Fix inconsistent assignment of known key and known key type/sector

Next-Flip · Oct 18, 2024 · 897817a · 897817a
1 parent 2be0cfb
commit 897817a
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/lib/nfc/protocols/mf_classic/mf_classic.c b/lib/nfc/protocols/mf_classic/mf_classic.c
@@ -543,6 +543,22 @@ void mf_classic_set_key_not_found(
     }
 }
 
+MfClassicKey
+    mf_classic_get_key(const MfClassicData* data, uint8_t sector_num, MfClassicKeyType key_type) {
+    furi_check(data);
+    furi_check(sector_num < mf_classic_get_total_sectors_num(data->type));
+    furi_check(key_type == MfClassicKeyTypeA || key_type == MfClassicKeyTypeB);
+
+    const MfClassicSectorTrailer* sector_trailer =
+        mf_classic_get_sector_trailer_by_sector(data, sector_num);
+
+    if(key_type == MfClassicKeyTypeA) {
+        return sector_trailer->key_a;
+    } else {
+        return sector_trailer->key_b;
+    }
+}
+
 bool mf_classic_is_block_read(const MfClassicData* data, uint8_t block_num) {
     furi_check(data);
 

diff --git a/lib/nfc/protocols/mf_classic/mf_classic.h b/lib/nfc/protocols/mf_classic/mf_classic.h
@@ -213,6 +213,9 @@ void mf_classic_set_key_not_found(
     uint8_t sector_num,
     MfClassicKeyType key_type);
 
+MfClassicKey
+    mf_classic_get_key(const MfClassicData* data, uint8_t sector_num, MfClassicKeyType key_type);
+
 bool mf_classic_is_block_read(const MfClassicData* data, uint8_t block_num);
 
 void mf_classic_set_block_read(MfClassicData* data, uint8_t block_num, MfClassicBlock* block_data);

diff --git a/lib/nfc/protocols/mf_classic/mf_classic_poller.c b/lib/nfc/protocols/mf_classic/mf_classic_poller.c
@@ -10,6 +10,7 @@
 // TODO: Store target key in CUID dictionary
 // TODO: Dead code for malloc returning NULL?
 // TODO: Auth1 static encrypted exists (rare)
+// TODO: Use keys found by NFC plugins, cached keys
 
 #define MF_CLASSIC_MAX_BUFF_SIZE (64)
 
@@ -1817,12 +1818,13 @@ NfcCommand mf_classic_poller_handler_nested_controller(MfClassicPoller* instance
     bool initial_dict_attack_iter = false;
     if(dict_attack_ctx->nested_phase == MfClassicNestedPhaseNone) {
         dict_attack_ctx->auth_passed = true;
-        dict_attack_ctx->nested_known_key = dict_attack_ctx->current_key;
         bool backdoor_present = (dict_attack_ctx->backdoor != MfClassicBackdoorNone);
         if(!(backdoor_present)) {
             for(uint8_t sector = 0; sector < instance->sectors_total; sector++) {
                 for(uint8_t key_type = 0; key_type < 2; key_type++) {
                     if(mf_classic_is_key_found(instance->data, sector, key_type)) {
+                        dict_attack_ctx->nested_known_key =
+                            mf_classic_get_key(instance->data, sector, key_type);
                         dict_attack_ctx->nested_known_key_sector = sector;
                         dict_attack_ctx->nested_known_key_type = key_type;
                         break;

diff --git a/targets/f7/api_symbols.csv b/targets/f7/api_symbols.csv
@@ -1,5 +1,5 @@
 entry,status,name,type,params
-Version,+,77.2,,
+Version,+,77.3,,
 Header,+,applications/drivers/subghz/cc1101_ext/cc1101_ext_interconnect.h,,
 Header,+,applications/services/bt/bt_service/bt.h,,
 Header,+,applications/services/bt/bt_service/bt_keys_storage.h,,
@@ -2512,6 +2512,7 @@ Function,+,mf_classic_get_base_data,Iso14443_3aData*,const MfClassicData*
 Function,+,mf_classic_get_blocks_num_in_sector,uint8_t,uint8_t
 Function,+,mf_classic_get_device_name,const char*,"const MfClassicData*, NfcDeviceNameType"
 Function,+,mf_classic_get_first_block_num_of_sector,uint8_t,uint8_t
+Function,+,mf_classic_get_key,MfClassicKey,"const MfClassicData*, uint8_t, MfClassicKeyType"
 Function,+,mf_classic_get_read_sectors_and_keys,void,"const MfClassicData*, uint8_t*, uint8_t*"
 Function,+,mf_classic_get_sector_by_block,uint8_t,uint8_t
 Function,+,mf_classic_get_sector_trailer_by_sector,MfClassicSectorTrailer*,"const MfClassicData*, uint8_t"