diff --git a/applications/external/mfkey32/application.fam b/applications/external/mfkey32/application.fam
index eb11aec2c..75fa40bf6 100644
--- a/applications/external/mfkey32/application.fam
+++ b/applications/external/mfkey32/application.fam
@@ -10,7 +10,7 @@ App(
],
stack_size=1 * 1024,
fap_icon="mfkey.png",
- fap_category="Tools",
+ fap_category="NFC",
fap_author="noproto",
fap_icon_assets="images",
fap_weburl="https://github.com/noproto/FlipperMfkey",
diff --git a/applications/external/mifare_nested/LICENSE.md b/applications/external/mifare_nested/LICENSE.md
new file mode 100644
index 000000000..f288702d2
--- /dev/null
+++ b/applications/external/mifare_nested/LICENSE.md
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/applications/external/mifare_nested/application.fam b/applications/external/mifare_nested/application.fam
new file mode 100644
index 000000000..236abf6d1
--- /dev/null
+++ b/applications/external/mifare_nested/application.fam
@@ -0,0 +1,25 @@
+App(
+ appid="mifare_nested",
+ name="Mifare Nested",
+ apptype=FlipperAppType.EXTERNAL,
+ entry_point="mifare_nested_app",
+ requires=[
+ "storage",
+ "gui",
+ "nfc"
+ ],
+ stack_size=4 * 1024,
+ order=30,
+ fap_icon="assets/icon.png",
+ fap_category="NFC",
+ fap_private_libs=[
+ Lib(name="nested"),
+ Lib(name="parity"),
+ Lib(name="crypto1")
+ ],
+ fap_icon_assets="assets",
+ fap_author="AloneLiberty",
+ fap_description="Recover Mifare Classic keys",
+ fap_weburl="https://github.com/AloneLiberty/FlipperNested",
+ fap_version=(1, 4)
+)
diff --git a/applications/external/mifare_nested/assets/ApplyTag.png b/applications/external/mifare_nested/assets/ApplyTag.png
new file mode 100644
index 000000000..787c0bcfe
Binary files /dev/null and b/applications/external/mifare_nested/assets/ApplyTag.png differ
diff --git a/applications/external/mifare_nested/assets/DolphinCry.png b/applications/external/mifare_nested/assets/DolphinCry.png
new file mode 100644
index 000000000..86d9db1b4
Binary files /dev/null and b/applications/external/mifare_nested/assets/DolphinCry.png differ
diff --git a/applications/external/mifare_nested/assets/DolphinSuccess.png b/applications/external/mifare_nested/assets/DolphinSuccess.png
new file mode 100644
index 000000000..341999109
Binary files /dev/null and b/applications/external/mifare_nested/assets/DolphinSuccess.png differ
diff --git a/applications/external/mifare_nested/assets/Loading.png b/applications/external/mifare_nested/assets/Loading.png
new file mode 100644
index 000000000..93a59fe68
Binary files /dev/null and b/applications/external/mifare_nested/assets/Loading.png differ
diff --git a/applications/external/mifare_nested/assets/icon.png b/applications/external/mifare_nested/assets/icon.png
new file mode 100644
index 000000000..ae72f2ff9
Binary files /dev/null and b/applications/external/mifare_nested/assets/icon.png differ
diff --git a/applications/external/mifare_nested/lib/crypto1/crypto1.c b/applications/external/mifare_nested/lib/crypto1/crypto1.c
new file mode 100644
index 000000000..0483f45e8
--- /dev/null
+++ b/applications/external/mifare_nested/lib/crypto1/crypto1.c
@@ -0,0 +1,118 @@
+#include "crypto1.h"
+#include
+
+void crypto1_reset(Crypto1* crypto1) {
+ furi_assert(crypto1);
+ crypto1->even = 0;
+ crypto1->odd = 0;
+}
+
+void crypto1_init(Crypto1* crypto1, uint64_t key) {
+ furi_assert(crypto1);
+ crypto1->even = 0;
+ crypto1->odd = 0;
+ for(int8_t i = 47; i > 0; i -= 2) {
+ crypto1->odd = crypto1->odd << 1 | FURI_BIT(key, (i - 1) ^ 7);
+ crypto1->even = crypto1->even << 1 | FURI_BIT(key, i ^ 7);
+ }
+}
+
+uint32_t crypto1_filter(uint32_t in) {
+ uint32_t out = 0;
+ out = 0xf22c0 >> (in & 0xf) & 16;
+ out |= 0x6c9c0 >> (in >> 4 & 0xf) & 8;
+ out |= 0x3c8b0 >> (in >> 8 & 0xf) & 4;
+ out |= 0x1e458 >> (in >> 12 & 0xf) & 2;
+ out |= 0x0d938 >> (in >> 16 & 0xf) & 1;
+ return FURI_BIT(0xEC57E80A, out);
+}
+
+uint8_t crypto1_bit(Crypto1* crypto1, uint8_t in, int is_encrypted) {
+ furi_assert(crypto1);
+ uint8_t out = crypto1_filter(crypto1->odd);
+ uint32_t feed = out & (!!is_encrypted);
+ feed ^= !!in;
+ feed ^= LF_POLY_ODD & crypto1->odd;
+ feed ^= LF_POLY_EVEN & crypto1->even;
+ crypto1->even = crypto1->even << 1 | (evenparity32(feed));
+
+ FURI_SWAP(crypto1->odd, crypto1->even);
+ return out;
+}
+
+uint8_t crypto1_byte(Crypto1* crypto1, uint8_t in, int is_encrypted) {
+ furi_assert(crypto1);
+ uint8_t out = 0;
+ for(uint8_t i = 0; i < 8; i++) {
+ out |= crypto1_bit(crypto1, FURI_BIT(in, i), is_encrypted) << i;
+ }
+ return out;
+}
+
+uint32_t crypto1_word(Crypto1* crypto1, uint32_t in, int is_encrypted) {
+ furi_assert(crypto1);
+ uint32_t out = 0;
+ for(uint8_t i = 0; i < 32; i++) {
+ out |= (uint32_t)crypto1_bit(crypto1, BEBIT(in, i), is_encrypted) << (24 ^ i);
+ }
+ return out;
+}
+
+uint32_t prng_successor(uint32_t x, uint32_t n) {
+ SWAPENDIAN(x);
+ while(n--) x = x >> 1 | (x >> 16 ^ x >> 18 ^ x >> 19 ^ x >> 21) << 31;
+
+ return SWAPENDIAN(x);
+}
+
+void crypto1_decrypt(
+ Crypto1* crypto,
+ uint8_t* encrypted_data,
+ uint16_t encrypted_data_bits,
+ uint8_t* decrypted_data) {
+ furi_assert(crypto);
+ furi_assert(encrypted_data);
+ furi_assert(decrypted_data);
+
+ if(encrypted_data_bits < 8) {
+ uint8_t decrypted_byte = 0;
+ decrypted_byte |= (crypto1_bit(crypto, 0, 0) ^ FURI_BIT(encrypted_data[0], 0)) << 0;
+ decrypted_byte |= (crypto1_bit(crypto, 0, 0) ^ FURI_BIT(encrypted_data[0], 1)) << 1;
+ decrypted_byte |= (crypto1_bit(crypto, 0, 0) ^ FURI_BIT(encrypted_data[0], 2)) << 2;
+ decrypted_byte |= (crypto1_bit(crypto, 0, 0) ^ FURI_BIT(encrypted_data[0], 3)) << 3;
+ decrypted_data[0] = decrypted_byte;
+ } else {
+ for(size_t i = 0; i < encrypted_data_bits / 8; i++) {
+ decrypted_data[i] = crypto1_byte(crypto, 0, 0) ^ encrypted_data[i];
+ }
+ }
+}
+
+void crypto1_encrypt(
+ Crypto1* crypto,
+ uint8_t* keystream,
+ uint8_t* plain_data,
+ uint16_t plain_data_bits,
+ uint8_t* encrypted_data,
+ uint8_t* encrypted_parity) {
+ furi_assert(crypto);
+ furi_assert(plain_data);
+ furi_assert(encrypted_data);
+ furi_assert(encrypted_parity);
+
+ if(plain_data_bits < 8) {
+ encrypted_data[0] = 0;
+ for(size_t i = 0; i < plain_data_bits; i++) {
+ encrypted_data[0] |= (crypto1_bit(crypto, 0, 0) ^ FURI_BIT(plain_data[0], i)) << i;
+ }
+ } else {
+ memset(encrypted_parity, 0, plain_data_bits / 8 + 1);
+ for(uint8_t i = 0; i < plain_data_bits / 8; i++) {
+ encrypted_data[i] = crypto1_byte(crypto, keystream ? keystream[i] : 0, 0) ^
+ plain_data[i];
+ encrypted_parity[i / 8] |=
+ (((crypto1_filter(crypto->odd) ^ oddparity8(plain_data[i])) & 0x01)
+ << (7 - (i & 0x0007)));
+ }
+ }
+}
\ No newline at end of file
diff --git a/applications/external/mifare_nested/lib/crypto1/crypto1.h b/applications/external/mifare_nested/lib/crypto1/crypto1.h
new file mode 100644
index 000000000..bad6e631b
--- /dev/null
+++ b/applications/external/mifare_nested/lib/crypto1/crypto1.h
@@ -0,0 +1,39 @@
+#include "../../lib/parity/parity.h"
+#include
+#include
+#include "stddef.h"
+
+#define LF_POLY_ODD (0x29CE5C)
+#define LF_POLY_EVEN (0x870804)
+
+#define SWAPENDIAN(x) \
+ ((x) = ((x) >> 8 & 0xff00ff) | ((x)&0xff00ff) << 8, (x) = (x) >> 16 | (x) << 16)
+#define BEBIT(x, n) FURI_BIT(x, (n) ^ 24)
+
+void crypto1_reset(Crypto1* crypto1);
+
+void crypto1_init(Crypto1* crypto1, uint64_t key);
+
+uint32_t crypto1_filter(uint32_t in);
+
+uint8_t crypto1_bit(Crypto1* crypto1, uint8_t in, int is_encrypted);
+
+uint8_t crypto1_byte(Crypto1* crypto1, uint8_t in, int is_encrypted);
+
+uint32_t crypto1_word(Crypto1* crypto1, uint32_t in, int is_encrypted);
+
+uint32_t prng_successor(uint32_t x, uint32_t n);
+
+void crypto1_decrypt(
+ Crypto1* crypto,
+ uint8_t* encrypted_data,
+ uint16_t encrypted_data_bits,
+ uint8_t* decrypted_data);
+
+void crypto1_encrypt(
+ Crypto1* crypto,
+ uint8_t* keystream,
+ uint8_t* plain_data,
+ uint16_t plain_data_bits,
+ uint8_t* encrypted_data,
+ uint8_t* encrypted_parity);
\ No newline at end of file
diff --git a/applications/external/mifare_nested/lib/nested/nested.c b/applications/external/mifare_nested/lib/nested/nested.c
new file mode 100644
index 000000000..4d04b99d5
--- /dev/null
+++ b/applications/external/mifare_nested/lib/nested/nested.c
@@ -0,0 +1,740 @@
+#include "nested.h"
+
+#include
+#include "../../lib/parity/parity.h"
+#include "../../lib/crypto1/crypto1.h"
+#define TAG "Nested"
+
+void nfc_util_num2bytes(uint64_t src, uint8_t len, uint8_t* dest) {
+ furi_assert(dest);
+ furi_assert(len <= 8);
+
+ while(len--) {
+ dest[len] = (uint8_t)src;
+ src >>= 8;
+ }
+}
+
+uint64_t nfc_util_bytes2num(const uint8_t* src, uint8_t len) {
+ furi_assert(src);
+ furi_assert(len <= 8);
+
+ uint64_t res = 0;
+ while(len--) {
+ res = (res << 8) | (*src);
+ src++;
+ }
+ return res;
+}
+
+uint16_t nfca_get_crc16(uint8_t* buff, uint16_t len) {
+ uint16_t crc = 0x6363; // NFCA_CRC_INIT
+ uint8_t byte = 0;
+
+ for(uint8_t i = 0; i < len; i++) {
+ byte = buff[i];
+ byte ^= (uint8_t)(crc & 0xff);
+ byte ^= byte << 4;
+ crc = (crc >> 8) ^ (((uint16_t)byte) << 8) ^ (((uint16_t)byte) << 3) ^
+ (((uint16_t)byte) >> 4);
+ }
+
+ return crc;
+}
+
+void nfca_append_crc16(uint8_t* buff, uint16_t len) {
+ uint16_t crc = nfca_get_crc16(buff, len);
+ buff[len] = (uint8_t)crc;
+ buff[len + 1] = (uint8_t)(crc >> 8);
+}
+
+bool mifare_sendcmd_short(
+ Crypto1* crypto,
+ FuriHalNfcTxRxContext* tx_rx,
+ bool crypted,
+ uint32_t cmd,
+ uint32_t data) {
+ uint16_t pos;
+ uint8_t dcmd[4] = {cmd, data, 0x00, 0x00};
+ nfca_append_crc16(dcmd, 2);
+
+ memset(tx_rx->tx_data, 0, sizeof(tx_rx->tx_data));
+ memset(tx_rx->tx_parity, 0, sizeof(tx_rx->tx_parity));
+
+ if(crypted) {
+ for(pos = 0; pos < 4; pos++) {
+ uint8_t res = crypto1_byte(crypto, 0x00, 0) ^ dcmd[pos];
+ tx_rx->tx_data[pos] = res;
+ tx_rx->tx_parity[0] |=
+ (((crypto1_filter(crypto->odd) ^ oddparity8(dcmd[pos])) & 0x01) << (7 - pos));
+ }
+
+ tx_rx->tx_rx_type = FuriHalNfcTxRxTypeRaw;
+ tx_rx->tx_bits = 4 * 8;
+ } else {
+ for(pos = 0; pos < 2; pos++) {
+ tx_rx->tx_data[pos] = dcmd[pos];
+ }
+
+ tx_rx->tx_rx_type = FuriHalNfcTxRxTypeRxNoCrc;
+ tx_rx->tx_bits = 2 * 8;
+ }
+
+ if(!furi_hal_nfc_tx_rx(tx_rx, 6)) return false;
+
+ return true;
+}
+
+bool mifare_classic_authex(
+ Crypto1* crypto,
+ FuriHalNfcTxRxContext* tx_rx,
+ uint32_t uid,
+ uint32_t blockNo,
+ uint32_t keyType,
+ uint64_t ui64Key,
+ bool isNested,
+ uint32_t* ntptr) {
+ uint32_t nt, ntpp; // Supplied tag nonce
+ uint8_t nr[4];
+
+ // "random" reader nonce:
+ nfc_util_num2bytes(prng_successor(0, 32), 4, nr); // DWT->CYCCNT
+
+ // Transmit MIFARE_CLASSIC_AUTH
+ if(!mifare_sendcmd_short(crypto, tx_rx, isNested, 0x60 + (keyType & 0x01), blockNo)) {
+ return false;
+ };
+
+ memset(tx_rx->tx_data, 0, sizeof(tx_rx->tx_data));
+ memset(tx_rx->tx_parity, 0, sizeof(tx_rx->tx_parity));
+
+ nt = (uint32_t)nfc_util_bytes2num(tx_rx->rx_data, 4);
+
+ if(isNested) crypto1_reset(crypto); // deinit
+
+ crypto1_init(crypto, ui64Key);
+
+ if(isNested) {
+ nt = crypto1_word(crypto, nt ^ uid, 1) ^ nt;
+ } else {
+ crypto1_word(crypto, nt ^ uid, 0);
+ }
+
+ // save Nt
+ if(ntptr) *ntptr = nt;
+
+ // Generate (encrypted) nr+parity by loading it into the cipher (Nr)
+ tx_rx->tx_parity[0] = 0;
+ for(uint8_t i = 0; i < 4; i++) {
+ tx_rx->tx_data[i] = crypto1_byte(crypto, nr[i], 0) ^ nr[i];
+ tx_rx->tx_parity[0] |=
+ (((crypto1_filter(crypto->odd) ^ oddparity8(nr[i])) & 0x01) << (7 - i));
+ }
+
+ nt = prng_successor(nt, 32);
+
+ for(uint8_t i = 4; i < 8; i++) {
+ nt = prng_successor(nt, 8);
+ tx_rx->tx_data[i] = crypto1_byte(crypto, 0x00, 0) ^ (nt & 0xff);
+ tx_rx->tx_parity[0] |=
+ (((crypto1_filter(crypto->odd) ^ oddparity8(nt & 0xff)) & 0x01) << (7 - i));
+ }
+
+ tx_rx->tx_rx_type = FuriHalNfcTxRxTypeRaw;
+ tx_rx->tx_bits = 8 * 8;
+
+ if(!furi_hal_nfc_tx_rx(tx_rx, 25)) {
+ return false;
+ };
+
+ uint32_t answer = (uint32_t)nfc_util_bytes2num(tx_rx->rx_data, 4);
+
+ ntpp = prng_successor(nt, 32) ^ crypto1_word(crypto, 0, 0);
+
+ if(answer != ntpp) {
+ return false;
+ }
+
+ return true;
+}
+
+static int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, const uint8_t* parity) {
+ return ((oddparity8((Nt >> 24) & 0xFF) ==
+ ((parity[0]) ^ oddparity8((NtEnc >> 24) & 0xFF) ^ FURI_BIT(Ks1, 16))) &&
+ (oddparity8((Nt >> 16) & 0xFF) ==
+ ((parity[1]) ^ oddparity8((NtEnc >> 16) & 0xFF) ^ FURI_BIT(Ks1, 8))) &&
+ (oddparity8((Nt >> 8) & 0xFF) ==
+ ((parity[2]) ^ oddparity8((NtEnc >> 8) & 0xFF) ^ FURI_BIT(Ks1, 0)))) ?
