]>
git.zerfleddert.de Git - proxmark3-svn/blob - client/mifarehost.c
2 // people from mifare@nethemba.com, 2010
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
9 //-----------------------------------------------------------------------------
15 #include "mifarehost.h"
16 #include "proxmark3.h"
19 int compar_int(const void * a
, const void * b
) {
20 // didn't work: (the result is truncated to 32 bits)
21 //return (*(uint64_t*)b - *(uint64_t*)a);
24 if (*(uint64_t*)b
== *(uint64_t*)a
) return 0;
25 else if (*(uint64_t*)b
> *(uint64_t*)a
) return 1;
31 // Compare 16 Bits out of cryptostate
32 int Compare16Bits(const void * a
, const void * b
) {
33 if ((*(uint64_t*)b
& 0x00ff000000ff0000) == (*(uint64_t*)a
& 0x00ff000000ff0000)) return 0;
34 else if ((*(uint64_t*)b
& 0x00ff000000ff0000) > (*(uint64_t*)a
& 0x00ff000000ff0000)) return 1;
42 struct Crypto1State
*slhead
;
46 struct Crypto1State
*sltail
;
58 // wrapper function for multi-threaded lfsr_recovery32
59 void* nested_worker_thread(void *arg
)
61 struct Crypto1State
*p1
;
62 StateList_t
*statelist
= arg
;
64 statelist
->head
.slhead
= lfsr_recovery32(statelist
->ks1
, statelist
->nt
^ statelist
->uid
);
65 for (p1
= statelist
->head
.slhead
; *(uint64_t *)p1
!= 0; p1
++);
66 statelist
->len
= p1
- statelist
->head
.slhead
;
67 statelist
->tail
.sltail
= --p1
;
68 qsort(statelist
->head
.slhead
, statelist
->len
, sizeof(uint64_t), Compare16Bits
);
70 return statelist
->head
.slhead
;
76 int mfnested(uint8_t blockNo
, uint8_t keyType
, uint8_t * key
, uint8_t trgBlockNo
, uint8_t trgKeyType
, uint8_t * resultKey
, bool calibrate
)
83 StateList_t statelists
[2];
84 struct Crypto1State
*p1
, *p2
, *p3
, *p4
;
87 WaitForResponseTimeout(CMD_ACK
,NULL
,100);
89 UsbCommand c
= {CMD_MIFARE_NESTED
, {blockNo
+ keyType
* 0x100, trgBlockNo
+ trgKeyType
* 0x100, calibrate
}};
90 memcpy(c
.d
.asBytes
, key
, 6);
93 if (WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) {
96 memcpy(&uid
, resp
.d
.asBytes
, 4);
97 PrintAndLog("uid:%08x len=%d trgbl=%d trgkey=%x", uid
, len
, (uint16_t)resp
.arg
[2] & 0xff, (uint16_t)resp
.arg
[2] >> 8);
99 for (i
= 0; i
< 2; i
++) {
100 statelists
[i
].blockNo
= resp
.arg
[2] & 0xff;
101 statelists
[i
].keyType
= (resp
.arg
[2] >> 8) & 0xff;
102 statelists
[i
].uid
= uid
;
104 memcpy(&statelists
[i
].nt
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 0), 4);
105 memcpy(&statelists
[i
].ks1
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 4), 4);
109 PrintAndLog("Got 0 keys from proxmark.");
116 pthread_t thread_id
[2];
118 // create and run worker threads
119 for (i
= 0; i
< 2; i
++) {
120 pthread_create(thread_id
+ i
, NULL
, nested_worker_thread
, &statelists
[i
]);
123 // wait for threads to terminate:
124 for (i
= 0; i
< 2; i
++) {
125 pthread_join(thread_id
[i
], (void*)&statelists
[i
].head
.slhead
);
129 // the first 16 Bits of the cryptostate already contain part of our key.
130 // Create the intersection of the two lists based on these 16 Bits and
131 // roll back the cryptostate
132 p1
= p3
= statelists
[0].head
.slhead
;
133 p2
= p4
= statelists
[1].head
.slhead
;
134 while (p1
<= statelists
[0].tail
.sltail
&& p2
<= statelists
[1].tail
.sltail
) {
135 if (Compare16Bits(p1
, p2
) == 0) {
136 struct Crypto1State savestate
, *savep
= &savestate
;
138 while(Compare16Bits(p1
, savep
) == 0 && p1
<= statelists
[0].tail
.sltail
) {
140 lfsr_rollback_word(p3
, statelists
[0].nt
^ statelists
[0].uid
, 0);
145 while(Compare16Bits(p2
, savep
) == 0 && p2
<= statelists
[1].tail
.sltail
) {
147 lfsr_rollback_word(p4
, statelists
[1].nt
^ statelists
[1].uid
, 0);
153 while (Compare16Bits(p1
, p2
) == -1) p1
++;
154 while (Compare16Bits(p1
, p2
) == 1) p2
++;
157 p3
->even
= 0; p3
->odd
= 0;
158 p4
->even
= 0; p4
->odd
= 0;
159 statelists
[0].len
= p3
- statelists
[0].head
.slhead
;
160 statelists
[1].len
= p4
- statelists
[1].head
.slhead
;
161 statelists
[0].tail
.sltail
=--p3
;
162 statelists
[1].tail
.sltail
=--p4
;
164 // the statelists now contain possible keys. The key we are searching for must be in the
165 // intersection of both lists. Create the intersection:
166 qsort(statelists
[0].head
.keyhead
, statelists
[0].len
, sizeof(uint64_t), compar_int
);
167 qsort(statelists
[1].head
.keyhead
, statelists
[1].len
, sizeof(uint64_t), compar_int
);
169 uint64_t *p5
, *p6
, *p7
;
170 p5
= p7
= statelists
[0].head
.keyhead
;
171 p6
= statelists
[1].head
.keyhead
;
172 while (p5
<= statelists
[0].tail
.keytail
&& p6
<= statelists
[1].tail
.keytail
) {
173 if (compar_int(p5
, p6
) == 0) {
178 while (compar_int(p5
, p6
) == -1) p5
++;
179 while (compar_int(p5
, p6
) == 1) p6
++;
182 statelists
[0].len
= p7
- statelists
[0].head
.keyhead
;
183 statelists
[0].tail
.keytail
=--p7
;
185 memset(resultKey
, 0, 6);
186 // The list may still contain several key candidates. Test each of them with mfCheckKeys
187 for (i
= 0; i
< statelists
[0].len
; i
++) {
190 crypto1_get_lfsr(statelists
[0].head
.slhead
+ i
, &key64
);
191 num_to_bytes(key64
, 6, keyBlock
);
193 if (!mfCheckKeys(statelists
[0].blockNo
, statelists
[0].keyType
, 1, keyBlock
, &key64
)) {
194 num_to_bytes(key64
, 6, resultKey
);
199 free(statelists
[0].head
.slhead
);
200 free(statelists
[1].head
.slhead
);
205 int mfCheckKeys (uint8_t blockNo
, uint8_t keyType
, uint8_t keycnt
, uint8_t * keyBlock
, uint64_t * key
){
209 UsbCommand c
= {CMD_MIFARE_CHKKEYS
, {blockNo
, keyType
, keycnt
}};
210 memcpy(c
.d
.asBytes
, keyBlock
, 6 * keycnt
);
214 if (!WaitForResponseTimeout(CMD_ACK
,&resp
,3000)) return 1;
215 if ((resp
.arg
[0] & 0xff) != 0x01) return 2;
216 *key
= bytes_to_num(resp
.d
.asBytes
, 6);
222 int mfEmlGetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
223 UsbCommand c
= {CMD_MIFARE_EML_MEMGET
, {blockNum
, blocksCount
, 0}};
227 if (!WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) return 1;
228 memcpy(data
, resp
.d
.asBytes
, blocksCount
* 16);
232 int mfEmlSetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
233 UsbCommand c
= {CMD_MIFARE_EML_MEMSET
, {blockNum
, blocksCount
, 0}};
234 memcpy(c
.d
.asBytes
, data
, blocksCount
* 16);
241 int mfCSetUID(uint8_t *uid
, uint8_t *oldUID
, int wantWipe
) {
243 memset(block0
, 0, 16);
244 memcpy(block0
, uid
, 4);
245 block0
[4] = block0
[0]^block0
[1]^block0
[2]^block0
[3]; // Mifare UID BCC
246 // mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
251 return mfCSetBlock(0, block0
, oldUID
, wantWipe
, CSETBLOCK_SINGLE_OPER
);
254 int mfCSetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t *uid
, int wantWipe
, uint8_t params
) {
257 UsbCommand c
= {CMD_MIFARE_EML_CSETBLOCK
