1.3.0 - Check first_byte_sum (no more invalid ones)

RogueMaster · May 1, 2023 · 34a5408 · 34a5408
1 parent f15f924
commit 34a5408
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 36 deletions.
diff --git a/lib/nested/nested.c b/lib/nested/nested.c
@@ -545,14 +545,15 @@ struct nonce_info nested_attack(
     return r;
 }
 
-struct nonce_info_hard hard_nested_collect_nonces(
+struct nonce_info_hard nested_hard_nonce_attack(
     FuriHalNfcTxRxContext* tx_rx,
     uint8_t blockNo,
     uint8_t keyType,
     uint8_t targetBlockNo,
     uint8_t targetKeyType,
     uint64_t ui64Key,
     uint32_t* found,
+    uint32_t* first_byte_sum,
     Stream* file_stream) {
     uint32_t cuid = 0;
     uint8_t same = 0;
@@ -585,11 +586,6 @@ struct nonce_info_hard hard_nested_collect_nonces(
                 (oddparity8(tx_rx->rx_data[j]) != ((tx_rx->rx_parity[0] >> (7 - j)) & 0x01));
         }
 
-        // update unique nonces
-        if(!found[tx_rx->rx_data[0]]) {
-            found[tx_rx->rx_data[0]]++;
-        }
-
         uint8_t pbits = 0;
         for(uint8_t j = 0; j < 4; j++) {
             uint8_t p = oddparity8(tx_rx->rx_data[j]);
@@ -600,6 +596,12 @@ struct nonce_info_hard hard_nested_collect_nonces(
             pbits |= p;
         }
 
+        // update unique nonces
+        if(!found[tx_rx->rx_data[0]]) {
+            *first_byte_sum += evenparity32(pbits & 0x08);
+            found[tx_rx->rx_data[0]]++;
+        }
+
         if(nt == previous) {
             same++;
         }

diff --git a/lib/nested/nested.h b/lib/nested/nested.h
@@ -62,14 +62,15 @@ struct nonce_info nested_attack(
     uint32_t distance,
     uint32_t delay);
 
-struct nonce_info_hard hard_nested_collect_nonces(
+struct nonce_info_hard nested_hard_nonce_attack(
     FuriHalNfcTxRxContext* tx_rx,
     uint8_t blockNo,
     uint8_t keyType,
     uint8_t targetBlockNo,
     uint8_t targetKeyType,
     uint64_t ui64Key,
     uint32_t* found,
+    uint32_t* first_byte_sum,
     Stream* file_stream);
 
 uint32_t nested_calibrate_distance(

diff --git a/mifare_nested_i.h b/mifare_nested_i.h
@@ -19,7 +19,7 @@
 #include <lib/nfc/nfc_device.h>
 #include "mifare_nested_icons.h"
 
-#define NESTED_VERSION_APP "1.2.5"
+#define NESTED_VERSION_APP "1.3.0"
 #define NESTED_GITHUB_LINK "https://github.com/AloneLiberty/FlipperNested"
 #define NESTED_RECOVER_KEYS_GITHUB_LINK "https://github.com/AloneLiberty/FlipperNestedRecovery"
 #define NESTED_NONCE_FORMAT_VERSION "3"

diff --git a/mifare_nested_worker.c b/mifare_nested_worker.c
@@ -13,6 +13,10 @@
 
 #define TAG "MifareNestedWorker"
 
+// possible sum property values
+static uint16_t sums[] =
+    {0, 32, 56, 64, 80, 96, 104, 112, 120, 128, 136, 144, 152, 160, 176, 192, 200, 224, 256};
+
 void mifare_nested_worker_change_state(
     MifareNestedWorker* mifare_nested_worker,
     MifareNestedWorkerState state) {
@@ -468,7 +472,7 @@ uint32_t mifare_nested_worker_predict_delay(
     }
 
     free(crypto);
-    
+
     return 1;
 }
 
@@ -876,50 +880,54 @@ void mifare_nested_worker_collect_nonces_hard(MifareNestedWorker* mifare_nested_
                 continue;
             }
 