+ 1 :
+ 0;
+}
+
+void nonce_distance(uint32_t* msb, uint32_t* lsb) {
+ uint16_t x = 1, pos;
+ uint8_t calc_ok = 0;
+
+ for(uint16_t i = 1; i; ++i) {
+ pos = (x & 0xff) << 8 | x >> 8;
+
+ if((pos == *msb) & !(calc_ok >> 0 & 0x01)) {
+ *msb = i;
+ calc_ok |= 0x01;
+ }
+
+ if((pos == *lsb) & !(calc_ok >> 1 & 0x01)) {
+ *lsb = i;
+ calc_ok |= 0x02;
+ }
+
+ if(calc_ok == 0x03) {
+ return;
+ }
+
+ x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;
+ }
+}
+
+bool validate_prng_nonce(uint32_t nonce) {
+ uint32_t msb = nonce >> 16;
+ uint32_t lsb = nonce & 0xffff;
+ nonce_distance(&msb, &lsb);
+ return ((65535 - msb + lsb) % 65535) == 16;
+}
+
+MifareNestedNonceType nested_check_nonce_type(FuriHalNfcTxRxContext* tx_rx, uint8_t blockNo) {
+ uint32_t nonces[5] = {};
+ uint8_t sameNonces = 0;
+ uint8_t hardNonces = 0;
+ Crypto1 crypt;
+ Crypto1* crypto = {&crypt};
+
+ for(int32_t i = 0; i < 5; i++) {
+ // Setup nfc poller
+ nfc_activate();
+ furi_hal_nfc_activate_nfca(100, NULL);
+
+ // Start communication
+ bool success = mifare_sendcmd_short(crypto, tx_rx, false, 0x60, blockNo);
+ if(!success) {
+ continue;
+ };
+
+ uint32_t nt = (uint32_t)nfc_util_bytes2num(tx_rx->rx_data, 4);
+ if(nt == 0) continue;
+ if(!validate_prng_nonce(nt)) hardNonces++;
+ nonces[i] = nt;
+
+ nfc_deactivate();
+ }
+
+ for(int32_t i = 0; i < 5; i++) {
+ for(int32_t j = 0; j < 5; j++) {
+ if(i != j && nonces[j] && nonces[i] == nonces[j]) {
+ sameNonces++;
+ }
+ }
+ }
+
+ if(!nonces[4]) {
+ return MifareNestedNonceNoTag;
+ }
+
+ if(sameNonces > 3) {
+ return MifareNestedNonceStatic;
+ }
+
+ if(hardNonces > 3) {
+ return MifareNestedNonceHard;
+ }
+
+ return MifareNestedNonceWeak;
+}
+
+struct nonce_info_static nested_static_nonce_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key) {
+ uint32_t cuid = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ struct nonce_info_static r;
+
+ r.full = false;
+
+ // Setup nfc poller
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) {
+ free(crypto);
+ return r;
+ }
+
+ r.cuid = cuid;
+
+ uint32_t nt1;
+ uint32_t nt_unused;
+
+ crypto1_reset(crypto);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ if(targetKeyType == 1 && nt1 == 0x009080A2) {
+ r.target_nt[0] = prng_successor(nt1, 161);
+ r.target_nt[1] = prng_successor(nt1, 321);
+ } else {
+ r.target_nt[0] = prng_successor(nt1, 160);
+ r.target_nt[1] = prng_successor(nt1, 320);
+ }
+
+ bool success =
+ mifare_sendcmd_short(crypto, tx_rx, true, 0x60 + (targetKeyType & 0x01), targetBlockNo);
+
+ if(!success) {
+ free(crypto);
+ return r;
+ };
+
+ uint32_t nt2 = nfc_util_bytes2num(tx_rx->rx_data, 4);
+ r.target_ks[0] = nt2 ^ r.target_nt[0];
+
+ nfc_activate();
+
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) {
+ free(crypto);
+ return r;
+ }
+
+ crypto1_reset(crypto);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, true, &nt_unused);
+
+ success =
+ mifare_sendcmd_short(crypto, tx_rx, true, 0x60 + (targetKeyType & 0x01), targetBlockNo);
+
+ free(crypto);
+
+ if(!success) {
+ return r;
+ };
+
+ uint32_t nt3 = (uint32_t)nfc_util_bytes2num(tx_rx->rx_data, 4);
+
+ r.target_ks[1] = nt3 ^ r.target_nt[1];
+ r.full = true;
+
+ nfc_deactivate();
+
+ return r;
+}
+
+uint32_t nested_calibrate_distance(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key,
+ uint32_t delay,
+ bool full) {
+ uint32_t cuid = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ uint32_t nt1, nt2, i = 0, davg = 0, dmin = 0, dmax = 0, rtr = 0, unsuccessful_tries = 0;
+ uint32_t max_prng_value = full ? 65565 : 1200;
+ uint32_t rounds = full ? 5 : 17; // full does not require precision
+ uint32_t collected = 0;
+
+ for(rtr = 0; rtr < rounds; rtr++) {
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) break;
+
+ if(!mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1)) {
+ continue;
+ }
+
+ furi_delay_us(delay);
+
+ if(!mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, true, &nt2)) {
+ continue;
+ }
+
+ // NXP Mifare is typical around 840, but for some unlicensed/compatible mifare tag this can be 160
+ uint32_t nttmp = prng_successor(nt1, 100);
+
+ for(i = 101; i < max_prng_value; i++) {
+ nttmp = prng_successor(nttmp, 1);
+ if(nttmp == nt2) break;
+ }
+
+ if(i != max_prng_value) {
+ if(rtr != 0) {
+ davg += i;
+ dmin = MIN(dmin, i);
+ dmax = MAX(dmax, i);
+ } else {
+ dmin = dmax = i;
+ }
+
+ FURI_LOG_D(TAG, "Calibrating: ntdist=%lu", i);
+ collected++;
+ } else {
+ unsuccessful_tries++;
+ if(unsuccessful_tries > 12) {
+ free(crypto);
+ FURI_LOG_E(
+ TAG,
+ "Tag isn't vulnerable to nested attack (random numbers are not predictable)");
+ return 0;
+ }
+ }
+ }
+
+ if(collected > 1) davg = (davg + (collected - 1) / 2) / (collected - 1);
+
+ davg = MIN(MAX(dmin, davg), dmax);
+
+ FURI_LOG_I(
+ TAG,
+ "Calibration completed: rtr=%lu min=%lu max=%lu avg=%lu collected=%lu",
+ rtr,
+ dmin,
+ dmax,
+ davg,
+ collected);
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return davg;
+}
+
+struct distance_info nested_calibrate_distance_info(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key) {
+ uint32_t cuid = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ uint32_t nt1, nt2, i = 0, davg = 0, dmin = 0, dmax = 0, rtr = 0, unsuccessful_tries = 0;
+ struct distance_info r;
+ r.min_prng = 0;
+ r.max_prng = 0;
+ r.mid_prng = 0;
+
+ for(rtr = 0; rtr < 10; rtr++) {
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) break;
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, true, &nt2);
+
+ // NXP Mifare is typical around 840, but for some unlicensed/compatible mifare tag this can be 160
+ uint32_t nttmp = prng_successor(nt1, 1);
+
+ for(i = 2; i < 65565; i++) {
+ nttmp = prng_successor(nttmp, 1);
+ if(nttmp == nt2) break;
+ }
+
+ if(i != 65565) {
+ if(rtr != 0) {
+ davg += i;
+ if(dmin == 0) {
+ dmin = i;
+ } else {
+ dmin = MIN(dmin, i);
+ }
+ dmax = MAX(dmax, i);
+ }
+
+ FURI_LOG_D(TAG, "Calibrating: ntdist=%lu", i);
+ } else {
+ unsuccessful_tries++;
+ if(unsuccessful_tries > 12) {
+ free(crypto);
+
+ FURI_LOG_E(
+ TAG,
+ "Tag isn't vulnerable to nested attack (random numbers are not predictable)");
+
+ return r;
+ }
+ }
+ }
+
+ if(rtr > 1) davg = (davg + (rtr - 1) / 2) / (rtr - 1);
+
+ FURI_LOG_I(
+ TAG, "Calibration completed: rtr=%lu min=%lu max=%lu avg=%lu", rtr, dmin, dmax, davg);
+
+ r.min_prng = dmin;
+ r.max_prng = dmax;
+ r.mid_prng = davg;
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return r;
+}
+
+struct nonce_info nested_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key,
+ uint32_t distance,
+ uint32_t delay) {
+ uint32_t cuid = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ uint8_t par_array[4] = {0x00};
+ uint32_t nt1, nt2, ks1, i = 0, j = 0;
+ struct nonce_info r;
+ uint32_t dmin = distance - 2;
+ uint32_t dmax = distance + 2;
+
+ r.full = false;
+
+ for(i = 0; i < 2; i++) { // look for exactly two different nonces
+ r.target_nt[i] = 0;
+
+ while(r.target_nt[i] == 0) { // continue until we have an unambiguous nonce
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) {
+ free(crypto);
+ return r;
+ }
+
+ r.cuid = cuid;
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ furi_delay_us(delay);
+
+ bool success = mifare_sendcmd_short(
+ crypto, tx_rx, true, 0x60 + (targetKeyType & 0x01), targetBlockNo);
+
+ if(!success) continue;
+
+ nt2 = nfc_util_bytes2num(tx_rx->rx_data, 4);
+
+ // Parity validity check
+ for(j = 0; j < 4; j++) {
+ par_array[j] =
+ (oddparity8(tx_rx->rx_data[j]) != ((tx_rx->rx_parity[0] >> (7 - j)) & 0x01));
+ }
+
+ uint32_t ncount = 0;
+ uint32_t nttest = prng_successor(nt1, dmin - 1);
+
+ for(j = dmin; j < dmax + 1; j++) {
+ nttest = prng_successor(nttest, 1);
+ ks1 = nt2 ^ nttest;
+
+ if(valid_nonce(nttest, nt2, ks1, par_array)) {
+ if(ncount > 0) { // we are only interested in disambiguous nonces, try again
+ FURI_LOG_D(TAG, "Nonce#%lu: dismissed (ambiguous), ntdist=%lu", i + 1, j);
+ r.target_nt[i] = 0;
+ break;
+ }
+
+ if(delay) {
+ // will predict later
+ r.target_nt[i] = nt1;
+ r.target_ks[i] = nt2;
+ } else {
+ r.target_nt[i] = nttest;
+ r.target_ks[i] = ks1;
+ }
+
+ memcpy(&r.parity[i], par_array, 4);
+ ncount++;
+
+ if(i == 1 &&
+ (r.target_nt[0] == r.target_nt[1] ||
+ r.target_ks[0] == r.target_ks[1])) { // we need two different nonces
+ r.target_nt[i] = 0;
+ FURI_LOG_D(TAG, "Nonce#2: dismissed (= nonce#1), ntdist=%lu", j);
+ break;
+ }
+
+ FURI_LOG_D(TAG, "Nonce#%lu: valid, ntdist=%lu", i + 1, j);
+ }
+ }
+
+ if(r.target_nt[i] == 0 && j == dmax + 1) {
+ FURI_LOG_D(TAG, "Nonce#%lu: dismissed (all invalid)", i + 1);
+ }
+ }
+ }
+
+ if(r.target_nt[0] && r.target_nt[1]) {
+ r.full = true;
+ }
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return r;
+}
+
+struct nonce_info_hard nested_hard_nonce_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key,
+ uint32_t* found,
+ uint32_t* first_byte_sum,
+ Stream* file_stream) {
+ uint32_t cuid = 0;
+ uint8_t same = 0;
+ uint64_t previous = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ uint8_t par_array[4] = {0x00};
+ struct nonce_info_hard r;
+ r.full = false;
+ r.static_encrypted = false;
+
+ for(uint32_t i = 0; i < 8; i++) {
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) {
+ free(crypto);
+ return r;
+ }
+
+ r.cuid = cuid;
+
+ if(!mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, NULL))
+ continue;
+
+ if(!mifare_sendcmd_short(crypto, tx_rx, true, 0x60 + (targetKeyType & 0x01), targetBlockNo))
+ continue;
+
+ uint64_t nt = nfc_util_bytes2num(tx_rx->rx_data, 4);
+
+ for(uint32_t j = 0; j < 4; j++) {
+ par_array[j] =
+ (oddparity8(tx_rx->rx_data[j]) != ((tx_rx->rx_parity[0] >> (7 - j)) & 0x01));
+ }
+
+ uint8_t pbits = 0;
+ for(uint8_t j = 0; j < 4; j++) {
+ uint8_t p = oddparity8(tx_rx->rx_data[j]);
+ if(par_array[j]) {
+ p ^= 1;
+ }
+ pbits <<= 1;
+ pbits |= p;
+ }
+
+ // update unique nonces
+ if(!found[tx_rx->rx_data[0]]) {
+ *first_byte_sum += evenparity32(pbits & 0x08);
+ found[tx_rx->rx_data[0]]++;
+ }
+
+ if(nt == previous) {
+ same++;
+ }
+
+ previous = nt;
+
+ FuriString* row = furi_string_alloc_printf("%llu|%u\n", nt, pbits);
+ stream_write_string(file_stream, row);
+
+ FURI_LOG_D(TAG, "Accured %lu/8 nonces", i + 1);
+ furi_string_free(row);
+ }
+
+ if(same > 4) {
+ r.static_encrypted = true;
+ }
+
+ r.full = true;
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return r;
+}
+
+NestedCheckKeyResult nested_check_key(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key) {
+ uint32_t cuid = 0;
+ uint32_t nt;
+
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) return NestedCheckKeyNoTag;
+
+ FURI_LOG_D(
+ TAG, "Checking %c key %012llX for block %u", !keyType ? 'A' : 'B', ui64Key, blockNo);
+
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+
+ bool success =
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt);
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return success ? NestedCheckKeyValid : NestedCheckKeyInvalid;
+}
+
+bool nested_check_block(FuriHalNfcTxRxContext* tx_rx, uint8_t blockNo, uint8_t keyType) {
+ uint32_t cuid = 0;
+
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) return false;
+
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+
+ bool success = mifare_sendcmd_short(crypto, tx_rx, false, 0x60 + (keyType & 0x01), blockNo);
+
+ free(crypto);
+
+ nfc_deactivate();
+
+ return success;
+}
+
+void nested_get_data(FuriHalNfcDevData* dev_data) {
+ nfc_activate();
+ furi_hal_nfc_detect(dev_data, 400);
+ nfc_deactivate();
+}
+
+void nfc_activate() {
+ nfc_deactivate();
+
+ // Setup nfc poller
+ furi_hal_nfc_exit_sleep();
+ furi_hal_nfc_ll_txrx_on();
+ furi_hal_nfc_ll_poll();
+ if(furi_hal_nfc_ll_set_mode(
+ FuriHalNfcModePollNfca, FuriHalNfcBitrate106, FuriHalNfcBitrate106) !=
+ FuriHalNfcReturnOk)
+ return;
+
+ furi_hal_nfc_ll_set_fdt_listen(FURI_HAL_NFC_LL_FDT_LISTEN_NFCA_POLLER);
+ furi_hal_nfc_ll_set_fdt_poll(FURI_HAL_NFC_LL_FDT_POLL_NFCA_POLLER);
+ furi_hal_nfc_ll_set_error_handling(FuriHalNfcErrorHandlingNfc);
+ furi_hal_nfc_ll_set_guard_time(FURI_HAL_NFC_LL_GT_NFCA);
+}
+
+void nfc_deactivate() {
+ furi_hal_nfc_ll_txrx_off();
+ furi_hal_nfc_start_sleep();
+ furi_hal_nfc_sleep();
+}
diff --git a/applications/external/mifare_nested/lib/nested/nested.h b/applications/external/mifare_nested/lib/nested/nested.h
new file mode 100644
index 000000000..a2b902446
--- /dev/null
+++ b/applications/external/mifare_nested/lib/nested/nested.h
@@ -0,0 +1,118 @@
+#pragma once
+
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+typedef enum {
+ MifareNestedNonceNoTag,
+ MifareNestedNonceWeak,
+ MifareNestedNonceStatic,
+ MifareNestedNonceHard,
+} MifareNestedNonceType;
+
+MifareNestedNonceType nested_check_nonce_type(FuriHalNfcTxRxContext* tx_rx, uint8_t blockNo);
+
+struct nonce_info_static {
+ uint32_t cuid;
+ uint32_t target_nt[2];
+ uint32_t target_ks[2];
+ bool full;
+};
+
+struct nonce_info_hard {
+ uint32_t cuid;
+ bool static_encrypted;
+ bool full;
+};
+
+struct nonce_info {
+ uint32_t cuid;
+ uint32_t target_nt[2];
+ uint32_t target_ks[2];
+ uint8_t parity[2][4];
+ bool full;
+};
+
+struct distance_info {
+ uint32_t min_prng;
+ uint32_t max_prng;
+ uint32_t mid_prng;
+};
+
+struct nonce_info_static nested_static_nonce_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key);
+
+struct nonce_info nested_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key,
+ uint32_t distance,
+ uint32_t delay);
+
+struct nonce_info_hard nested_hard_nonce_attack(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint8_t targetBlockNo,
+ uint8_t targetKeyType,
+ uint64_t ui64Key,
+ uint32_t* found,
+ uint32_t* first_byte_sum,
+ Stream* file_stream);
+
+uint32_t nested_calibrate_distance(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key,
+ uint32_t delay,
+ bool full);
+
+struct distance_info nested_calibrate_distance_info(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key);
+
+typedef enum {
+ NestedCheckKeyNoTag,
+ NestedCheckKeyValid,
+ NestedCheckKeyInvalid,
+} NestedCheckKeyResult;
+
+NestedCheckKeyResult nested_check_key(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key);
+
+bool nested_check_block(FuriHalNfcTxRxContext* tx_rx, uint8_t blockNo, uint8_t keyType);
+
+void nested_get_data();
+
+bool mifare_classic_authex(
+ Crypto1* crypto,
+ FuriHalNfcTxRxContext* tx_rx,
+ uint32_t uid,
+ uint32_t blockNo,
+ uint32_t keyType,
+ uint64_t ui64Key,
+ bool isNested,
+ uint32_t* ntptr);
+
+void nfc_activate();
+
+void nfc_deactivate();
diff --git a/applications/external/mifare_nested/lib/parity/parity.c b/applications/external/mifare_nested/lib/parity/parity.c
new file mode 100644
index 000000000..c8e2f807e
--- /dev/null
+++ b/applications/external/mifare_nested/lib/parity/parity.c
@@ -0,0 +1,71 @@
+#include "parity.h"
+
+uint32_t __paritysi2(uint32_t a) {
+ uint32_t x = (uint32_t)a;
+ x ^= x >> 16;
+ x ^= x >> 8;
+ x ^= x >> 4;
+ return (0x6996 >> (x & 0xF)) & 1;
+}
+
+static const uint8_t g_odd_byte_parity[256] = {
+ 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0,
+ 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1,
+ 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1,
+ 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0,
+ 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1,
+ 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0,
+ 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1,
+ 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
+ 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1};
+
+#define ODD_PARITY8(x) \
+ { g_odd_byte_parity[x] }
+#define EVEN_PARITY8(x) \
+ { !g_odd_byte_parity[x] }
+
+uint8_t oddparity8(const uint8_t x) {
+ return g_odd_byte_parity[x];
+}
+
+uint8_t evenparity8(const uint8_t x) {
+ return !g_odd_byte_parity[x];
+}
+
+uint8_t evenparity16(uint16_t x) {
+#if !defined __GNUC__
+ x ^= x >> 8;
+ return EVEN_PARITY8(x);
+#else
+ return (__builtin_parity(x) & 0xFF);
+#endif
+}
+
+uint8_t oddparity16(uint16_t x) {
+#if !defined __GNUC__
+ x ^= x >> 8;
+ return ODD_PARITY8(x);
+#else
+ return !__builtin_parity(x);
+#endif
+}
+
+uint8_t evenparity32(uint32_t x) {
+#if !defined __GNUC__
+ x ^= x >> 16;
+ x ^= x >> 8;
+ return EVEN_PARITY8(x);
+#else
+ return (__builtin_parity(x) & 0xFF);
+#endif
+}
+
+uint8_t oddparity32(uint32_t x) {
+#if !defined __GNUC__
+ x ^= x >> 16;
+ x ^= x >> 8;
+ return ODD_PARITY8(x);
+#else
+ return !__builtin_parity(x);
+#endif
+}
\ No newline at end of file
diff --git a/applications/external/mifare_nested/lib/parity/parity.h b/applications/external/mifare_nested/lib/parity/parity.h
new file mode 100644
index 000000000..16648afa1
--- /dev/null
+++ b/applications/external/mifare_nested/lib/parity/parity.h
@@ -0,0 +1,10 @@
+#include "stdint.h"
+
+uint8_t oddparity8(const uint8_t x);
+uint8_t evenparity8(const uint8_t x);
+
+uint8_t evenparity16(uint16_t x);
+uint8_t oddparity16(uint16_t x);
+
+uint8_t evenparity32(uint32_t x);
+uint8_t oddparity32(uint32_t x);
\ No newline at end of file
diff --git a/applications/external/mifare_nested/mifare_nested.c b/applications/external/mifare_nested/mifare_nested.c
new file mode 100644
index 000000000..237eaef9a
