X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3685f89cbd6c524c91b41bd41bd3db038b3f1b43..ae3340a0fb04bf8f8b8c874e0859d7d0886e2db1:/client/mifare4.c

diff --git a/client/mifare4.c b/client/mifare4.c
new file mode 100644
index 00000000..3489c857
--- /dev/null
+++ b/client/mifare4.c
@@ -0,0 +1,118 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// iso14443-4 mifare commands
+//-----------------------------------------------------------------------------
+
+#include "mifare4.h"
+#include <ctype.h>
+#include <string.h>
+#include "cmdhf14a.h"
+#include "util.h"
+#include "ui.h"
+#include "polarssl/libpcrypto.h"
+
+int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
+	uint8_t data[257] = {0};
+	int datalen = 0;
+	
+	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
+	uint8_t Rnd2[17] = {0};
+	
+	if (session)
+		session->Authenticated = false;	
+	
+	uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
+	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		DropField();
+		return 2;
+	}
+	
+	if (verbose)
+		PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
+		
+	if (datalen < 1) {
+		PrintAndLog("ERROR: card response length: %d", datalen);
+		DropField();
+		return 3;
+	}
+	
+	if (data[0] != 0x90) {
+		PrintAndLog("ERROR: card response error: %02x", data[2]);
+		DropField();
+		return 3;
+	}
+
+	if (datalen != 19) { // code 1b + 16b + crc 2b
+		PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
+		DropField();
+		return 3;
+	}
+	
+    aes_decode(NULL, key, &data[1], Rnd2, 16);
+	Rnd2[16] = Rnd2[0];
+	if (verbose)
+		PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
+
+	uint8_t cmd2[33] = {0};
+	cmd2[0] = 0x72;
+
+	uint8_t raw[32] = {0};
+	memmove(raw, Rnd1, 16);
+	memmove(&raw[16], &Rnd2[1], 16);
+
+	aes_encode(NULL, key, raw, &cmd2[1], 32);
+	if (verbose)
+		PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
+	
+	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		DropField();
+		return 4;
+	}
+	
+	if (verbose)
+		PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
+
+	aes_decode(NULL, key, &data[1], raw, 32);
+	
+	if (verbose) {
+		PrintAndLog("res: %s", sprint_hex(raw, 32));
+		PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
+	}
+
+	if (memcmp(&raw[4], &Rnd1[1], 16)) {
+		PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
+		if (verbose) {
+			PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
+			PrintAndLog("rnd1   card: %s", sprint_hex(&raw[4], 16));
+		}
+		DropField();
+		return 5;
+	}
+
+	if (!leaveSignalON)
+		DropField();
+
+	if (verbose)
+		PrintAndLog("");
+
+	if (session) {
+		session->Authenticated = true;
+		session->KeyNum = keyn[1] + (keyn[0] << 8);
+		memmove(session->Rnd1, Rnd1, 16);
+		memmove(session->Rnd2, Rnd2, 16);
+	}
+	
+	PrintAndLog("Authentication OK");
+	
+	return 0;
+}
+