[proxmark3-svn] / armsrc / hitag2.c

//-----------------------------------------------------------------------------
// (c) 2009 Henryk Plötz <henryk@ploetzli.ch>
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Hitag2 emulation
//
// Contains state and functions for an emulated Hitag2 tag. Offers an entry
// point to handle commands, needs a callback to send response.
//-----------------------------------------------------------------------------

#include "proxmark3.h"
#include "apps.h"
#include "util.h"
#include "hitag2.h"
#include "string.h"

struct hitag2_cipher_state {
	uint64_t state;
};

struct hitag2_tag {
	uint32_t uid;
	enum {
		TAG_STATE_RESET,          // Just powered up, awaiting GetSnr
		TAG_STATE_ACTIVATING,     // In activation phase (password mode), sent UID, awaiting reader password
		TAG_STATE_AUTHENTICATING, // In activation phase (crypto mode), awaiting reader authentication
		TAG_STATE_ACTIVATED,      // Activation complete, awaiting read/write commands
		TAG_STATE_WRITING,        // In write command, awaiting sector contents to be written
	} state;
	unsigned int active_sector;
	char crypto_active;
	struct hitag2_cipher_state cs;
	char sectors[8][4];
};

static void hitag2_cipher_reset(struct hitag2_tag *tag, const char *challenge);
static int hitag2_cipher_authenticate(struct hitag2_cipher_state *cs, const char *authenticator);
static int hitag2_cipher_transcrypt(struct hitag2_cipher_state *cs, char *data, unsigned int bytes, unsigned int bits);

static struct hitag2_tag tag;
static const struct hitag2_tag resetdata = {
		.state = TAG_STATE_RESET,
		.sectors = {                                     // Password mode:               | Crypto mode:
				[0] = { 0x35, 0x33, 0x70, 0x11}, // UID                          | UID
				[1] = { 0x4d, 0x49, 0x4b, 0x52}, // Password RWD                 | 32 bit LSB key
				[2] = { 0x20, 0xf0, 0x4f, 0x4e}, // Reserved                     | 16 bit MSB key, 16 bit reserved
				[3] = { 0x0e, 0xaa, 'H', 'T'},   // Configuration, password TAG  | Configuration, password TAG
		},
};

int hitag2_reset(void)
{
	tag.state = TAG_STATE_RESET;
	tag.crypto_active = 0;
	return 0;
}

int hitag2_init(void)
{
	memcpy(&tag, &resetdata, sizeof(tag));
	hitag2_reset();
	return 0;
}

int hitag2_handle_command(const char* data, const int length, hitag2_response_callback_t cb, void *cb_cookie)
{
	(void)data; (void)length; (void)cb; (void)cb_cookie;
	int retry = 0, done = 0, result=0;
	char temp[10];

	if(tag.crypto_active && length < sizeof(temp)*8) {
		/* Decrypt command */
		memcpy(temp, data, (length+7)/8);
		hitag2_cipher_transcrypt(&(tag.cs), temp, length/8, length%8);
		data = temp;
	}


