Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation Fault when cracking #1

Open
karunsiri opened this issue Jul 1, 2020 · 5 comments
Open

Segmentation Fault when cracking #1

karunsiri opened this issue Jul 1, 2020 · 5 comments

Comments

@karunsiri
Copy link

A segmentation fault will occur when starting to crack the card with mfoc-hardnested.
I notice from the README that this repo uses similar techniques from https://github.com/vk496/mfoc. The code from that repo also raises segmentation fault: 11, so I included the excerpt of the run output from the code from that repo at the end of this issue, too. In case it helps. It fails around Apply bit flip properties step.

Platform & OS:
MacOS Catalina 10.15.5
CPU Intel i7-9750H
Ram 16GB

Configure & build using:

autoreconf -is
./configure
make && sudo make install

./configure output

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
./configure: line 2914: AX_CFLAGS_WARN_ALL: command not found
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
checking for pkg-config... /usr/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libnfc >= 1.7.0... yes
checking for liblzma... yes
checking build system type... x86_64-apple-darwin19.5.0
checking host system type... x86_64-apple-darwin19.5.0
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... -D_THREAD_SAFE
checking for PTHREAD_PRIO_INHERIT... yes
checking for log in -lm... yes
checking for inline... inline
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for stdbool.h that conforms to C99... yes
checking for _Bool... yes
checking for size_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible realloc... yes
checking for memset... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands

make output:

/Library/Developer/CommandLineTools/usr/bin/make  all-recursive
Making all in src
  CC       crapto1.o
  CC       crypto1.o
  CC       mfoc.o
  CC       mifare.o
  CC       nfc-utils.o
  CC       parity.o
  CC       hardnested/hardnested_cpu_dispatch.o
  CC       hardnested/hardnested_bruteforce.o
  CC       hardnested/tables.o
  CC       cmdhfmfhard.o
  CC       util.o
  CC       util_posix.o
  CC       ui.o
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_SSE2.o hardnested/hardnested_bf_core_SSE2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX.o hardnested/hardnested_bf_core_AVX.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bf_core_AVX2.o hardnested/hardnested_bf_core_AVX2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bf_core_AVX512.o hardnested/hardnested_bf_core_AVX512.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mno-avx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_SSE2.o hardnested/hardnested_bitarray_core_SSE2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mno-avx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX.o hardnested/hardnested_bitarray_core_AVX.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mno-avx512f -c -o hardnested/hardnested_bitarray_core_AVX2.o hardnested/hardnested_bitarray_core_AVX2.c
gcc  -O3 -DX86_SIMD -std=c99 -mmmx -msse2 -mavx -mavx2 -mavx512f -c -o hardnested/hardnested_bitarray_core_AVX512.o hardnested/hardnested_bitarray_core_AVX512.c
  CCLD     mfoc-hardnested

mfoc run output from https://github.com/vk496/mfoc.

Sector 11 - Unknown Key A               Found   Key B: ffffffffffff
Sector 12 - Unknown Key A               Found   Key B: ffffffffffff
Sector 13 - Unknown Key A               Found   Key B: ffffffffffff
Sector 14 - Unknown Key A               Found   Key B: ffffffffffff
Sector 15 - Unknown Key A               Found   Key B: ffffffffffff


Using sector 15 as an exploit sector
Card is not vulnerable to nested attack

Using AVX2 SIMD core.



 time    | trg | #nonces | Activity                                                | expected to brute force
         |     |         |                                                         | #states         | time
-------------------------------------------------------------------------------------------------------------
       0 |  0? |       0 | Start using 12 threads and AVX2 SIMD core               |                 |
       0 |  0? |       0 | Brute force benchmark: 317 million (2^28.2) keys/s      | 140737488355328 |    5d
       0 |  0? |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |    5d
       4 |  0A |      18 | Apply bit flip properties                               |  54228122861568 |    2d          
zsh: segmentation fault  mfoc -O circle.card
@gelotus
Copy link
Collaborator

gelotus commented Jul 1, 2020

Do you have access to linux install on the same machine? Can you try to exec with linux on the same machine for understanding if it is a macos specific memory allocation problem?

@karunsiri
Copy link
Author

Ah yes I do. I will try on the linux box and will report back again 👍

@monai
Copy link

monai commented Aug 3, 2020

I can confirm that it crashes on macOs and Linux.

Core file '/cores/core.9764' (x86_64) was loaded.
(lldb) bt
* thread #1, stop reason = signal SIGSTOP
  * frame #0: 0x00000001080331df mfoc-hardnested`next_state + 175
    frame #1: 0x00000001080330f8 mfoc-hardnested`bitarray_to_list + 136
    frame #2: 0x000000010802f6c0 mfoc-hardnested`add_bitflip_candidates + 256
    frame #3: 0x000000010802d5d1 mfoc-hardnested`mfnestedhard + 977
    frame #4: 0x00000001080251e0 mfoc-hardnested`main + 8544
    frame #5: 0x00007fff673accc9 libdyld.dylib`start + 1
(lldb) f
frame #0: 0x00000001080331df mfoc-hardnested`next_state + 175
mfoc-hardnested`next_state:
->  0x1080331df <+175>: cmp    dword ptr [rcx + 4*rsi], 0x0
    0x1080331e3 <+179>: mov    byte ptr [rbp - 0x21], al
    0x1080331e6 <+182>: jne    0x1080331f9               ; <+201>
    0x1080331ec <+188>: cmp    dword ptr [rbp - 0x14], 0x1000000

@mattiarainieri
Copy link

I have the same problem on rapsberry pi

@ld21
Copy link

ld21 commented May 23, 2022

I get a «killed» when using the software on Debian bullseye on a RPi 2:

time    | trg | #nonces | Activity                                                | expected to brute force          
         |     |         |                                                         | #states         | time           
-------------------------------------------------------------------------------------------------------------          
       0 |  1A |       0 | Start using 4 threads                                   |                 |          
       0 |  1A |       0 | Brute force benchmark: 15 million (2^23.9) keys/s       | 140737488355328 |  106d          
      39 |  1A |       0 | Using 235 precalculated bitflip state tables            | 140737488355328 |  106d          Killed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants