2 // people from mifare@nethemba.com, 2010
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
9 //-----------------------------------------------------------------------------
11 #include "mifarehost.h"
18 #include "crapto1/crapto1.h"
19 #include "proxmark3.h"
24 #include "iso14443crc.h"
28 // mifare tracer flags used in mfTraceDecode()
29 #define TRACE_IDLE 0x00
30 #define TRACE_AUTH1 0x01
31 #define TRACE_AUTH2 0x02
32 #define TRACE_AUTH_OK 0x03
33 #define TRACE_READ_DATA 0x04
34 #define TRACE_WRITE_OK 0x05
35 #define TRACE_WRITE_DATA 0x06
36 #define TRACE_ERROR 0xFF
39 static int compare_uint64(const void *a
, const void *b
) {
40 // didn't work: (the result is truncated to 32 bits)
41 //return (*(int64_t*)b - *(int64_t*)a);
44 if (*(uint64_t*)b
== *(uint64_t*)a
) return 0;
45 else if (*(uint64_t*)b
< *(uint64_t*)a
) return 1;
50 // create the intersection (common members) of two sorted lists. Lists are terminated by -1. Result will be in list1. Number of elements is returned.
51 static uint32_t intersection(uint64_t *list1
, uint64_t *list2
)
53 if (list1
== NULL
|| list2
== NULL
) {
56 uint64_t *p1
, *p2
, *p3
;
60 while ( *p1
!= -1 && *p2
!= -1 ) {
61 if (compare_uint64(p1
, p2
) == 0) {
66 while (compare_uint64(p1
, p2
) < 0) ++p1
;
67 while (compare_uint64(p1
, p2
) > 0) ++p2
;
75 // Darkside attack (hf mf mifare)
76 static uint32_t nonce2key(uint32_t uid
, uint32_t nt
, uint32_t nr
, uint64_t par_info
, uint64_t ks_info
, uint64_t **keys
) {
77 struct Crypto1State
*states
;
78 uint32_t i
, pos
, rr
; //nr_diff;
79 uint8_t bt
, ks3x
[8], par
[8][8];
80 uint64_t key_recovered
;
81 static uint64_t *keylist
;
84 // Reset the last three significant bits of the reader nonce
87 for (pos
=0; pos
<8; pos
++) {
88 ks3x
[7-pos
] = (ks_info
>> (pos
*8)) & 0x0f;
89 bt
= (par_info
>> (pos
*8)) & 0xff;
91 par
[7-pos
][i
] = (bt
>> i
) & 0x01;
95 states
= lfsr_common_prefix(nr
, rr
, ks3x
, par
, (par_info
== 0));
102 keylist
= (uint64_t*)states
;
104 for (i
= 0; keylist
[i
]; i
++) {
105 lfsr_rollback_word(states
+i
, uid
^nt
, 0);
106 crypto1_get_lfsr(states
+i
, &key_recovered
);
107 keylist
[i
] = key_recovered
;
116 int mfDarkside(uint64_t *key
)
119 uint32_t nt
= 0, nr
= 0;
120 uint64_t par_list
= 0, ks_list
= 0;
121 uint64_t *keylist
= NULL
, *last_keylist
= NULL
;
122 uint32_t keycount
= 0;
125 UsbCommand c
= {CMD_READER_MIFARE
, {true, 0, 0}};
128 printf("-------------------------------------------------------------------------\n");
129 printf("Executing command. Expected execution time: 25sec on average\n");
130 printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n");
131 printf("-------------------------------------------------------------------------\n");
135 clearCommandBuffer();
140 int c
= getchar(); (void) c
;
153 if (WaitForResponseTimeout(CMD_ACK
, &resp
, 1000)) {
158 uid
= (uint32_t)bytes_to_num(resp
.d
.asBytes
+ 0, 4);
159 nt
= (uint32_t)bytes_to_num(resp
.d
.asBytes
+ 4, 4);
160 par_list
= bytes_to_num(resp
.d
.asBytes
+ 8, 8);
161 ks_list
= bytes_to_num(resp
.d
.asBytes
+ 16, 8);
162 nr
= bytes_to_num(resp
.d
.asBytes
+ 24, 4);
167 if (par_list
== 0 && c
.arg
[0] == true) {
168 PrintAndLog("Parity is all zero. Most likely this card sends NACK on every failed authentication.");
169 PrintAndLog("Attack will take a few seconds longer because we need two consecutive successful runs.");
173 keycount
= nonce2key(uid
, nt
, nr
, par_list
, ks_list
, &keylist
);
176 PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt
);
177 PrintAndLog("This is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");
181 qsort(keylist
, keycount
, sizeof(*keylist
), compare_uint64