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested.c
@@ -0,0 +1,408 @@
+#include "mifare_nested_i.h"
+#include
+
+bool mifare_nested_custom_event_callback(void* context, uint32_t event) {
+ furi_assert(context);
+ MifareNested* mifare_nested = context;
+ return scene_manager_handle_custom_event(mifare_nested->scene_manager, event);
+}
+
+bool mifare_nested_back_event_callback(void* context) {
+ furi_assert(context);
+ MifareNested* mifare_nested = context;
+ return scene_manager_handle_back_event(mifare_nested->scene_manager);
+}
+
+void mifare_nested_tick_event_callback(void* context) {
+ furi_assert(context);
+ MifareNested* mifare_nested = context;
+ scene_manager_handle_tick_event(mifare_nested->scene_manager);
+}
+
+void mifare_nested_show_loading_popup(void* context, bool show) {
+ MifareNested* mifare_nested = context;
+ TaskHandle_t timer_task = xTaskGetHandle(configTIMER_SERVICE_TASK_NAME);
+
+ if(show) {
+ // Raise timer priority so that animations can play
+ vTaskPrioritySet(timer_task, configMAX_PRIORITIES - 1);
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewLoading);
+ } else {
+ // Restore default timer priority
+ vTaskPrioritySet(timer_task, configTIMER_TASK_PRIORITY);
+ }
+}
+
+NestedState* collection_alloc() {
+ NestedState* nested = malloc(sizeof(NestedState));
+ nested->view = view_alloc();
+ view_allocate_model(nested->view, ViewModelTypeLocking, sizeof(NestedAttackViewModel));
+ with_view_model(
+ nested->view,
+ NestedAttackViewModel * model,
+ {
+ model->header = furi_string_alloc();
+ furi_string_set(model->header, "Collecting nonces");
+ model->keys_count = 0;
+ model->hardnested_states = 0;
+ model->lost_tag = false;
+ model->calibrating = false;
+ model->need_prediction = false;
+ model->hardnested = false;
+ },
+ false);
+
+ return nested;
+}
+
+CheckKeysState* check_keys_alloc() {
+ CheckKeysState* state = malloc(sizeof(CheckKeysState));
+ state->view = view_alloc();
+ view_allocate_model(state->view, ViewModelTypeLocking, sizeof(CheckKeysViewModel));
+ with_view_model(
+ state->view,
+ CheckKeysViewModel * model,
+ {
+ model->header = furi_string_alloc();
+ furi_string_set(model->header, "Checking keys");
+ model->lost_tag = false;
+ },
+ false);
+
+ return state;
+}
+
+static void nested_draw_callback(Canvas* canvas, void* model) {
+ NestedAttackViewModel* m = model;
+
+ if(m->lost_tag) {
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(canvas, 64, 4, AlignCenter, AlignTop, "Lost the tag!");
+ canvas_set_font(canvas, FontSecondary);
+ elements_multiline_text_aligned(
+ canvas, 64, 23, AlignCenter, AlignTop, "Make sure the tag is\npositioned correctly.");
+ } else if(m->calibrating) {
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(canvas, 64, 4, AlignCenter, AlignTop, "Calibrating...");
+ canvas_set_font(canvas, FontSecondary);
+ if(!m->need_prediction) {
+ elements_multiline_text_aligned(
+ canvas, 64, 23, AlignCenter, AlignTop, "Don't touch or move\nFlipper/Tag!");
+ } else {
+ elements_multiline_text_aligned(
+ canvas, 64, 18, AlignCenter, AlignTop, "Don't touch or move tag!");
+ canvas_set_font(canvas, FontPrimary);
+ elements_multiline_text_aligned(
+ canvas, 64, 30, AlignCenter, AlignTop, "Calibration will take\nmore time");
+ }
+ } else if(m->hardnested) {
+ char draw_str[32] = {};
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(
+ canvas, 64, 2, AlignCenter, AlignTop, furi_string_get_cstr(m->header));
+ canvas_set_font(canvas, FontSecondary);
+
+ float progress =
+ m->keys_count == 0 ? 0 : (float)(m->nonces_collected) / (float)(m->keys_count);
+
+ if(progress > 1.0) {
+ progress = 1.0;
+ }
+
+ elements_progress_bar(canvas, 5, 15, 120, progress);
+ canvas_set_font(canvas, FontSecondary);
+ snprintf(
+ draw_str,
+ sizeof(draw_str),
+ "Nonces collected: %lu/%lu",
+ m->nonces_collected,
+ m->keys_count);
+ canvas_draw_str_aligned(canvas, 1, 28, AlignLeft, AlignTop, draw_str);
+ snprintf(draw_str, sizeof(draw_str), "States found: %lu/256", m->hardnested_states);
+ canvas_draw_str_aligned(canvas, 1, 40, AlignLeft, AlignTop, draw_str);
+ } else {
+ char draw_str[32] = {};
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(
+ canvas, 64, 2, AlignCenter, AlignTop, furi_string_get_cstr(m->header));
+ canvas_set_font(canvas, FontSecondary);
+
+ float progress =
+ m->keys_count == 0 ? 0 : (float)(m->nonces_collected) / (float)(m->keys_count);
+
+ if(progress > 1.0) {
+ progress = 1.0;
+ }
+
+ elements_progress_bar(canvas, 5, 15, 120, progress);
+ canvas_set_font(canvas, FontSecondary);
+ snprintf(
+ draw_str,
+ sizeof(draw_str),
+ "Nonces collected: %lu/%lu",
+ m->nonces_collected,
+ m->keys_count);
+ canvas_draw_str_aligned(canvas, 1, 28, AlignLeft, AlignTop, draw_str);
+ }
+
+ elements_button_center(canvas, "Stop");
+}
+
+static void check_keys_draw_callback(Canvas* canvas, void* model) {
+ CheckKeysViewModel* m = model;
+
+ if(m->lost_tag) {
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(canvas, 64, 4, AlignCenter, AlignTop, "Lost the tag!");
+ canvas_set_font(canvas, FontSecondary);
+ elements_multiline_text_aligned(
+ canvas, 64, 23, AlignCenter, AlignTop, "Make sure the tag is\npositioned correctly.");
+ } else if(m->processing_keys) {
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(canvas, 64, 4, AlignCenter, AlignTop, "Processing keys...");
+ canvas_set_font(canvas, FontSecondary);
+ elements_multiline_text_aligned(
+ canvas, 64, 23, AlignCenter, AlignTop, "Checking which keys you\nalready have...");
+ } else {
+ char draw_str[32] = {};
+ char draw_sub_str[32] = {};
+ canvas_set_font(canvas, FontPrimary);
+ canvas_draw_str_aligned(
+ canvas, 64, 2, AlignCenter, AlignTop, furi_string_get_cstr(m->header));
+ canvas_set_font(canvas, FontSecondary);
+
+ float progress = m->keys_count == 0 ? 0 :
+ (float)(m->keys_checked) / (float)(m->keys_count);
+
+ if(progress > 1.0) {
+ progress = 1.0;
+ }
+
+ elements_progress_bar(canvas, 5, 15, 120, progress);
+ canvas_set_font(canvas, FontSecondary);
+ snprintf(
+ draw_str, sizeof(draw_str), "Keys checked: %lu/%lu", m->keys_checked, m->keys_count);
+ canvas_draw_str_aligned(canvas, 1, 28, AlignLeft, AlignTop, draw_str);
+ snprintf(
+ draw_sub_str,
+ sizeof(draw_sub_str),
+ "Keys found: %lu/%lu",
+ m->keys_found,
+ m->keys_total);
+ canvas_draw_str_aligned(canvas, 1, 40, AlignLeft, AlignTop, draw_sub_str);
+ }
+
+ elements_button_center(canvas, "Stop");
+}
+
+static bool nested_input_callback(InputEvent* event, void* context) {
+ MifareNested* mifare_nested = context;
+
+ bool consumed = false;
+
+ if(event->type == InputTypeShort && (event->key == InputKeyBack || event->key == InputKeyOk)) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+MifareNested* mifare_nested_alloc() {
+ MifareNested* mifare_nested = malloc(sizeof(MifareNested));
+
+ mifare_nested->worker = mifare_nested_worker_alloc();
+ mifare_nested->view_dispatcher = view_dispatcher_alloc();
+ mifare_nested->scene_manager =
+ scene_manager_alloc(&mifare_nested_scene_handlers, mifare_nested);
+ view_dispatcher_enable_queue(mifare_nested->view_dispatcher);
+ view_dispatcher_set_event_callback_context(mifare_nested->view_dispatcher, mifare_nested);
+ view_dispatcher_set_custom_event_callback(
+ mifare_nested->view_dispatcher, mifare_nested_custom_event_callback);
+ view_dispatcher_set_navigation_event_callback(
+ mifare_nested->view_dispatcher, mifare_nested_back_event_callback);
+ view_dispatcher_set_tick_event_callback(
+ mifare_nested->view_dispatcher, mifare_nested_tick_event_callback, 100);
+
+ // Nfc device
+ mifare_nested->nfc_dev = nfc_device_alloc();
+
+ // Open GUI record
+ mifare_nested->gui = furi_record_open(RECORD_GUI);
+ view_dispatcher_attach_to_gui(
+ mifare_nested->view_dispatcher, mifare_nested->gui, ViewDispatcherTypeFullscreen);
+
+ // Open Notification record
+ mifare_nested->notifications = furi_record_open(RECORD_NOTIFICATION);
+
+ // Submenu
+ mifare_nested->submenu = submenu_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewMenu,
+ submenu_get_view(mifare_nested->submenu));
+
+ // Popup
+ mifare_nested->popup = popup_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewPopup,
+ popup_get_view(mifare_nested->popup));
+
+ // Loading
+ mifare_nested->loading = loading_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewLoading,
+ loading_get_view(mifare_nested->loading));
+
+ // Text Input
+ mifare_nested->text_input = text_input_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewTextInput,
+ text_input_get_view(mifare_nested->text_input));
+
+ // Custom Widget
+ mifare_nested->widget = widget_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewWidget,
+ widget_get_view(mifare_nested->widget));
+
+ // Variable Item List
+ mifare_nested->variable_item_list = variable_item_list_alloc();
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher,
+ MifareNestedViewVariableList,
+ variable_item_list_get_view(mifare_nested->variable_item_list));
+
+ // Nested attack state
+ NestedState* plugin_state = collection_alloc();
+ view_set_context(plugin_state->view, mifare_nested);
+ mifare_nested->nested_state = plugin_state;
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher, MifareNestedViewCollecting, plugin_state->view);
+
+ // Check keys attack state
+ CheckKeysState* keys_state = check_keys_alloc();
+ view_set_context(keys_state->view, mifare_nested);
+ mifare_nested->keys_state = keys_state;
+ view_dispatcher_add_view(
+ mifare_nested->view_dispatcher, MifareNestedViewCheckKeys, keys_state->view);
+
+ KeyInfo_t* key_info = malloc(sizeof(KeyInfo_t));
+ mifare_nested->keys = key_info;
+
+ MifareNestedSettings* settings = malloc(sizeof(MifareNestedSettings));
+ settings->only_hardnested = false;
+ mifare_nested->settings = settings;
+
+ view_set_draw_callback(plugin_state->view, nested_draw_callback);
+ view_set_input_callback(plugin_state->view, nested_input_callback);
+
+ view_set_draw_callback(keys_state->view, check_keys_draw_callback);
+ view_set_input_callback(keys_state->view, nested_input_callback);
+
+ mifare_nested->collecting_type = MifareNestedWorkerStateReady;
+ mifare_nested->run = NestedRunIdle;
+
+ return mifare_nested;
+}
+
+void mifare_nested_free(MifareNested* mifare_nested) {
+ furi_assert(mifare_nested);
+
+ // Nfc device
+ nfc_device_free(mifare_nested->nfc_dev);
+
+ // Submenu
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewMenu);
+ submenu_free(mifare_nested->submenu);
+
+ // Popup
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewPopup);
+ popup_free(mifare_nested->popup);
+
+ // Loading
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewLoading);
+ loading_free(mifare_nested->loading);
+
+ // TextInput
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewTextInput);
+ text_input_free(mifare_nested->text_input);
+
+ // Custom Widget
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+ widget_free(mifare_nested->widget);
+
+ // Variable Item List
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewVariableList);
+ variable_item_list_free(mifare_nested->variable_item_list);
+
+ // Nested
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewCollecting);
+
+ // Check keys
+ view_dispatcher_remove_view(mifare_nested->view_dispatcher, MifareNestedViewCheckKeys);
+
+ // Nonces states
+ free(mifare_nested->nonces);
+ free(mifare_nested->nested_state);
+
+ // Keys
+ free(mifare_nested->keys);
+
+ // Settings
+ free(mifare_nested->settings);
+
+ // Worker
+ mifare_nested_worker_stop(mifare_nested->worker);
+ mifare_nested_worker_free(mifare_nested->worker);
+
+ // View Dispatcher
+ view_dispatcher_free(mifare_nested->view_dispatcher);
+
+ // Scene Manager
+ scene_manager_free(mifare_nested->scene_manager);
+
+ // GUI
+ furi_record_close(RECORD_GUI);
+ mifare_nested->gui = NULL;
+
+ // Notifications
+ furi_record_close(RECORD_NOTIFICATION);
+ mifare_nested->notifications = NULL;
+
+ free(mifare_nested);
+}
+
+void mifare_nested_blink_start(MifareNested* mifare_nested) {
+ notification_message(mifare_nested->notifications, &mifare_nested_sequence_blink_start_blue);
+}
+
+void mifare_nested_blink_calibration_start(MifareNested* mifare_nested) {
+ notification_message(
+ mifare_nested->notifications, &mifare_nested_sequence_blink_start_magenta);
+}
+
+void mifare_nested_blink_nonce_collection_start(MifareNested* mifare_nested) {
+ notification_message(mifare_nested->notifications, &mifare_nested_sequence_blink_start_yellow);
+}
+
+void mifare_nested_blink_stop(MifareNested* mifare_nested) {
+ notification_message(mifare_nested->notifications, &mifare_nested_sequence_blink_stop);
+}
+
+int32_t mifare_nested_app(void* p) {
+ UNUSED(p);
+ MifareNested* mifare_nested = mifare_nested_alloc();
+
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneStart);
+
+ view_dispatcher_run(mifare_nested->view_dispatcher);
+
+ mifare_nested_free(mifare_nested);
+
+ return 0;
+}
diff --git a/applications/external/mifare_nested/mifare_nested.h b/applications/external/mifare_nested/mifare_nested.h
new file mode 100644
index 000000000..a59a5b8ca
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested.h
@@ -0,0 +1,3 @@
+#pragma once
+
+typedef struct MifareNested MifareNested;
diff --git a/applications/external/mifare_nested/mifare_nested_i.h b/applications/external/mifare_nested/mifare_nested_i.h
new file mode 100644
index 000000000..59aab5825
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested_i.h
@@ -0,0 +1,180 @@
+#pragma once
+#include "mifare_nested.h"
+#include "mifare_nested_worker.h"
+#include "lib/nested/nested.h"
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "scenes/mifare_nested_scene.h"
+#include
+#include
+#include
+#include
+#include
+#include "mifare_nested_icons.h"
+
+#define NESTED_VERSION_APP "1.4.6"
+#define NESTED_GITHUB_LINK "https://github.com/AloneLiberty/FlipperNested"
+#define NESTED_RECOVER_KEYS_GITHUB_LINK "https://github.com/AloneLiberty/FlipperNestedRecovery"
+#define NESTED_NONCE_FORMAT_VERSION "3"
+#define NESTED_AUTHOR "@AloneLiberty (t.me/libertydev)"
+
+enum MifareNestedCustomEvent {
+ // Reserve first 100 events for button types and indexes, starting from 0
+ MifareNestedCustomEventReserved = 100,
+
+ MifareNestedCustomEventViewExit,
+ MifareNestedCustomEventWorkerExit,
+ MifareNestedCustomEventByteInputDone,
+ MifareNestedCustomEventTextInputDone,
+ MifareNestedCustomEventSceneSettingLock
+};
+
+typedef void (*NestedCallback)(void* context);
+
+typedef struct {
+ FuriMutex* mutex;
+ FuriMessageQueue* event_queue;
+ ViewPort* view_port;
+ View* view;
+ NestedCallback callback;
+ void* context;
+} NestedState;
+
+typedef void (*CheckKeysCallback)(void* context);
+
+typedef struct {
+ FuriMutex* mutex;
+ FuriMessageQueue* event_queue;
+ ViewPort* view_port;
+ View* view;
+ CheckKeysCallback callback;
+ void* context;
+} CheckKeysState;
+
+typedef enum {
+ EventTypeTick,
+ EventTypeKey,
+} EventType;
+
+typedef struct {
+ EventType type;
+ InputEvent input;
+} PluginEvent;
+
+typedef struct {
+ bool only_hardnested;
+} MifareNestedSettings;
+
+typedef enum { NestedRunIdle, NestedRunCheckKeys, NestedRunAttack } NestedRunNext;
+
+struct MifareNested {
+ MifareNestedWorker* worker;
+ ViewDispatcher* view_dispatcher;
+ Gui* gui;
+ NotificationApp* notifications;
+ SceneManager* scene_manager;
+ NfcDevice* nfc_dev;
+ VariableItemList* variable_item_list;
+ MifareNestedSettings* settings;
+ FuriString* text_box_store;
+
+ // Common Views
+ Submenu* submenu;
+ Popup* popup;
+ Loading* loading;
+ TextInput* text_input;
+ Widget* widget;
+
+ NonceList_t* nonces;
+ KeyInfo_t* keys;
+
+ NestedState* nested_state;
+ CheckKeysState* keys_state;
+
+ MifareNestedWorkerState collecting_type;
+
+ NestedRunNext run;
+};
+
+typedef enum {
+ MifareNestedViewMenu,
+ MifareNestedViewPopup,
+ MifareNestedViewLoading,
+ MifareNestedViewTextInput,
+ MifareNestedViewWidget,
+ MifareNestedViewVariableList,
+ MifareNestedViewCollecting,
+ MifareNestedViewCheckKeys,
+} MifareNestedView;
+
+typedef struct {
+ FuriString* header;
+ uint32_t keys_count;
+ uint32_t nonces_collected;
+ uint32_t hardnested_states;
+ bool lost_tag;
+ bool calibrating;
+ bool need_prediction;
+ bool hardnested;
+} NestedAttackViewModel;
+
+typedef struct {
+ FuriString* header;
+ uint32_t keys_count;
+ uint32_t keys_checked;
+ uint32_t keys_found;
+ uint32_t keys_total;
+ bool lost_tag;
+ bool processing_keys;
+} CheckKeysViewModel;
+
+static const NotificationSequence mifare_nested_sequence_blink_start_blue = {
+ &message_blink_start_10,
+ &message_blink_set_color_blue,
+ &message_do_not_reset,
+ NULL,
+};
+
+static const NotificationSequence mifare_nested_sequence_blink_start_magenta = {
+ &message_blink_start_10,
+ &message_blink_set_color_magenta,
+ &message_do_not_reset,
+ NULL,
+};
+
+static const NotificationSequence mifare_nested_sequence_blink_start_yellow = {
+ &message_blink_start_10,
+ &message_blink_set_color_yellow,
+ &message_do_not_reset,
+ NULL,
+};
+
+static const NotificationSequence mifare_nested_sequence_blink_stop = {
+ &message_blink_stop,
+ NULL,
+};
+
+MifareNested* mifare_nested_alloc();
+