handle_command_retry:
	switch(tag.state) {
	case TAG_STATE_RESET:
		if(length == 5 && data[0] == 0xC0) {
			/* Received 11000 from the reader, request for UID, send UID */
			result=cb(tag.sectors[0], sizeof(tag.sectors[0])*8, 208, cb_cookie);
			done=1;
			if(tag.sectors[3][0] & 0x08) {
				tag.state=TAG_STATE_AUTHENTICATING;
			} else {
				tag.state=TAG_STATE_ACTIVATING;
			}
		}
		break;
	case TAG_STATE_ACTIVATING:
		if(length == 0x20) {
			/* Received RWD password, respond with configuration and our password */
			result=cb(tag.sectors[3], sizeof(tag.sectors[3])*8, 208, cb_cookie);
			done=1;
			tag.state=TAG_STATE_ACTIVATED;
		}
		break;
	case TAG_STATE_AUTHENTICATING:
		if(length == 0x40) {
			/* Received initialisation vector || authentication token, fire up cipher, send our password */
			hitag2_cipher_reset(&tag, data);
			if(hitag2_cipher_authenticate(&(tag.cs), data+4)) {
				char response_enc[4];
				memcpy(response_enc, tag.sectors[3], 4);
				hitag2_cipher_transcrypt(&(tag.cs), response_enc, 4, 0);
				result=cb(response_enc, 4*8, 208, cb_cookie);
				done=1;
				tag.crypto_active = 1;
				tag.state = TAG_STATE_ACTIVATED;
			} else {
				/* The reader failed to authenticate, do nothing */
				DbpString("Reader authentication failed");
			}
		}
		break;
	case TAG_STATE_ACTIVATED:
		if(length == 10) {
			if( ((data[0] & 0xC0) == 0xC0) && ((data[0] & 0x06) == 0) ) {
				/* Read command: 11xx x00y  yy with yyy == ~xxx, xxx is sector number */
				unsigned int sector = (~( ((data[0]<<2)&0x04) | ((data[1]>>6)&0x03) ) & 0x07);
				if(sector == ( (data[0]>>3)&0x07 ) ) {
					memcpy(temp, tag.sectors[sector], 4);
					if(tag.crypto_active) {
						hitag2_cipher_transcrypt(&(tag.cs), temp, 4, 0);
					}
					/* Respond with contents of sector sector */
					result = cb(temp, 4*8, 208, cb_cookie);
					done=1;
				} else {
					/* transmission error */
					DbpString("Transmission error (read) in activated state");
				}
			} else if( ((data[0] & 0xC0) == 0x80) && ((data[0] & 0x06) == 2) ) {
				/* Write command: 10xx x01y  yy with yyy == ~xxx, xxx is sector number */
				unsigned int sector = (~( ((data[0]<<2)&0x04) | ((data[1]>>6)&0x03) ) & 0x07);
				if(sector == ( (data[0]>>3)&0x07 ) ) {
					/* Prepare write, acknowledge by repeating command */
					if(tag.crypto_active) {
						hitag2_cipher_transcrypt(&(tag.cs), temp, length/8, length%8);
					}
					result = cb(data, length, 208, cb_cookie);
					done=1;
					tag.active_sector = sector;
					tag.state=TAG_STATE_WRITING;
				} else {
					/* transmission error */
					DbpString("Transmission error (write) in activated state");
				}
			}

		}
	case TAG_STATE_WRITING:
		if(length == 32) {
			/* These are the sector contents to be written. We don't have to do anything else. */
			memcpy(tag.sectors[tag.active_sector], data, length/8);
			tag.state=TAG_STATE_ACTIVATED;
			done=1;
		}
	}

	if(!done && !retry) {
		/* We didn't respond, maybe our state is faulty. Reset and try again. */
		retry=1;
		if(tag.crypto_active) {
			/* Restore undeciphered data */
			memcpy(temp, data, (length+7)/8);
		}
		hitag2_reset();
		goto handle_command_retry;
	}

	return result;
}

/* Following is a modified version of cryptolib.com/ciphers/hitag2/ */
// Software optimized 48-bit Philips/NXP Mifare Hitag2 PCF7936/46/47/52 stream cipher algorithm by I.C. Wiener 2006-2007.
// For educational purposes only.
// No warranties or guarantees of any kind.
// This code is released into the public domain by its author.

