nfc: Fix sector overrun in MFC nested dictionary attack #4048
Conversation
GMMan
requested review from
Astrrra,
DrZlo13,
gornekich,
gsurkov,
hedger and
skotopes
as code owners
GMMan
force-pushed
the
nfc-fix-mfc-mfplus-crash
branch
from
892a19b to
bb27473
Compare
|
Possible regression with this PR or 3822 for Hardnested. Waiting on a card I ordered 2 weeks ago to isolate a crash. edit: 2K cards aren't recognized, which seems like the root cause for any sector overrun? |
Potentially addressed in #4053 |
|
This should be the correct fix for this issue (rather than fixing a byproduct of the crash): noproto/xero-firmware@56fe7b0 Tested and would welcome feedback. |
That code does not crash, but it also causes some keys to not be detected. I've previously mentioned to @noproto that he can open another PR with the new code and I can close this one whenever that PR is made. |
|
@hedger this is the fix, the PR is out of date: #4048 (comment) Edit: Opened #4288 |
4 participants
What's new
X2k variants in SL1.Verification
X2k variants in SL1Checklist (For Reviewer)
I'm not sure what the actual intended flow is supposed to be when the dictionary attack runs off the end of the card. I assume it would loop back and continue to check the first part of the dictionary, but it could also just move on to nonce collection, although that would involve some refactoring to free up the loaded dictionaries. Probably something for @noproto to clarify.
Edit: I've discovered that the test card in question is actually a MIFARE Plus EV1. Flipper's detection of this is not quite working, and because the card gave the same historical bytes as MIFARE Plus X, it was incorrectly assumed to be that chip.