+void mifare_nested_text_store_set(MifareNested* mifare_nested, const char* text, ...);
+
+void mifare_nested_text_store_clear(MifareNested* mifare_nested);
+
+void mifare_nested_blink_start(MifareNested* mifare_nested);
+
+void mifare_nested_blink_calibration_start(MifareNested* mifare_nested);
+
+void mifare_nested_blink_nonce_collection_start(MifareNested* mifare_nested);
+
+void mifare_nested_blink_stop(MifareNested* mifare_nested);
+
+void mifare_nested_show_loading_popup(void* context, bool show);
diff --git a/applications/external/mifare_nested/mifare_nested_worker.c b/applications/external/mifare_nested/mifare_nested_worker.c
new file mode 100644
index 000000000..56d2f2427
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested_worker.c
@@ -0,0 +1,1663 @@
+#include "mifare_nested_worker_i.h"
+
+#include "lib/nested/nested.h"
+#include "lib/parity/parity.h"
+#include
+
+#include
+#include
+#include
+#include "string.h"
+#include
+#include
+
+#define TAG "MifareNestedWorker"
+
+// possible sum property values
+static uint16_t sums[] =
+ {0, 32, 56, 64, 80, 96, 104, 112, 120, 128, 136, 144, 152, 160, 176, 192, 200, 224, 256};
+
+void mifare_nested_worker_change_state(
+ MifareNestedWorker* mifare_nested_worker,
+ MifareNestedWorkerState state) {
+ furi_assert(mifare_nested_worker);
+
+ mifare_nested_worker->state = state;
+}
+
+MifareNestedWorker* mifare_nested_worker_alloc() {
+ MifareNestedWorker* mifare_nested_worker = malloc(sizeof(MifareNestedWorker));
+
+ // Worker thread attributes
+ mifare_nested_worker->thread = furi_thread_alloc_ex(
+ "MifareNestedWorker", 8192, mifare_nested_worker_task, mifare_nested_worker);
+
+ mifare_nested_worker->callback = NULL;
+ mifare_nested_worker->context = NULL;
+
+ mifare_nested_worker_change_state(mifare_nested_worker, MifareNestedWorkerStateReady);
+
+ return mifare_nested_worker;
+}
+
+void mifare_nested_worker_free(MifareNestedWorker* mifare_nested_worker) {
+ furi_assert(mifare_nested_worker);
+
+ furi_thread_free(mifare_nested_worker->thread);
+ free(mifare_nested_worker);
+}
+
+void mifare_nested_worker_stop(MifareNestedWorker* mifare_nested_worker) {
+ furi_assert(mifare_nested_worker);
+
+ mifare_nested_worker_change_state(mifare_nested_worker, MifareNestedWorkerStateStop);
+ furi_thread_join(mifare_nested_worker->thread);
+}
+
+void mifare_nested_worker_start(
+ MifareNestedWorker* mifare_nested_worker,
+ MifareNestedWorkerState state,
+ NfcDeviceData* dev_data,
+ MifareNestedWorkerCallback callback,
+ void* context) {
+ furi_assert(mifare_nested_worker);
+ furi_assert(dev_data);
+
+ mifare_nested_worker->callback = callback;
+ mifare_nested_worker->context = context;
+ mifare_nested_worker->dev_data = dev_data;
+ mifare_nested_worker_change_state(mifare_nested_worker, state);
+ furi_thread_start(mifare_nested_worker->thread);
+}
+
+int32_t mifare_nested_worker_task(void* context) {
+ MifareNestedWorker* mifare_nested_worker = context;
+
+ if(mifare_nested_worker->state == MifareNestedWorkerStateCheck) {
+ mifare_nested_worker_check(mifare_nested_worker);
+ } else if(mifare_nested_worker->state == MifareNestedWorkerStateCollectingStatic) {
+ mifare_nested_worker_collect_nonces_static(mifare_nested_worker);
+ } else if(mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
+ mifare_nested_worker_collect_nonces(mifare_nested_worker);
+ } else if(mifare_nested_worker->state == MifareNestedWorkerStateCollectingHard) {
+ mifare_nested_worker_collect_nonces_hard(mifare_nested_worker);
+ } else if(mifare_nested_worker->state == MifareNestedWorkerStateValidating) {
+ mifare_nested_worker_check_keys(mifare_nested_worker);
+ }
+
+ mifare_nested_worker_change_state(mifare_nested_worker, MifareNestedWorkerStateReady);
+
+ return 0;
+}
+
+void mifare_nested_worker_write_uid_string(FuriHalNfcDevData* data, FuriString* string) {
+ uint8_t* uid = data->uid;
+ uint8_t uid_len = data->uid_len;
+
+ for(size_t i = 0; i < uid_len; i++) {
+ uint8_t uid_part = uid[i];
+ furi_string_cat_printf(string, "%02X", uid_part);
+ }
+}
+
+void mifare_nested_worker_get_key_cache_file_path(FuriHalNfcDevData* data, FuriString* file_path) {
+ furi_string_set(file_path, EXT_PATH("nfc/.cache") "/");
+
+ mifare_nested_worker_write_uid_string(data, file_path);
+
+ furi_string_cat_printf(file_path, ".keys");
+}
+
+void mifare_nested_worker_get_nonces_file_path(FuriHalNfcDevData* data, FuriString* file_path) {
+ furi_string_set(file_path, NESTED_FOLDER "/");
+
+ mifare_nested_worker_write_uid_string(data, file_path);
+
+ furi_string_cat_printf(file_path, ".nonces");
+}
+
+void mifare_nested_worker_get_found_keys_file_path(FuriHalNfcDevData* data, FuriString* file_path) {
+ furi_string_set(file_path, NESTED_FOLDER "/");
+
+ mifare_nested_worker_write_uid_string(data, file_path);
+
+ furi_string_cat_printf(file_path, ".keys");
+}
+
+void mifare_nested_worker_get_hardnested_folder_path(
+ FuriHalNfcDevData* data,
+ FuriString* file_path) {
+ furi_string_set(file_path, NESTED_FOLDER "/");
+
+ mifare_nested_worker_write_uid_string(data, file_path);
+}
+
+void mifare_nested_worker_get_hardnested_file_path(
+ FuriHalNfcDevData* data,
+ FuriString* file_path,
+ uint8_t sector,
+ uint8_t key_type) {
+ mifare_nested_worker_get_hardnested_folder_path(data, file_path);
+
+ furi_string_cat_printf(file_path, "/%u_%u.nonces", sector, key_type);
+}
+
+uint8_t mifare_nested_worker_get_block_by_sector(uint8_t sector) {
+ furi_assert(sector < 40);
+ if(sector < 32) {
+ return (sector * 4) + 3;
+ } else {
+ return 32 * 4 + (sector - 32) * 16 + 15;
+ }
+}
+
+static MfClassicSectorTrailer*
+ mifare_nested_worker_get_sector_trailer_by_sector(MfClassicData* data, uint8_t sector) {
+ return (MfClassicSectorTrailer*)data->block[mifare_nested_worker_get_block_by_sector(sector)]
+ .value;
+}
+
+bool mifare_nested_worker_read_key_cache(FuriHalNfcDevData* data, MfClassicData* mf_data) {
+ Storage* storage = furi_record_open(RECORD_STORAGE);
+ FuriString* temp_str = furi_string_alloc();
+ mifare_nested_worker_get_key_cache_file_path(data, temp_str);
+ FlipperFormat* file = flipper_format_file_alloc(storage);
+ bool load_success = false;
+ uint32_t sector_count = 0;
+
+ do {
+ if(storage_common_stat(storage, furi_string_get_cstr(temp_str), NULL) != FSE_OK) break;
+
+ if(!flipper_format_file_open_existing(file, furi_string_get_cstr(temp_str))) break;
+
+ uint32_t version = 0;
+
+ if(!flipper_format_read_header(file, temp_str, &version)) break;
+ if(furi_string_cmp_str(temp_str, "Flipper NFC keys")) break;
+
+ if(version != 1) break;
+
+ if(!flipper_format_read_string(file, "Mifare Classic type", temp_str)) break;
+
+ if(!furi_string_cmp(temp_str, "1K")) {
+ mf_data->type = MfClassicType1k;
+ sector_count = 16;
+ } else if(!furi_string_cmp(temp_str, "4K")) {
+ mf_data->type = MfClassicType4k;
+ sector_count = 40;
+ } else if(!furi_string_cmp(temp_str, "MINI")) {
+ mf_data->type = MfClassicTypeMini;
+ sector_count = 5;
+ } else {
+ break;
+ }
+
+ if(!flipper_format_read_hex_uint64(file, "Key A map", &mf_data->key_a_mask, 1)) break;
+ if(!flipper_format_read_hex_uint64(file, "Key B map", &mf_data->key_b_mask, 1)) break;
+
+ bool key_read_success = true;
+
+ for(size_t i = 0; (i < sector_count) && (key_read_success); i++) {
+ MfClassicSectorTrailer* sec_tr =
+ mifare_nested_worker_get_sector_trailer_by_sector(mf_data, i);
+
+ if(FURI_BIT(mf_data->key_a_mask, i)) {
+ furi_string_printf(temp_str, "Key A sector %d", i);
+ key_read_success = flipper_format_read_hex(
+ file, furi_string_get_cstr(temp_str), sec_tr->key_a, 6);
+ }
+
+ if(!key_read_success) break;
+
+ if(FURI_BIT(mf_data->key_b_mask, i)) {
+ furi_string_printf(temp_str, "Key B sector %d", i);
+ key_read_success = flipper_format_read_hex(
+ file, furi_string_get_cstr(temp_str), sec_tr->key_b, 6);
+ }
+ }
+
+ load_success = key_read_success;
+ } while(false);
+
+ furi_string_free(temp_str);
+ flipper_format_free(file);
+
+ return load_success;
+}
+
+bool hex_char_to_hex_nibble(char c, uint8_t* nibble) {
+ if((c >= '0' && c <= '9') || (c >= 'A' && c <= 'F') || (c >= 'a' && c <= 'f')) {
+ if(c <= '9') {
+ *nibble = c - '0';
+ } else if(c <= 'F') {
+ *nibble = c - 'A' + 10;
+ } else {
+ *nibble = c - 'a' + 10;
+ }
+ return true;
+ } else {
+ return false;
+ }
+}
+
+bool hex_char_to_uint8(char hi, char low, uint8_t* value) {
+ uint8_t hi_nibble_value, low_nibble_value;
+
+ if(hex_char_to_hex_nibble(hi, &hi_nibble_value) &&
+ hex_char_to_hex_nibble(low, &low_nibble_value)) {
+ *value = (hi_nibble_value << 4) | low_nibble_value;
+ return true;
+ } else {
+ return false;
+ }
+}
+
+void free_nonces(NonceList_t* nonces, uint8_t sector_count, uint8_t tries_count) {
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ for(uint8_t key_type = 0; key_type < 2; key_type++) {
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ free(nonces->nonces[sector][key_type][tries]);
+ }
+ }
+ }
+}
+
+MfClassicType mifare_nested_worker_get_tag_type(uint8_t ATQA0, uint8_t ATQA1, uint8_t SAK) {
+ UNUSED(ATQA1);
+ if((ATQA0 == 0x44 || ATQA0 == 0x04)) {
+ if((SAK == 0x08 || SAK == 0x88)) {
+ return MfClassicType1k;
+ } else if(SAK == 0x09) {
+ return MfClassicTypeMini;
+ }
+ } else if((ATQA0 == 0x01) && (ATQA1 == 0x0F) && (SAK == 0x01)) {
+ //skylanders support
+ return MfClassicType1k;
+ } else if((ATQA0 == 0x42 || ATQA0 == 0x02) && (SAK == 0x18)) {
+ return MfClassicType4k;
+ }
+ return MfClassicType1k;
+}
+
+uint32_t mifare_nested_worker_predict_delay(
+ FuriHalNfcTxRxContext* tx_rx,
+ uint8_t blockNo,
+ uint8_t keyType,
+ uint64_t ui64Key,
+ uint32_t tries,
+ MifareNestedWorker* mifare_nested_worker) {
+ uint32_t cuid = 0;
+ Crypto1* crypto = malloc(sizeof(Crypto1));
+ uint32_t nt1, nt2, i = 0, previous = 0, prng_delay = 0, zero_prng_value = 65565, repeat = 0;
+
+ if(tries > 25) {
+ free(crypto);
+ return 2; // Too many tries, fallback to hardnested
+ }
+
+ // This part of attack is my attempt to implement it on Flipper.
+ // Proxmark can do this in 2 fucking steps, but idk how.
+
+ // First, we find RPNG rounds per 1000 us
+ for(uint32_t rtr = 0; rtr < 25; rtr++) {
+ if(mifare_nested_worker->state != MifareNestedWorkerStateCollecting) {
+ free(crypto);
+ return 1;
+ }
+
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) break;
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ furi_delay_us(rtr * 1000);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, true, &nt2);
+
+ // Searching for delay, where PRNG will be near 800
+ uint32_t nttmp = prng_successor(nt1, 100);
+
+ for(i = 101; i < 65565; i++) {
+ nttmp = prng_successor(nttmp, 1);
+ if(nttmp == nt2) break;
+ }
+
+ if(!rtr) {
+ zero_prng_value = i;
+ }
+
+ if(previous && i > previous && i != 65565) {
+ if(!prng_delay) {
+ prng_delay = i - previous;
+ } else if(prng_delay - 100 > i - previous && prng_delay + 100 < i - previous) {
+ prng_delay += i - previous;
+ prng_delay /= 2;
+ }
+ }
+
+ previous = i;
+
+ FURI_LOG_D(TAG, "Calibrating: ntdist=%lu, delay=%lu", i, rtr * 1000);
+
+ // Let's hope...
+ if(i > 810 && i < 840) {
+ free(crypto);
+ return rtr * 1000;
+ }
+ }
+
+ FURI_LOG_D(TAG, "PRNG timing: growth ratio per 1000 us = %lu", prng_delay);
+
+ // Next, we try to calculate time until PRNG near 800 with more perfect timing
+ // Mifare Classic (weak) RPNG repeats every 65565 PRNG cycles
+
+ if(zero_prng_value == 65565) {
+ free(crypto);
+ // PRNG isn't pretictable
+ return 1;
+ }
+
+ uint32_t cycles_to_reset = (65565 - zero_prng_value) / prng_delay;
+
+ uint32_t limit = 7;
+
+ for(uint32_t rtr = cycles_to_reset - 1; rtr < cycles_to_reset + limit; rtr++) {
+ for(uint32_t rtz = 0; rtz < 100; rtz++) {
+ if(mifare_nested_worker->state != MifareNestedWorkerStateCollecting) {
+ free(crypto);
+ return 1;
+ }
+
+ nfc_activate();
+ if(!furi_hal_nfc_activate_nfca(200, &cuid)) break;
+
+ uint32_t delay = rtr * 1000 + rtz * 10;
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, false, &nt1);
+
+ furi_delay_us(delay);
+
+ mifare_classic_authex(crypto, tx_rx, cuid, blockNo, keyType, ui64Key, true, &nt2);
+
+ // Searching for delay, where PRNG will be near 800
+ uint32_t nttmp = prng_successor(nt1, 0);
+
+ for(i = 1; i < 65565; i++) {
+ nttmp = prng_successor(nttmp, 1);
+ if(nttmp == nt2) break;
+ }
+
+ if(!(i > previous - 50 && i < previous + 50) && rtz) {
+ repeat++;
+
+ if(repeat < 5) {
+ FURI_LOG_D(TAG, "Invalid RPNG value: ntdist=%lu", i);
+
+ continue;
+ }
+ }
+
+ if(i > 2000 && i < 65500) {
+ uint32_t catch_cycles = (65565 - i) / prng_delay;
+ if(catch_cycles > 2) {
+ catch_cycles++;
+
+ FURI_LOG_D(
+ TAG,
+ "Trying a more accurate value: skipping additional %lu us",
+ catch_cycles * 1000);
+ limit += catch_cycles + 2;
+ rtr += catch_cycles;
+ }
+ }
+
+ FURI_LOG_D(
+ TAG,
+ "Calibrating: ntdist=%lu, delay=%lu, max=%lu",
+ i,
+ delay,
+ (cycles_to_reset + limit) * 1000);
+
+ repeat = 0;
+ previous = i;
+
+ if(i > 810 && i < 840) {
+ free(crypto);
+ FURI_LOG_I(TAG, "Found delay: %lu us", delay);
+ return delay;
+ } else if(i > 840 && i < 40000) {
+ FURI_LOG_D(TAG, "Trying again: timing lost");
+ tries++;
+ free(crypto);
+ return mifare_nested_worker_predict_delay(
+ tx_rx, blockNo, keyType, ui64Key, tries, mifare_nested_worker);
+ }
+ }
+ }
+
+ if(i > 1000 && i < 65000) {
+ FURI_LOG_D(TAG, "Trying again: wrong predicted timing");
+ tries++;
+ free(crypto);
+ return mifare_nested_worker_predict_delay(
+ tx_rx, blockNo, keyType, ui64Key, tries, mifare_nested_worker);
+ }
+
+ free(crypto);
+
+ return 1;
+}
+
+void mifare_nested_worker_write_nonces(
+ FuriHalNfcDevData* data,
+ Storage* storage,
+ NonceList_t* nonces,
+ uint8_t tries_count,
+ uint8_t free_tries_count,
+ uint8_t sector_count,
+ uint32_t delay,
+ uint32_t distance) {
+ FuriString* path = furi_string_alloc();
+ Stream* file_stream = file_stream_alloc(storage);
+ mifare_nested_worker_get_nonces_file_path(data, path);
+
+ file_stream_open(file_stream, furi_string_get_cstr(path), FSAM_READ_WRITE, FSOM_CREATE_ALWAYS);
+
+ FuriString* header = furi_string_alloc_printf(
+ "Filetype: Flipper Nested Nonce Manifest File\nVersion: %s\nNote: you will need desktop app to recover keys: %s\n",
+ NESTED_NONCE_FORMAT_VERSION,
+ NESTED_RECOVER_KEYS_GITHUB_LINK);
+ stream_write_string(file_stream, header);
+
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ for(uint8_t key_type = 0; key_type < 2; key_type++) {
+ if(nonces->nonces[sector][key_type][tries]->collected &&
+ !nonces->nonces[sector][key_type][tries]->skipped) {
+ if(nonces->nonces[sector][key_type][tries]->hardnested) {
+ FuriString* path = furi_string_alloc();
+ mifare_nested_worker_get_hardnested_file_path(
+ data, path, sector, key_type);
+
+ FuriString* str = furi_string_alloc_printf(
+ "HardNested: Key %c cuid 0x%08lx file %s sec %u\n",
+ !key_type ? 'A' : 'B',
+ nonces->cuid,
+ furi_string_get_cstr(path),
+ sector);
+
+ stream_write_string(file_stream, str);
+
+ furi_string_free(path);
+ furi_string_free(str);
+ } else {
+ FuriString* str = furi_string_alloc_printf(
+ "Nested: Key %c cuid 0x%08lx", !key_type ? 'A' : 'B', nonces->cuid);
+
+ for(uint8_t type = 0; type < 2; type++) {
+ furi_string_cat_printf(
+ str,
+ " nt%u 0x%08lx ks%u 0x%08lx par%u ",
+ type,
+ nonces->nonces[sector][key_type][tries]->target_nt[type],
+ type,
+ nonces->nonces[sector][key_type][tries]->target_ks[type],
+ type);
+
+ uint8_t* par = nonces->nonces[sector][key_type][tries]->parity[type];
+ for(uint8_t i = 0; i < 4; i++) {
+ furi_string_cat_printf(str, "%u", par[i]);
+ }
+ }
+
+ furi_string_cat_printf(str, " sec %u\n", sector);
+
+ stream_write_string(file_stream, str);
+ furi_string_free(str);
+ }
+ }
+ }
+ }
+ }
+
+ if(delay) {
+ FuriString* str =
+ furi_string_alloc_printf("Nested: Delay %lu, distance %lu", delay, distance);
+
+ stream_write_string(file_stream, str);
+ furi_string_free(str);
+ }
+
+ free_nonces(nonces, sector_count, free_tries_count);
+ furi_string_free(path);
+ file_stream_close(file_stream);
+ free(file_stream);
+ furi_record_close(RECORD_STORAGE);
+}
+
+bool mifare_nested_worker_check_initial_keys(
+ NonceList_t* nonces,
+ MfClassicData* mf_data,
+ uint8_t tries_count,
+ uint8_t sector_count,
+ uint64_t* key,
+ uint32_t* key_block,
+ uint32_t* found_key_type) {
+ bool has_a_key, has_b_key;
+ FuriHalNfcTxRxContext tx_rx = {};
+
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ for(uint8_t key_type = 0; key_type < 2; key_type++) {
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ Nonces* info = malloc(sizeof(Nonces));
+ info->key_type = key_type;
+ info->block = mifare_nested_worker_get_block_by_sector(sector);
+ info->collected = false;
+ info->skipped = true;
+
+ nonces->nonces[sector][key_type][tries] = info;
+ }
+ }
+ }
+
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ MfClassicSectorTrailer* trailer =
+ mifare_nested_worker_get_sector_trailer_by_sector(mf_data, sector);
+ has_a_key = FURI_BIT(mf_data->key_a_mask, sector);
+ has_b_key = FURI_BIT(mf_data->key_b_mask, sector);
+
+ if(has_a_key) {
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ Nonces* info = nonces->nonces[sector][0][tries];
+ info->collected = true;
+ info->skipped = true;
