Initial accelerated dictionary attack for weak PRNGs

2026-05-11 06:09:08 -07:00 · 2024-08-18 20:38:24 -04:00
parent cc8cae770f
commit 79bc887f95
4 changed files with 207 additions and 11 deletions
--- a/applications/main/nfc/nfc_app_i.h
+++ b/applications/main/nfc/nfc_app_i.h
@@ -74,8 +74,12 @@
 #define NFC_APP_MFKEY32_LOGS_FILE_NAME ".mfkey32.log"
 #define NFC_APP_MFKEY32_LOGS_FILE_PATH (NFC_APP_FOLDER "/" NFC_APP_MFKEY32_LOGS_FILE_NAME)

-#define NFC_APP_MF_CLASSIC_DICT_USER_PATH   (NFC_APP_FOLDER "/assets/mf_classic_dict_user.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_USER_PATH (NFC_APP_FOLDER "/assets/mf_classic_dict_user.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH \
+    (NFC_APP_FOLDER "/assets/mf_classic_dict_user_nested.nfc")
 #define NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH (NFC_APP_FOLDER "/assets/mf_classic_dict.nfc")
+#define NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH \
+    (NFC_APP_FOLDER "/assets/mf_classic_dict_nested.nfc")

 typedef enum {
    NfcRpcStateIdle,
--- a/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c
+++ b/applications/main/nfc/scenes/nfc_scene_mf_classic_dict_attack.c
@@ -130,6 +130,13 @@ static void nfc_scene_mf_classic_dict_attack_prepare_view(NfcApp* instance) {
                break;
            }

+            // TODO: Check for errors
+            storage_common_remove(instance->storage, NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH);
+            storage_common_copy(
+                instance->storage,
+                NFC_APP_MF_CLASSIC_DICT_USER_PATH,
+                NFC_APP_MF_CLASSIC_DICT_USER_NESTED_PATH);
+
            instance->nfc_dict_context.dict = keys_dict_alloc(
                NFC_APP_MF_CLASSIC_DICT_USER_PATH, KeysDictModeOpenAlways, sizeof(MfClassicKey));
            if(keys_dict_get_total_keys(instance->nfc_dict_context.dict) == 0) {
@@ -142,6 +149,13 @@ static void nfc_scene_mf_classic_dict_attack_prepare_view(NfcApp* instance) {
        } while(false);
    }
    if(state == DictAttackStateSystemDictInProgress) {
+        // TODO: Check for errors
+        storage_common_remove(instance->storage, NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH);
+        storage_common_copy(
+            instance->storage,
+            NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH,
+            NFC_APP_MF_CLASSIC_DICT_SYSTEM_NESTED_PATH);
+
        instance->nfc_dict_context.dict = keys_dict_alloc(
            NFC_APP_MF_CLASSIC_DICT_SYSTEM_PATH, KeysDictModeOpenExisting, sizeof(MfClassicKey));
        dict_attack_set_header(instance->dict_attack, "MF Classic System Dictionary");