]>
Commit | Line | Data |
---|---|---|
ae3340a0 OM |
1 | //----------------------------------------------------------------------------- |
2 | // Copyright (C) 2018 Merlok | |
3 | // | |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
5 | // at your option, any later version. See the LICENSE.txt file for the text of | |
6 | // the license. | |
7 | //----------------------------------------------------------------------------- | |
8 | // iso14443-4 mifare commands | |
9 | //----------------------------------------------------------------------------- | |
10 | ||
11 | #include "mifare4.h" | |
12 | #include <ctype.h> | |
13 | #include <string.h> | |
14 | #include "cmdhf14a.h" | |
15 | #include "util.h" | |
16 | #include "ui.h" | |
17 | #include "polarssl/libpcrypto.h" | |
18 | ||
19 | int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) { | |
20 | uint8_t data[257] = {0}; | |
21 | int datalen = 0; | |
22 | ||
23 | uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00}; | |
24 | uint8_t Rnd2[17] = {0}; | |
25 | ||
26 | if (session) | |
27 | session->Authenticated = false; | |
28 | ||
29 | uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00}; | |
30 | int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen); | |
31 | if (res) { | |
32 | PrintAndLog("ERROR exchande raw error: %d", res); | |
33 | DropField(); | |
34 | return 2; | |
35 | } | |
36 | ||
37 | if (verbose) | |
38 | PrintAndLog("<phase1: %s", sprint_hex(data, datalen)); | |
39 | ||
40 | if (datalen < 1) { | |
41 | PrintAndLog("ERROR: card response length: %d", datalen); | |
42 | DropField(); | |
43 | return 3; | |
44 | } | |
45 | ||
46 | if (data[0] != 0x90) { | |
47 | PrintAndLog("ERROR: card response error: %02x", data[2]); | |
48 | DropField(); | |
49 | return 3; | |
50 | } | |
51 | ||
52 | if (datalen != 19) { // code 1b + 16b + crc 2b | |
53 | PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen); | |
54 | DropField(); | |
55 | return 3; | |
56 | } | |
57 | ||
58 | aes_decode(NULL, key, &data[1], Rnd2, 16); | |
59 | Rnd2[16] = Rnd2[0]; | |
60 | if (verbose) | |
61 | PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16)); | |
62 | ||
63 | uint8_t cmd2[33] = {0}; | |
64 | cmd2[0] = 0x72; | |
65 | ||
66 | uint8_t raw[32] = {0}; | |
67 | memmove(raw, Rnd1, 16); | |
68 | memmove(&raw[16], &Rnd2[1], 16); | |
69 | ||
70 | aes_encode(NULL, key, raw, &cmd2[1], 32); | |
71 | if (verbose) | |
72 | PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33)); | |
73 | ||
74 | res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen); | |
75 | if (res) { | |
76 | PrintAndLog("ERROR exchande raw error: %d", res); | |
77 | DropField(); | |
78 | return 4; | |
79 | } | |
80 | ||
81 | if (verbose) | |
82 | PrintAndLog("<phase2: %s", sprint_hex(data, datalen)); | |
83 | ||
84 | aes_decode(NULL, key, &data[1], raw, 32); | |
85 | ||
86 | if (verbose) { | |
87 | PrintAndLog("res: %s", sprint_hex(raw, 32)); | |
88 | PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16)); | |
89 | } | |
90 | ||
91 | if (memcmp(&raw[4], &Rnd1[1], 16)) { | |
92 | PrintAndLog("\nERROR: Authentication FAILED. rnd not equal"); | |
93 | if (verbose) { | |
94 | PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16)); | |
95 | PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16)); | |
96 | } | |
97 | DropField(); | |
98 | return 5; | |
99 | } | |
100 | ||
101 | if (!leaveSignalON) | |
102 | DropField(); | |
103 | ||
104 | if (verbose) | |
105 | PrintAndLog(""); | |
106 | ||
107 | if (session) { | |
108 | session->Authenticated = true; | |
109 | session->KeyNum = keyn[1] + (keyn[0] << 8); | |
110 | memmove(session->Rnd1, Rnd1, 16); | |
111 | memmove(session->Rnd2, Rnd2, 16); | |
112 | } | |
113 | ||
114 | PrintAndLog("Authentication OK"); | |
115 | ||
116 | return 0; | |
117 | } | |
118 |