+
+ nonces->nonces[sector][0][tries] = info;
+ }
+
+ if(*key_block == 0) {
+ uint64_t key_check = nfc_util_bytes2num(trailer->key_a, 6);
+ if(nested_check_key(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), 0, key_check) ==
+ NestedCheckKeyValid) {
+ *key = key_check;
+ *key_block = mifare_nested_worker_get_block_by_sector(sector);
+ *found_key_type = 0;
+ }
+ }
+ }
+
+ if(has_b_key) {
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ Nonces* info = nonces->nonces[sector][1][tries];
+ info->collected = true;
+ info->skipped = true;
+
+ nonces->nonces[sector][1][tries] = info;
+ }
+
+ if(*key_block == 0) {
+ uint64_t key_check = nfc_util_bytes2num(trailer->key_b, 6);
+ if(nested_check_key(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), 1, key_check) ==
+ NestedCheckKeyValid) {
+ *key = key_check;
+ *key_block = mifare_nested_worker_get_block_by_sector(sector);
+ *found_key_type = 1;
+ }
+ }
+ }
+ }
+
+ nonces->cuid = 0;
+ nonces->hardnested_states = 0;
+ nonces->sector_count = sector_count;
+ nonces->tries = tries_count;
+
+ return *key_block;
+}
+
+void mifare_nested_worker_check(MifareNestedWorker* mifare_nested_worker) {
+ while(mifare_nested_worker->state == MifareNestedWorkerStateCheck) {
+ FuriHalNfcTxRxContext tx_rx = {};
+ NfcDevice* dev = mifare_nested_worker->context->nfc_dev;
+ MfClassicData* mf_data = &dev->dev_data.mf_classic_data;
+ FuriHalNfcDevData data = {};
+ MifareNestedNonceType type = MifareNestedNonceNoTag;
+ nested_get_data(&data);
+
+ if(mifare_nested_worker_read_key_cache(&data, mf_data)) {
+ for(uint8_t sector = 0; sector < 40; sector++) {
+ if(FURI_BIT(mf_data->key_a_mask, sector) ||
+ FURI_BIT(mf_data->key_b_mask, sector)) {
+ type = nested_check_nonce_type(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector));
+ break;
+ }
+ }
+
+ if(type == MifareNestedNonceNoTag) {
+ type = nested_check_nonce_type(&tx_rx, 0);
+ }
+ } else {
+ type = nested_check_nonce_type(&tx_rx, 0);
+ }
+
+ if(type == MifareNestedNonceStatic) {
+ mifare_nested_worker->context->collecting_type =
+ MifareNestedWorkerStateCollectingStatic;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventCollecting, mifare_nested_worker->context);
+
+ break;
+ } else if(type == MifareNestedNonceWeak) {
+ mifare_nested_worker->context->collecting_type = MifareNestedWorkerStateCollecting;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventCollecting, mifare_nested_worker->context);
+
+ break;
+ } else if(type == MifareNestedNonceHard) {
+ mifare_nested_worker->context->collecting_type = MifareNestedWorkerStateCollectingHard;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventCollecting, mifare_nested_worker->context);
+
+ break;
+ }
+
+ furi_delay_ms(250);
+ }
+
+ nfc_deactivate();
+}
+
+void mifare_nested_worker_collect_nonces_static(MifareNestedWorker* mifare_nested_worker) {
+ NonceList_t nonces;
+ Storage* storage = furi_record_open(RECORD_STORAGE);
+ NfcDevice* dev = mifare_nested_worker->context->nfc_dev;
+ MfClassicData* mf_data = &dev->dev_data.mf_classic_data;
+ FuriString* folder_path = furi_string_alloc();
+ FuriHalNfcDevData data = {};
+ nested_get_data(&data);
+ MfClassicType type = mifare_nested_worker_get_tag_type(data.atqa[0], data.atqa[1], data.sak);
+ uint64_t key = 0; // Found key for attack
+ uint32_t found_key_type = 0;
+ uint32_t key_block = 0;
+ uint32_t sector_count = 0;
+
+ FURI_LOG_I(TAG, "Running Static Nested attack");
+ FuriString* tag_info = furi_string_alloc_printf("Tag UID: ");
+ mifare_nested_worker_write_uid_string(&data, tag_info);
+ FURI_LOG_I(TAG, "%s", furi_string_get_cstr(tag_info));
+ furi_string_free(tag_info);
+
+ if(type == MfClassicType4k) {
+ sector_count = 40;
+ FURI_LOG_I(TAG, "Found Mifare Classic 4K tag");
+ } else if(type == MfClassicType1k) {
+ sector_count = 16;
+ FURI_LOG_I(TAG, "Found Mifare Classic 1K tag");
+ } else { // if(type == MfClassicTypeMini)
+ sector_count = 5;
+ FURI_LOG_I(TAG, "Found Mifare Classic Mini tag");
+ }
+
+ furi_string_set(folder_path, NESTED_FOLDER);
+ storage_common_mkdir(storage, furi_string_get_cstr(folder_path));
+ furi_string_free(folder_path);
+
+ if(!mifare_nested_worker_read_key_cache(&data, mf_data) ||
+ !mifare_nested_worker_check_initial_keys(
+ &nonces, mf_data, 1, sector_count, &key, &key_block, &found_key_type)) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedKey, mifare_nested_worker->context);
+ nfc_deactivate();
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 1);
+
+ return;
+ }
+
+ FURI_LOG_I(
+ TAG, "Using %c key for block %lu: %012llX", !found_key_type ? 'A' : 'B', key_block, key);
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateCollectingStatic) {
+ FuriHalNfcTxRxContext tx_rx = {};
+
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ for(uint8_t key_type = 0; key_type < 2; key_type++) {
+ Nonces* info = nonces.nonces[sector][key_type][0];
+
+ if(info->collected) {
+ FURI_LOG_I(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we already have a key",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][0] = info;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+ continue;
+ }
+
+ if(!nested_check_block(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), key_type)) {
+ FURI_LOG_E(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we can't auth on it",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][0] = info;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ while(!info->collected) {
+ if(mifare_nested_worker->state != MifareNestedWorkerStateCollectingStatic) {
+ break;
+ }
+
+ struct nonce_info_static result = nested_static_nonce_attack(
+ &tx_rx,
+ key_block,
+ found_key_type,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type,
+ key);
+ if(result.full) {
+ FURI_LOG_I(
+ TAG,
+ "Accured nonces for sector %u, block %u, key_type: %u",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info = nonces.nonces[sector][key_type][0];
+ info->collected = true;
+ info->skipped = false;
+
+ memcpy(&info->target_nt, result.target_nt, sizeof(result.target_nt));
+ memcpy(&info->target_ks, result.target_ks, sizeof(result.target_ks));
+
+ nonces.nonces[sector][key_type][0] = info;
+ nonces.cuid = result.cuid;
+ nonces.sector_count = sector_count;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+ break;
+ } else {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoTagDetected, mifare_nested_worker->context);
+ }
+ }
+ }
+ }
+
+ break;
+ }
+
+ mifare_nested_worker_write_nonces(&data, storage, &nonces, 1, 1, sector_count, 0, 0);
+
+ free(mf_data);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoncesCollected, mifare_nested_worker->context);
+
+ nfc_deactivate();
+}
+
+void mifare_nested_worker_collect_nonces_hard(MifareNestedWorker* mifare_nested_worker) {
+ NonceList_t nonces;
+ Storage* storage = furi_record_open(RECORD_STORAGE);
+ NfcDevice* dev = mifare_nested_worker->context->nfc_dev;
+ MfClassicData* mf_data = &dev->dev_data.mf_classic_data;
+ FuriString* folder_path = furi_string_alloc();
+ FuriHalNfcDevData data = {};
+ nested_get_data(&data);
+ MfClassicType type = mifare_nested_worker_get_tag_type(data.atqa[0], data.atqa[1], data.sak);
+ uint64_t key = 0; // Found key for attack
+ uint32_t found_key_type = 0;
+ uint32_t key_block = 0;
+ uint32_t sector_count = 0;
+ uint32_t cuid = 0;
+ furi_hal_nfc_activate_nfca(200, &cuid);
+
+ FURI_LOG_I(TAG, "Running Hard Nested attack");
+ FuriString* tag_info = furi_string_alloc_printf("Tag UID: ");
+ mifare_nested_worker_write_uid_string(&data, tag_info);
+ FURI_LOG_I(TAG, "%s", furi_string_get_cstr(tag_info));
+ furi_string_free(tag_info);
+
+ if(type == MfClassicType4k) {
+ sector_count = 40;
+ FURI_LOG_I(TAG, "Found Mifare Classic 4K tag");
+ } else if(type == MfClassicType1k) {
+ sector_count = 16;
+ FURI_LOG_I(TAG, "Found Mifare Classic 1K tag");
+ } else { // if(type == MfClassicTypeMini)
+ sector_count = 5;
+ FURI_LOG_I(TAG, "Found Mifare Classic Mini tag");
+ }
+
+ furi_string_set(folder_path, NESTED_FOLDER);
+ storage_common_mkdir(storage, furi_string_get_cstr(folder_path));
+ mifare_nested_worker_get_hardnested_folder_path(&data, folder_path);
+ storage_common_mkdir(storage, furi_string_get_cstr(folder_path));
+ furi_string_free(folder_path);
+
+ if(!mifare_nested_worker_read_key_cache(&data, mf_data) ||
+ !mifare_nested_worker_check_initial_keys(
+ &nonces, mf_data, 1, sector_count, &key, &key_block, &found_key_type)) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedKey, mifare_nested_worker->context);
+ nfc_deactivate();
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 1);
+
+ return;
+ }
+
+ FURI_LOG_I(
+ TAG, "Using %c key for block %lu: %012llX", !found_key_type ? 'A' : 'B', key_block, key);
+
+ FuriHalNfcTxRxContext tx_rx = {};
+ nonces.tries = 1;
+ nonces.hardnested_states = 0;
+ nonces.sector_count = sector_count;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventHardnestedStatesFound, mifare_nested_worker->context);
+
+ for(uint8_t sector = 0; sector < sector_count &&
+ mifare_nested_worker->state == MifareNestedWorkerStateCollectingHard;
+ sector++) {
+ for(uint8_t key_type = 0;
+ key_type < 2 && mifare_nested_worker->state == MifareNestedWorkerStateCollectingHard;
+ key_type++) {
+ Nonces* info = nonces.nonces[sector][key_type][0];
+ if(info->collected) {
+ FURI_LOG_I(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we already have a key",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][0] = info;
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ if(!nested_check_block(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), key_type)) {
+ FURI_LOG_E(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we can't auth on it",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][0] = info;
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ while(!info->collected &&
+ mifare_nested_worker->state == MifareNestedWorkerStateCollectingHard) {
+ Stream* file_stream = file_stream_alloc(storage);
+ FuriString* hardnested_file = furi_string_alloc();
+ mifare_nested_worker_get_hardnested_file_path(
+ &data, hardnested_file, sector, key_type);
+
+ file_stream_open(
+ file_stream,
+ furi_string_get_cstr(hardnested_file),
+ FSAM_READ_WRITE,
+ FSOM_CREATE_ALWAYS);
+
+ FuriString* header = furi_string_alloc_printf(
+ "Filetype: Flipper Nested Nonces File\nVersion: %s\nNote: you will need desktop app to recover keys: %s\nKey %c cuid 0x%08lx sec %u\n",
+ NESTED_NONCE_FORMAT_VERSION,
+ NESTED_RECOVER_KEYS_GITHUB_LINK,
+ !key_type ? 'A' : 'B',
+ cuid,
+ sector);
+
+ stream_write_string(file_stream, header);
+ furi_string_free(header);
+
+ uint32_t first_byte_sum = 0;
+ uint32_t* found = malloc(sizeof(uint32_t) * 256);
+ for(uint32_t i = 0; i < 256; i++) {
+ found[i] = 0;
+ }
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateCollectingHard) {
+ struct nonce_info_hard result = nested_hard_nonce_attack(
+ &tx_rx,
+ key_block,
+ found_key_type,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type,
+ key,
+ found,
+ &first_byte_sum,
+ file_stream);
+
+ if(result.static_encrypted) {
+ file_stream_close(file_stream);
+
+ storage_simply_remove(storage, furi_string_get_cstr(hardnested_file));
+
+ furi_string_free(hardnested_file);
+ free(found);
+ free(mf_data);
+ nfc_deactivate();
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventStaticEncryptedNonce,
+ mifare_nested_worker->context);
+
+ return;
+ }
+
+ if(result.full) {
+ uint32_t states = 0;
+ for(uint32_t i = 0; i < 256; i++) {
+ states += found[i];
+ }
+
+ nonces.hardnested_states = states;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventHardnestedStatesFound,
+ mifare_nested_worker->context);
+
+ FURI_LOG_D(TAG, "Found states: %lu", states);
+
+ if(states == 256) {
+ FURI_LOG_D(
+ TAG, "All states collected, first_byte_sum: %lu", first_byte_sum);
+
+ bool valid = false;
+ for(uint8_t i = 0; i < sizeof(sums); i++) {
+ if(sums[i] == first_byte_sum) {
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+ FURI_LOG_E(TAG, "Invalid first_byte_sum!");
+ break;
+ }
+
+ info->collected = true;
+ info->hardnested = true;
+ info->skipped = false;
+
+ nonces.cuid = result.cuid;
+
+ nonces.nonces[sector][key_type][0] = info;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ break;
+ }
+ } else {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoTagDetected, mifare_nested_worker->context);
+ }
+ }
+
+ free(found);
+ furi_string_free(hardnested_file);
+ file_stream_close(file_stream);
+ }
+ }
+ }
+
+ mifare_nested_worker_write_nonces(&data, storage, &nonces, 1, 1, sector_count, 0, 0);
+
+ free(mf_data);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoncesCollected, mifare_nested_worker->context);
+
+ nfc_deactivate();
+}
+
+void mifare_nested_worker_collect_nonces(MifareNestedWorker* mifare_nested_worker) {
+ NonceList_t nonces;
+ Storage* storage = furi_record_open(RECORD_STORAGE);
+ NfcDevice* dev = mifare_nested_worker->context->nfc_dev;
+ MfClassicData* mf_data = &dev->dev_data.mf_classic_data;
+ FuriString* folder_path = furi_string_alloc();
+ FuriHalNfcDevData data = {};
+ nested_get_data(&data);
+ MfClassicType type = mifare_nested_worker_get_tag_type(data.atqa[0], data.atqa[1], data.sak);
+ uint64_t key = 0; // Found key for attack
+ uint32_t found_key_type = 0;
+ uint32_t key_block = 0;
+ uint32_t sector_count = 0;
+ uint32_t delay = 0;
+ uint32_t distance = 0;
+ uint32_t tries_count = 1;
+
+ FURI_LOG_I(TAG, "Running Nested attack");
+ FuriString* tag_info = furi_string_alloc_printf("Tag UID: ");
+ mifare_nested_worker_write_uid_string(&data, tag_info);
+ FURI_LOG_I(TAG, "%s", furi_string_get_cstr(tag_info));
+ furi_string_free(tag_info);
+
+ if(type == MfClassicType4k) {
+ sector_count = 40;
+ FURI_LOG_I(TAG, "Found Mifare Classic 4K tag");
+ } else if(type == MfClassicType1k) {
+ sector_count = 16;
+ FURI_LOG_I(TAG, "Found Mifare Classic 1K tag");
+ } else { // if(type == MfClassicTypeMini)
+ sector_count = 5;
+ FURI_LOG_I(TAG, "Found Mifare Classic Mini tag");
+ }
+
+ furi_string_set(folder_path, NESTED_FOLDER);
+ storage_common_mkdir(storage, furi_string_get_cstr(folder_path));
+ furi_string_free(folder_path);
+
+ if(!mifare_nested_worker_read_key_cache(&data, mf_data) ||
+ !mifare_nested_worker_check_initial_keys(
+ &nonces, mf_data, 3, sector_count, &key, &key_block, &found_key_type)) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedKey, mifare_nested_worker->context);
+ nfc_deactivate();
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 3);
+
+ return;
+ }
+
+ FURI_LOG_I(
+ TAG, "Using %c key for block %lu: %012llX", !found_key_type ? 'A' : 'B', key_block, key);
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
+ FuriHalNfcTxRxContext tx_rx = {};
+ uint32_t first_distance = 0;
+ uint32_t second_distance = 0;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventCalibrating, mifare_nested_worker->context);
+
+ distance = nested_calibrate_distance(&tx_rx, key_block, found_key_type, key, delay, false);
+
+ if(mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
+ first_distance =
+ nested_calibrate_distance(&tx_rx, key_block, found_key_type, key, delay, true);
+ }
+
+ if(mifare_nested_worker->state == MifareNestedWorkerStateCollecting) {
+ second_distance =
+ nested_calibrate_distance(&tx_rx, key_block, found_key_type, key, 10000, true);
+ }
+
+ if(first_distance == 0 && second_distance == 0) {
+ nfc_deactivate();
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 3);
+
+ mifare_nested_worker_change_state(
+ mifare_nested_worker, MifareNestedWorkerStateCollectingHard);
+
+ mifare_nested_worker_collect_nonces_hard(mifare_nested_worker);
+ return;
+ }
+
+ if(first_distance < second_distance - 100 && second_distance > 100) {
+ FURI_LOG_E(
+ TAG,
+ "Discovered tag with PRNG that depends on time. PRNG values: %lu, %lu",
+ first_distance,
+ second_distance);
+
+ struct distance_info info =
+ nested_calibrate_distance_info(&tx_rx, key_block, found_key_type, key);
+
+ if(info.max_prng - info.min_prng > 150) {
+ FURI_LOG_W(
+ TAG,
+ "PRNG is too unpredictable (min/max values more than 150: %lu - %lu = %lu), fallback to delay method",
+ info.max_prng,
+ info.min_prng,
+ info.max_prng - info.min_prng);
+
+ delay = 1;
+ } else {
+ FURI_LOG_I(
+ TAG,
+ "PRNG is stable, using method without delay! (May be false positive, still will collect x3 times)");
+
+ distance =
+ nested_calibrate_distance(&tx_rx, key_block, found_key_type, key, delay, true);
+
+ delay = 2;
+ tries_count = 3;
+ }
+ }
+
+ if(distance == 0 || delay == 1) {
+ bool failed = false;
+ // Tag need delay or unpredictable PRNG
+ FURI_LOG_W(TAG, "Can't determine distance, trying to find timing...");
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedPrediction, mifare_nested_worker->context);
+
+ delay = mifare_nested_worker_predict_delay(
+ &tx_rx, key_block, found_key_type, key, 0, mifare_nested_worker);
+
+ if(delay == 1) {
+ FURI_LOG_E(TAG, "Can't determine delay");
+
+ // Check that we didn't lost tag
+ FuriHalNfcDevData lost_tag_data = {};
+ nested_get_data(&lost_tag_data);
+ if(lost_tag_data.uid_len == 0) {
+ // We lost it.