// Basic macros:

#define u8				uint8_t
#define u32				uint32_t
#define u64				uint64_t
#define rev8(x)			((((x)>>7)&1)+((((x)>>6)&1)<<1)+((((x)>>5)&1)<<2)+((((x)>>4)&1)<<3)+((((x)>>3)&1)<<4)+((((x)>>2)&1)<<5)+((((x)>>1)&1)<<6)+(((x)&1)<<7))
#define rev16(x)		(rev8 (x)+(rev8 (x>> 8)<< 8))
#define rev32(x)		(rev16(x)+(rev16(x>>16)<<16))
#define rev64(x)		(rev32(x)+(rev32(x>>32)<<32))
#define bit(x,n)		(((x)>>(n))&1)
#define bit32(x,n)		((((x)[(n)>>5])>>((n)))&1)
#define inv32(x,i,n)	((x)[(i)>>5]^=((u32)(n))<<((i)&31))
#define rotl64(x, n)	((((u64)(x))<<((n)&63))+(((u64)(x))>>((0-(n))&63)))

// Single bit Hitag2 functions:

#define i4(x,a,b,c,d)	((u32)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8))

static const u32 ht2_f4a = 0x2C79;		// 0010 1100 0111 1001
static const u32 ht2_f4b = 0x6671;		// 0110 0110 0111 0001
static const u32 ht2_f5c = 0x7907287B;	// 0111 1001 0000 0111 0010 1000 0111 1011

static u32 _f20 (const u64 x)
{
	u32					i5;

	i5 = ((ht2_f4a >> i4 (x, 1, 2, 4, 5)) & 1)* 1
	   + ((ht2_f4b >> i4 (x, 7,11,13,14)) & 1)* 2
	   + ((ht2_f4b >> i4 (x,16,20,22,25)) & 1)* 4
	   + ((ht2_f4b >> i4 (x,27,28,30,32)) & 1)* 8
	   + ((ht2_f4a >> i4 (x,33,42,43,45)) & 1)*16;

	return (ht2_f5c >> i5) & 1;
}

static u64 _hitag2_init (const u64 key, const u32 serial, const u32 IV)
{
	u32					i;
	u64					x = ((key & 0xFFFF) << 32) + serial;

	for (i = 0; i < 32; i++)
	{
		x >>= 1;
		x += (u64) (_f20 (x) ^ (((IV >> i) ^ (key >> (i+16))) & 1)) << 47;
	}
	return x;
}

static u64 _hitag2_round (u64 *state)
{
	u64					x = *state;

	x = (x >>  1) +
	 ((((x >>  0) ^ (x >>  2) ^ (x >>  3) ^ (x >>  6)
	  ^ (x >>  7) ^ (x >>  8) ^ (x >> 16) ^ (x >> 22)
	  ^ (x >> 23) ^ (x >> 26) ^ (x >> 30) ^ (x >> 41)
	  ^ (x >> 42) ^ (x >> 43) ^ (x >> 46) ^ (x >> 47)) & 1) << 47);

	*state = x;
	return _f20 (x);
}

static u32 _hitag2_byte (u64 * x)
{
	u32					i, c;

	for (i = 0, c = 0; i < 8; i++) c += (u32) _hitag2_round (x) << (i^7);
	return c;
}


/* Cipher/tag glue code: */

static void hitag2_cipher_reset(struct hitag2_tag *tag, const char *iv)
{
	uint64_t key = ((uint64_t)tag->sectors[2][2]) |
			((uint64_t)tag->sectors[2][3] << 8) |
			((uint64_t)tag->sectors[1][0] << 16) |
			((uint64_t)tag->sectors[1][1] << 24) |
			((uint64_t)tag->sectors[1][2] << 32) |
			((uint64_t)tag->sectors[1][3] << 40);
	uint32_t uid = ((uint32_t)tag->sectors[0][0]) |
			((uint32_t)tag->sectors[0][1] << 8) |
			((uint32_t)tag->sectors[0][2] << 16) |
			((uint32_t)tag->sectors[0][3] << 24);
	uint32_t iv_ = (((uint32_t)(iv[0]))) |
			(((uint32_t)(iv[1])) << 8) |
			(((uint32_t)(iv[2])) << 16) |
			(((uint32_t)(iv[3])) << 24);
	tag->cs.state = _hitag2_init(rev64(key), rev32(uid), rev32(iv_));
}