);
182 keycount
= intersection(last_keylist
, keylist
);
185 last_keylist
= keylist
;
190 PrintAndLog("Found %u possible keys. Trying to authenticate with each of them ...\n", keycount
);
192 PrintAndLog("Found a possible key. Trying to authenticate...\n");
196 uint8_t keyBlock
[USB_CMD_DATA_SIZE
];
197 int max_keys
= USB_CMD_DATA_SIZE
/6;
198 for (int i
= 0; i
< keycount
; i
+= max_keys
) {
199 int size
= keycount
- i
> max_keys
? max_keys
: keycount
- i
;
200 for (int j
= 0; j
< size
; j
++) {
201 if (last_keylist
== NULL
) {
202 num_to_bytes(keylist
[i
*max_keys
+ j
], 6, keyBlock
);
204 num_to_bytes(last_keylist
[i
*max_keys
+ j
], 6, keyBlock
);
207 if (!mfCheckKeys(0, 0, false, size
, keyBlock
, key
)) {
217 PrintAndLog("Authentication failed. Trying again...");
219 last_keylist
= keylist
;
227 int mfCheckKeys (uint8_t blockNo
, uint8_t keyType
, bool clear_trace
, uint8_t keycnt
, uint8_t * keyBlock
, uint64_t * key
){
231 UsbCommand c
= {CMD_MIFARE_CHKKEYS
, {((blockNo
& 0xff) | ((keyType
&0xff)<<8)), clear_trace
, keycnt
}};
232 memcpy(c
.d
.asBytes
, keyBlock
, 6 * keycnt
);
236 if (!WaitForResponseTimeout(CMD_ACK
,&resp
,3000)) return 1;
237 if ((resp
.arg
[0] & 0xff) != 0x01) return 2;
238 *key
= bytes_to_num(resp
.d
.asBytes
, 6);
242 // Compare 16 Bits out of cryptostate
243 int Compare16Bits(const void * a
, const void * b
) {
244 if ((*(uint64_t*)b
& 0x00ff000000ff0000) == (*(uint64_t*)a
& 0x00ff000000ff0000)) return 0;
245 else if ((*(uint64_t*)b
& 0x00ff000000ff0000) > (*(uint64_t*)a
& 0x00ff000000ff0000)) return 1;
252 struct Crypto1State
*slhead
;
256 struct Crypto1State
*sltail
;
268 // wrapper function for multi-threaded lfsr_recovery32
269 void* nested_worker_thread(void *arg
)
271 struct Crypto1State
*p1
;
272 StateList_t
*statelist
= arg
;
274 statelist
->head
.slhead
= lfsr_recovery32(statelist
->ks1
, statelist
->nt
^ statelist
->uid
);
275 for (p1
= statelist
->head
.slhead
; *(uint64_t *)p1
!= 0; p1
++);
276 statelist
->len
= p1
- statelist
->head
.slhead
;
277 statelist
->tail
.sltail
= --p1
;
278 qsort(statelist
->head
.slhead
, statelist
->len
, sizeof(uint64_t), Compare16Bits
);
280 return statelist
->head
.slhead
;
283 int mfnested(uint8_t blockNo
, uint8_t keyType
, uint8_t *key
, uint8_t trgBlockNo
, uint8_t trgKeyType
, uint8_t *resultKey
, bool calibrate
)
289 StateList_t statelists
[2];
290 struct Crypto1State
*p1
, *p2
, *p3
, *p4
;
293 WaitForResponseTimeout(CMD_ACK
, NULL
, 100);
295 UsbCommand c
= {CMD_MIFARE_NESTED
, {blockNo
+ keyType
* 0x100, trgBlockNo
+ trgKeyType
* 0x100, calibrate
}};
296 memcpy(c
.d
.asBytes
, key
, 6);
299 if (!WaitForResponseTimeout(CMD_ACK
, &resp
, 1500)) {
304 return resp
.arg
[0]; // error during nested
307 memcpy(&uid
, resp
.d
.asBytes
, 4);
308 PrintAndLog("uid:%08x trgbl=%d trgkey=%x", uid
, (uint16_t)resp
.arg
[2] & 0xff, (uint16_t)resp
.arg
[2] >> 8);
310 for (i
= 0; i
< 2; i
++) {
311 statelists
[i
].blockNo
= resp
.arg
[2] & 0xff;
312 statelists
[i
].keyType
= (resp
.arg
[2] >> 8) & 0xff;
313 statelists
[i
].uid
= uid
;
314 memcpy(&statelists
[i
].nt
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 0), 4);
315 memcpy(&statelists
[i
].ks1
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 4), 4);
320 pthread_t thread_id
[2];
322 // create and run worker threads
323 for (i
= 0; i
< 2; i
++) {
324 pthread_create(thread_id
+ i
, NULL
, nested_worker_thread
, &statelists
[i
]);
327 // wait for threads to terminate:
328 for (i
= 0; i
< 2; i
++) {
329 pthread_join(thread_id
[i
], (void*)&statelists
[i
].head
.slhead
);
333 // the first 16 Bits of the cryptostate already contain part of our key.
