## [unreleased][unreleased]
### Changed
+- Changed hf mfp security. Now it works in all the modes. (drHatson)
### Fixed
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
+// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
static const PlusErrorsElm PlusErrors[] = {
{0xFF, ""},
- {0x00, "Unknown error"},
- {0x06, "Block use error"},
- {0x07, "Command use error"},
- {0x08, "Invalid write command"},
- {0x09, "Invalid block number"},
- {0x0b, "Command code error"},
+ {0x00, "Transfer cannot be granted within the current authentication."},
+ {0x06, "Access Conditions not fulfilled. Block does not exist, block is not a value block."},
+ {0x07, "Too many read or write commands in the session or in the transaction."},
+ {0x08, "Invalid MAC in command or response"},
+ {0x09, "Block Number is not valid"},
+ {0x0a, "Invalid block number, not existing block number"},
+ {0x0b, "The current command code not available at the current card state."},
{0x0c, "Length error"},
+ {0x0f, "General Manipulation Error. Failure in the operation of the PICC (cannot write to the data block), etc."},
{0x90, "OK"},
};
int PlusErrorsLen = sizeof(PlusErrors) / sizeof(PlusErrorsElm);
int MFPReadBlock(mf4Session *session, bool plain, uint8_t blockNum, uint8_t blockCount, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen, uint8_t *mac) {
uint8_t rcmd[4 + 8] = {(plain?(0x37):(0x33)), blockNum, 0x00, blockCount};
if (!plain && session)
- CalculateMAC(session, rcmd, 4, &rcmd[4], VerboseMode);
+ CalculateMAC(session, mtypReadCmd, blockNum, blockCount, rcmd, 4, &rcmd[4], VerboseMode);
int res = intExchangeRAW14aPlus(rcmd, plain?4:sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen);
if(res)
return res;
- if(session && mac)
- CalculateMAC(session, dataout, *dataoutlen, mac, VerboseMode);
+ if (session)
+ session->R_Ctr++;
+
+ if(session && mac && *dataoutlen > 11)
+ CalculateMAC(session, mtypReadResp, blockNum, blockCount, dataout, *dataoutlen - 8 - 2, mac, VerboseMode);
return 0;
}
uint8_t rcmd[1 + 2 + 16 + 8] = {0xA3, blockNum, 0x00};
memmove(&rcmd[3], data, 16);
if (session)
- CalculateMAC(session, rcmd, 19, &rcmd[19], VerboseMode);
+ CalculateMAC(session, mtypWriteCmd, blockNum, 1, rcmd, 19, &rcmd[19], VerboseMode);
int res = intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen);
if(res)
return res;
- if(session && mac)
- CalculateMAC(session, dataout, *dataoutlen, mac, VerboseMode);
+ if (session)
+ session->W_Ctr++;
+
+ if(session && mac && *dataoutlen > 3)
+ CalculateMAC(session, mtypWriteResp, blockNum, 1, dataout, *dataoutlen, mac, VerboseMode);
return 0;
}
int keylen = 0;
CLIParserInit("hf mfp rdbl",
- "Reads several blocks from Mifare Plus card in plain mode.",
+ "Reads several blocks from Mifare Plus card.",
"Usage:\n\thf mfp rdbl 0 000102030405060708090a0b0c0d0e0f -> executes authentication and read block 0 data\n"
"\thf mfp rdbl 1 -v -> executes authentication and shows sector 1 data with default key 0xFF..0xFF and some additional data\n");
arg_lit0("vV", "verbose", "show internal data."),
arg_int0("nN", "count", "blocks count (by default 1).", NULL),
arg_lit0("bB", "keyb", "use key B (by default keyA)."),
- arg_lit0("pP", "plain", "plain communication between reader and card."),
+ arg_lit0("pP", "plain", "plain communication mode between reader and card."),
arg_int1(NULL, NULL, "<Block Num (0..255)>", NULL),
arg_str0(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),
arg_param_end
bool verbose = arg_get_lit(1);
int blocksCount = arg_get_int_def(2, 1);
