MIFARE Classic Key Recovery Improvements (#3822)

* Initial structure for nonce collection
* Nonce logging
* Dictionary attack structure
* Fix compilation
* Identified method to reduce candidate states
* Use EXT_PATH instead of ANY_PATH
* Use median calibrated distance, collect parity bits
* Modify parity collection
* Fixed parity bit collection
* Add note to fix nonce logging
* Fix nonce logging
* Clean redundant code
* Fix valid_nonce
* First attempt disambiguous nonce implementation
* FM11RF08S backdoor detection
* Initial accelerated dictionary attack for weak PRNGs
* Refactor to nested dictionary attack
* Renaming some variables
* Hard PRNG support for accelerated dictionary attack
* Update found keys, initial attempt
* Update found keys, second attempt
* Code cleanup
* Misc bugfixes
* Only use dicts in search_dicts_for_nonce_key if we have them
* Collect nonces again
* Should be detecting both backdoors now
* Relocate backdoor detection
* Hardnested support
* Fix regression for regular nested attack
* Backdoor read
* Backdoor working up to calibration
* Backdoor nested calibration
* Don't recalibrate hard PRNG tags
* Static encrypted nonce collection
* Update TODO
* NFC app UI updates, MVP
* Bump f18 API version (all functions are NFC related)
* Add new backdoor key, fix UI status update carrying over from previous read
* Clear TODO line
* Fix v1/v2 backdoor nonce collection
* Speed up backdoor detection, alert on new backdoor
* Add additional condition to backdoor check
* I'll try freeing memory, that's a good trick!
* Do not enter nested attack if card is already finished
* Do not reset the poller between collected nonces
* Clean up various issues
* Fix Hardnested sector/key type logging
* Add nested_target_key 64 to TODO
* Implement progress bar for upgraded attacks in NFC app
* Typo
* Zero nested_target_key and msb_count on exit
* Note TODO (malloc)
* Dismiss duplicate nonces
* Fix calibration (ensure values are within 3 standard deviations)
* Log static
* No nested dictionary attack re-entry
* Note minor inefficiency
* Uniformly use crypto1_ prefix for symbols in Crypto1 API
* Fix include paths
* Fix include paths cont
* Support CUID dictionary
* Fix log levels
* Avoid storage errors, clean up temporary files
* Handle invalid key candidates
* Fix memory leak in static encrypted attack
* Fix memory leak, use COUNT_OF macro
* Use single call to free FuriString
* Refactor enums to avoid redefinition
* Fix multiple crashes and state machine logic
* Fix inconsistent assignment of known key and known key type/sector
* Backdoor known key logic still needs the current key
* Larger data type for 4K support
* Fix typo
* Fix issue with resume logic
* Mark TODOs for next PR
* Remove redundant assignment
* Fix size_t format specifier
* Simplify auth_passed condition

Co-authored-by: Aleksandr Kutuzov <[email protected]>
Co-authored-by: gornekich <[email protected]>

Author: 3 people

applications/debug/unit_tests/tests/nfc/nfc_test.c

@@ -496,7 +496,7 @@ NfcCommand mf_classic_poller_send_frame_callback(NfcGenericEventEx event, void*
             MfClassicKey key = {
                 .data = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
             };
-            error = mf_classic_poller_auth(instance, 0, &key, MfClassicKeyTypeA, NULL);
+            error = mf_classic_poller_auth(instance, 0, &key, MfClassicKeyTypeA, NULL, false);
             frame_test->state = (error == MfClassicErrorNone) ?
                                     NfcTestMfClassicSendFrameTestStateReadBlock :
                                     NfcTestMfClassicSendFrameTestStateFail;

applications/main/nfc/nfc_app_i.h

@@ -74,8 +74,12 @@
 #define NFC_APP_MFKEY32_LOGS_FILE_NAME ".mfkey32.log"
 #define NFC_APP_MFKEY32_LOGS_FILE_PATH (NFC_APP_FOLDER "/" NFC_APP_MFKEY32_LOGS_FILE_NAME)
 