334 // Create the intersection of the two lists based on these 16 Bits and
335 // roll back the cryptostate
336 p1
= p3
= statelists
[0].head
.slhead
;
337 p2
= p4
= statelists
[1].head
.slhead
;
338 while (p1
<= statelists
[0].tail
.sltail
&& p2
<= statelists
[1].tail
.sltail
) {
339 if (Compare16Bits(p1
, p2
) == 0) {
340 struct Crypto1State savestate
, *savep
= &savestate
;
342 while(Compare16Bits(p1
, savep
) == 0 && p1
<= statelists
[0].tail
.sltail
) {
344 lfsr_rollback_word(p3
, statelists
[0].nt
^ statelists
[0].uid
, 0);
349 while(Compare16Bits(p2
, savep
) == 0 && p2
<= statelists
[1].tail
.sltail
) {
351 lfsr_rollback_word(p4
, statelists
[1].nt
^ statelists
[1].uid
, 0);
357 while (Compare16Bits(p1
, p2
) == -1) p1
++;
358 while (Compare16Bits(p1
, p2
) == 1) p2
++;
363 statelists
[0].len
= p3
- statelists
[0].head
.slhead
;
364 statelists
[1].len
= p4
- statelists
[1].head
.slhead
;
365 statelists
[0].tail
.sltail
=--p3
;
366 statelists
[1].tail
.sltail
=--p4
;
368 // the statelists now contain possible keys. The key we are searching for must be in the
369 // intersection of both lists. Create the intersection:
370 qsort(statelists
[0].head
.keyhead
, statelists
[0].len
, sizeof(uint64_t), compare_uint64
);
371 qsort(statelists
[1].head
.keyhead
, statelists
[1].len
, sizeof(uint64_t), compare_uint64
);
372 statelists
[0].len
= intersection(statelists
[0].head
.keyhead
, statelists
[1].head
.keyhead
);
374 memset(resultKey
, 0, 6);
375 // The list may still contain several key candidates. Test each of them with mfCheckKeys
376 for (i
= 0; i
< statelists
[0].len
; i
++) {
379 crypto1_get_lfsr(statelists
[0].head
.slhead
+ i
, &key64
);
380 num_to_bytes(key64
, 6, keyBlock
);
382 if (!mfCheckKeys(statelists
[0].blockNo
, statelists
[0].keyType
, false, 1, keyBlock
, &key64
)) {
383 num_to_bytes(key64
, 6, resultKey
);
388 free(statelists
[0].head
.slhead
);
389 free(statelists
[1].head
.slhead
);
396 int mfEmlGetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
397 UsbCommand c
= {CMD_MIFARE_EML_MEMGET
, {blockNum
, blocksCount
, 0}};
401 if (!WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) return 1;
402 memcpy(data
, resp
.d
.asBytes
, blocksCount
* 16);
406 int mfEmlSetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
407 UsbCommand c
= {CMD_MIFARE_EML_MEMSET
, {blockNum
, blocksCount
, 0}};
408 memcpy(c
.d
.asBytes
, data
, blocksCount
* 16);
415 int mfCGetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t params
) {
418 UsbCommand c
= {CMD_MIFARE_CGETBLOCK
, {params
, 0, blockNo
}};
422 if (WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) {
423 isOK
= resp
.arg
[0] & 0xff;
424 memcpy(data
, resp
.d
.asBytes
, 16);
427 PrintAndLog("Command execute timeout");
433 int mfCSetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t *uid
, bool wantWipe
