Skip to content

Do not respond to mifare simulation sectors out of bounds #2636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Nov 15, 2024
Merged

Do not respond to mifare simulation sectors out of bounds #2636

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
18db45b
mifare simulation: do not respond for authentication attempts for sec…
piotrva Nov 15, 2024
606c3ac
Update changelog to include information about fix for hf mf sim comma…
piotrva Nov 15, 2024
a9c10c8
Changed max sector for AUTH to be executed only once and result cache…
piotrva Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

## [unreleased][unreleased]
- Fixed `hf mf sim` not to respond to authentication attempts for sectors out of bound for selected Mifare type (@piotrva)
- Added option to build against non-default python3 with CMake as well (@doegox)
- Added option to build against non-default python3 with Makefile (@ANTodorov)
- Changed `hf 14a info` `hf mf info` - now detects FM1216-137 CPU cards (@iceman1001)
Expand Down
23 changes: 23 additions & 0 deletions armsrc/mifaresim.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,20 @@ static bool IsAccessAllowed(uint8_t blockNo, uint8_t keytype, uint8_t action) {
}
}

static uint8_t MifareMaxSector(uint16_t flags) {
if (IS_FLAG_MF_SIZE(flags, MIFARE_MINI_MAX_BYTES)) {
return MIFARE_MINI_MAXSECTOR;
} else if (IS_FLAG_MF_SIZE(flags, MIFARE_1K_MAX_BYTES)) {
return MIFARE_1K_MAXSECTOR;
} else if (IS_FLAG_MF_SIZE(flags, MIFARE_2K_MAX_BYTES)) {
return MIFARE_2K_MAXSECTOR;
} else if (IS_FLAG_MF_SIZE(flags, MIFARE_4K_MAX_BYTES)) {
return MIFARE_4K_MAXSECTOR;
} else {
return MIFARE_4K_MAXSECTOR;
}
}

static bool MifareSimInit(uint16_t flags, uint8_t *uid, uint16_t atqa, uint8_t sak, tag_response_info_t **responses, uint32_t *cuid, uint8_t *uid_len, uint8_t **rats, uint8_t *rats_len) {

uint8_t uid_tmp[10] = {0};
Expand Down Expand Up @@ -464,6 +478,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t

uint8_t cardWRBL = 0;
uint8_t cardAUTHSC = 0;
uint8_t cardMaxSEC = MifareMaxSector(flags);
uint8_t cardAUTHKEY = AUTHKEYNONE; // no authentication
uint32_t cardRr = 0;
uint32_t ans = 0;
Expand Down Expand Up @@ -769,6 +784,14 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t

if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] KEY %c: %012" PRIx64, (cardAUTHKEY == 0) ? 'A' : 'B', emlGetKey(cardAUTHSC, cardAUTHKEY));

// sector out of range - do not respond
if (cardAUTHSC >= cardMaxSEC) {
cardAUTHKEY = AUTHKEYNONE; // not authenticated
cardSTATE_TO_IDLE();
if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] Out of range sector %d(0x%02x)", cardAUTHSC, cardAUTHSC);
break;
}

// first authentication
crypto1_deinit(pcs);

Expand Down
Loading