| | 1 | //----------------------------------------------------------------------------- |
| | 2 | // Copyright (C) 2018 Merlok |
| | 3 | // |
| | 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
| | 5 | // at your option, any later version. See the LICENSE.txt file for the text of |
| | 6 | // the license. |
| | 7 | //----------------------------------------------------------------------------- |
| | 8 | // iso14443-4 mifare commands |
| | 9 | //----------------------------------------------------------------------------- |
| | 10 | |
| | 11 | #include "mifare4.h" |
| | 12 | #include <ctype.h> |
| | 13 | #include <string.h> |
| | 14 | #include "cmdhf14a.h" |
| | 15 | #include "util.h" |
| | 16 | #include "ui.h" |
| | 17 | #include "polarssl/libpcrypto.h" |
| | 18 | |
| | 19 | int CalculateMAC(mf4Session *session, uint8_t *data, int datalen, uint8_t *mac, bool verbose) { |
| | 20 | if (!session || !session->Authenticated || !mac || !data || !datalen) |
| | 21 | return 1; |
| | 22 | |
| | 23 | memset(mac, 0x00, 8); |
| | 24 | |
| | 25 | if (verbose) |
| | 26 | PrintAndLog("MAC data[%d]: %s", datalen, sprint_hex(data, datalen)); |
| | 27 | |
| | 28 | return aes_cmac8(NULL, session->Key, data, mac, datalen); |
| | 29 | } |
| | 30 | |
| | 31 | int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) { |
| | 32 | uint8_t data[257] = {0}; |
| | 33 | int datalen = 0; |
| | 34 | |
| | 35 | uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00}; |
| | 36 | uint8_t Rnd2[17] = {0}; |
| | 37 | |
| | 38 | if (session) |
| | 39 | session->Authenticated = false; |
| | 40 | |
| | 41 | uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00}; |
| | 42 | int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen); |
| | 43 | if (res) { |
| | 44 | PrintAndLog("ERROR exchande raw error: %d", res); |
| | 45 | DropField(); |
| | 46 | return 2; |
| | 47 | } |
| | 48 | |
| | 49 | if (verbose) |
| | 50 | PrintAndLog("<phase1: %s", sprint_hex(data, datalen)); |
| | 51 | |
| | 52 | if (datalen < 1) { |
| | 53 | PrintAndLog("ERROR: card response length: %d", datalen); |
| | 54 | DropField(); |
| | 55 | return 3; |
| | 56 | } |
| | 57 | |
| | 58 | if (data[0] != 0x90) { |
| | 59 | PrintAndLog("ERROR: card response error: %02x", data[2]); |
| | 60 | DropField(); |
| | 61 | return 3; |
| | 62 | } |
| | 63 | |
| | 64 | if (datalen != 19) { // code 1b + 16b + crc 2b |
| | 65 | PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen); |
| | 66 | DropField(); |
| | 67 | return 3; |
| | 68 | } |
| | 69 | |
| | 70 | aes_decode(NULL, key, &data[1], Rnd2, 16); |
| | 71 | Rnd2[16] = Rnd2[0]; |
| | 72 | if (verbose) |
| | 73 | PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16)); |
| | 74 | |
| | 75 | uint8_t cmd2[33] = {0}; |
| | 76 | cmd2[0] = 0x72; |
| | 77 | |
| | 78 | uint8_t raw[32] = {0}; |
| | 79 | memmove(raw, Rnd1, 16); |
| | 80 | memmove(&raw[16], &Rnd2[1], 16); |
| | 81 | |
| | 82 | aes_encode(NULL, key, raw, &cmd2[1], 32); |
| | 83 | if (verbose) |
| | 84 | PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33)); |
| | 85 | |
| | 86 | res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, true, data, sizeof(data), &datalen); |
| | 87 | if (res) { |
| | 88 | PrintAndLog("ERROR exchande raw error: %d", res); |
| | 89 | DropField(); |
| | 90 | return 4; |
| | 91 | } |
| | 92 | |
| | 93 | if (verbose) |
| | 94 | PrintAndLog("<phase2: %s", sprint_hex(data, datalen)); |
| | 95 | |
| | 96 | aes_decode(NULL, key, &data[1], raw, 32); |
| | 97 | |
| | 98 | if (verbose) { |
| | 99 | PrintAndLog("res: %s", sprint_hex(raw, 32)); |
| | 100 | PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16)); |
| | 101 | } |
| | 102 | |
| | 103 | if (memcmp(&raw[4], &Rnd1[1], 16)) { |
| | 104 | PrintAndLog("\nERROR: Authentication FAILED. rnd not equal"); |
| | 105 | if (verbose) { |
| | 106 | PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16)); |
| | 107 | PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16)); |
| | 108 | } |
| | 109 | DropField(); |
| | 110 | return 5; |
| | 111 | } |
| | 112 | |
| | 113 | if (!leaveSignalON) |
| | 114 | DropField(); |
| | 115 | |
| | 116 | if (verbose) |
| | 117 | PrintAndLog(""); |
| | 118 | |
| | 119 | if (session) { |
| | 120 | session->Authenticated = true; |
| | 121 | session->KeyNum = keyn[1] + (keyn[0] << 8); |
| | 122 | memmove(session->Rnd1, Rnd1, 16); |
| | 123 | memmove(session->Rnd2, Rnd2, 16); |
| | 124 | memmove(session->Key, key, 16); |
| | 125 | } |
| | 126 | |
| | 127 | PrintAndLog("Authentication OK"); |
| | 128 | |
| | 129 | return 0; |
| | 130 | } |
| | 131 | |
| | 132 | // Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards), |
| | 133 | // plus evtl. 8 sectors with 16 blocks each (4k cards) |
| | 134 | uint8_t mfNumBlocksPerSector(uint8_t sectorNo) { |
| | 135 | if (sectorNo < 32) |
| | 136 | return 4; |
| | 137 | else |
| | 138 | return 16; |
| | 139 | } |
| | 140 | |
| | 141 | uint8_t mfFirstBlockOfSector(uint8_t sectorNo) { |
| | 142 | if (sectorNo < 32) |
| | 143 | return sectorNo * 4; |
| | 144 | else |
| | 145 | return 32 * 4 + (sectorNo - 32) * 16; |
| | 146 | } |
| | 147 | |
| | 148 | uint8_t mfSectorTrailer(uint8_t blockNo) { |
| | 149 | if (blockNo < 32*4) { |
| | 150 | return (blockNo | 0x03); |
| | 151 | } else { |
| | 152 | return (blockNo | 0x0f); |
| | 153 | } |
| | 154 | } |
| | 155 | |
| | 156 | bool mfIsSectorTrailer(uint8_t blockNo) { |
| | 157 | return (blockNo == mfSectorTrailer(blockNo)); |
| | 158 | } |
| | 159 | |
| | 160 | uint8_t mfSectorNum(uint8_t blockNo) { |
| | 161 | if (blockNo < 32 * 4) |
| | 162 | return blockNo / 4; |
| | 163 | else |
| | 164 | return 32 + (blockNo - 32 * 4) / 16; |
| | 165 | |
| | 166 | } |
projects / proxmark3-svn / blame_incremental