bool keyB = arg_get_lit(3);
- int plain = arg_get_lit(4) | true;
+ int plain = arg_get_lit(4);
uint32_t blockn = arg_get_int(5);
CLIGetHexWithReturn(6, key, &keylen);
CLIParserFree();
return 1;
}
+ if (blocksCount > 1 && mfIsSectorTrailer(blockn)) {
+ PrintAndLog("WARNING: trailer!");
+ }
+
uint8_t sectorNum = mfSectorNum(blockn & 0xff);
uint16_t uKeyNum = 0x4000 + sectorNum * 2 + (keyB ? 1 : 0);
keyn[0] = uKeyNum >> 8;
for(int i = 0; i < blocksCount; i++) {
PrintAndLog("data[%03d]: %s", indx, sprint_hex(&data[1 + i * 16], 16));
indx++;
- if (mfIsSectorTrailer(indx)){
+ if (mfIsSectorTrailer(indx) && i != blocksCount - 1){
PrintAndLog("data[%03d]: ------------------- trailer -------------------", indx);
indx++;
}
}
- if (!memcmp(&data[blocksCount * 16 + 1], mac, 8)) {
+ if (memcmp(&data[blocksCount * 16 + 1], mac, 8)) {
PrintAndLog("WARNING: mac not equal...");
PrintAndLog("MAC card: %s", sprint_hex(&data[blocksCount * 16 + 1], 8));
PrintAndLog("MAC reader: %s", sprint_hex(mac, 8));
int keylen = 0;
CLIParserInit("hf mfp rdsc",
- "Reads one sector from Mifare Plus card in plain mode.",
+ "Reads one sector from Mifare Plus card.",
"Usage:\n\thf mfp rdsc 0 000102030405060708090a0b0c0d0e0f -> executes authentication and read sector 0 data\n"
"\thf mfp rdsc 1 -v -> executes authentication and shows sector 1 data with default key 0xFF..0xFF and some additional data\n");
arg_param_begin,
arg_lit0("vV", "verbose", "show internal data."),
arg_lit0("bB", "keyb", "use key B (by default keyA)."),
- arg_lit0("pP", "plain", "plain communication between reader and card."),
+ arg_lit0("pP", "plain", "plain communication mode between reader and card."),
arg_int1(NULL, NULL, "<Sector Num (0..255)>", NULL),
arg_str0(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),
arg_param_end
bool verbose = arg_get_lit(1);
bool keyB = arg_get_lit(2);
- bool plain = arg_get_lit(3) | true;
+ bool plain = arg_get_lit(3);
uint32_t sectorNum = arg_get_int(4);
CLIGetHexWithReturn(5, key, &keylen);
CLIParserFree();
PrintAndLog("data[%03d]: %s", n, sprint_hex(&data[1], 16));
- if (!memcmp(&data[1 + 16], mac, 8)) {
+ if (memcmp(&data[1 + 16], mac, 8)) {
PrintAndLog("WARNING: mac on block %d not equal...", n);
PrintAndLog("MAC card: %s", sprint_hex(&data[1 + 16], 8));
PrintAndLog("MAC reader: %s", sprint_hex(mac, 8));
return 6;
}
- if (!memcmp(&data[1], mac, 8)) {
+ if (memcmp(&data[1], mac, 8)) {
PrintAndLog("WARNING: mac not equal...");
PrintAndLog("MAC card: %s", sprint_hex(&data[1], 8));
PrintAndLog("MAC reader: %s", sprint_hex(mac, 8));
}
DropField();
+ PrintAndLog("Write OK.");
return 0;
}
{"auth", CmdHFMFPAuth, 0, "Authentication"},
{"rdbl", CmdHFMFPRdbl, 0, "Read blocks"},
{"rdsc", CmdHFMFPRdsc, 0, "Read sectors"},
-// {"wrbl", CmdHFMFPWrbl, 0, "Write blocks"},
+ {"wrbl", CmdHFMFPWrbl, 0, "Write blocks"},
{NULL, NULL, 0, NULL}
};
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
+// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
#include "ui.h"
#include "polarssl/libpcrypto.h"
-int CalculateMAC(mf4Session *session, uint8_t *data, int datalen, uint8_t *mac, bool verbose) {
- if (!session || !session->Authenticated || !mac || !data || !datalen)
+int CalculateEncIVCommand(mf4Session *session, uint8_t *iv, bool verbose) {
+ memcpy(&iv[0], session->TI, 4);
+ memcpy(&iv[4], &session->R_Ctr, 2);
+ memcpy(&iv[6], &session->W_Ctr, 2);
+ memcpy(&iv[8], &session->R_Ctr, 2);
+ memcpy(&iv[10], &session->W_Ctr, 2);
+ memcpy(&iv[12], &session->R_Ctr, 2);
+ memcpy(&iv[14], &session->W_Ctr, 2);
+
+ return 0;
+}
+
