From ff7cd9d84d899695836b2657672191e149f0baec Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 13 May 2019 23:11:05 +0200 Subject: [PATCH] CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES needs 6 bytes of data. used as SendCommandMIX(CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4, NULL, 0); sent to MifareAcquireEncryptedNonces(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes); void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain) { [...] uint64_t ui64Key = bytes_to_num(datain, 6); => we should always send 6 bytes for "bytes_to_num" --- client/cmdhfmfhard.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index cdbd092d8..672064987 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -1385,15 +1385,16 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ flags |= field_off ? 0x0004 : 0; clearCommandBuffer(); - SendCommandOLD(CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, flags, key, 6); + SendCommandMIX(CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, flags, key, 6); if (field_off) break; if (initialize) { if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) { + uint8_t nullkey[6] = {0}; //strange second call (iceman) clearCommandBuffer(); - SendCommandMIX(CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4, NULL, 0); + SendCommandMIX(CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4, nullkey, sizeof(nullkey)); return 1; } if (resp.oldarg[0]) return resp.oldarg[0]; // error during nested_hard