Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-04-24 03:29:57 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix uninitialized key attempt

Browse Source
This commit is contained in:
noproto
2025-08-18 00:21:36 -04:00
parent 1b88b86a11
commit 374f49319b
2 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
applications/main/nfc/helpers/protocol_support/mf_ultralight/mf_ultralight.c
View File

@@ -151,8 +151,15 @@ static NfcCommand
}
if(!mf_ultralight_event->data->auth_context.skip_auth) {
mf_ultralight_event->data->auth_context.password = instance->mf_ul_auth->password;
mf_ultralight_event->data->key_request_data.key = instance->mf_ul_auth->tdes_key;
// TODO: Key provided attribute is not set
// Only set tdes_key for Manual/Reader auth types, not for dictionary attacks
if(instance->mf_ul_auth->type == MfUltralightAuthTypeManual ||
instance->mf_ul_auth->type == MfUltralightAuthTypeReader) {
mf_ultralight_event->data->key_request_data.key = instance->mf_ul_auth->tdes_key;
mf_ultralight_event->data->key_request_data.key_provided = true;
} else {
mf_ultralight_event->data->key_request_data.key_provided = false;
}
}
} else if(mf_ultralight_event->type == MfUltralightPollerEventTypeAuthSuccess) {
instance->mf_ul_auth->pack = mf_ultralight_event->data->auth_context.pack;

21
lib/nfc/protocols/mf_ultralight/mf_ultralight_poller.c
View File

@@ -452,7 +452,26 @@ static NfcCommand mf_ultralight_poller_handler_auth_ultralight_c(MfUltralightPol
command = instance->callback(instance->general_event, instance->context);
if(!instance->mfu_event.data->auth_context.skip_auth) {
FURI_LOG_D(TAG, "Trying to authenticate with 3des key");
instance->auth_context.tdes_key = instance->mfu_event.data->key_request_data.key;
// Only use the key if it was actually provided
if(instance->mfu_event.data->key_request_data.key_provided) {
instance->auth_context.tdes_key = instance->mfu_event.data->key_request_data.key;
} else if(instance->mode == MfUltralightPollerModeDictAttack) {
// TODO: Can logic be rearranged to request this key before reaching mf_ultralight_poller_handler_auth_ultralight_c in poller?
FURI_LOG_D(TAG, "No initial key provided, requesting key from dictionary");
// Trigger dictionary key request
instance->mfu_event.type = MfUltralightPollerEventTypeRequestKey;
command = instance->callback(instance->general_event, instance->context);
if(!instance->mfu_event.data->key_request_data.key_provided) {
instance->state = MfUltralightPollerStateReadPages;
return command;
} else {
instance->auth_context.tdes_key = instance->mfu_event.data->key_request_data.key;
}
} else {
FURI_LOG_D(TAG, "No key provided, skipping auth");
instance->state = MfUltralightPollerStateReadPages;
return command;
}
instance->auth_context.auth_success = false;
// For debugging
FURI_LOG_D(