-            Stream* file_stream = file_stream_alloc(storage);
-            FuriString* hardnested_file = furi_string_alloc();
-            mifare_nested_worker_get_hardnested_file_path(
-                &data, hardnested_file, sector, key_type);
-
-            file_stream_open(
-                file_stream,
-                furi_string_get_cstr(hardnested_file),
-                FSAM_READ_WRITE,
-                FSOM_CREATE_ALWAYS);
-
-            FuriString* header = furi_string_alloc_printf(
-                "Filetype: Flipper Nested Nonces File\nVersion: %s\nNote: you will need desktop app to recover keys: %s\nKey %c cuid 0x%08lx sec %u\n",
-                NESTED_NONCE_FORMAT_VERSION,
-                NESTED_RECOVER_KEYS_GITHUB_LINK,
-                !key_type ? 'A' : 'B',
-                cuid,
-                sector);
-
-            stream_write_string(file_stream, header);
-            furi_string_free(header);
-            furi_string_free(hardnested_file);
-
             while(!info->collected &&
                   mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
+                Stream* file_stream = file_stream_alloc(storage);
+                FuriString* hardnested_file = furi_string_alloc();
+                mifare_nested_worker_get_hardnested_file_path(
+                    &data, hardnested_file, sector, key_type);
+
+                file_stream_open(
+                    file_stream,
+                    furi_string_get_cstr(hardnested_file),
+                    FSAM_READ_WRITE,
+                    FSOM_CREATE_ALWAYS);
+
+                FuriString* header = furi_string_alloc_printf(
+                    "Filetype: Flipper Nested Nonces File\nVersion: %s\nNote: you will need desktop app to recover keys: %s\nKey %c cuid 0x%08lx sec %u\n",
+                    NESTED_NONCE_FORMAT_VERSION,
+                    NESTED_RECOVER_KEYS_GITHUB_LINK,
+                    !key_type ? 'A' : 'B',
+                    cuid,
+                    sector);
+
+                stream_write_string(file_stream, header);
+                furi_string_free(header);
+
+                uint32_t first_byte_sum = 0;
                 uint32_t* found = malloc(sizeof(uint32_t) * 256);
                 for(uint32_t i = 0; i < 256; i++) {
                     found[i] = 0;
                 }
 
                 while(mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
-                    struct nonce_info_hard result = hard_nested_collect_nonces(
+                    struct nonce_info_hard result = nested_hard_nonce_attack(
                         &tx_rx,
                         key_block,
                         found_key_type,
                         mifare_nested_worker_get_block_by_sector(sector),
                         key_type,
                         key,
                         found,
+                        &first_byte_sum,
                         file_stream);
 
                     if(result.static_encrypted) {
-                        // TODO: Delete file?
                         file_stream_close(file_stream);
+
+                        storage_simply_remove(storage, furi_string_get_cstr(hardnested_file));
+
+                        furi_string_free(hardnested_file);
                         free(found);
                         free(mf_data);
                         nfc_deactivate();
@@ -946,6 +954,22 @@ void mifare_nested_worker_collect_nonces_hard(MifareNestedWorker* mifare_nested_
                         FURI_LOG_D(TAG, "Found states: %lu", states);
 
                         if(states == 256) {
+                            FURI_LOG_D(
+                                TAG, "All states collected, first_byte_sum: %lu", first_byte_sum);
+
+                            bool valid = false;
+                            for(uint8_t i = 0; i < sizeof(sums); i++) {
+                                if(sums[i] == first_byte_sum) {
+                                    valid = true;
+                                    break;
+                                }
+                            }
+
+                            if(!valid) {
+                                FURI_LOG_E(TAG, "Invalid first_byte_sum!");
+                                break;
+                            }
+
                             info->collected = true;
                             info->hardnested = true;
                             nonces->cuid = result.cuid;
@@ -966,9 +990,9 @@ void mifare_nested_worker_collect_nonces_hard(MifareNestedWorker* mifare_nested_
                 }
 
                 free(found);
+                furi_string_free(hardnested_file);
+                file_stream_close(file_stream);
             }
-
-            file_stream_close(file_stream);
         }
     }