]>
Commit | Line | Data |
---|---|---|
1 | #define __STDC_FORMAT_MACROS | |
2 | #include <inttypes.h> | |
3 | #define llx PRIx64 | |
4 | #define lli PRIi64 | |
5 | ||
6 | // Test-file: test2.c | |
7 | #include "crapto1.h" | |
8 | #include <stdio.h> | |
9 | #include <stdlib.h> | |
10 | ||
11 | int main (int argc, char *argv[]) { | |
12 | struct Crypto1State *s,*t; | |
13 | uint64_t key; // recovered key | |
14 | uint32_t uid; // serial number | |
15 | uint32_t nt; // tag challenge | |
16 | uint32_t nr0_enc; // first encrypted reader challenge | |
17 | uint32_t ar0_enc; // first encrypted reader response | |
18 | uint32_t nr1_enc; // second encrypted reader challenge | |
19 | uint32_t ar1_enc; // second encrypted reader response | |
20 | uint32_t ks2; // keystream used to encrypt reader response | |
21 | ||
22 | printf("MIFARE Classic key recovery - based 32 bits of keystream\n"); | |
23 | printf("Recover key from two 32-bit reader authentication answers only!\n\n"); | |
24 | ||
25 | if (argc < 7) { | |
26 | printf(" syntax: %s <uid> <nt> <{nr_0}> <{ar_0}> <{nr_1}> <{ar_1}>\n\n",argv[0]); | |
27 | return 1; | |
28 | } | |
29 | ||
30 | sscanf(argv[1],"%x",&uid); | |
31 | sscanf(argv[2],"%x",&nt); | |
32 | sscanf(argv[3],"%x",&nr0_enc); | |
33 | sscanf(argv[4],"%x",&ar0_enc); | |
34 | sscanf(argv[5],"%x",&nr1_enc); | |
35 | sscanf(argv[6],"%x",&ar1_enc); | |
36 | ||
37 | printf("Recovering key for:\n"); | |
38 | printf(" uid: %08x\n",uid); | |
39 | printf(" nt: %08x\n",nt); | |
40 | printf(" {nr_0}: %08x\n",nr0_enc); | |
41 | printf(" {ar_0}: %08x\n",ar0_enc); | |
42 | printf(" {nr_1}: %08x\n",nr1_enc); | |
43 | printf(" {ar_1}: %08x\n",ar1_enc); | |
44 | ||
45 | // Generate lfsr succesors of the tag challenge | |
46 | printf("\nLFSR succesors of the tag challenge:\n"); | |
47 | printf(" nt': %08x\n",prng_successor(nt, 64)); | |
48 | printf(" nt'': %08x\n",prng_successor(nt, 96)); | |
49 | ||
50 | // Extract the keystream from the messages | |
51 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
52 | ks2 = ar0_enc ^ prng_successor(nt, 64); | |
53 | printf(" ks2: %08x\n",ks2); | |
54 | ||
55 | s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0); | |
56 | ||
57 | for(t = s; t->odd | t->even; ++t) { | |
58 | lfsr_rollback_word(t, 0, 0); | |
59 | lfsr_rollback_word(t, nr0_enc, 1); | |
60 | lfsr_rollback_word(t, uid ^ nt, 0); | |
61 | crypto1_get_lfsr(t, &key); | |
62 | crypto1_word(t, uid ^ nt, 0); | |
63 | crypto1_word(t, nr1_enc, 1); | |
64 | if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) { | |
65 | printf("\nFound Key: [%012"llx"]\n\n",key); | |
66 | break; | |
67 | } | |
68 | } | |
69 | free(s); | |
70 | ||
71 | return 0; | |
72 | } |