static int hitag2_cipher_authenticate(struct hitag2_cipher_state *cs, const char *authenticator_is)
{
	char authenticator_should[4];
	authenticator_should[0] = ~_hitag2_byte(&(cs->state));
	authenticator_should[1] = ~_hitag2_byte(&(cs->state));
	authenticator_should[2] = ~_hitag2_byte(&(cs->state));
	authenticator_should[3] = ~_hitag2_byte(&(cs->state));
	return memcmp(authenticator_should, authenticator_is, 4) == 0;
}

static int hitag2_cipher_transcrypt(struct hitag2_cipher_state *cs, char *data, unsigned int bytes, unsigned int bits)
{
	int i;
	for(i=0; i<bytes; i++) data[i] ^= _hitag2_byte(&(cs->state));
	for(i=0; i<bits; i++) data[bytes] ^= _hitag2_round(&(cs->state)) << (7-i);
	return 0;
}
Commit	Line	Data
bd20f8f4	1	//-----------------------------------------------------------------------------
	2	// (c) 2009 Henryk Plötz <henryk@ploetzli.ch>
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Hitag2 emulation
	9	//
	10	// Contains state and functions for an emulated Hitag2 tag. Offers an entry
	11	// point to handle commands, needs a callback to send response.
	12	//-----------------------------------------------------------------------------
3742d905	13
e30c654b	14	#include "proxmark3.h"
3742d905	15	#include "apps.h"
f7e3ed82	16	#include "util.h"
3742d905	17	#include "hitag2.h"
9ab7a6c7	18	#include "string.h"
3742d905	19
	20	struct hitag2_cipher_state {
	21	uint64_t state;
	22	};
	23
	24	struct hitag2_tag {
	25	uint32_t uid;
e30c654b	26	enum {
3742d905	27	TAG_STATE_RESET, // Just powered up, awaiting GetSnr
	28	TAG_STATE_ACTIVATING, // In activation phase (password mode), sent UID, awaiting reader password
	29	TAG_STATE_AUTHENTICATING, // In activation phase (crypto mode), awaiting reader authentication
	30	TAG_STATE_ACTIVATED, // Activation complete, awaiting read/write commands
	31	TAG_STATE_WRITING, // In write command, awaiting sector contents to be written
	32	} state;
	33	unsigned int active_sector;
	34	char crypto_active;
	35	struct hitag2_cipher_state cs;
	36	char sectors[8][4];
	37	};
	38
	39	static void hitag2_cipher_reset(struct hitag2_tag tag, const char challenge);
	40	static int hitag2_cipher_authenticate(struct hitag2_cipher_state cs, const char authenticator);
	41	static int hitag2_cipher_transcrypt(struct hitag2_cipher_state cs, char data, unsigned int bytes, unsigned int bits);
	42
	43	static struct hitag2_tag tag;
	44	static const struct hitag2_tag resetdata = {
	45	.state = TAG_STATE_RESET,
	46	.sectors = { // Password mode: \| Crypto mode:
	47	[0] = { 0x35, 0x33, 0x70, 0x11}, // UID \| UID
	48	[1] = { 0x4d, 0x49, 0x4b, 0x52}, // Password RWD \| 32 bit LSB key
	49	[2] = { 0x20, 0xf0, 0x4f, 0x4e}, // Reserved \| 16 bit MSB key, 16 bit reserved
	50	[3] = { 0x0e, 0xaa, 'H', 'T'}, // Configuration, password TAG \| Configuration, password TAG
