hf mf autopwn #db# AcquireNonces: Auth1 error loop

Fl0-0 commented 4 years ago

hf mf autopwn does not work and loop on #db# AcquireNonces: Auth1 error

To Reproduce Steps to reproduce the behavior:

Try hf mf autopwn on on mifare classic with HARD prng
The hardnested attack phase fails with #db# AcquireNonces: Auth1 error` loop:

[usb] pm3 --> hf mf autopwn
[!] no known key was supplied, key recovery might fail          
[+] loaded 23 keys from hardcoded default array          
[=] running strategy 1          
...          
[+] Chunk: 7.7s | found 14/32 keys (23)

[=] running strategy 2          
...          
[+] Chunk: 7.4s | found 14/32 keys (23)

[+] target sector:  0 key type: A -- found valid key [  A0 A1 A2 A3 A4 A5  ] (used for nested / hardnested attack)          
[+] target sector:  0 key type: B -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector:  3 key type: A -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector:  3 key type: B -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector:  9 key type: A -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector:  9 key type: B -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector: 10 key type: A -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector: 10 key type: B -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector: 11 key type: A -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector: 11 key type: B -- found valid key [  FF FF FF FF FF FF  ]          
[+] target sector: 12 key type: A -- found valid key [  A0 A1 A2 A3 A4 A5  ]          
[+] target sector: 13 key type: A -- found valid key [  A0 A1 A2 A3 A4 A5  ]          
[+] target sector: 14 key type: A -- found valid key [  A0 A1 A2 A3 A4 A5  ]          
[+] target sector: 15 key type: A -- found valid key [  A0 A1 A2 A3 A4 A5  ]          
[+] Using AVX2 SIMD core.          

 time    | #nonces | Activity                                                | expected to brute force          
         |         |                                                         | #states         | time           
------------------------------------------------------------------------------------------------------          
       0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |          
       0 |       0 | Brute force benchmark: 1036 million (2^29.9) keys/s     | 140737488355328 |    2d          
       1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    2d          
#db# AcquireNonces: Auth1 error          
#db# AcquireNonces: Auth1 error          
#db# AcquireNonces: Auth1 error          
#db# AcquireNonces: Auth1 error          
#db# AcquireNonces: Auth1 error
................

Expected behavior It works well when i do it manually:

[usb] pm3 --> hf mf hardnested 0 A A0A1A2A3A4A5 4 A
--target block no:  4, target key type:A, known target key: 0x000000000000 (not set), file action: none, Slow: No, Tests: 0           
[+] Using AVX2 SIMD core.          

 time    | #nonces | Activity                                                | expected to brute force          
         |         |                                                         | #states         | time           
------------------------------------------------------------------------------------------------------          
       0 |       0 | Start using 8 threads and AVX2 SIMD core                |                 |          
       0 |       0 | Brute force benchmark: 1152 million (2^30.1) keys/s     | 140737488355328 |   34h          
       1 |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |   34h          
       4 |     112 | Apply bit flip properties                               |     61067862016 |   53s          
       5 |     223 | Apply bit flip properties                               |      6988976640 |    6s          
       6 |     335 | Apply bit flip properties                               |      3215611904 |    3s          
       7 |     446 | Apply bit flip properties                               |      3163382528 |    3s          
       8 |     557 | Apply bit flip properties                               |      2735795712 |    2s          
       8 |     667 | Apply bit flip properties                               |      2735795712 |    2s          
       9 |     779 | Apply bit flip properties                               |      2735795712 |    2s          
      10 |     890 | Apply bit flip properties                               |      2735795712 |    2s          
      11 |     999 | Apply bit flip properties                               |      2735795712 |    2s          
      11 |    1108 | Apply bit flip properties                               |      2735795712 |    2s          
      12 |    1217 | Apply bit flip properties                               |      2735795712 |    2s          
      13 |    1327 | Apply bit flip properties                               |      2735795712 |    2s          
      14 |    1437 | Apply bit flip properties                               |      2735795712 |    2s          
      15 |    1546 | Apply bit flip properties                               |      2735795712 |    2s          
      16 |    1656 | Apply bit flip properties                               |      2735795712 |    2s          
      16 |    1768 | Apply bit flip properties                               |      2735795712 |    2s          
      17 |    1878 | Apply bit flip properties                               |      2735795712 |    2s          
      18 |    1987 | Apply bit flip properties                               |      2735795712 |    2s          
      19 |    2097 | Apply bit flip properties                               |      2735795712 |    2s          
      21 |    2206 | Apply Sum property. Sum(a0) = 112                       |       166733088 |    0s          
      22 |    2206 | Brute force phase completed. Key found: 6##########a    |               0 |    0s

Desktop (please complete the following information):

OS: Kali Linux
inside proxmark3 client run the following commands and paste the output here:

hf mf autopwn
hf mf chk *1 ? t
hf mf hardnested 0 A A0A1A2A3A4A5 4 A

hw version:

[ Proxmark3 RFID instrument ] 

 [ CLIENT ]          
  client: RRG/Iceman          
  compiled with GCC 9.2.1 20190909 OS:Linux ARCH:x86_64          

 [ PROXMARK3 RDV4 ]          
  external flash:                  present           
  smartcard reader:                present           

 [ PROXMARK3 RDV4 Extras ]          
  FPC USART for BT add-on support: present           
  FPC USART for developer support: present           

 [ ARM ]
  bootrom: RRG/Iceman/master/8ea04a42 2019-10-16 09:16:53
       os: RRG/Iceman/master/0b481474 2019-10-24 13:22:38
  compiled with GCC 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]

