proxmark3
proxmark3 copied to clipboard
port cve-2021-34600 poc, fix device desfire aes crypto
Hey!
This PR adds support for performing the attack enabled by CVE-2021-34600. Details on how this attack works can be found on our blog. This isn't 100% complete, yet, but since I won't be able to work on this until March I am already creating a pull request so that anyone who's interested can play around with it or potentially provide some feedback in the meantime.
A few issues remain:
- Cancelling the simulator via the Proxmark's button does not work properly. While it seems that the simulation is stopped, it's not possible to enter any new commands on the client side. The Proxmark needs to be powercycled to get out of this state.
- The current implementation only works for DESFire EV1/2 tags using AES keys. DES modes are not supported.
- A
free()
indesfire_crypto.c
had to be commented out due to linker errors.
You are welcome to add an entry to the CHANGELOG.md as well
Nice!, lets see if it can be completed.