, uint8_t params
) {
436 UsbCommand c
= {CMD_MIFARE_CSETBLOCK
, {wantWipe
, params
& (0xFE | (uid
== NULL
? 0:1)), blockNo
}};
437 memcpy(c
.d
.asBytes
, data
, 16);
441 if (WaitForResponseTimeout(CMD_ACK
, &resp
, 1500)) {
442 isOK
= resp
.arg
[0] & 0xff;
444 memcpy(uid
, resp
.d
.asBytes
, 4);
448 PrintAndLog("Command execute timeout");
455 int mfCWipe(uint32_t numSectors
, bool gen1b
, bool wantWipe
, bool wantFill
) {
457 uint8_t cmdParams
= wantWipe
+ wantFill
* 0x02 + gen1b
* 0x04;
458 UsbCommand c
= {CMD_MIFARE_CWIPE
, {numSectors
, cmdParams
, 0}};
462 WaitForResponse(CMD_ACK
,&resp
);
463 isOK
= resp
.arg
[0] & 0xff;
468 int mfCSetUID(uint8_t *uid
, uint8_t *atqa
, uint8_t *sak
, uint8_t *oldUID
) {
469 uint8_t oldblock0
[16] = {0x00};
470 uint8_t block0
[16] = {0x00};
475 /* generation 1a magic card by default */
476 uint8_t cmdParams
= CSETBLOCK_SINGLE_OPER
;
478 /* generation 1b magic card */
479 cmdParams
= CSETBLOCK_SINGLE_OPER
| CSETBLOCK_MAGIC_1B
;
482 res
= mfCGetBlock(0, oldblock0
, cmdParams
);
485 memcpy(block0
, oldblock0
, 16);
486 PrintAndLog("old block 0: %s", sprint_hex(block0
,16));
488 PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
491 // fill in the new values
493 memcpy(block0
, uid
, 4);
495 block0
[4] = block0
[0] ^ block0
[1] ^ block0
[2] ^ block0
[3];
496 // mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
503 PrintAndLog("new block 0: %s", sprint_hex(block0
, 16));
505 res
= mfCSetBlock(0, block0
, oldUID
, false, cmdParams
);
507 PrintAndLog("Can't set block 0. Error: %d", res
);
516 UsbCommand c
= {CMD_READER_ISO_14443a
, {ISO14A_CONNECT
| ISO14A_NO_DISCONNECT
, 0, 0}};
520 WaitForResponse(CMD_ACK
,&resp
);
522 iso14a_card_select_t card
;
523 memcpy(&card
, (iso14a_card_select_t
*)resp
.d
.asBytes
, sizeof(iso14a_card_select_t
));
525 uint64_t select_status
= resp
.arg
[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
527 if(select_status
!= 0) {
528 uint8_t rats
[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
529 c
.arg
[0] = ISO14A_RAW
| ISO14A_APPEND_CRC
| ISO14A_NO_DISCONNECT
;
532 memcpy(c
.d
.asBytes
, rats
, 2);
534 WaitForResponse(CMD_ACK
,&resp
);
537 c
.cmd
= CMD_MIFARE_CIDENT
;
542 WaitForResponse(CMD_ACK
,&resp
);
544 uint8_t isGeneration
= resp
.arg
[0] & 0xff;
545 switch( isGeneration
){
546 case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;
547 case 2: PrintAndLog("Chinese magic backdoor command (GEN 1b) detected"); break;
548 default: PrintAndLog("No chinese magic backdoor command detected"); break;
552 c
.cmd
= CMD_READER_ISO_14443a
;
558 return (int) isGeneration
;
565 static uint8_t trailerAccessBytes
[4] = {0x08, 0x77, 0x8F, 0x00};
568 char logHexFileName
[FILE_PATH_SIZE
] = {0x00};
569 static uint8_t traceCard
[4096] = {0x00};
570 static char traceFileName
[FILE_PATH_SIZE
] = {0x00};
571 static int traceState