	51	},
	52	};
	53
	54	int hitag2_reset(void)
	55	{
	56	tag.state = TAG_STATE_RESET;
	57	tag.crypto_active = 0;
	58	return 0;
	59	}
	60
	61	int hitag2_init(void)
	62	{
	63	memcpy(&tag, &resetdata, sizeof(tag));
	64	hitag2_reset();
	65	return 0;
	66	}
	67
	68	int hitag2_handle_command(const char* data, const int length, hitag2_response_callback_t cb, void *cb_cookie)
	69	{
	70	(void)data; (void)length; (void)cb; (void)cb_cookie;
	71	int retry = 0, done = 0, result=0;
	72	char temp[10];
	73
	74	if(tag.crypto_active && length < sizeof(temp)*8) {
	75	/* Decrypt command */
	76	memcpy(temp, data, (length+7)/8);
	77	hitag2_cipher_transcrypt(&(tag.cs), temp, length/8, length%8);
	78	data = temp;
	79	}
	80
e30c654b	81
3742d905	82	handle_command_retry:
	83	switch(tag.state) {
	84	case TAG_STATE_RESET:
	85	if(length == 5 && data[0] == 0xC0) {
	86	/* Received 11000 from the reader, request for UID, send UID */
	87	result=cb(tag.sectors[0], sizeof(tag.sectors[0])*8, 208, cb_cookie);
	88	done=1;
	89	if(tag.sectors[3][0] & 0x08) {
	90	tag.state=TAG_STATE_AUTHENTICATING;
	91	} else {
	92	tag.state=TAG_STATE_ACTIVATING;
	93	}
	94	}
	95	break;
	96	case TAG_STATE_ACTIVATING:
	97	if(length == 0x20) {
	98	/* Received RWD password, respond with configuration and our password */
	99	result=cb(tag.sectors[3], sizeof(tag.sectors[3])*8, 208, cb_cookie);
	100	done=1;
	101	tag.state=TAG_STATE_ACTIVATED;
	102	}
	103	break;
	104	case TAG_STATE_AUTHENTICATING:
	105	if(length == 0x40) {
	106	/* Received initialisation vector \|\| authentication token, fire up cipher, send our password */
	107	hitag2_cipher_reset(&tag, data);
	108	if(hitag2_cipher_authenticate(&(tag.cs), data+4)) {
	109	char response_enc[4];
	110	memcpy(response_enc, tag.sectors[3], 4);
	111	hitag2_cipher_transcrypt(&(tag.cs), response_enc, 4, 0);
	112	result=cb(response_enc, 4*8, 208, cb_cookie);
	113	done=1;
	114	tag.crypto_active = 1;
	115	tag.state = TAG_STATE_ACTIVATED;
	116	} else {
	117	/* The reader failed to authenticate, do nothing */
	118	DbpString("Reader authentication failed");
	119	}
	120	}
	121	break;
	122	case TAG_STATE_ACTIVATED:
	123	if(length == 10) {
	124	if( ((data[0] & 0xC0) == 0xC0) && ((data[0] & 0x06) == 0) ) {
	125	/* Read command: 11xx x00y yy with yyy == ~xxx, xxx is sector number */
	126	unsigned int sector = (~( ((data[0]<<2)&0x04) \| ((data[1]>>6)&0x03) ) & 0x07);
	127	if(sector == ( (data[0]>>3)&0x07 ) ) {
	128	memcpy(temp, tag.sectors[sector], 4);
	129	if(tag.crypto_active) {
	130	hitag2_cipher_transcrypt(&(tag.cs), temp, 4, 0);
	131	}
	132	/* Respond with contents of sector sector */
	133	result = cb(temp, 4*8, 208, cb_cookie);
	134	done=1;
	135	} else {
	136	/* transmission error */
	137	DbpString("Transmission error (read) in activated state");
	138	}
