
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose);  // <<-- this one has best success
 int tryMfk64_ex(uint8_t *data, uint64_t *outputkey );
 int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
 #endif