-#define NFC_APP_MF_CLASSIC_DICT_USER_PATH   (NFC_APP_FOLDER "/assets/mf_classic_dict_user.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_USER_PATH (NFC_APP_FOLDER "/assets/mf_classic_dict_user.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH \
+    (NFC_APP_FOLDER "/assets/mf_classic_dict_user_nested.nfc")
 #define NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH (NFC_APP_FOLDER "/assets/mf_classic_dict.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH \
+    (NFC_APP_FOLDER "/assets/mf_classic_dict_nested.nfc")
 
 typedef enum {
     NfcRpcStateIdle,
@@ -93,6 +97,12 @@ typedef struct {
     bool is_key_attack;
     uint8_t key_attack_current_sector;
     bool is_card_present;
+    MfClassicNestedPhase nested_phase;
+    MfClassicPrngType prng_type;
+    MfClassicBackdoor backdoor;
+    uint16_t nested_target_key;
+    uint16_t msb_count;
+    bool enhanced_dict;
 } NfcMfClassicDictAttackContext;
 
 struct NfcApp {

applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c

@@ -1,11 +1,15 @@
 #include "../nfc_app_i.h"
 
+#include <bit_lib/bit_lib.h>
 #include <dolphin/dolphin.h>
-#include <lib/nfc/protocols/mf_classic/mf_classic_poller.h>
 
 #define TAG "NfcMfClassicDictAttack"
 
+// TODO FL-3926: Fix lag when leaving the dictionary attack view after Hardnested
+// TODO FL-3926: Re-enters backdoor detection between user and system dictionary if no backdoor is found
+
 typedef enum {
+    DictAttackStateCUIDDictInProgress,
     DictAttackStateUserDictInProgress,
     DictAttackStateSystemDictInProgress,
 } DictAttackState;
@@ -29,7 +33,9 @@ NfcCommand nfc_dict_attack_worker_callback(NfcGenericEvent event, void* context)
     } else if(mfc_event->type == MfClassicPollerEventTypeRequestMode) {
         const MfClassicData* mfc_data =
             nfc_device_get_data(instance->nfc_device, NfcProtocolMfClassic);
-        mfc_event->data->poller_mode.mode = MfClassicPollerModeDictAttack;
+        mfc_event->data->poller_mode.mode = (instance->nfc_dict_context.enhanced_dict) ?
+                                                MfClassicPollerModeDictAttackEnhanced :
+                                                MfClassicPollerModeDictAttackStandard;
         mfc_event->data->poller_mode.data = mfc_data;
         instance->nfc_dict_context.sectors_total =
             mf_classic_get_total_sectors_num(mfc_data->type);
@@ -58,6 +64,11 @@ NfcCommand nfc_dict_attack_worker_callback(NfcGenericEvent event, void* context)
         instance->nfc_dict_context.sectors_read = data_update->sectors_read;
         instance->nfc_dict_context.keys_found = data_update->keys_found;
         instance->nfc_dict_context.current_sector = data_update->current_sector;
+        instance->nfc_dict_context.nested_phase = data_update->nested_phase;
+        instance->nfc_dict_context.prng_type = data_update->prng_type;
+        instance->nfc_dict_context.backdoor = data_update->backdoor;
+        instance->nfc_dict_context.nested_target_key = data_update->nested_target_key;
+        instance->nfc_dict_context.msb_count = data_update->msb_count;
         view_dispatcher_send_custom_event(
             instance->view_dispatcher, NfcCustomEventDictAttackDataUpdate);
     } else if(mfc_event->type == MfClassicPollerEventTypeNextSector) {
@@ -117,19 +128,75 @@ static void nfc_scene_mf_classic_dict_attack_update_view(NfcApp* instance) {
         dict_attack_set_keys_found(instance->dict_attack, mfc_dict->keys_found);
         dict_attack_set_current_dict_key(instance->dict_attack, mfc_dict->dict_keys_current);
         dict_attack_set_current_sector(instance->dict_attack, mfc_dict->current_sector);
+        dict_attack_set_nested_phase(instance->dict_attack, mfc_dict->nested_phase);
+        dict_attack_set_prng_type(instance->dict_attack, mfc_dict->prng_type);
+        dict_attack_set_backdoor(instance->dict_attack, mfc_dict->backdoor);
+        dict_attack_set_nested_target_key(instance->dict_attack, mfc_dict->nested_target_key);
+        dict_attack_set_msb_count(instance->dict_attack, mfc_dict->msb_count);
     }
 }
 