	139	} else if( ((data[0] & 0xC0) == 0x80) && ((data[0] & 0x06) == 2) ) {
	140	/* Write command: 10xx x01y yy with yyy == ~xxx, xxx is sector number */
	141	unsigned int sector = (~( ((data[0]<<2)&0x04) \| ((data[1]>>6)&0x03) ) & 0x07);
	142	if(sector == ( (data[0]>>3)&0x07 ) ) {
	143	/* Prepare write, acknowledge by repeating command */
	144	if(tag.crypto_active) {
	145	hitag2_cipher_transcrypt(&(tag.cs), temp, length/8, length%8);
146	}
147	result = cb(data, length, 208, cb_cookie);
148	done=1;
149	tag.active_sector = sector;
150	tag.state=TAG_STATE_WRITING;
151	} else {
152	/* transmission error */
153	DbpString("Transmission error (write) in activated state");
154	}
e30c654b	155	}
e30c654b	156
3742d905	157	}
	158	case TAG_STATE_WRITING:
	159	if(length == 32) {
	160	/* These are the sector contents to be written. We don't have to do anything else. */
	161	memcpy(tag.sectors[tag.active_sector], data, length/8);
	162	tag.state=TAG_STATE_ACTIVATED;
	163	done=1;
	164	}
	165	}
e30c654b	166
3742d905	167	if(!done && !retry) {
	168	/* We didn't respond, maybe our state is faulty. Reset and try again. */
	169	retry=1;
	170	if(tag.crypto_active) {
	171	/* Restore undeciphered data */
	172	memcpy(temp, data, (length+7)/8);
	173	}
	174	hitag2_reset();
	175	goto handle_command_retry;
	176	}
	177
	178	return result;
	179	}
	180
	181	/* Following is a modified version of cryptolib.com/ciphers/hitag2/ */
	182	// Software optimized 48-bit Philips/NXP Mifare Hitag2 PCF7936/46/47/52 stream cipher algorithm by I.C. Wiener 2006-2007.
	183	// For educational purposes only.
	184	// No warranties or guarantees of any kind.
	185	// This code is released into the public domain by its author.
	186
	187	// Basic macros:
	188
	189	#define u8 uint8_t
	190	#define u32 uint32_t
	191	#define u64 uint64_t
	192	#define rev8(x) ((((x)>>7)&1)+((((x)>>6)&1)<<1)+((((x)>>5)&1)<<2)+((((x)>>4)&1)<<3)+((((x)>>3)&1)<<4)+((((x)>>2)&1)<<5)+((((x)>>1)&1)<<6)+(((x)&1)<<7))
	193	#define rev16(x) (rev8 (x)+(rev8 (x>> 8)<< 8))
	194	#define rev32(x) (rev16(x)+(rev16(x>>16)<<16))
	195	#define rev64(x) (rev32(x)+(rev32(x>>32)<<32))
	196	#define bit(x,n) (((x)>>(n))&1)
	197	#define bit32(x,n) ((((x)[(n)>>5])>>((n)))&1)
	198	#define inv32(x,i,n) ((x)[(i)>>5]^=((u32)(n))<<((i)&31))
	199	#define rotl64(x, n) ((((u64)(x))<<((n)&63))+(((u64)(x))>>((0-(n))&63)))
	200
	201	// Single bit Hitag2 functions:
	202
	203	#define i4(x,a,b,c,d) ((u32)((((x)>>(a))&1)+(((x)>>(b))&1)2+(((x)>>(c))&1)4+(((x)>>(d))&1)*8))
	204
	205	static const u32 ht2_f4a = 0x2C79; // 0010 1100 0111 1001
	206	static const u32 ht2_f4b = 0x6671; // 0110 0110 0111 0001
	207	static const u32 ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011
	208
	209	static u32 _f20 (const u64 x)
	210	{
	211	u32 i5;
e30c654b	212
3742d905	213	i5 = ((ht2_f4a >> i4 (x, 1, 2, 4, 5)) & 1)* 1