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoTagDetected, mifare_nested_worker->context);
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateCollecting &&
+ lost_tag_data.cuid != data.cuid) {
+ furi_delay_ms(250);
+ nested_get_data(&lost_tag_data);
+ }
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventCalibrating, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ failed = true;
+ }
+
+ if(delay == 2) {
+ FURI_LOG_E(TAG, "Can't determine delay in 25 tries, fallback to hardnested");
+
+ nfc_deactivate();
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 3);
+
+ mifare_nested_worker_change_state(
+ mifare_nested_worker, MifareNestedWorkerStateCollectingHard);
+
+ mifare_nested_worker_collect_nonces_hard(mifare_nested_worker);
+ return;
+ }
+
+ if(mifare_nested_worker->state == MifareNestedWorkerStateCollecting && !failed) {
+ distance = nested_calibrate_distance(
+ &tx_rx, key_block, found_key_type, key, delay, false);
+ }
+
+ if(distance == 0 && !failed) {
+ FURI_LOG_E(TAG, "Found delay, but can't find distance");
+
+ failed = true;
+ }
+
+ if(failed) {
+ nfc_deactivate();
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventAttackFailed, mifare_nested_worker->context);
+
+ free(mf_data);
+ free_nonces(&nonces, sector_count, 3);
+
+ return;
+ }
+
+ tries_count = 3;
+ }
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ for(uint8_t tries = 0; tries < tries_count; tries++) {
+ for(uint8_t sector = 0; sector < sector_count; sector++) {
+ for(uint8_t key_type = 0; key_type < 2; key_type++) {
+ Nonces* info = nonces.nonces[sector][key_type][tries];
+ if(info->collected) {
+ FURI_LOG_I(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we already have a key",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][tries] = info;
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ if(!nested_check_block(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), key_type)) {
+ FURI_LOG_E(
+ TAG,
+ "Skipping sector %u, block %u, key_type: %u as we can't auth on it",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info->skipped = true;
+
+ nonces.nonces[sector][key_type][0] = info;
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ while(!info->collected) {
+ if(mifare_nested_worker->state != MifareNestedWorkerStateCollecting) {
+ break;
+ }
+
+ struct nonce_info result = nested_attack(
+ &tx_rx,
+ key_block,
+ found_key_type,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type,
+ key,
+ distance,
+ delay);
+
+ if(result.full) {
+ FURI_LOG_I(
+ TAG,
+ "Accured nonces for sector %u, block %u, key_type: %u",
+ sector,
+ mifare_nested_worker_get_block_by_sector(sector),
+ key_type);
+
+ info = nonces.nonces[sector][key_type][tries];
+ info->collected = true;
+ info->skipped = false;
+
+ memcpy(&info->target_nt, result.target_nt, sizeof(result.target_nt));
+ memcpy(&info->target_ks, result.target_ks, sizeof(result.target_ks));
+ memcpy(&info->parity, result.parity, sizeof(result.parity));
+
+ nonces.nonces[sector][key_type][tries] = info;
+ nonces.cuid = result.cuid;
+ nonces.sector_count = sector_count;
+ nonces.tries = tries_count;
+
+ mifare_nested_worker->context->nonces = &nonces;
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNewNonce, mifare_nested_worker->context);
+ break;
+ } else {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoTagDetected,
+ mifare_nested_worker->context);
+ }
+ }
+ }
+ }
+ }
+
+ break;
+ }
+
+ mifare_nested_worker_write_nonces(
+ &data, storage, &nonces, tries_count, 3, sector_count, delay, distance);
+
+ free(mf_data);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoncesCollected, mifare_nested_worker->context);
+
+ nfc_deactivate();
+}
+
+bool* mifare_nested_worker_check_keys_exists(
+ Storage* storage,
+ char* path,
+ uint64_t* keys,
+ uint32_t key_count,
+ MifareNestedWorker* mifare_nested_worker) {
+ bool* old_keys = malloc(sizeof(bool) * key_count);
+ Stream* file_stream = file_stream_alloc(storage);
+ file_stream_open(file_stream, path, FSAM_READ, FSOM_OPEN_ALWAYS);
+ FuriString* key_strings[key_count];
+
+ for(uint32_t i = 0; i < key_count; i++) {
+ old_keys[i] = false;
+ key_strings[i] = furi_string_alloc_printf("%012llX\n", keys[i]);
+ }
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateValidating) {
+ FuriString* next_line = furi_string_alloc();
+
+ if(!stream_read_line(file_stream, next_line)) {
+ break;
+ }
+
+ for(uint32_t i = 0; i < key_count; i++) {
+ if(keys[i] == (uint64_t)-1) continue;
+
+ if(furi_string_cmp(next_line, key_strings[i]) == 0) {
+ old_keys[i] = true;
+ }
+ }
+
+ furi_string_free(next_line);
+ }
+
+ for(uint32_t i = 0; i < key_count; i++) {
+ furi_string_free(key_strings[i]);
+ }
+
+ file_stream_close(file_stream);
+ free(file_stream);
+
+ return old_keys;
+}
+
+void mifare_nested_worker_write_key(Storage* storage, FuriString* key) {
+ Stream* file_stream = file_stream_alloc(storage);
+ file_stream_open(
+ file_stream,
+ EXT_PATH("nfc/assets/mf_classic_dict_user.nfc"),
+ FSAM_READ_WRITE,
+ FSOM_OPEN_APPEND);
+
+ stream_write_string(file_stream, key);
+
+ file_stream_close(file_stream);
+}
+
+void mifare_nested_worker_check_keys(MifareNestedWorker* mifare_nested_worker) {
+ KeyInfo_t* key_info = mifare_nested_worker->context->keys;
+ Storage* storage = furi_record_open(RECORD_STORAGE);
+ Stream* file_stream = file_stream_alloc(storage);
+ FuriString* next_line = furi_string_alloc();
+ FuriString* path = furi_string_alloc();
+ FuriHalNfcDevData data = {};
+ nested_get_data(&data);
+ MfClassicType type = mifare_nested_worker_get_tag_type(data.atqa[0], data.atqa[1], data.sak);
+ NestedCheckKeyResult result = NestedCheckKeyNoTag;
+ FuriHalNfcTxRxContext tx_rx = {};
+ uint32_t key_count = 0;
+ uint32_t sector_key_count = 0;
+ uint64_t keys[80];
+ bool found_keys[2][40];
+ bool unique_keys[2][40];
+ uint32_t sector_count = 0;
+
+ if(type == MfClassicType4k) {
+ sector_count = 40;
+ FURI_LOG_I(TAG, "Found Mifare Classic 4K tag");
+ } else if(type == MfClassicType1k) {
+ sector_count = 16;
+ FURI_LOG_I(TAG, "Found Mifare Classic 1K tag");
+ } else { // if(type == MfClassicTypeMini)
+ sector_count = 5;
+ FURI_LOG_I(TAG, "Found Mifare Classic Mini tag");
+ }
+
+ uint32_t keys_count = sector_count * 2;
+
+ for(uint8_t key = 0; key < 2; key++) {
+ for(uint8_t i = 0; i < sector_count; i++) {
+ found_keys[key][i] = false;
+ unique_keys[key][i] = false;
+ }
+ }
+
+ for(uint8_t i = 0; i < keys_count; i++) {
+ keys[i] = -1;
+ }
+
+ mifare_nested_worker_get_found_keys_file_path(&data, path);
+
+ if(!file_stream_open(file_stream, furi_string_get_cstr(path), FSAM_READ, FSOM_OPEN_EXISTING)) {
+ FURI_LOG_E(TAG, "Can't open %s", furi_string_get_cstr(path));
+
+ file_stream_close(file_stream);
+
+ mifare_nested_worker_get_nonces_file_path(&data, path);
+
+ if(!file_stream_open(
+ file_stream, furi_string_get_cstr(path), FSAM_READ, FSOM_OPEN_EXISTING)) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedCollection, mifare_nested_worker->context);
+ } else {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNeedKeyRecovery, mifare_nested_worker->context);
+ }
+
+ file_stream_close(file_stream);
+
+ free(file_stream);
+ furi_string_free(path);
+ furi_string_free(next_line);
+ furi_record_close(RECORD_STORAGE);
+
+ return;
+ };
+
+ while(true) {
+ if(!stream_read_line(file_stream, next_line)) {
+ break;
+ }
+
+ if(furi_string_start_with_str(next_line, "Key")) {
+ uint8_t key_type = furi_string_get_char(next_line, 4) == 'B';
+ uint8_t sector = atoi((char[]){furi_string_get_char(next_line, 13)}) * 10 +
+ atoi((char[]){furi_string_get_char(next_line, 14)});
+
+ if(!unique_keys[key_type][sector]) {
+ unique_keys[key_type][sector] = true;
+ sector_key_count++;
+ }
+ }
+
+ key_count++;
+ }
+
+ stream_rewind(file_stream);
+
+ key_info->total_keys = key_count;
+ key_info->sector_keys = sector_key_count;
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateValidating) {
+ if(!stream_read_line(file_stream, next_line)) {
+ break;
+ }
+
+ if(furi_string_start_with_str(next_line, "Key")) {
+ // Key X sector XX: XX XX XX XX XX XX
+ // 0000000000111111111122222222223333
+ // 0123456789012345678901234567890123
+ uint8_t keyChar[6];
+ uint8_t count = 0;
+
+ uint8_t key_type = furi_string_get_char(next_line, 4) == 'B';
+ uint8_t sector = atoi((char[]){furi_string_get_char(next_line, 13)}) * 10 +
+ atoi((char[]){furi_string_get_char(next_line, 14)});
+
+ for(uint8_t i = 17; i < 33; i += 3) {
+ hex_char_to_uint8(
+ furi_string_get_char(next_line, i),
+ furi_string_get_char(next_line, i + 1),
+ &keyChar[count]);
+ count++;
+ }
+
+ uint64_t key = nfc_util_bytes2num(keyChar, 6);
+
+ key_info->checked_keys++;
+
+ if(found_keys[key_type][sector]) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventKeyChecked, mifare_nested_worker->context);
+
+ continue;
+ }
+
+ while(mifare_nested_worker->state == MifareNestedWorkerStateValidating) {
+ result = nested_check_key(
+ &tx_rx, mifare_nested_worker_get_block_by_sector(sector), key_type, key);
+
+ if(result == NestedCheckKeyNoTag) {
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventNoTagDetected, mifare_nested_worker->context);
+
+ furi_delay_ms(250);
+ } else {
+ break;
+ }
+ }
+
+ if(result == NestedCheckKeyValid) {
+ FURI_LOG_I(
+ TAG, "Found valid %c key for sector %u: %012llX", key_type, sector, key);
+ bool exists = false;
+
+ for(uint8_t i = 0; i < keys_count; i++) {
+ if(keys[i] == key) {
+ exists = true;
+ }
+ }
+
+ if(!exists) {
+ keys[key_info->found_keys] = key;
+ }
+
+ key_info->found_keys++;
+ found_keys[key_type][sector] = true;
+ }
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventKeyChecked, mifare_nested_worker->context);
+ }
+ }
+
+ furi_string_free(next_line);
+ file_stream_close(file_stream);
+ free(file_stream);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventProcessingKeys, mifare_nested_worker->context);
+
+ bool* old_keys = mifare_nested_worker_check_keys_exists(
+ storage,
+ EXT_PATH("nfc/assets/mf_classic_dict_user.nfc"),
+ keys,
+ keys_count,
+ mifare_nested_worker);
+
+ for(uint8_t i = 0; i < keys_count; i++) {
+ if(old_keys[i]) {
+ keys[i] = -1;
+ }
+ }
+
+ old_keys = mifare_nested_worker_check_keys_exists(
+ storage,
+ EXT_PATH("nfc/assets/mf_classic_dict.nfc"),
+ keys,
+ keys_count,
+ mifare_nested_worker);
+
+ for(uint8_t i = 0; i < keys_count; i++) {
+ if(old_keys[i]) {
+ keys[i] = -1;
+ }
+ }
+
+ for(uint8_t i = 0; i < keys_count; i++) {
+ if(keys[i] == (uint64_t)-1) continue;
+
+ FuriString* key_string = furi_string_alloc_printf("%012llX\n", keys[i]);
+
+ mifare_nested_worker_write_key(storage, key_string);
+ FURI_LOG_I(TAG, "Added new key: %s", furi_string_get_cstr(key_string));
+
+ key_info->added_keys++;
+
+ furi_string_free(key_string);
+ }
+
+ if(!storage_simply_remove(storage, furi_string_get_cstr(path))) {
+ FURI_LOG_E(TAG, "Failed to remove .keys file");
+ }
+
+ furi_record_close(RECORD_STORAGE);
+ furi_string_free(path);
+
+ mifare_nested_worker->callback(
+ MifareNestedWorkerEventKeysFound, mifare_nested_worker->context);
+
+ return;
+}
\ No newline at end of file
diff --git a/applications/external/mifare_nested/mifare_nested_worker.h b/applications/external/mifare_nested/mifare_nested_worker.h
new file mode 100644
index 000000000..561620676
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested_worker.h
@@ -0,0 +1,89 @@
+#pragma once
+
+#include
+
+#define NESTED_FOLDER EXT_PATH("nfc/.nested")
+
+typedef struct MifareNestedWorker MifareNestedWorker;
+
+typedef enum {
+ MifareNestedWorkerStateReady,
+
+ MifareNestedWorkerStateCheck,
+ MifareNestedWorkerStateCollecting,
+ MifareNestedWorkerStateCollectingStatic,
+ MifareNestedWorkerStateCollectingHard,
+ MifareNestedWorkerStateValidating,
+
+ MifareNestedWorkerStateStop,
+} MifareNestedWorkerState;
+
+typedef enum {
+ MifareNestedWorkerEventReserved = 1000,
+
+ MifareNestedWorkerEventNoTagDetected,
+ MifareNestedWorkerEventNoncesCollected,
+ MifareNestedWorkerEventCollecting,
+
+ MifareNestedWorkerEventNewNonce,
+ MifareNestedWorkerEventKeyChecked,
+ MifareNestedWorkerEventKeysFound,
+ MifareNestedWorkerEventNeedKey,
+ MifareNestedWorkerEventAttackFailed,
+ MifareNestedWorkerEventCalibrating,
+ MifareNestedWorkerEventStaticEncryptedNonce,
+ MifareNestedWorkerEventNeedPrediction,
+ MifareNestedWorkerEventProcessingKeys,
+ MifareNestedWorkerEventNeedKeyRecovery,
+ MifareNestedWorkerEventNeedCollection,
+ MifareNestedWorkerEventHardnestedStatesFound
+} MifareNestedWorkerEvent;
+
+typedef bool (*MifareNestedWorkerCallback)(MifareNestedWorkerEvent event, void* context);
+
+MifareNestedWorker* mifare_nested_worker_alloc();
+
+void mifare_nested_worker_change_state(
+ MifareNestedWorker* mifare_nested_worker,
+ MifareNestedWorkerState state);
+
+void mifare_nested_worker_free(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_stop(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_start(
+ MifareNestedWorker* mifare_nested_worker,
+ MifareNestedWorkerState state,
+ NfcDeviceData* dev_data,
+ MifareNestedWorkerCallback callback,
+ void* context);
+
+typedef struct {
+ uint32_t key_type;
+ uint32_t block;
+ uint32_t target_nt[2];
+ uint32_t target_ks[2];
+ uint8_t parity[2][4];
+ bool collected;
+ bool skipped;
+ bool hardnested;
+} Nonces;
+
+typedef struct {
+ uint32_t cuid;
+ uint32_t sector_count;
+ // 40 (or 16/5) sectors, 2 keys (A/B), 3 tries
+ Nonces* nonces[40][2][3];
+ uint32_t tries;
+ // unique first bytes
+ uint32_t hardnested_states;
+} NonceList_t;
+
+typedef struct {
+ uint32_t total_keys;
+ uint32_t checked_keys;
+ uint32_t found_keys;
+ uint32_t added_keys;
+ uint32_t sector_keys;
+ bool tag_lost;
+} KeyInfo_t;
diff --git a/applications/external/mifare_nested/mifare_nested_worker_i.h b/applications/external/mifare_nested/mifare_nested_worker_i.h
new file mode 100644
index 000000000..fd82535d0
--- /dev/null
+++ b/applications/external/mifare_nested/mifare_nested_worker_i.h
@@ -0,0 +1,28 @@
+#pragma once
+
+#include
+#include "mifare_nested_i.h"
+#include "mifare_nested_worker.h"
+
+struct MifareNestedWorker {
+ FuriThread* thread;
+
+ NfcDeviceData* dev_data;
+
+ MifareNestedWorkerCallback callback;
+ MifareNested* context;
+
+ MifareNestedWorkerState state;
+};
+
+int32_t mifare_nested_worker_task(void* context);
+
+void mifare_nested_worker_check(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_collect_nonces(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_collect_nonces_static(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_collect_nonces_hard(MifareNestedWorker* mifare_nested_worker);
+
+void mifare_nested_worker_check_keys(MifareNestedWorker* mifare_nested_worker);
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene.c b/applications/external/mifare_nested/scenes/mifare_nested_scene.c
new file mode 100644
index 000000000..3962ed908
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene.c
@@ -0,0 +1,30 @@
+#include "mifare_nested_scene.h"
+
+// Generate scene on_enter handlers array
+#define ADD_SCENE(prefix, name, id) prefix##_scene_##name##_on_enter,
+void (*const mifare_nested_on_enter_handlers[])(void*) = {
+#include "mifare_nested_scene_config.h"
+};
+#undef ADD_SCENE
+
+// Generate scene on_event handlers array
+#define ADD_SCENE(prefix, name, id) prefix##_scene_##name##_on_event,
+bool (*const mifare_nested_on_event_handlers[])(void* context, SceneManagerEvent event) = {
+#include "mifare_nested_scene_config.h"
+};
+#undef ADD_SCENE
+
+// Generate scene on_exit handlers array
+#define ADD_SCENE(prefix, name, id) prefix##_scene_##name##_on_exit,
+void (*const mifare_nested_on_exit_handlers[])(void* context) = {
+#include "mifare_nested_scene_config.h"
+};
+#undef ADD_SCENE
+
+// Initialize scene handlers configuration structure
+const SceneManagerHandlers mifare_nested_scene_handlers = {
+ .on_enter_handlers = mifare_nested_on_enter_handlers,
+ .on_event_handlers = mifare_nested_on_event_handlers,
+ .on_exit_handlers = mifare_nested_on_exit_handlers,
+ .scene_num = MifareNestedSceneNum,
+};
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene.h b/applications/external/mifare_nested/scenes/mifare_nested_scene.h
new file mode 100644
index 000000000..e9596f222
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene.h
@@ -0,0 +1,29 @@
+#pragma once
+
+#include
+
+// Generate scene id and total number
+#define ADD_SCENE(prefix, name, id) MifareNestedScene##id,
+typedef enum {
+#include "mifare_nested_scene_config.h"
+ MifareNestedSceneNum,
+} MifareNestedScene;
+#undef ADD_SCENE
+
+extern const SceneManagerHandlers mifare_nested_scene_handlers;
+
+// Generate scene on_enter handlers declaration
+#define ADD_SCENE(prefix, name, id) void prefix##_scene_##name##_on_enter(void*);
+#include "mifare_nested_scene_config.h"
+#undef ADD_SCENE
+
+// Generate scene on_event handlers declaration
+#define ADD_SCENE(prefix, name, id) \
+ bool prefix##_scene_##name##_on_event(void* context, SceneManagerEvent event);
+#include "mifare_nested_scene_config.h"
+#undef ADD_SCENE
+
+// Generate scene on_exit handlers declaration
+#define ADD_SCENE(prefix, name, id) void prefix##_scene_##name##_on_exit(void* context);
+#include "mifare_nested_scene_config.h"
+#undef ADD_SCENE
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_about.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_about.c
new file mode 100644
index 000000000..cb07f81a3
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_about.c
@@ -0,0 +1,77 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_about_widget_callback(GuiButtonType result, InputType type, void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_about_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+
+ FuriString* temp_str;
+ temp_str = furi_string_alloc();
+ furi_string_printf(temp_str, "\e#%s\n", "Information");
+
+ furi_string_cat_printf(temp_str, "Version: %s\n", NESTED_VERSION_APP);
+ furi_string_cat_printf(temp_str, "Developed by:\n%s\n\n", NESTED_AUTHOR);
+ furi_string_cat_printf(temp_str, "Github: %s\n\n", NESTED_GITHUB_LINK);
+
+ furi_string_cat_printf(temp_str, "\e#%s\n", "Description");
+ furi_string_cat_printf(
+ temp_str,
+ "Ported Nested attacks\nfrom Proxmark3 (Iceman fork)\nCurrently supported attacks:\n - nested attack\n - static nested attack\n - hard nested attack\n\n");
+ furi_string_cat_printf(
+ temp_str,
+ "You will need desktop app to recover keys from collected nonces: %s\n\n",
+ NESTED_RECOVER_KEYS_GITHUB_LINK);
+ furi_string_cat_printf(temp_str, "\e#%s\n", "Quick guide");
+ furi_string_cat_printf(temp_str, "1. Install key recovery script on PC:\n");
+ furi_string_cat_printf(temp_str, "pip install FlipperNested\n");
+ furi_string_cat_printf(temp_str, "2. Connect Flipper Zero to PC\n");
+ furi_string_cat_printf(temp_str, "3. Run key recovery:\n");
+ furi_string_cat_printf(temp_str, "FlipperNested");
+
+ widget_add_text_box_element(
+ mifare_nested->widget,
+ 0,
+ 0,
+ 128,
+ 14,
+ AlignCenter,
+ AlignBottom,
+ "\e#\e! \e!\n",
+ false);
+ widget_add_text_box_element(
+ mifare_nested->widget,
+ 0,
+ 2,
+ 128,
+ 14,
+ AlignCenter,
+ AlignBottom,
+ "\e#\e! Flipper (Mifare) Nested \e!\n",
+ false);
+ widget_add_text_scroll_element(
+ mifare_nested->widget, 0, 16, 128, 50, furi_string_get_cstr(temp_str));
+ furi_string_free(temp_str);
+
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_about_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+ UNUSED(mifare_nested);
+ UNUSED(event);
+
+ return consumed;
+}
+
+void mifare_nested_scene_about_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ // Clear views
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_added_keys.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_added_keys.c
new file mode 100644
index 000000000..f5627a300
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_added_keys.c
@@ -0,0 +1,76 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_added_keys_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_added_keys_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ KeyInfo_t* key_info = mifare_nested->keys;
+ Widget* widget = mifare_nested->widget;
+ char draw_str[32] = {};
+ char append[5] = {'k', 'e', 'y', ' ', '\0'};
+ if(key_info->added_keys != 1) {
+ append[3] = 's';
+ }
+
+ widget_add_string_element(
+ widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Results of key recovery");
+
+ if(key_info->added_keys != 0) {
+ snprintf(draw_str, sizeof(draw_str), "Added: %lu %s", key_info->added_keys, append);
+ notification_message(mifare_nested->notifications, &sequence_success);
+ widget_add_icon_element(widget, 52, 17, &I_DolphinSuccess);
+ } else {
+ snprintf(draw_str, sizeof(draw_str), "No new keys were added");
+ widget_add_string_element(
+ widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "Try running \"Nested attack\"");
+ widget_add_string_element(widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "again");
+ notification_message(mifare_nested->notifications, &sequence_error);
+ }
+
+ widget_add_string_element(widget, 0, 12, AlignLeft, AlignTop, FontSecondary, draw_str);
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_added_keys_widget_callback,
+ mifare_nested);
+
+ free(key_info);
+
+ KeyInfo_t* new_key_info = malloc(sizeof(KeyInfo_t));
+ mifare_nested->keys = new_key_info;
