[proxmark3-svn] / client / mifare4.c

//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// iso14443-4 mifare commands
//-----------------------------------------------------------------------------

#include "mifare4.h"
#include <ctype.h>
#include <string.h>
#include "cmdhf14a.h"
#include "util.h"
#include "ui.h"
#include "polarssl/libpcrypto.h"

int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
	uint8_t data[257] = {0};
	int datalen = 0;
	
	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
	uint8_t Rnd2[17] = {0};
	
	if (session)
		session->Authenticated = false;	
	
	uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
	if (res) {
		PrintAndLog("ERROR exchande raw error: %d", res);
		DropField();
		return 2;
	}
	
	if (verbose)
		PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
		
	if (datalen < 1) {
		PrintAndLog("ERROR: card response length: %d", datalen);
		DropField();
		return 3;
	}
	
	if (data[0] != 0x90) {
		PrintAndLog("ERROR: card response error: %02x", data[2]);
		DropField();
		return 3;
	}

	if (datalen != 19) { // code 1b + 16b + crc 2b
		PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
		DropField();
		return 3;
	}
	
    aes_decode(NULL, key, &data[1], Rnd2, 16);
	Rnd2[16] = Rnd2[0];
	if (verbose)
		PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));

	uint8_t cmd2[33] = {0};
	cmd2[0] = 0x72;

	uint8_t raw[32] = {0};
	memmove(raw, Rnd1, 16);
	memmove(&raw[16], &Rnd2[1], 16);

	aes_encode(NULL, key, raw, &cmd2[1], 32);
	if (verbose)
		PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
	
	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
	if (res) {
		PrintAndLog("ERROR exchande raw error: %d", res);
		DropField();
		return 4;
	}
	
	if (verbose)
		PrintAndLog("<phase2: %s", sprint_hex(data, datalen));

	aes_decode(NULL, key, &data[1], raw, 32);
	
	if (verbose) {
		PrintAndLog("res: %s", sprint_hex(raw, 32));
		PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
	}

	if (memcmp(&raw[4], &Rnd1[1], 16)) {
		PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
		if (verbose) {
			PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
			PrintAndLog("rnd1   card: %s", sprint_hex(&raw[4], 16));
		}
		DropField();
		return 5;
	}

	if (!leaveSignalON)
		DropField();

	if (verbose)
		PrintAndLog("");

	if (session) {
		session->Authenticated = true;
		session->KeyNum = keyn[1] + (keyn[0] << 8);
		memmove(session->Rnd1, Rnd1, 16);
		memmove(session->Rnd2, Rnd2, 16);
	}
	
	PrintAndLog("Authentication OK");
	
	return 0;
}
Commit	Line	Data
ae3340a0 OM	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2018 Merlok
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// iso14443-4 mifare commands
	9	//-----------------------------------------------------------------------------
	10
	11	#include "mifare4.h"
	12	#include <ctype.h>
	13	#include <string.h>
	14	#include "cmdhf14a.h"
	15	#include "util.h"
	16	#include "ui.h"
	17	#include "polarssl/libpcrypto.h"
	18
	19	int MifareAuth4(mf4Session session, uint8_t keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
	20	uint8_t data[257] = {0};
	21	int datalen = 0;
	22
	23	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
	24	uint8_t Rnd2[17] = {0};
	25
	26	if (session)
	27	session->Authenticated = false;
	28
	29	uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
	30	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
	31	if (res) {
	32	PrintAndLog("ERROR exchande raw error: %d", res);
	33	DropField();
	34	return 2;
	35	}
	36
	37	if (verbose)
	38	PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
	39
	40	if (datalen < 1) {
	41	PrintAndLog("ERROR: card response length: %d", datalen);
	42	DropField();
	43	return 3;
	44	}
	45
	46	if (data[0] != 0x90) {
	47	PrintAndLog("ERROR: card response error: %02x", data[2]);
	48	DropField();
	49	return 3;
	50	}
	51
	52	if (datalen != 19) { // code 1b + 16b + crc 2b
	53	PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
	54	DropField();
	55	return 3;
	56	}
	57
	58	aes_decode(NULL, key, &data[1], Rnd2, 16);
	59	Rnd2[16] = Rnd2[0];
	60	if (verbose)
	61	PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
	62
	63	uint8_t cmd2[33] = {0};
	64	cmd2[0] = 0x72;
65
66	uint8_t raw[32] = {0};
67	memmove(raw, Rnd1, 16);
68	memmove(&raw[16], &Rnd2[1], 16);
69
70	aes_encode(NULL, key, raw, &cmd2[1], 32);
71	if (verbose)
72	PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
73
74	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
75	if (res) {
76	PrintAndLog("ERROR exchande raw error: %d", res);
77	DropField();
78	return 4;
79	}
80
81	if (verbose)
82	PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
83
84	aes_decode(NULL, key, &data[1], raw, 32);
85
86	if (verbose) {
87	PrintAndLog("res: %s", sprint_hex(raw, 32));
88	PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
89	}
90
91	if (memcmp(&raw[4], &Rnd1[1], 16)) {
92	PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
93	if (verbose) {
94	PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
95	PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
96	}
97	DropField();
98	return 5;
99	}
100
101	if (!leaveSignalON)
102	DropField();
103
104	if (verbose)
105	PrintAndLog("");
106
107	if (session) {
108	session->Authenticated = true;
109	session->KeyNum = keyn[1] + (keyn[0] << 8);
110	memmove(session->Rnd1, Rnd1, 16);
111	memmove(session->Rnd2, Rnd2, 16);
112	}
113
114	PrintAndLog("Authentication OK");
115
116	return 0;
117	}
118