Mfp commands (#698)
[proxmark3-svn] / client / mifare4.c
CommitLineData
ae3340a0
OM
1//-----------------------------------------------------------------------------
2// Copyright (C) 2018 Merlok
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// iso14443-4 mifare commands
9//-----------------------------------------------------------------------------
10
11#include "mifare4.h"
12#include <ctype.h>
13#include <string.h>
14#include "cmdhf14a.h"
15#include "util.h"
16#include "ui.h"
17#include "polarssl/libpcrypto.h"
18
19int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
20 uint8_t data[257] = {0};
21 int datalen = 0;
22
23 uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
24 uint8_t Rnd2[17] = {0};
25
26 if (session)
27 session->Authenticated = false;
28
29 uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
30 int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
31 if (res) {
32 PrintAndLog("ERROR exchande raw error: %d", res);
33 DropField();
34 return 2;
35 }
36
37 if (verbose)
38 PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
39
40 if (datalen < 1) {
41 PrintAndLog("ERROR: card response length: %d", datalen);
42 DropField();
43 return 3;
44 }
45
46 if (data[0] != 0x90) {
47 PrintAndLog("ERROR: card response error: %02x", data[2]);
48 DropField();
49 return 3;
50 }
51
52 if (datalen != 19) { // code 1b + 16b + crc 2b
53 PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
54 DropField();
55 return 3;
56 }
57
58 aes_decode(NULL, key, &data[1], Rnd2, 16);
59 Rnd2[16] = Rnd2[0];
60 if (verbose)
61 PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
62
63 uint8_t cmd2[33] = {0};
64 cmd2[0] = 0x72;
65
66 uint8_t raw[32] = {0};
67 memmove(raw, Rnd1, 16);
68 memmove(&raw[16], &Rnd2[1], 16);
69
70 aes_encode(NULL, key, raw, &cmd2[1], 32);
71 if (verbose)
72 PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
73
74 res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
75 if (res) {
76 PrintAndLog("ERROR exchande raw error: %d", res);
77 DropField();
78 return 4;
79 }
80
81 if (verbose)
82 PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
83
84 aes_decode(NULL, key, &data[1], raw, 32);
85
86 if (verbose) {
87 PrintAndLog("res: %s", sprint_hex(raw, 32));
88 PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
89 }
90
91 if (memcmp(&raw[4], &Rnd1[1], 16)) {
92 PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
93 if (verbose) {
94 PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
95 PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
96 }
97 DropField();
98 return 5;
99 }
100
101 if (!leaveSignalON)
102 DropField();
103
104 if (verbose)
105 PrintAndLog("");
106
107 if (session) {
108 session->Authenticated = true;
109 session->KeyNum = keyn[1] + (keyn[0] << 8);
110 memmove(session->Rnd1, Rnd1, 16);
111 memmove(session->Rnd2, Rnd2, 16);
112 }
113
114 PrintAndLog("Authentication OK");
115
116 return 0;
117}
118
Impressum, Datenschutz