 static void nfc_scene_mf_classic_dict_attack_prepare_view(NfcApp* instance) {
     uint32_t state =
         scene_manager_get_scene_state(instance->scene_manager, NfcSceneMfClassicDictAttack);
+    if(state == DictAttackStateCUIDDictInProgress) {
+        size_t cuid_len = 0;
+        const uint8_t* cuid = nfc_device_get_uid(instance->nfc_device, &cuid_len);
+        FuriString* cuid_dict_path = furi_string_alloc_printf(
+            "%s/mf_classic_dict_%08lx.nfc",
+            EXT_PATH("nfc/assets"),
+            (uint32_t)bit_lib_bytes_to_num_be(cuid + (cuid_len - 4), 4));
+
+        do {
+            if(!keys_dict_check_presence(furi_string_get_cstr(cuid_dict_path))) {
+                state = DictAttackStateUserDictInProgress;
+                break;
+            }
+
+            instance->nfc_dict_context.dict = keys_dict_alloc(
+                furi_string_get_cstr(cuid_dict_path),
+                KeysDictModeOpenExisting,
+                sizeof(MfClassicKey));
+
+            if(keys_dict_get_total_keys(instance->nfc_dict_context.dict) == 0) {
+                keys_dict_free(instance->nfc_dict_context.dict);
+                state = DictAttackStateUserDictInProgress;
+                break;
+            }
+
+            dict_attack_set_header(instance->dict_attack, "MF Classic CUID Dictionary");
+        } while(false);
+
+        furi_string_free(cuid_dict_path);
+    }
     if(state == DictAttackStateUserDictInProgress) {
         do {
+            instance->nfc_dict_context.enhanced_dict = true;
+
+            if(keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH)) {
+                storage_common_remove(
+                    instance->storage, NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH);
+            }
+            if(keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH)) {
+                storage_common_copy(
+                    instance->storage,
+                    NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH,
+                    NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH);
+            }
+
             if(!keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_USER_PATH)) {
                 state = DictAttackStateSystemDictInProgress;
                 break;
             }
 
+            if(keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH)) {
+                storage_common_remove(instance->storage, NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH);
+            }
+            storage_common_copy(
+                instance->storage,
+                NFC_APP_MF_CLASSIC_DICT_USER_PATH,
+                NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH);
+
             instance->nfc_dict_context.dict = keys_dict_alloc(
                 NFC_APP_MF_CLASSIC_DICT_USER_PATH, KeysDictModeOpenAlways, sizeof(MfClassicKey));
             if(keys_dict_get_total_keys(instance->nfc_dict_context.dict) == 0) {
@@ -164,7 +231,7 @@ void nfc_scene_mf_classic_dict_attack_on_enter(void* context) {
     NfcApp* instance = context;
 
     scene_manager_set_scene_state(
-        instance->scene_manager, NfcSceneMfClassicDictAttack, DictAttackStateUserDictInProgress);
+        instance->scene_manager, NfcSceneMfClassicDictAttack, DictAttackStateCUIDDictInProgress);
     nfc_scene_mf_classic_dict_attack_prepare_view(instance);
     dict_attack_set_card_state(instance->dict_attack, true);
     view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewDictAttack);
@@ -193,7 +260,21 @@ bool nfc_scene_mf_classic_dict_attack_on_event(void* context, SceneManagerEvent
         scene_manager_get_scene_state(instance->scene_manager, NfcSceneMfClassicDictAttack);
     if(event.type == SceneManagerEventTypeCustom) {
         if(event.event == NfcCustomEventDictAttackComplete) {
-            if(state == DictAttackStateUserDictInProgress) {
+            bool ran_nested_dict = instance->nfc_dict_context.nested_phase !=
+                                   MfClassicNestedPhaseNone;
+            if(state == DictAttackStateCUIDDictInProgress) {
+                nfc_poller_stop(instance->poller);
+                nfc_poller_free(instance->poller);
+                keys_dict_free(instance->nfc_dict_context.dict);
+                scene_manager_set_scene_state(
+                    instance->scene_manager,
+                    NfcSceneMfClassicDictAttack,
+                    DictAttackStateUserDictInProgress);
+                nfc_scene_mf_classic_dict_attack_prepare_view(instance);
+                instance->poller = nfc_poller_alloc(instance->nfc, NfcProtocolMfClassic);
+                nfc_poller_start(instance->poller, nfc_dict_attack_worker_callback, instance);
+                consumed = true;
+            } else if(state == DictAttackStateUserDictInProgress && !(ran_nested_dict)) {
                 nfc_poller_stop(instance->poller);
                 nfc_poller_free(instance->poller);
                 keys_dict_free(instance->nfc_dict_context.dict);
@@ -222,7 +303,27 @@ bool nfc_scene_mf_classic_dict_attack_on_event(void* context, SceneManagerEvent
         } else if(event.event == NfcCustomEventDictAttackSkip) {
             const MfClassicData* mfc_data = nfc_poller_get_data(instance->poller);
             nfc_device_set_data(instance->nfc_device, NfcProtocolMfClassic, mfc_data);
-            if(state == DictAttackStateUserDictInProgress) {
+            bool ran_nested_dict = instance->nfc_dict_context.nested_phase !=
+                                   MfClassicNestedPhaseNone;
+            if(state == DictAttackStateCUIDDictInProgress) {
+                if(instance->nfc_dict_context.is_card_present) {
+                    nfc_poller_stop(instance->poller);
+                    nfc_poller_free(instance->poller);
+                    keys_dict_free(instance->nfc_dict_context.dict);
+                    scene_manager_set_scene_state(
+                        instance->scene_manager,
+                        NfcSceneMfClassicDictAttack,
+                        DictAttackStateUserDictInProgress);
+                    nfc_scene_mf_classic_dict_attack_prepare_view(instance);
+                    instance->poller = nfc_poller_alloc(instance->nfc, NfcProtocolMfClassic);
+                    nfc_poller_start(instance->poller, nfc_dict_attack_worker_callback, instance);
+                } else {
+                    nfc_scene_mf_classic_dict_attack_notify_read(instance);
+                    scene_manager_next_scene(instance->scene_manager, NfcSceneReadSuccess);
+                    dolphin_deed(DolphinDeedNfcReadSuccess);
+                }
+                consumed = true;
+            } else if(state == DictAttackStateUserDictInProgress && !(ran_nested_dict)) {
                 if(instance->nfc_dict_context.is_card_present) {
                     nfc_poller_stop(instance->poller);
                     nfc_poller_free(instance->poller);
@@ -240,7 +341,7 @@ bool nfc_scene_mf_classic_dict_attack_on_event(void* context, SceneManagerEvent
                     dolphin_deed(DolphinDeedNfcReadSuccess);
                 }
                 consumed = true;
-            } else if(state == DictAttackStateSystemDictInProgress) {
+            } else {
                 nfc_scene_mf_classic_dict_attack_notify_read(instance);
                 scene_manager_next_scene(instance->scene_manager, NfcSceneReadSuccess);
                 dolphin_deed(DolphinDeedNfcReadSuccess);
@@ -262,7 +363,7 @@ void nfc_scene_mf_classic_dict_attack_on_exit(void* context) {
 
     dict_attack_reset(instance->dict_attack);
     scene_manager_set_scene_state(
-        instance->scene_manager, NfcSceneMfClassicDictAttack, DictAttackStateUserDictInProgress);
+        instance->scene_manager, NfcSceneMfClassicDictAttack, DictAttackStateCUIDDictInProgress);
 
     keys_dict_free(instance->nfc_dict_context.dict);
 
@@ -275,6 +376,20 @@ void nfc_scene_mf_classic_dict_attack_on_exit(void* context) {
     instance->nfc_dict_context.is_key_attack = false;
     instance->nfc_dict_context.key_attack_current_sector = 0;
     instance->nfc_dict_context.is_card_present = false;
+    instance->nfc_dict_context.nested_phase = MfClassicNestedPhaseNone;
+    instance->nfc_dict_context.prng_type = MfClassicPrngTypeUnknown;
+    instance->nfc_dict_context.backdoor = MfClassicBackdoorUnknown;
+    instance->nfc_dict_context.nested_target_key = 0;
+    instance->nfc_dict_context.msb_count = 0;
+    instance->nfc_dict_context.enhanced_dict = false;
+
+    // Clean up temporary files used for nested dictionary attack
+    if(keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH)) {
+        storage_common_remove(instance->storage, NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH);
+    }
+    if(keys_dict_check_presence(NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH)) {
+        storage_common_remove(instance->storage, NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH);
+    }
 
     nfc_blink_stop(instance);
     notification_message(instance->notifications, &sequence_display_backlight_enforce_auto);