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_added_keys_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_added_keys_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_check.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_check.c
new file mode 100644
index 000000000..4eb344703
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_check.c
@@ -0,0 +1,102 @@
+#include "../mifare_nested_i.h"
+
+enum {
+ MifareNestedSceneCheckStateTagSearch,
+ MifareNestedSceneCheckStateTagFound,
+};
+
+bool mifare_nested_check_worker_callback(MifareNestedWorkerEvent event, void* context) {
+ furi_assert(context);
+
+ MifareNested* mifare_nested = context;
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, event);
+
+ return true;
+}
+
+static void mifare_nested_scene_check_setup_view(MifareNested* mifare_nested) {
+ Popup* popup = mifare_nested->popup;
+ popup_reset(popup);
+ uint32_t state =
+ scene_manager_get_scene_state(mifare_nested->scene_manager, MifareNestedSceneCheck);
+
+ if(state == MifareNestedSceneCheckStateTagSearch) {
+ popup_set_icon(mifare_nested->popup, 0, 8, &I_ApplyTag);
+ popup_set_text(
+ mifare_nested->popup, "Apply tag to\nthe back", 128, 32, AlignRight, AlignCenter);
+ } else {
+ popup_set_icon(popup, 12, 23, &I_Loading);
+ popup_set_header(popup, "Checking\nDon't move...", 52, 32, AlignLeft, AlignCenter);
+ }
+
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewPopup);
+}
+
+void mifare_nested_scene_check_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+
+ scene_manager_set_scene_state(
+ mifare_nested->scene_manager,
+ MifareNestedSceneCheck,
+ MifareNestedSceneCheckStateTagSearch);
+ mifare_nested_scene_check_setup_view(mifare_nested);
+
+ // Setup and start worker
+ mifare_nested_worker_start(
+ mifare_nested->worker,
+ MifareNestedWorkerStateCheck,
+ &mifare_nested->nfc_dev->dev_data,
+ mifare_nested_check_worker_callback,
+ mifare_nested);
+ mifare_nested_blink_start(mifare_nested);
+}
+
+bool mifare_nested_scene_check_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == MifareNestedWorkerEventNoncesCollected) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneNoncesCollected);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventAttackFailed) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneFailed);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventCollecting) {
+ if(mifare_nested->run == NestedRunAttack) {
+ if(mifare_nested->settings->only_hardnested) {
+ FURI_LOG_I("MifareNested", "Using Hard Nested because user settings");
+ mifare_nested->collecting_type = MifareNestedWorkerStateCollectingHard;
+ }
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneCollecting);
+ } else {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneCheckKeys);
+ }
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNoTagDetected) {
+ scene_manager_set_scene_state(
+ mifare_nested->scene_manager,
+ MifareNestedSceneCheck,
+ MifareNestedSceneCheckStateTagSearch);
+ mifare_nested_scene_check_setup_view(mifare_nested);
+ consumed = true;
+ }
+ }
+ return consumed;
+}
+
+void mifare_nested_scene_check_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ mifare_nested_worker_stop(mifare_nested->worker);
+ scene_manager_set_scene_state(
+ mifare_nested->scene_manager,
+ MifareNestedSceneCheck,
+ MifareNestedSceneCheckStateTagSearch);
+ // Clear view
+ popup_reset(mifare_nested->popup);
+
+ mifare_nested_blink_stop(mifare_nested);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_check_keys.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_check_keys.c
new file mode 100644
index 000000000..f0071b7aa
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_check_keys.c
@@ -0,0 +1,124 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_check_keys_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+bool mifare_nested_check_keys_worker_callback(MifareNestedWorkerEvent event, void* context) {
+ MifareNested* mifare_nested = context;
+ CheckKeysState* plugin_state = mifare_nested->keys_state;
+
+ if(event == MifareNestedWorkerEventKeyChecked) {
+ mifare_nested_blink_nonce_collection_start(mifare_nested);
+
+ KeyInfo_t* key_info = mifare_nested->keys;
+
+ with_view_model(
+ plugin_state->view,
+ CheckKeysViewModel * model,
+ {
+ model->lost_tag = false;
+ model->keys_checked = key_info->checked_keys;
+ model->keys_found = key_info->found_keys;
+ model->keys_total = key_info->sector_keys;
+ model->keys_count = key_info->total_keys;
+ },
+ true);
+ } else if(event == MifareNestedWorkerEventNoTagDetected) {
+ mifare_nested_blink_start(mifare_nested);
+
+ with_view_model(
+ plugin_state->view, CheckKeysViewModel * model, { model->lost_tag = true; }, true);
+ } else if(event == MifareNestedWorkerEventProcessingKeys) {
+ with_view_model(
+ plugin_state->view,
+ CheckKeysViewModel * model,
+ { model->processing_keys = true; },
+ true);
+ }
+
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, event);
+
+ return true;
+}
+
+void mifare_nested_scene_check_keys_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ CheckKeysState* plugin_state = mifare_nested->keys_state;
+
+ mifare_nested_worker_start(
+ mifare_nested->worker,
+ MifareNestedWorkerStateValidating,
+ &mifare_nested->nfc_dev->dev_data,
+ mifare_nested_check_keys_worker_callback,
+ mifare_nested);
+
+ mifare_nested_blink_start(mifare_nested);
+
+ with_view_model(
+ plugin_state->view,
+ CheckKeysViewModel * model,
+ {
+ model->lost_tag = false;
+ model->processing_keys = false;
+ model->keys_count = 0;
+ model->keys_checked = 0;
+ model->keys_found = 0;
+ },
+ false);
+
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewCheckKeys);
+}
+
+bool mifare_nested_scene_check_keys_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+
+ bool consumed = false;
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNoncesCollected) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneNoncesCollected);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNeedKey) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneNoKeys);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventKeysFound) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneAddedKeys);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNeedKeyRecovery) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneNeedKeyRecovery);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNeedCollection) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneNeedCollection);
+ consumed = true;
+ } else if(
+ event.event == MifareNestedWorkerEventKeyChecked ||
+ event.event == MifareNestedWorkerEventNoTagDetected ||
+ event.event == MifareNestedWorkerEventProcessingKeys) {
+ consumed = true;
+ }
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_check_keys_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+ mifare_nested_worker_stop(mifare_nested->worker);
+
+ // Clear view
+ mifare_nested_blink_stop(mifare_nested);
+ popup_reset(mifare_nested->popup);
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_collecting.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_collecting.c
new file mode 100644
index 000000000..05c96d97d
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_collecting.c
@@ -0,0 +1,154 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_collecting_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+bool mifare_nested_collecting_worker_callback(MifareNestedWorkerEvent event, void* context) {
+ MifareNested* mifare_nested = context;
+ NestedState* plugin_state = mifare_nested->nested_state;
+
+ if(event == MifareNestedWorkerEventNewNonce) {
+ mifare_nested_blink_nonce_collection_start(mifare_nested);
+
+ uint8_t collected = 0;
+ NonceList_t* nonces = mifare_nested->nonces;
+ for(uint8_t tries = 0; tries < nonces->tries; tries++) {
+ for(uint8_t sector = 0; sector < nonces->sector_count; sector++) {
+ for(uint8_t keyType = 0; keyType < 2; keyType++) {
+ Nonces* info = nonces->nonces[sector][keyType][tries];
+ if(info->collected) {
+ collected++;
+ }
+ }
+ }
+ }
+
+ with_view_model(
+ plugin_state->view,
+ NestedAttackViewModel * model,
+ {
+ model->calibrating = false;
+ model->lost_tag = false;
+ model->nonces_collected = collected;
+ model->keys_count = nonces->sector_count * nonces->tries * 2;
+ },
+ true);
+ } else if(event == MifareNestedWorkerEventNoTagDetected) {
+ mifare_nested_blink_start(mifare_nested);
+
+ with_view_model(
+ plugin_state->view, NestedAttackViewModel * model, { model->lost_tag = true; }, true);
+ } else if(event == MifareNestedWorkerEventCalibrating) {
+ mifare_nested_blink_calibration_start(mifare_nested);
+
+ with_view_model(
+ plugin_state->view,
+ NestedAttackViewModel * model,
+ {
+ model->calibrating = true;
+ model->lost_tag = false;
+ model->need_prediction = false;
+ model->hardnested = false;
+ },
+ true);
+ } else if(event == MifareNestedWorkerEventNeedPrediction) {
+ with_view_model(
+ plugin_state->view,
+ NestedAttackViewModel * model,
+ { model->need_prediction = true; },
+ true);
+ } else if(event == MifareNestedWorkerEventHardnestedStatesFound) {
+ NonceList_t* nonces = mifare_nested->nonces;
+ with_view_model(
+ plugin_state->view,
+ NestedAttackViewModel * model,
+ {
+ model->calibrating = false;
+ model->lost_tag = false;
+ model->hardnested = true;
+ model->hardnested_states = nonces->hardnested_states;
+ },
+ true);
+ }
+
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, event);
+
+ return true;
+}
+
+void mifare_nested_scene_collecting_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ NestedState* nested = mifare_nested->nested_state;
+
+ mifare_nested_worker_start(
+ mifare_nested->worker,
+ mifare_nested->collecting_type,
+ &mifare_nested->nfc_dev->dev_data,
+ mifare_nested_collecting_worker_callback,
+ mifare_nested);
+
+ mifare_nested_blink_start(mifare_nested);
+
+ with_view_model(
+ nested->view,
+ NestedAttackViewModel * model,
+ {
+ model->lost_tag = false;
+ model->nonces_collected = 0;
+ },
+ false);
+
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewCollecting);
+}
+
+bool mifare_nested_scene_collecting_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+
+ bool consumed = false;
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNoncesCollected) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneNoncesCollected);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventAttackFailed) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneFailed);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventNeedKey) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneNoKeys);
+ consumed = true;
+ } else if(event.event == MifareNestedWorkerEventStaticEncryptedNonce) {
+ scene_manager_next_scene(
+ mifare_nested->scene_manager, MifareNestedSceneStaticEncryptedNonce);
+ consumed = true;
+ } else if(
+ event.event == MifareNestedWorkerEventNewNonce ||
+ event.event == MifareNestedWorkerEventNoTagDetected ||
+ event.event == MifareNestedWorkerEventCalibrating ||
+ event.event == MifareNestedWorkerEventNeedPrediction ||
+ event.event == MifareNestedWorkerEventHardnestedStatesFound) {
+ consumed = true;
+ }
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_collecting_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+ mifare_nested_worker_stop(mifare_nested->worker);
+
+ // Clear view
+ mifare_nested_blink_stop(mifare_nested);
+ popup_reset(mifare_nested->popup);
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_config.h b/applications/external/mifare_nested/scenes/mifare_nested_scene_config.h
new file mode 100644
index 000000000..14cf52c4e
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_config.h
@@ -0,0 +1,13 @@
+ADD_SCENE(mifare_nested, start, Start)
+ADD_SCENE(mifare_nested, check, Check)
+ADD_SCENE(mifare_nested, nonces_collected, NoncesCollected)
+ADD_SCENE(mifare_nested, collecting, Collecting)
+ADD_SCENE(mifare_nested, no_keys, NoKeys)
+ADD_SCENE(mifare_nested, check_keys, CheckKeys)
+ADD_SCENE(mifare_nested, added_keys, AddedKeys)
+ADD_SCENE(mifare_nested, failed, Failed)
+ADD_SCENE(mifare_nested, about, About)
+ADD_SCENE(mifare_nested, static_encrypted_nonce, StaticEncryptedNonce)
+ADD_SCENE(mifare_nested, need_key_recovery, NeedKeyRecovery)
+ADD_SCENE(mifare_nested, need_collection, NeedCollection)
+ADD_SCENE(mifare_nested, settings, Settings)
\ No newline at end of file
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_failed.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_failed.c
new file mode 100644
index 000000000..e7d1ee80d
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_failed.c
@@ -0,0 +1,59 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_failed_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_failed_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_error);
+
+ widget_add_icon_element(widget, 73, 13, &I_DolphinCry);
+ widget_add_string_element(
+ widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Failed to preform attack");
+ widget_add_string_element(widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "Try running");
+ widget_add_string_element(
+ widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "\"Nested attack\"");
+ widget_add_string_element(widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "again or check");
+ widget_add_string_element(widget, 0, 42, AlignLeft, AlignTop, FontSecondary, "logs");
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_failed_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_failed_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_failed_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_need_collection.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_need_collection.c
new file mode 100644
index 000000000..ee6e76b40
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_need_collection.c
@@ -0,0 +1,56 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_need_collection_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_need_collection_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_error);
+
+ widget_add_icon_element(widget, 73, 13, &I_DolphinCry);
+ widget_add_string_element(
+ widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Missing collected nonces");
+ widget_add_string_element(
+ widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "Run \"Nested attack\"");
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_need_collection_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_need_collection_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_need_collection_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_need_key_recovery.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_need_key_recovery.c
new file mode 100644
index 000000000..e34b68137
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_need_key_recovery.c
@@ -0,0 +1,59 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_need_key_recovery_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_need_key_recovery_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_error);
+
+ widget_add_icon_element(widget, 74, 13, &I_DolphinCry);
+ widget_add_string_element(
+ widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Missing found keys");
+ widget_add_string_element(
+ widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "First you need to");
+ widget_add_string_element(widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "recover keys");
+ widget_add_string_element(widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "Read \"About\"");
+ widget_add_string_element(widget, 0, 42, AlignLeft, AlignTop, FontSecondary, "for more info");
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_need_key_recovery_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_need_key_recovery_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_need_key_recovery_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_no_keys.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_no_keys.c
new file mode 100644
index 000000000..138cbdbc8
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_no_keys.c
@@ -0,0 +1,61 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_no_keys_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_no_keys_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_success);
+
+ widget_add_icon_element(widget, 73, 13, &I_DolphinCry);
+ widget_add_string_element(widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "No keys found");
+ widget_add_string_element(
+ widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "Scan tag and find at");
+ widget_add_string_element(
+ widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "least one key to");
+ widget_add_string_element(
+ widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "start (save dump");
+ widget_add_string_element(
+ widget, 0, 42, AlignLeft, AlignTop, FontSecondary, "after scanning!)");
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_no_keys_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_no_keys_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_no_keys_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_nonces_collected.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_nonces_collected.c
new file mode 100644
index 000000000..cc543645f
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_nonces_collected.c
@@ -0,0 +1,58 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_nonces_collected_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_nonces_collected_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_success);
+
+ widget_add_icon_element(widget, 52, 17, &I_DolphinSuccess);
+ widget_add_string_element(widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Nonces collected");
+ widget_add_string_element(
+ widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "Now you can run");
+ widget_add_string_element(widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "script on your");
+ widget_add_string_element(widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "PC to recover");
+ widget_add_string_element(widget, 0, 42, AlignLeft, AlignTop, FontSecondary, "keys");
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_nonces_collected_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_nonces_collected_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_nonces_collected_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_settings.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_settings.c
new file mode 100644
index 000000000..09d77f94b
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_settings.c
@@ -0,0 +1,65 @@
+#include "../mifare_nested_i.h"
+#include
+
+enum MifareNestedSettingsIndex { MifareNestedIndexBlock, MifareNestedIndexHardNested };
+
+#define HARD_NESTED_COUNT 2
+const char* const hard_nested_text[HARD_NESTED_COUNT] = {
+ "No",
+ "Yes",
+};
+
+const bool hard_nested_value[HARD_NESTED_COUNT] = {
+ false,
+ true,
+};
+
+static void mifare_nested_scene_settings_set_hard_nested(VariableItem* item) {
+ MifareNested* mifare_nested = variable_item_get_context(item);
+ uint8_t index = variable_item_get_current_value_index(item);
+
+ variable_item_set_current_value_text(item, hard_nested_text[index]);
+ mifare_nested->settings->only_hardnested = hard_nested_value[index];
+}
+
+void mifare_nested_scene_settings_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ VariableItem* item;
+ uint8_t value_index;
+
+ item = variable_item_list_add(
+ mifare_nested->variable_item_list,
+ "Hard Nested only:",
+ HARD_NESTED_COUNT,
+ mifare_nested_scene_settings_set_hard_nested,
+ mifare_nested);
+
+ value_index = value_index_bool(
+ mifare_nested->settings->only_hardnested, hard_nested_value, HARD_NESTED_COUNT);
+
+ variable_item_set_current_value_index(item, value_index);
+ variable_item_set_current_value_text(item, hard_nested_text[value_index]);
+
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewVariableList);
+}
+
+bool mifare_nested_scene_settings_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == MifareNestedCustomEventSceneSettingLock) {
+ scene_manager_previous_scene(mifare_nested->scene_manager);
+ consumed = true;
+ }
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_settings_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+ variable_item_list_set_selected_item(mifare_nested->variable_item_list, 0);
+ variable_item_list_reset(mifare_nested->variable_item_list);
+ scene_manager_set_scene_state(mifare_nested->scene_manager, MifareNestedSceneStart, 0);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_start.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_start.c
new file mode 100644
index 000000000..e8ff25c67
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_start.c
@@ -0,0 +1,84 @@
+#include "../mifare_nested_i.h"
+enum SubmenuIndex {
+ SubmenuIndexCollect,
+ SubmenuIndexCheck,
+ SubmenuIndexSettings,
+ SubmenuIndexAbout
+};
+
+void mifare_nested_scene_start_submenu_callback(void* context, uint32_t index) {
+ MifareNested* mifare_nested = context;
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, index);
+}
+
+void mifare_nested_scene_start_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+
+ Submenu* submenu = mifare_nested->submenu;
+ submenu_add_item(
+ submenu,
+ "Nested attack",
+ SubmenuIndexCollect,
+ mifare_nested_scene_start_submenu_callback,
+ mifare_nested);
+
+ submenu_add_item(
