Created
August 16, 2024 23:55
-
-
Save dmaynor/f1973ae244b5c2ed83d3b8e19f798f97 to your computer and use it in GitHub Desktop.
Mifare crypto backdoor flipper app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Creating a Flipper Zero app to test for this attack involves writing a script that can interact with the RFID module on the Flipper Zero to perform the necessary steps. The Flipper Zero uses a scripting language called **.fap** (Flipper App) format, typically written in C or a high-level scripting language, but it also supports custom Python-like scripting with `flipperzero-tui`. | |
| Here's a basic outline for creating an app that can check for the presence of the backdoor key on a MIFARE Classic card. Note that this is a simplified version and assumes some familiarity with Flipper Zero's development environment. | |
| ### **Step 1: Set Up the Development Environment** | |
| 1. **Install Flipper Zero SDK:** | |
| - Follow the official [Flipper Zero documentation](https://github.com/flipperdevices/flipperzero-firmware) to set up the SDK and development environment. | |
| 2. **Clone the Flipper Zero Firmware:** | |
| - Clone the firmware repository from GitHub, which contains examples and the necessary tools to create and compile custom apps. | |
| ### **Step 2: Create the Application Structure** | |
| 1. **Create a New App Directory:** | |
| - In the `applications_user` directory, create a new directory for your app, e.g., `mifare_backdoor_test`. | |
| 2. **Create the App's C File:** | |
| - Inside your new directory, create a `mifare_backdoor_test.c` file. This will contain the logic for your app. | |
| ### **Step 3: Write the Code** | |
| Below is an example of how to write a simple Flipper Zero app that tests for the presence of a backdoor key. This code will attempt to authenticate to a MIFARE Classic card using a known backdoor key and check for a response. | |
| ```c | |
| #include <furi.h> | |
| #include <gui/gui.h> | |
| #include <input/input.h> | |
| #include <notification/notification_messages.h> | |
| #include <rfid/rfid.h> | |
| #include <rfid/mifare_classic.h> | |
| #define BACKDOOR_KEY "\xA3\x96\xEF\xA4\xE2\x4F" | |
| void mifare_backdoor_test_app(void) { | |
| NotificationApp* notifications = furi_record_open(RECORD_NOTIFICATION); | |
| // Initialize the RFID session | |
| Rfid* rfid = furi_record_open(RECORD_RFID); | |
| if(rfid_start(rfid)) { | |
| // Scan for a card | |
| MifareClassicCard card; | |
| if(rfid_mifare_classic_select(rfid, &card) == RfidResultOk) { | |
| furi_log_info("Card found with UID: %02X%02X%02X%02X", | |
| card.uid[0], card.uid[1], card.uid[2], card.uid[3]); | |
| // Attempt to authenticate using the backdoor key | |
| RfidResult result = rfid_mifare_classic_authenticate( | |
| rfid, | |
| &card, | |
| 0x00, // Block number | |
| MifareKeyA, // Key type (A or B) | |
| BACKDOOR_KEY | |
| ); | |
| if(result == RfidResultOk) { | |
| // Successful authentication with backdoor key | |
| notifications_message(notifications, &sequence_success); | |
| furi_log_info("Backdoor key authenticated successfully."); | |
| } else { | |
| // Authentication failed | |
| notifications_message(notifications, &sequence_fail); | |
| furi_log_error("Backdoor key authentication failed."); | |
| } | |
| } else { | |
| notifications_message(notifications, &sequence_error); | |
| furi_log_error("No card detected."); | |
| } | |
| rfid_stop(rfid); | |
| } else { | |
| notifications_message(notifications, &sequence_error); | |
| furi_log_error("Failed to start RFID."); | |
| } | |
| furi_record_close(RECORD_RFID); | |
| furi_record_close(RECORD_NOTIFICATION); | |
| } | |
| int32_t mifare_backdoor_test_app_main(void* p) { | |
| Gui* gui = furi_record_open(RECORD_GUI); | |
| gui_add_view(gui, &view_main); | |
| // Run the app | |
| mifare_backdoor_test_app(); | |
| gui_remove_view(gui, &view_main); | |
| furi_record_close(RECORD_GUI); | |
| return 0; | |
| } | |
| ``` | |
| ### **Step 4: Compile and Install the App** | |
| 1. **Compile the App:** | |
| - Use the Flipper Zero SDK to compile your app. Navigate to the root of your firmware repository and run: | |
| ```sh | |
| ./fbt launch_app_mifare_backdoor_test | |
| ``` | |
| 2. **Deploy to Flipper Zero:** | |
| - After compilation, the app should be available on your Flipper Zero. You can then test it directly from the device. | |
| ### **Step 5: Testing and Debugging** | |
| 1. **Test on Real Hardware:** | |
| - Insert your MIFARE Classic card and run the app. Observe the notifications to see if the backdoor key was successfully authenticated. | |
| 2. **Debugging:** | |
| - Use the Flipper Zero logging tools and serial output to debug any issues during testing. | |
| ### **Conclusion** | |
| This app is a basic example of how to test for the presence of a backdoor key on a MIFARE Classic card using the Flipper Zero. It can be expanded with additional functionality, such as reading nonces, performing nested attacks, or more sophisticated logging and user interface elements. | |
| While the Flipper Zero is capable of performing basic RFID operations, it's essential to remember that it might not handle all the complex operations required for the full attack as effectively as a Proxmark3. However, this app provides a starting point for more extensive testing and development. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is ChatGPT.