, {wantWipe
, params
& (0xFE | (uid
== NULL
? 0:1)), blockNo
}};
258 memcpy(c
.d
.asBytes
, data
, 16);
262 if (WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) {
263 isOK
= resp
.arg
[0] & 0xff;
264 if (uid
!= NULL
) memcpy(uid
, resp
.d
.asBytes
, 4);
267 PrintAndLog("Command execute timeout");
273 int mfCGetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t params
) {
276 UsbCommand c
= {CMD_MIFARE_EML_CGETBLOCK
, {params
, 0, blockNo
}};
280 if (WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) {
281 isOK
= resp
.arg
[0] & 0xff;
282 memcpy(data
, resp
.d
.asBytes
, 16);
285 PrintAndLog("Command execute timeout");
294 static uint8_t trailerAccessBytes
[4] = {0x08, 0x77, 0x8F, 0x00};
297 char logHexFileName
[200] = {0x00};
298 static uint8_t traceCard
[4096] = {0x00};
299 static char traceFileName
[20];
300 static int traceState
= TRACE_IDLE
;
301 static uint8_t traceCurBlock
= 0;
302 static uint8_t traceCurKey
= 0;
304 struct Crypto1State
*traceCrypto1
= NULL
;
306 struct Crypto1State
*revstate
;
311 uint32_t uid
; // serial number
312 uint32_t nt
; // tag challenge
314 uint32_t nr_enc
; // encrypted reader challenge
315 uint32_t ar_enc
; // encrypted reader response
317 uint32_t at_enc
; // encrypted tag response
320 int isTraceCardEmpty(void) {
321 return ((traceCard
[0] == 0) && (traceCard
[1] == 0) && (traceCard
[2] == 0) && (traceCard
[3] == 0));
324 int isBlockEmpty(int blockN
) {
325 for (int i
= 0; i
< 16; i
++)
326 if (traceCard
[blockN
* 16 + i
] != 0) return 0;
331 int isBlockTrailer(int blockN
) {
332 return ((blockN
& 0x03) == 0x03);
335 int loadTraceCard(uint8_t *tuid
) {
341 if (!isTraceCardEmpty()) saveTraceCard();
342 memset(traceCard
, 0x00, 4096);
343 memcpy(traceCard
, tuid
+ 3, 4);
344 FillFileNameByUID(traceFileName
, tuid
, ".eml", 7);
346 f
= fopen(traceFileName
, "r");
351 memset(buf
, 0, sizeof(buf
));
352 if (fgets(buf
, sizeof(buf
), f
) == NULL
) {
353 PrintAndLog("File reading error.");
357 if (strlen(buf
) < 32){
359 PrintAndLog("File content error. Block data must include 32 HEX symbols");
362 for (i
= 0; i
< 32; i
+= 2)
363 sscanf(&buf
[i
], "%02x", (unsigned int *)&buf8
[i
/ 2]);
365 memcpy(traceCard
+ blockNum
* 16, buf8
, 16);
374 int saveTraceCard(void) {
377 if ((!strlen(traceFileName
)) || (isTraceCardEmpty())) return 0;
379 f
= fopen(traceFileName
, "w+");
380 for (int i
= 0; i
< 64; i
++) { // blocks
381 for (int j
= 0; j
< 16; j
++) // bytes
382 fprintf(f
, "%02x", *(traceCard
+ i
* 16 + j
));
390 int mfTraceInit(uint8_t *tuid
, uint8_t *atqa
, uint8_t sak
, bool wantSaveToEmlFile
) {
392 if (traceCrypto1
) crypto1_destroy(traceCrypto1
);
395 if (wantSaveToEmlFile
) loadTraceCard(tuid
);
396 traceCard
[4] = traceCard
[0] ^ traceCard
[1] ^ traceCard
[2] ^ traceCard
[3];
398 memcpy(&traceCard
[6], atqa
, 2);
400 uid
= bytes_to_num(tuid
+ 3, 4);
402 traceState
= TRACE_IDLE
;
407 void mf_crypto1_decrypt(struct Crypto1State
*pcs
, uint8_t *data
, int len
, bool isEncrypted
){
412 for (i
= 0; i
< len
; i
++)
413 data
[i
] = crypto1_byte(pcs
, 0x00, isEncrypted
) ^ data
[i
];
416 for (i
= 0; i
< 4; i
++)
417 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], i
)) << i
;
425 int mfTraceDecode(uint8_t *data_src
, int len
, uint32_t parity
, bool wantSaveToEmlFile
) {
428 if (traceState
== TRACE_ERROR
) return 1;
430 traceState
= TRACE_ERROR
;
434 memcpy(data
, data_src
, len
);
435 if ((traceCrypto1
) && ((traceState
== TRACE_IDLE
) || (traceState
> TRACE_AUTH_OK
))) {
436 mf_crypto1_decrypt(traceCrypto1
, data
, len
, 0);
437 PrintAndLog("dec> %s", sprint_hex(data
, len
));
438 AddLogHex(logHexFileName
, "dec> ", data
, len
);
441 switch (traceState
) {
443 // check packet crc16!