	214	+ ((ht2_f4b >> i4 (x, 7,11,13,14)) & 1)* 2
	215	+ ((ht2_f4b >> i4 (x,16,20,22,25)) & 1)* 4
	216	+ ((ht2_f4b >> i4 (x,27,28,30,32)) & 1)* 8
	217	+ ((ht2_f4a >> i4 (x,33,42,43,45)) & 1)*16;
e30c654b	218
3742d905	219	return (ht2_f5c >> i5) & 1;
	220	}
	221
	222	static u64 _hitag2_init (const u64 key, const u32 serial, const u32 IV)
	223	{
	224	u32 i;
	225	u64 x = ((key & 0xFFFF) << 32) + serial;
e30c654b	226
3742d905	227	for (i = 0; i < 32; i++)
	228	{
	229	x >>= 1;
	230	x += (u64) (_f20 (x) ^ (((IV >> i) ^ (key >> (i+16))) & 1)) << 47;
	231	}
	232	return x;
	233	}
	234
	235	static u64 _hitag2_round (u64 *state)
	236	{
	237	u64 x = *state;
e30c654b	238
3742d905	239	x = (x >> 1) +
	240	((((x >> 0) ^ (x >> 2) ^ (x >> 3) ^ (x >> 6)
	241	^ (x >> 7) ^ (x >> 8) ^ (x >> 16) ^ (x >> 22)
	242	^ (x >> 23) ^ (x >> 26) ^ (x >> 30) ^ (x >> 41)
	243	^ (x >> 42) ^ (x >> 43) ^ (x >> 46) ^ (x >> 47)) & 1) << 47);
e30c654b	244
3742d905	245	*state = x;
	246	return _f20 (x);
	247	}
	248
3742d905	249	static u32 _hitag2_byte (u64 * x)
	250	{
	251	u32 i, c;
e30c654b	252
3742d905	253	for (i = 0, c = 0; i < 8; i++) c += (u32) _hitag2_round (x) << (i^7);
	254	return c;
	255	}
	256
	257
	258	/* Cipher/tag glue code: */
	259
	260	static void hitag2_cipher_reset(struct hitag2_tag tag, const char iv)
	261	{
	262	uint64_t key = ((uint64_t)tag->sectors[2][2]) \|
	263	((uint64_t)tag->sectors[2][3] << 8) \|
	264	((uint64_t)tag->sectors[1][0] << 16) \|
	265	((uint64_t)tag->sectors[1][1] << 24) \|
	266	((uint64_t)tag->sectors[1][2] << 32) \|
	267	((uint64_t)tag->sectors[1][3] << 40);
	268	uint32_t uid = ((uint32_t)tag->sectors[0][0]) \|
	269	((uint32_t)tag->sectors[0][1] << 8) \|
	270	((uint32_t)tag->sectors[0][2] << 16) \|
	271	((uint32_t)tag->sectors[0][3] << 24);
	272	uint32_t iv_ = (((uint32_t)(iv[0]))) \|
	273	(((uint32_t)(iv[1])) << 8) \|
	274	(((uint32_t)(iv[2])) << 16) \|
	275	(((uint32_t)(iv[3])) << 24);
	276	tag->cs.state = _hitag2_init(rev64(key), rev32(uid), rev32(iv_));
	277	}
	278
	279	static int hitag2_cipher_authenticate(struct hitag2_cipher_state cs, const char authenticator_is)
	280	{
	281	char authenticator_should[4];
	282	authenticator_should[0] = ~_hitag2_byte(&(cs->state));
	283	authenticator_should[1] = ~_hitag2_byte(&(cs->state));
	284	authenticator_should[2] = ~_hitag2_byte(&(cs->state));
	285	authenticator_should[3] = ~_hitag2_byte(&(cs->state));
	286	return memcmp(authenticator_should, authenticator_is, 4) == 0;
	287	}
	288
	289	static int hitag2_cipher_transcrypt(struct hitag2_cipher_state cs, char data, unsigned int bytes, unsigned int bits)
	290	{
	291	int i;
	292	for(i=0; i<bytes; i++) data[i] ^= _hitag2_byte(&(cs->state));
	293	for(i=0; i<bits; i++) data[bytes] ^= _hitag2_round(&(cs->state)) << (7-i);
	294	return 0;
	295	}