 [ FPGA ]
  LF image built for 2s30vq100 on 2019/ 7/31 at 15:57:16
  HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23          

 [ Hardware ]           
  --= uC: AT91SAM7S512 Rev A          
  --= Embedded Processor: ARM7TDMI          
  --= Nonvolatile Program Memory Size: 512K bytes, Used: 277792 bytes (53%) Free: 246496 bytes (47%)          
  --= Second Nonvolatile Program Memory Size: None          
  --= Internal SRAM Size: 64K bytes          
  --= Architecture Identifier: AT91SAM7Sxx Series          
  --= Nonvolatile Program Memory Type: Embedded Flash Memory

hw status:

[usb] pm3 --> hw status
#db# Memory           
#db#   BIGBUF_SIZE.............40000          
#db#   Available memory........39944          
#db# Tracing           
#db#   tracing ................1          
#db#   traceLen ...............0          
#db# Currently loaded FPGA image           
#db#   mode.................... HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23          
#db# Flash memory           
#db#   Baudrate................24 MHz           
#db#   Init....................OK           
#db#   Memory size.............2 mbits / 256 kb           
#db#   Unique ID...............0xD567A882A72BA726          
#db# Smart card module (ISO 7816)           
#db#   version.................v3.11           
#db# LF Sampling config           
#db#   [q] divisor.............95 ( 125.00 kHz )          
#db#   [b] bps.................8          
#db#   [d] decimation..........1          
#db#   [a] averaging...........Yes          
#db#   [t] trigger threshold...0          
#db#   [s] samples to skip.....0           
#db# LF T55XX config           
#db#            [r]               [a]   [b]   [c]   [d]   [e]   [f]   [g]          
#db#            mode            |start|write|write|write| read|write|write          
#db#                            | gap | gap |  0  |  1  | gap |  2  |  3          
#db# ---------------------------+-----+-----+-----+-----+-----+-----+------          
#db# fixed bit length (default) |  29 |  17 |  15 |  47 |  15 | N/A | N/A |           
#db#     long leading reference |  31 |  20 |  18 |  50 |  15 | N/A | N/A |           
#db#               leading zero |  31 |  20 |  18 |  40 |  15 | N/A | N/A |           
#db#    1 of 4 coding reference |  29 |  17 |  15 |  31 |  15 |  47 |  63 |           
#db#           
#db# Transfer Speed           
#db#   Sending packets to client...          
#db#   Time elapsed............500ms          
#db#   Bytes transferred.......309760          
#db#   Transfer Speed PM3 -> Client = 619520 bytes/s          
#db# Various           
#db#   DBGLEVEL................1          
#db#   ToSendMax...............-1          
#db#   ToSendBit...............0          
#db#   ToSend BUFFERSIZE.......2308          
#db#   Slow clock..............31468 Hz          
#db# Installed StandAlone Mode           
#db#   HF Mifare sniff/simulation - (Craig Young)          
#db# Flash memory dictionary loaded           
#db#   Mifare..................859 keys          
#db#   T55x7...................109 keys          
#db#   iClass..................7 keys

data tune

[+] LF antenna: 69.40 V - 125.00 kHz          
[+] LF antenna: 41.50 V - 133.33 kHz          
[+] LF optimal: 70.39 V - 126.32 kHz          
[+] LF antenna is OK  

[+] HF antenna: 48.58 V - 13.56 MHz          
[+] HF antenna is OK           

[+] Displaying LF tuning graph. Divisor 89 is 133.33 kHz, 95 is 125.00 kHz.

Fl0-0 commented 4 years ago

After playing with gdb and tracing the call to mfnestedhard(), i discovered that the key argument is NULL.

Call to mfnestedhard() by hf mf hardnested 0 A A0A1A2A3A4A5 4 A:

#0  mfnestedhard (blockNo=blockNo@entry=0x0, keyType=keyType@entry=0x0, key=key@entry=0x7fffea322224 "\240\241\242\243\244\245", trgBlockNo=trgBlockNo@entry=0x4, trgKeyType=trgKeyType@entry=0x0, 
    trgkey=trgkey@entry=0x0, nonce_file_read=0x0, nonce_file_write=0x0, slow=0x0, tests=0x0, foundkey=0x7fffea322230, filename=0x7fffea322620 "") at cmdhfmfhard.c:2161

Call to mfnestedhard() by hf mf autopwn:

#0  mfnestedhard (blockNo=blockNo@entry=0x0, keyType=keyType@entry=0x0, key=key@entry=0x7fffea32d39c "", trgBlockNo=trgBlockNo@entry=0x4, trgKeyType=trgKeyType@entry=0x0, trgkey=trgkey@entry=0x0, 
    nonce_file_read=0x0, nonce_file_write=0x0, slow=0x0, tests=0x0, foundkey=0x7fffea32d3b8, filename=0x0) at cmdhfmfhard.c:2161

Commit https://github.com/RfidResearchGroup/proxmark3/commit/abb011c179beb89f571288cf3770229bde17fbac change key for tmp_key, it works again with key.

ikarus23 commented 4 years ago

Can confirm. I noticed this behavior too. hf mf autopwn does not work while manual hf mf hardnested works.

iceman1001 commented 4 years ago

I need to verify the coverity issue related with this.

Fl0-0 commented 4 years ago

Any news on this issue ?

doegox commented 4 years ago

see my comment on the PR, thanks for your help @Fl0-0 !

iceman1001 commented 4 years ago

yup, thanks @Fl0-0 !

RfidResearchGroup / proxmark3

hf mf autopwn #db# AcquireNonces: Auth1 error loop #450