444 if ((len
>= 4) && (!CheckCrc14443(CRC_14443_A
, data
, len
))) {
445 PrintAndLog("dec> CRC ERROR!!!");
446 AddLogLine(logHexFileName
, "dec> ", "CRC ERROR!!!");
447 traceState
= TRACE_ERROR
; // do not decrypt the next commands
452 if ((len
==4) && ((data
[0] == 0x60) || (data
[0] == 0x61))) {
453 traceState
= TRACE_AUTH1
;
454 traceCurBlock
= data
[1];
455 traceCurKey
= data
[0] == 60 ? 1:0;
460 if ((len
==4) && ((data
[0] == 0x30))) {
461 traceState
= TRACE_READ_DATA
;
462 traceCurBlock
= data
[1];
467 if ((len
==4) && ((data
[0] == 0xA0))) {
468 traceState
= TRACE_WRITE_OK
;
469 traceCurBlock
= data
[1];
474 if ((len
==4) && ((data
[0] == 0x50) && (data
[1] == 0x00))) {
475 traceState
= TRACE_ERROR
; // do not decrypt the next commands
482 case TRACE_READ_DATA
:
484 traceState
= TRACE_IDLE
;
486 if (isBlockTrailer(traceCurBlock
)) {
487 memcpy(traceCard
+ traceCurBlock
* 16 + 6, data
+ 6, 4);
489 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
491 if (wantSaveToEmlFile
) saveTraceCard();
494 traceState
= TRACE_ERROR
;
500 if ((len
== 1) && (data
[0] = 0x0a)) {
501 traceState
= TRACE_WRITE_DATA
;
505 traceState
= TRACE_ERROR
;
510 case TRACE_WRITE_DATA
:
512 traceState
= TRACE_IDLE
;
514 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
515 if (wantSaveToEmlFile
) saveTraceCard();
518 traceState
= TRACE_ERROR
;
525 traceState
= TRACE_AUTH2
;
527 nt
= bytes_to_num(data
, 4);
531 traceState
= TRACE_ERROR
;
538 traceState
= TRACE_AUTH_OK
;
540 nr_enc
= bytes_to_num(data
, 4);
541 ar_enc
= bytes_to_num(data
+ 4, 4);
545 traceState
= TRACE_ERROR
;
552 traceState
= TRACE_IDLE
;
554 at_enc
= bytes_to_num(data
, 4);
559 ks2
= ar_enc
^ prng_successor(nt
, 64);
560 ks3
= at_enc
^ prng_successor(nt
, 96);
561 revstate
= lfsr_recovery64(ks2
, ks3
);
562 lfsr_rollback_word(revstate
, 0, 0);
563 lfsr_rollback_word(revstate
, 0, 0);
564 lfsr_rollback_word(revstate
, nr_enc
, 1);
565 lfsr_rollback_word(revstate
, uid
^ nt
, 0);
567 ks2
= ar_enc
^ prng_successor(nt
, 64);
568 ks3
= at_enc
^ prng_successor(nt
, 96);
569 revstate
= lfsr_recovery64(ks2
, ks3
);
570 lfsr_rollback_word(revstate
, 0, 0);
571 lfsr_rollback_word(revstate
, 0, 0);
572 lfsr_rollback_word(revstate
, nr_enc
, 1);
573 lfsr_rollback_word(revstate
, uid
^ nt
, 0);
575 crypto1_get_lfsr(revstate
, &lfsr
);
576 printf("key> %x%x\n", (unsigned int)((lfsr
& 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr
& 0xFFFFFFFF));
577 AddLogUint64(logHexFileName
, "key> ", lfsr
);
579 int blockShift
= ((traceCurBlock
& 0xFC) + 3) * 16;
580 if (isBlockEmpty((traceCurBlock
& 0xFC) + 3)) memcpy(traceCard
+ blockShift
+ 6, trailerAccessBytes
, 4);
583 num_to_bytes(lfsr
, 6, traceCard
+ blockShift
+ 10);
585 num_to_bytes(lfsr
, 6, traceCard
+ blockShift
);
587 if (wantSaveToEmlFile
) saveTraceCard();
590 crypto1_destroy(traceCrypto1
);
593 // set cryptosystem state
594 traceCrypto1
= lfsr_recovery64(ks2
, ks3
);
596 // nt = crypto1_word(traceCrypto1, nt ^ uid, 1) ^ nt;
598 /* traceCrypto1 = crypto1_create(lfsr); // key in lfsr
599 crypto1_word(traceCrypto1, nt ^ uid, 0);
600 crypto1_word(traceCrypto1, ar, 1);
601 crypto1_word(traceCrypto1, 0, 0);
602 crypto1_word(traceCrypto1, 0, 0);*/
606 traceState
= TRACE_ERROR
;
612 traceState
= TRACE_ERROR
;