+ submenu,
+ "Check found keys",
+ SubmenuIndexCheck,
+ mifare_nested_scene_start_submenu_callback,
+ mifare_nested);
+
+ submenu_add_item(
+ submenu,
+ "Settings",
+ SubmenuIndexSettings,
+ mifare_nested_scene_start_submenu_callback,
+ mifare_nested);
+
+ submenu_add_item(
+ submenu,
+ "About",
+ SubmenuIndexAbout,
+ mifare_nested_scene_start_submenu_callback,
+ mifare_nested);
+
+ submenu_set_selected_item(
+ submenu,
+ scene_manager_get_scene_state(mifare_nested->scene_manager, MifareNestedSceneStart));
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewMenu);
+}
+
+bool mifare_nested_scene_start_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == SubmenuIndexCollect) {
+ mifare_nested->run = NestedRunAttack;
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneCheck);
+ consumed = true;
+ } else if(event.event == SubmenuIndexCheck) {
+ mifare_nested->run = NestedRunCheckKeys;
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneCheck);
+ consumed = true;
+ } else if(event.event == SubmenuIndexSettings) {
+ mifare_nested->keys->found_keys = 123;
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneSettings);
+ consumed = true;
+ } else if(event.event == SubmenuIndexAbout) {
+ scene_manager_next_scene(mifare_nested->scene_manager, MifareNestedSceneAbout);
+ consumed = true;
+ }
+
+ scene_manager_set_scene_state(
+ mifare_nested->scene_manager, MifareNestedSceneStart, event.event);
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_start_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+ submenu_reset(mifare_nested->submenu);
+}
diff --git a/applications/external/mifare_nested/scenes/mifare_nested_scene_static_encrypted_nonce.c b/applications/external/mifare_nested/scenes/mifare_nested_scene_static_encrypted_nonce.c
new file mode 100644
index 000000000..92cefa72c
--- /dev/null
+++ b/applications/external/mifare_nested/scenes/mifare_nested_scene_static_encrypted_nonce.c
@@ -0,0 +1,58 @@
+#include "../mifare_nested_i.h"
+
+void mifare_nested_scene_static_encrypted_nonce_widget_callback(
+ GuiButtonType result,
+ InputType type,
+ void* context) {
+ MifareNested* mifare_nested = context;
+ if(type == InputTypeShort) {
+ view_dispatcher_send_custom_event(mifare_nested->view_dispatcher, result);
+ }
+}
+
+void mifare_nested_scene_static_encrypted_nonce_on_enter(void* context) {
+ MifareNested* mifare_nested = context;
+ Widget* widget = mifare_nested->widget;
+
+ notification_message(mifare_nested->notifications, &sequence_error);
+
+ widget_add_icon_element(widget, 73, 12, &I_DolphinCry);
+ widget_add_string_element(
+ widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "Static encrypted nonce");
+ widget_add_string_element(widget, 0, 12, AlignLeft, AlignTop, FontSecondary, "This tag isn't");
+ widget_add_string_element(widget, 0, 22, AlignLeft, AlignTop, FontSecondary, "vulnerable to");
+ widget_add_string_element(widget, 0, 32, AlignLeft, AlignTop, FontSecondary, "Nested attack");
+
+ widget_add_button_element(
+ widget,
+ GuiButtonTypeLeft,
+ "Back",
+ mifare_nested_scene_static_encrypted_nonce_widget_callback,
+ mifare_nested);
+
+ // Setup and start worker
+ view_dispatcher_switch_to_view(mifare_nested->view_dispatcher, MifareNestedViewWidget);
+}
+
+bool mifare_nested_scene_static_encrypted_nonce_on_event(void* context, SceneManagerEvent event) {
+ MifareNested* mifare_nested = context;
+ bool consumed = false;
+
+ if(event.type == SceneManagerEventTypeCustom) {
+ if(event.event == GuiButtonTypeCenter || event.event == GuiButtonTypeLeft) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+ } else if(event.type == SceneManagerEventTypeBack) {
+ scene_manager_search_and_switch_to_previous_scene(mifare_nested->scene_manager, 0);
+ consumed = true;
+ }
+
+ return consumed;
+}
+
+void mifare_nested_scene_static_encrypted_nonce_on_exit(void* context) {
+ MifareNested* mifare_nested = context;
+
+ widget_reset(mifare_nested->widget);
+}
diff --git a/applications/external/nfc_magic/application.fam b/applications/external/nfc_magic/application.fam
index db0af81d4..717387d58 100644
--- a/applications/external/nfc_magic/application.fam
+++ b/applications/external/nfc_magic/application.fam
@@ -11,7 +11,7 @@ App(
stack_size=4 * 1024,
order=30,
fap_icon="../../../assets/icons/Archive/Nfc_10px.png",
- fap_category="Tools",
+ fap_category="NFC",
fap_private_libs=[
Lib(
name="magic",
diff --git a/applications/external/picopass/application.fam b/applications/external/picopass/application.fam
index 48cbba316..5c437aa1b 100644
--- a/applications/external/picopass/application.fam
+++ b/applications/external/picopass/application.fam
@@ -11,7 +11,7 @@ App(
stack_size=4 * 1024,
order=30,
fap_icon="125_10px.png",
- fap_category="Tools",
+ fap_category="NFC",
fap_libs=["mbedtls"],
fap_private_libs=[
Lib(
diff --git a/applications/main/archive/scenes/archive_scene_rename.c b/applications/main/archive/scenes/archive_scene_rename.c
index cc4ae5e42..850cde349 100644
--- a/applications/main/archive/scenes/archive_scene_rename.c
+++ b/applications/main/archive/scenes/archive_scene_rename.c
@@ -22,17 +22,21 @@ void archive_scene_rename_on_enter(void* context) {
TextInput* text_input = archive->text_input;
ArchiveFile_t* current = archive_get_current_file(archive->browser);
- FuriString* path_name;
- path_name = furi_string_alloc();
+ FuriString* path_name = furi_string_alloc();
+ FuriString* path_folder = furi_string_alloc();
if(current->type == ArchiveFileTypeFolder) {
+ // Set file ext to empty since we need to see folder name here
+ strcpy(archive->file_extension, "");
+ // Extract folder name and copy into text_store
path_extract_basename(furi_string_get_cstr(current->path), path_name);
strlcpy(archive->text_store, furi_string_get_cstr(path_name), MAX_NAME_LEN);
text_input_set_header_text(text_input, "Rename directory:");
} else /*if(current->type != ArchiveFileTypeUnknown) */ {
+ // Extract file name and copy into text_store
path_extract_filename(current->path, path_name, true);
strlcpy(archive->text_store, furi_string_get_cstr(path_name), MAX_NAME_LEN);
-
+ // Extract file extension for validator and rename func
path_extract_extension(current->path, archive->file_extension, MAX_EXT_LEN);
text_input_set_header_text(text_input, "Rename file:");
} /*else {
@@ -41,6 +45,9 @@ void archive_scene_rename_on_enter(void* context) {
text_input_set_header_text(text_input, "Rename unknown file:");
}*/
+ // Get current folder (for file) or previous folder (for folder) for validator
+ path_extract_dirname(furi_string_get_cstr(current->path), path_folder);
+
text_input_set_result_callback(
text_input,
archive_scene_rename_text_input_callback,
@@ -49,7 +56,13 @@ void archive_scene_rename_on_enter(void* context) {
MAX_TEXT_INPUT_LEN,
false);
+ // Init validator to show message to user that name already exist
+ ValidatorIsFile* validator_is_file = validator_is_file_alloc_init(
+ furi_string_get_cstr(path_folder), archive->file_extension, archive->text_store);
+ text_input_set_validator(text_input, validator_is_file_callback, validator_is_file);
+
furi_string_free(path_name);
+ furi_string_free(path_folder);
view_dispatcher_switch_to_view(archive->view_dispatcher, ArchiveViewTextInput);
}
diff --git a/applications/services/desktop/scenes/desktop_scene_main.c b/applications/services/desktop/scenes/desktop_scene_main.c
index 3c12272a0..e8dfbe2b6 100644
--- a/applications/services/desktop/scenes/desktop_scene_main.c
+++ b/applications/services/desktop/scenes/desktop_scene_main.c
@@ -67,7 +67,9 @@ static void desktop_scene_main_start_favorite(Desktop* desktop, FavoriteApp* app
} else if(strlen(application->name_or_path) > 0) {
status = loader_start(desktop->loader, application->name_or_path, NULL);
} else {
- status = loader_start(desktop->loader, FAP_LOADER_APP_NAME, NULL);
+ // No favourite app is set! So we skipping this part
+ return;
+ //status = loader_start(desktop->loader, FAP_LOADER_APP_NAME, NULL);
}
if(status != LoaderStatusOk) {
diff --git a/lib/lfrfid/protocols/lfrfid_protocols.c b/lib/lfrfid/protocols/lfrfid_protocols.c
index 2c1f0ad97..f07218d7f 100644
--- a/lib/lfrfid/protocols/lfrfid_protocols.c
+++ b/lib/lfrfid/protocols/lfrfid_protocols.c
@@ -16,6 +16,7 @@
#include "protocol_pac_stanley.h"
#include "protocol_keri.h"
#include "protocol_gallagher.h"
+#include "protocol_nexwatch.h"
const ProtocolBase* lfrfid_protocols[] = {
[LFRFIDProtocolEM4100] = &protocol_em4100,
@@ -35,4 +36,5 @@ const ProtocolBase* lfrfid_protocols[] = {
[LFRFIDProtocolPACStanley] = &protocol_pac_stanley,
[LFRFIDProtocolKeri] = &protocol_keri,
[LFRFIDProtocolGallagher] = &protocol_gallagher,
-};
\ No newline at end of file
+ [LFRFIDProtocolNexwatch] = &protocol_nexwatch,
+};
diff --git a/lib/lfrfid/protocols/lfrfid_protocols.h b/lib/lfrfid/protocols/lfrfid_protocols.h
index 848f003a3..0cb7cbc84 100644
--- a/lib/lfrfid/protocols/lfrfid_protocols.h
+++ b/lib/lfrfid/protocols/lfrfid_protocols.h
@@ -25,6 +25,7 @@ typedef enum {
LFRFIDProtocolPACStanley,
LFRFIDProtocolKeri,
LFRFIDProtocolGallagher,
+ LFRFIDProtocolNexwatch,
LFRFIDProtocolMax,
} LFRFIDProtocol;
@@ -39,4 +40,4 @@ typedef struct {
union {
LFRFIDT5577 t5577;
};
-} LFRFIDWriteRequest;
\ No newline at end of file
+} LFRFIDWriteRequest;
diff --git a/lib/lfrfid/protocols/protocol_nexwatch.c b/lib/lfrfid/protocols/protocol_nexwatch.c
new file mode 100644
index 000000000..3bbbb42f5
--- /dev/null
+++ b/lib/lfrfid/protocols/protocol_nexwatch.c
@@ -0,0 +1,323 @@
+#include
+#include
+#include
+#include "lfrfid_protocols.h"
+
+#define NEXWATCH_PREAMBLE_BIT_SIZE (8)
+#define NEXWATCH_PREAMBLE_DATA_SIZE (1)
+
+#define NEXWATCH_ENCODED_BIT_SIZE (96)
+#define NEXWATCH_ENCODED_DATA_SIZE ((NEXWATCH_ENCODED_BIT_SIZE) / 8)
+
+#define NEXWATCH_DECODED_BIT_SIZE (NEXWATCH_DECODED_DATA_SIZE * 8)
+#define NEXWATCH_DECODED_DATA_SIZE (8)
+
+#define NEXWATCH_US_PER_BIT (255)
+#define NEXWATCH_ENCODER_PULSES_PER_BIT (16)
+
+typedef struct {
+ uint8_t magic;
+ char desc[13];
+ uint8_t chk;
+} ProtocolNexwatchMagic;
+
+ProtocolNexwatchMagic magic_items[] = {
+ {0xBE, "Quadrakey", 0},
+ {0x88, "Nexkey", 0},
+ {0x86, "Honeywell", 0}};
+
+typedef struct {
+ uint8_t data_index;
+ uint8_t bit_clock_index;
+ bool last_bit;
+ bool current_polarity;
+ bool pulse_phase;
+} ProtocolNexwatchEncoder;
+
+typedef struct {
+ uint8_t encoded_data[NEXWATCH_ENCODED_DATA_SIZE];
+ uint8_t negative_encoded_data[NEXWATCH_ENCODED_DATA_SIZE];
+ uint8_t corrupted_encoded_data[NEXWATCH_ENCODED_DATA_SIZE];
+ uint8_t corrupted_negative_encoded_data[NEXWATCH_ENCODED_DATA_SIZE];
+
+ uint8_t data[NEXWATCH_DECODED_DATA_SIZE];
+ ProtocolNexwatchEncoder encoder;
+} ProtocolNexwatch;
+
+ProtocolNexwatch* protocol_nexwatch_alloc(void) {
+ ProtocolNexwatch* protocol = malloc(sizeof(ProtocolNexwatch));
+ return protocol;
+};
+
+void protocol_nexwatch_free(ProtocolNexwatch* protocol) {
+ free(protocol);
+};
+
+uint8_t* protocol_nexwatch_get_data(ProtocolNexwatch* protocol) {
+ return protocol->data;
+};
+
+void protocol_nexwatch_decoder_start(ProtocolNexwatch* protocol) {
+ memset(protocol->encoded_data, 0, NEXWATCH_ENCODED_DATA_SIZE);
+ memset(protocol->negative_encoded_data, 0, NEXWATCH_ENCODED_DATA_SIZE);
+ memset(protocol->corrupted_encoded_data, 0, NEXWATCH_ENCODED_DATA_SIZE);
+ memset(protocol->corrupted_negative_encoded_data, 0, NEXWATCH_ENCODED_DATA_SIZE);
+};
+
+static bool protocol_nexwatch_check_preamble(uint8_t* data, size_t bit_index) {
+ // 01010110
+ if(bit_lib_get_bits(data, bit_index, 8) != 0b01010110) return false;
+ return true;
+}
+
+static uint8_t protocol_nexwatch_parity_swap(uint8_t parity) {
+ uint8_t a = (((parity >> 3) & 1));
+ a |= (((parity >> 1) & 1) << 1);
+ a |= (((parity >> 2) & 1) << 2);
+ a |= ((parity & 1) << 3);
+ return a;
+}
+
+static uint8_t protocol_nexwatch_parity(const uint8_t hexid[5]) {
+ uint8_t p = 0;
+ for(uint8_t i = 0; i < 5; i++) {
+ p ^= ((hexid[i]) & 0xF0) >> 4;
+ p ^= ((hexid[i]) & 0x0F);
+ }
+ return protocol_nexwatch_parity_swap(p);
+}
+
+static uint8_t protocol_nexwatch_checksum(uint8_t magic, uint32_t id, uint8_t parity) {
+ uint8_t a = ((id >> 24) & 0xFF);
+ a -= ((id >> 16) & 0xFF);
+ a -= ((id >> 8) & 0xFF);
+ a -= (id & 0xFF);
+ a -= magic;
+ a -= (bit_lib_reverse_8_fast(parity) >> 4);
+ return bit_lib_reverse_8_fast(a);
+}
+
+static bool protocol_nexwatch_can_be_decoded(uint8_t* data) {
+ if(!protocol_nexwatch_check_preamble(data, 0)) return false;
+
+ // Check for reserved word (32-bit)
+ if(bit_lib_get_bits_32(data, 8, 32) != 0) {
+ return false;
+ }
+
+ uint8_t parity = bit_lib_get_bits(data, 76, 4);
+
+ // parity check
+ // from 32b hex id, 4b mode
+ uint8_t hex[5] = {0};
+ for(uint8_t i = 0; i < 5; i++) {
+ hex[i] = bit_lib_get_bits(data, 40 + (i * 8), 8);
+ }
+ //mode is only 4 bits.
+ hex[4] &= 0xf0;
+ uint8_t calc_parity = protocol_nexwatch_parity(hex);
+
+ if(calc_parity != parity) {
+ return false;
+ }
+
+ return true;
+}
+
+static bool protocol_nexwatch_decoder_feed_internal(bool polarity, uint32_t time, uint8_t* data) {
+ time += (NEXWATCH_US_PER_BIT / 2);
+
+ size_t bit_count = (time / NEXWATCH_US_PER_BIT);
+ bool result = false;
+
+ if(bit_count < NEXWATCH_ENCODED_BIT_SIZE) {
+ for(size_t i = 0; i < bit_count; i++) {
+ bit_lib_push_bit(data, NEXWATCH_ENCODED_DATA_SIZE, polarity);
+ if(protocol_nexwatch_can_be_decoded(data)) {
+ result = true;
+ break;
+ }
+ }
+ }
+
+ return result;
+}
+
+static void protocol_nexwatch_descramble(uint32_t* id, uint32_t* scrambled) {
+ // 255 = Not used/Unknown other values are the bit offset in the ID/FC values
+ const uint8_t hex_2_id[] = {31, 27, 23, 19, 15, 11, 7, 3, 30, 26, 22, 18, 14, 10, 6, 2,
+ 29, 25, 21, 17, 13, 9, 5, 1, 28, 24, 20, 16, 12, 8, 4, 0};
+
+ *id = 0;
+ for(uint8_t idx = 0; idx < 32; idx++) {
+ bool bit_state = (*scrambled >> hex_2_id[idx]) & 1;
+ *id |= (bit_state << (31 - idx));
+ }
+}
+
+static void protocol_nexwatch_decoder_save(uint8_t* data_to, const uint8_t* data_from) {
+ uint32_t id = bit_lib_get_bits_32(data_from, 40, 32);
+ data_to[4] = (uint8_t)id;
+ data_to[3] = (uint8_t)(id >>= 8);
+ data_to[2] = (uint8_t)(id >>= 8);
+ data_to[1] = (uint8_t)(id >>= 8);
+ data_to[0] = (uint8_t)(id >>= 8);
+ uint32_t check = bit_lib_get_bits_32(data_from, 72, 24);
+ data_to[7] = (uint8_t)check;
+ data_to[6] = (uint8_t)(check >>= 8);
+ data_to[5] = (uint8_t)(check >>= 8);
+}
+
+bool protocol_nexwatch_decoder_feed(ProtocolNexwatch* protocol, bool level, uint32_t duration) {
+ bool result = false;
+
+ if(duration > (NEXWATCH_US_PER_BIT / 2)) {
+ if(protocol_nexwatch_decoder_feed_internal(level, duration, protocol->encoded_data)) {
+ protocol_nexwatch_decoder_save(protocol->data, protocol->encoded_data);
+ result = true;
+ return result;
+ }
+
+ if(protocol_nexwatch_decoder_feed_internal(
+ !level, duration, protocol->negative_encoded_data)) {
+ protocol_nexwatch_decoder_save(protocol->data, protocol->negative_encoded_data);
+ result = true;
+ return result;
+ }
+ }
+
+ if(duration > (NEXWATCH_US_PER_BIT / 4)) {
+ // Try to decode wrong phase synced data
+ if(level) {
+ duration += 120;
+ } else {
+ if(duration > 120) {
+ duration -= 120;
+ }
+ }
+
+ if(protocol_nexwatch_decoder_feed_internal(
+ level, duration, protocol->corrupted_encoded_data)) {
+ protocol_nexwatch_decoder_save(protocol->data, protocol->corrupted_encoded_data);
+
+ result = true;
+ return result;
+ }
+
+ if(protocol_nexwatch_decoder_feed_internal(
+ !level, duration, protocol->corrupted_negative_encoded_data)) {
+ protocol_nexwatch_decoder_save(
+ protocol->data, protocol->corrupted_negative_encoded_data);
+
+ result = true;
+ return result;
+ }
+ }
+
+ return result;
+};
+
+bool protocol_nexwatch_encoder_start(ProtocolNexwatch* protocol) {
+ memset(protocol->encoded_data, 0, NEXWATCH_ENCODED_DATA_SIZE);
+ *(uint32_t*)&protocol->encoded_data[0] = 0b00000000000000000000000001010110;
+ bit_lib_copy_bits(protocol->encoded_data, 32, 32, protocol->data, 0);
+ bit_lib_copy_bits(protocol->encoded_data, 64, 32, protocol->data, 32);
+
+ protocol->encoder.last_bit =
+ bit_lib_get_bit(protocol->encoded_data, NEXWATCH_ENCODED_BIT_SIZE - 1);
+ protocol->encoder.data_index = 0;
+ protocol->encoder.current_polarity = true;
+ protocol->encoder.pulse_phase = true;
+ protocol->encoder.bit_clock_index = 0;
+
+ return true;
+};
+
+LevelDuration protocol_nexwatch_encoder_yield(ProtocolNexwatch* protocol) {
+ LevelDuration level_duration;
+ ProtocolNexwatchEncoder* encoder = &protocol->encoder;
+
+ if(encoder->pulse_phase) {
+ level_duration = level_duration_make(encoder->current_polarity, 1);
+ encoder->pulse_phase = false;
+ } else {
+ level_duration = level_duration_make(!encoder->current_polarity, 1);
+ encoder->pulse_phase = true;
+
+ encoder->bit_clock_index++;
+ if(encoder->bit_clock_index >= NEXWATCH_ENCODER_PULSES_PER_BIT) {
+ encoder->bit_clock_index = 0;
+
+ bool current_bit = bit_lib_get_bit(protocol->encoded_data, encoder->data_index);
+
+ if(current_bit != encoder->last_bit) {
+ encoder->current_polarity = !encoder->current_polarity;
+ }
+
+ encoder->last_bit = current_bit;
+
+ bit_lib_increment_index(encoder->data_index, NEXWATCH_ENCODED_BIT_SIZE);
+ }
+ }
+
+ return level_duration;
+};
+
+void protocol_nexwatch_render_data(ProtocolNexwatch* protocol, FuriString* result) {
+ uint32_t id = 0;
+ uint32_t scrambled = bit_lib_get_bits_32(protocol->data, 8, 32);
+ protocol_nexwatch_descramble(&id, &scrambled);
+
+ uint8_t m_idx;
+ uint8_t mode = bit_lib_get_bits(protocol->data, 40, 4);
+ uint8_t parity = bit_lib_get_bits(protocol->data, 44, 4);
+ uint8_t chk = bit_lib_get_bits(protocol->data, 48, 8);
+ for(m_idx = 0; m_idx < 3; m_idx++) {
+ magic_items[m_idx].chk = protocol_nexwatch_checksum(magic_items[m_idx].magic, id, parity);
+ if(magic_items[m_idx].chk == chk) {
+ break;
+ }
+ }
+ furi_string_printf(result, "ID: %lu, M:%u\r\nType: %s\r\n", id, mode, magic_items[m_idx].desc);
+}
+
+bool protocol_nexwatch_write_data(ProtocolNexwatch* protocol, void* data) {
+ LFRFIDWriteRequest* request = (LFRFIDWriteRequest*)data;
+ bool result = false;
+
+ protocol_nexwatch_encoder_start(protocol);
+ if(request->write_type == LFRFIDWriteTypeT5577) {
+ request->t5577.block[0] = LFRFID_T5577_MODULATION_PSK1 | LFRFID_T5577_BITRATE_RF_32 |
+ (3 << LFRFID_T5577_MAXBLOCK_SHIFT);
+ request->t5577.block[1] = bit_lib_get_bits_32(protocol->encoded_data, 0, 32);
+ request->t5577.block[2] = bit_lib_get_bits_32(protocol->encoded_data, 32, 32);
+ request->t5577.block[3] = bit_lib_get_bits_32(protocol->encoded_data, 64, 32);
+ request->t5577.blocks_to_write = 4;
+ result = true;
+ }
+ return result;
+};
+
+const ProtocolBase protocol_nexwatch = {
+ .name = "Nexwatch",
+ .manufacturer = "Honeywell",
+ .data_size = NEXWATCH_DECODED_DATA_SIZE,
+ .features = LFRFIDFeaturePSK,
+ .validate_count = 6,
+ .alloc = (ProtocolAlloc)protocol_nexwatch_alloc,
+ .free = (ProtocolFree)protocol_nexwatch_free,
+ .get_data = (ProtocolGetData)protocol_nexwatch_get_data,
+ .decoder =
+ {
+ .start = (ProtocolDecoderStart)protocol_nexwatch_decoder_start,
+ .feed = (ProtocolDecoderFeed)protocol_nexwatch_decoder_feed,
+ },
+ .encoder =
+ {
+ .start = (ProtocolEncoderStart)protocol_nexwatch_encoder_start,
+ .yield = (ProtocolEncoderYield)protocol_nexwatch_encoder_yield,
+ },
+ .render_data = (ProtocolRenderData)protocol_nexwatch_render_data,
+ .render_brief_data = (ProtocolRenderData)protocol_nexwatch_render_data,
+ .write_data = (ProtocolWriteData)protocol_nexwatch_write_data,
+};
diff --git a/lib/lfrfid/protocols/protocol_nexwatch.h b/lib/lfrfid/protocols/protocol_nexwatch.h
new file mode 100644
index 000000000..0872ca7dc
--- /dev/null
+++ b/lib/lfrfid/protocols/protocol_nexwatch.h
@@ -0,0 +1,4 @@
+#pragma once
+#include
+
+extern const ProtocolBase protocol_nexwatch;
diff --git a/lib/subghz/protocols/secplus_v2.c b/lib/subghz/protocols/secplus_v2.c
index d39f794ab..7acfb74ac 100644
--- a/lib/subghz/protocols/secplus_v2.c
+++ b/lib/subghz/protocols/secplus_v2.c
@@ -345,7 +345,7 @@ static void
if(subghz_custom_btn_get_original() == 0) {
subghz_custom_btn_set_original(instance->btn);
}
- subghz_custom_btn_set_max(3);
+ subghz_custom_btn_set_max(4);
}
/**
@@ -377,7 +377,7 @@ static uint64_t subghz_protocol_secplus_v2_encode_half(uint8_t roll_array[], uin
/**
* Defines the button value for the current btn_id
- * Basic set | 0x68 | 0x80 | 0x81 | 0xE2 |
+ * Basic set | 0x68 | 0x80 | 0x81 | 0xE2 | 0x78
* @return Button code
*/
static uint8_t subghz_protocol_secplus_v2_get_btn_code();
@@ -856,6 +856,9 @@ static uint8_t subghz_protocol_secplus_v2_get_btn_code() {
case 0xE2:
btn = 0x80;
break;
+ case 0x78:
+ btn = 0x80;
+ break;
default:
break;
@@ -874,6 +877,9 @@ static uint8_t subghz_protocol_secplus_v2_get_btn_code() {
case 0xE2:
btn = 0x81;
break;
+ case 0x78:
+ btn = 0x81;
+ break;
default:
break;
@@ -892,6 +898,30 @@ static uint8_t subghz_protocol_secplus_v2_get_btn_code() {
case 0xE2:
btn = 0x68;
break;
+ case 0x78:
+ btn = 0xE2;
+ break;
+
+ default:
+ break;
+ }
+ } else if(custom_btn_id == SUBGHZ_CUSTOM_BTN_RIGHT) {
+ switch(original_btn_code) {
+ case 0x68:
+ btn = 0x78;
+ break;
+ case 0x80:
+ btn = 0x78;
+ break;
+ case 0x81:
+ btn = 0x78;
+ break;
+ case 0xE2:
+ btn = 0x78;
+ break;
+ case 0x78:
+ btn = 0x68;
+ break;
default:
break;