NFC: Fix key invalidation logic (#2782)

* NFC: Fix key invalidation logic * NFC: Fix crash in CLI with empty response * Fix incorrect key conversions * Proper call to nfc_util Co-authored-by: あく <alleteam@gmail.com> Co-authored-by: Astra <me@astrra.space>
flipperdevices · Jun 29, 2023 · e5ae3e2 · e5ae3e2
1 parent c10c456
commit e5ae3e2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/applications/main/nfc/nfc_cli.c b/applications/main/nfc/nfc_cli.c
@@ -144,6 +144,10 @@ static void nfc_cli_apdu(Cli* cli, FuriString* args) {
                 break;
             }
             resp_size = (tx_rx.rx_bits / 8) * 2;
+            if(!resp_size) {
+                printf("No response\r\n");
+                break;
+            }
             resp_buffer = malloc(resp_size);
             uint8_to_hex_chars(tx_rx.rx_data, resp_buffer, resp_size);
             resp_buffer[resp_size] = 0;

diff --git a/lib/nfc/nfc_worker.c b/lib/nfc/nfc_worker.c
@@ -940,14 +940,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
                     deactivated = true;
                 } else {
                     // If the key A is marked as found and matches the searching key, invalidate it
-                    uint8_t found_key[6];
-                    memcpy(found_key, data->block[i].value, 6);
+                    MfClassicSectorTrailer* sec_trailer =
+                        mf_classic_get_sector_trailer_by_sector(data, i);
 
                     uint8_t current_key[6];
-                    memcpy(current_key, &key, 6);
+                    nfc_util_num2bytes(key, 6, current_key);
 
                     if(mf_classic_is_key_found(data, i, MfClassicKeyA) &&
-                       memcmp(found_key, current_key, 6) == 0) {
+                       memcmp(sec_trailer->key_a, current_key, 6) == 0) {
                         mf_classic_set_key_not_found(data, i, MfClassicKeyA);
                         is_key_a_found = false;
                         FURI_LOG_D(TAG, "Key %dA not found in attack", i);
@@ -966,14 +966,14 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
                     deactivated = true;
                 } else {
                     // If the key B is marked as found and matches the searching key, invalidate it
-                    uint8_t found_key[6];
-                    memcpy(found_key, data->block[i].value + 10, 6);
+                    MfClassicSectorTrailer* sec_trailer =
+                        mf_classic_get_sector_trailer_by_sector(data, i);
 
                     uint8_t current_key[6];
-                    memcpy(current_key, &key, 6);
+                    nfc_util_num2bytes(key, 6, current_key);
 
                     if(mf_classic_is_key_found(data, i, MfClassicKeyB) &&
-                       memcmp(found_key, current_key, 6) == 0) {
+                       memcmp(sec_trailer->key_b, current_key, 6) == 0) {
                         mf_classic_set_key_not_found(data, i, MfClassicKeyB);
                         is_key_b_found = false;
                         FURI_LOG_D(TAG, "Key %dB not found in attack", i);
@@ -989,7 +989,7 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
                 }
                 if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;
             }
-            memcpy(&prev_key, &key, sizeof(key));
+            prev_key = key;
         }
         if(nfc_worker->state != NfcWorkerStateMfClassicDictAttack) break;
         mf_classic_read_sector(&tx_rx, data, i);