= TRACE_IDLE
;
572 static uint8_t traceCurBlock
= 0;
573 static uint8_t traceCurKey
= 0;
575 struct Crypto1State
*traceCrypto1
= NULL
;
577 struct Crypto1State
*revstate
;
582 uint32_t uid
; // serial number
583 uint32_t nt
; // tag challenge
584 uint32_t nr_enc
; // encrypted reader challenge
585 uint32_t ar_enc
; // encrypted reader response
586 uint32_t at_enc
; // encrypted tag response
588 int isTraceCardEmpty(void) {
589 return ((traceCard
[0] == 0) && (traceCard
[1] == 0) && (traceCard
[2] == 0) && (traceCard
[3] == 0));
592 int isBlockEmpty(int blockN
) {
593 for (int i
= 0; i
< 16; i
++)
594 if (traceCard
[blockN
* 16 + i
] != 0) return 0;
599 int isBlockTrailer(int blockN
) {
600 return ((blockN
& 0x03) == 0x03);
603 int saveTraceCard(void) {
606 if ((!strlen(traceFileName
)) || (isTraceCardEmpty())) return 0;
608 f
= fopen(traceFileName
, "w+");
611 for (int i
= 0; i
< 64; i
++) { // blocks
612 for (int j
= 0; j
< 16; j
++) // bytes
613 fprintf(f
, "%02x", *(traceCard
+ i
* 16 + j
));
620 int loadTraceCard(uint8_t *tuid
) {
622 char buf
[64] = {0x00};
623 uint8_t buf8
[64] = {0x00};
626 if (!isTraceCardEmpty())
629 memset(traceCard
, 0x00, 4096);
630 memcpy(traceCard
, tuid
+ 3, 4);
632 FillFileNameByUID(traceFileName
, tuid
, ".eml", 7);
634 f
= fopen(traceFileName
, "r");
641 memset(buf
, 0, sizeof(buf
));
642 if (fgets(buf
, sizeof(buf
), f
) == NULL
) {
643 PrintAndLog("File reading error.");
648 if (strlen(buf
) < 32){
650 PrintAndLog("File content error. Block data must include 32 HEX symbols");
654 for (i
= 0; i
< 32; i
+= 2)
655 sscanf(&buf
[i
], "%02x", (unsigned int *)&buf8
[i
/ 2]);
657 memcpy(traceCard
+ blockNum
* 16, buf8
, 16);
666 int mfTraceInit(uint8_t *tuid
, uint8_t *atqa
, uint8_t sak
, bool wantSaveToEmlFile
) {
669 crypto1_destroy(traceCrypto1
);
673 if (wantSaveToEmlFile
)
676 traceCard
[4] = traceCard
[0] ^ traceCard
[1] ^ traceCard
[2] ^ traceCard
[3];
678 memcpy(&traceCard
[6], atqa
, 2);
680 uid
= bytes_to_num(tuid
+ 3, 4);
682 traceState
= TRACE_IDLE
;
687 void mf_crypto1_decrypt(struct Crypto1State
*pcs
, uint8_t *data
, int len
, bool isEncrypted
){
692 for (i
= 0; i
< len
; i
++)
693 data
[i
] = crypto1_byte(pcs
, 0x00, isEncrypted
) ^ data
[i
];
696 for (i
= 0; i
< 4; i
++)
697 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], i
)) << i
;
705 int mfTraceDecode(uint8_t *data_src
, int len
, bool wantSaveToEmlFile
) {
708 if (traceState
== TRACE_ERROR
) return 1;
710 traceState
= TRACE_ERROR
;
714 memcpy(data
, data_src
, len
);
715 if ((traceCrypto1
) && ((traceState
== TRACE_IDLE
) || (traceState
> TRACE_AUTH_OK
))) {
716 mf_crypto1_decrypt(traceCrypto1
, data
, len
, 0);
717 PrintAndLog("dec> %s", sprint_hex(data
, len
));
718 AddLogHex(logHexFileName
, "dec> ", data
, len
);
721 switch (traceState
) {
723 // check packet crc16!
