port cve-2021-34600 poc, fix device desfire aes crypto #1594
Commits on Feb 9, 2022
-
-
Fix device desfire AES en-/decryption
This commit fixes `mifare_cypher_single_block()` when used with `T_AES`. `mifare_cypher_single_block()` essentially re-implements CBC mode for all used ciphers by XOR-ing the IV with the data either before encryption or after decryption and using AES in ECB mode. However, for AES encryption `mbedtls_aes_crypt_cbc()` was then called to perform the en-/decryption operation, which then also XOR-ed the IV with the data, all of which resulted in the wrong en-/decryption of the data. This is fixed by replacing the call to `mbedtls_aes_crypt_cbc()` with a call to `mbedtls_aes_crypt_ecb()`.
-
Add support for performing the attack on systems affected by CVE-2021-34600. For this, this commit adds the commands `hf mfdesbrute get_challenge` and `hf mfdesbrute open_door`.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.