724 if ((len
>= 4) && (!CheckCrc14443(CRC_14443_A
, data
, len
))) {
725 PrintAndLog("dec> CRC ERROR!!!");
726 AddLogLine(logHexFileName
, "dec> ", "CRC ERROR!!!");
727 traceState
= TRACE_ERROR
; // do not decrypt the next commands
732 if ((len
==4) && ((data
[0] == 0x60) || (data
[0] == 0x61))) {
733 traceState
= TRACE_AUTH1
;
734 traceCurBlock
= data
[1];
735 traceCurKey
= data
[0] == 60 ? 1:0;
740 if ((len
==4) && ((data
[0] == 0x30))) {
741 traceState
= TRACE_READ_DATA
;
742 traceCurBlock
= data
[1];
747 if ((len
==4) && ((data
[0] == 0xA0))) {
748 traceState
= TRACE_WRITE_OK
;
749 traceCurBlock
= data
[1];
754 if ((len
==4) && ((data
[0] == 0x50) && (data
[1] == 0x00))) {
755 traceState
= TRACE_ERROR
; // do not decrypt the next commands
762 case TRACE_READ_DATA
:
764 traceState
= TRACE_IDLE
;
766 if (isBlockTrailer(traceCurBlock
)) {
767 memcpy(traceCard
+ traceCurBlock
* 16 + 6, data
+ 6, 4);
769 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
771 if (wantSaveToEmlFile
) saveTraceCard();
774 traceState
= TRACE_ERROR
;
780 if ((len
== 1) && (data
[0] == 0x0a)) {
781 traceState
= TRACE_WRITE_DATA
;
785 traceState
= TRACE_ERROR
;
790 case TRACE_WRITE_DATA
:
792 traceState
= TRACE_IDLE
;
794 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
795 if (wantSaveToEmlFile
) saveTraceCard();
798 traceState
= TRACE_ERROR
;
805 traceState
= TRACE_AUTH2
;
806 nt
= bytes_to_num(data
, 4);
809 traceState
= TRACE_ERROR
;
816 traceState
= TRACE_AUTH_OK
;
818 nr_enc
= bytes_to_num(data
, 4);
819 ar_enc
= bytes_to_num(data
+ 4, 4);
822 traceState
= TRACE_ERROR
;
829 traceState
= TRACE_IDLE
;
831 at_enc
= bytes_to_num(data
, 4);
834 ks2
= ar_enc
^ prng_successor(nt
, 64);
835 ks3
= at_enc
^ prng_successor(nt
, 96);
836 revstate
= lfsr_recovery64(ks2
, ks3
);
837 lfsr_rollback_word(revstate
, 0, 0);
838 lfsr_rollback_word(revstate
, 0, 0);
839 lfsr_rollback_word(revstate
, nr_enc
, 1);
840 lfsr_rollback_word(revstate
, uid
^ nt
, 0);
842 crypto1_get_lfsr(revstate
, &lfsr
);
843 printf("key> %x%x\n", (unsigned int)((lfsr
& 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr
& 0xFFFFFFFF));
844 AddLogUint64(logHexFileName
, "key> ", lfsr
);
846 int blockShift
= ((traceCurBlock
& 0xFC) + 3) * 16;
847 if (isBlockEmpty((traceCurBlock
& 0xFC) + 3)) memcpy(traceCard
+ blockShift
+ 6, trailerAccessBytes
, 4);
850 num_to_bytes(lfsr
, 6, traceCard
+ blockShift
+ 10);
852 num_to_bytes(lfsr
, 6, traceCard
+ blockShift
);
854 if (wantSaveToEmlFile
) saveTraceCard();
857 crypto1_destroy(traceCrypto1
);
860 // set cryptosystem state
861 traceCrypto1
= lfsr_recovery64(ks2
, ks3
);
863 // nt = crypto1_word(traceCrypto1, nt ^ uid, 1) ^ nt;
865 /* traceCrypto1 = crypto1_create(lfsr); // key in lfsr
866 crypto1_word(traceCrypto1, nt ^ uid, 0);
867 crypto1_word(traceCrypto1, ar, 1);
868 crypto1_word(traceCrypto1, 0, 0);
869 crypto1_word(traceCrypto1, 0, 0);*/
873 traceState
= TRACE_ERROR
;
879 traceState
= TRACE_ERROR
;
888 int tryDecryptWord(uint32_t nt
, uint32_t ar_enc
, uint32_t at_enc
, uint8_t *data
, int len
){
890 uint32_t nt; // tag challenge
891 uint32_t ar_enc; // encrypted reader response
892 uint32_t at_enc; // encrypted tag response
895 crypto1_destroy(traceCrypto1
);
897 ks2
= ar_enc
^ prng_successor(nt
, 64);
898 ks3
= at_enc
^ prng_successor(nt
, 96);
899 traceCrypto1
= lfsr_recovery64(ks2
, ks3
);
901 mf_crypto1_decrypt(traceCrypto1
, data
, len
, 0);
903 PrintAndLog("Decrypted data: [%s]", sprint_hex(data
,len
) );
904 crypto1_destroy(traceCrypto1
);