+int CalculateEncIVResponse(mf4Session *session, uint8_t *iv, bool verbose) {
+ memcpy(&iv[0], &session->R_Ctr, 2);
+ memcpy(&iv[2], &session->W_Ctr, 2);
+ memcpy(&iv[4], &session->R_Ctr, 2);
+ memcpy(&iv[6], &session->W_Ctr, 2);
+ memcpy(&iv[8], &session->R_Ctr, 2);
+ memcpy(&iv[10], &session->W_Ctr, 2);
+ memcpy(&iv[12], session->TI, 4);
+
+ return 0;
+}
+
+
+int CalculateMAC(mf4Session *session, MACType_t mtype, uint8_t blockNum, uint8_t blockCount, uint8_t *data, int datalen, uint8_t *mac, bool verbose) {
+ if (!session || !session->Authenticated || !mac || !data || !datalen || datalen < 1)
return 1;
memset(mac, 0x00, 8);
+
+ uint16_t ctr = session->R_Ctr;
+ switch(mtype) {
+ case mtypWriteCmd:
+ case mtypWriteResp:
+ ctr = session->W_Ctr;
+ break;
+ case mtypReadCmd:
+ case mtypReadResp:
+ break;
+ }
+
+ uint8_t macdata[2049] = {data[0], (ctr & 0xFF), (ctr >> 8), 0};
+ int macdatalen = datalen;
+ memcpy(&macdata[3], session->TI, 4);
+
+ switch(mtype) {
+ case mtypReadCmd:
+ memcpy(&macdata[7], &data[1], datalen - 1);
+ macdatalen = datalen + 6;
+ break;
+ case mtypReadResp:
+ macdata[7] = blockNum;
+ macdata[8] = 0;
+ macdata[9] = blockCount;
+ memcpy(&macdata[10], &data[1], datalen - 1);
+ macdatalen = datalen + 9;
+ break;
+ case mtypWriteCmd:
+ memcpy(&macdata[7], &data[1], datalen - 1);
+ macdatalen = datalen + 6;
+ break;
+ case mtypWriteResp:
+ macdatalen = 1 + 6;
+ break;
+ }
if (verbose)
- PrintAndLog("MAC data[%d]: %s", datalen, sprint_hex(data, datalen));
+ PrintAndLog("MAC data[%d]: %s", macdatalen, sprint_hex(macdata, macdatalen));
- return aes_cmac8(NULL, session->Key, data, mac, datalen);
+ return aes_cmac8(NULL, session->Kmac, macdata, mac, macdatalen);
}
int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
uint8_t data[257] = {0};
int datalen = 0;
- uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
- uint8_t Rnd2[17] = {0};
+ uint8_t RndA[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
+ uint8_t RndB[17] = {0};
if (session)
session->Authenticated = false;
return 3;
}
- aes_decode(NULL, key, &data[1], Rnd2, 16);
- Rnd2[16] = Rnd2[0];
+ aes_decode(NULL, key, &data[1], RndB, 16);
+ RndB[16] = RndB[0];
if (verbose)
- PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
+ PrintAndLog("RndB: %s", sprint_hex(RndB, 16));
uint8_t cmd2[33] = {0};
cmd2[0] = 0x72;
uint8_t raw[32] = {0};
- memmove(raw, Rnd1, 16);
- memmove(&raw[16], &Rnd2[1], 16);
+ memmove(raw, RndA, 16);
+ memmove(&raw[16], &RndB[1], 16);
aes_encode(NULL, key, raw, &cmd2[1], 32);
if (verbose)
if (verbose) {
PrintAndLog("res: %s", sprint_hex(raw, 32));
- PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
+ PrintAndLog("RndA`: %s", sprint_hex(&raw[4], 16));
}
- if (memcmp(&raw[4], &Rnd1[1], 16)) {
+ if (memcmp(&raw[4], &RndA[1], 16)) {
PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
if (verbose) {
- PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
- PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
+ PrintAndLog("RndA reader: %s", sprint_hex(&RndA[1], 16));
+ PrintAndLog("RndA card: %s", sprint_hex(&raw[4], 16));
}
DropField();
return 5;
}
+ if (verbose) {
+ PrintAndLog(" TI: %s", sprint_hex(raw, 4));
+ PrintAndLog("pic: %s", sprint_hex(&raw[20], 6));
+ PrintAndLog("pcd: %s", sprint_hex(&raw[26], 6));
+ }
+
+ uint8_t kenc[16] = {0};
+ memcpy(&kenc[0], &RndA[11], 5);
+ memcpy(&kenc[5], &RndB[11], 5);
+ for(int i = 0; i < 5; i++)
+ kenc[10 + i] = RndA[4 + i] ^ RndB[4 + i];
+ kenc[15] = 0x11;
+
+ aes_encode(NULL, key, kenc, kenc, 16);
+ if (verbose) {
+ PrintAndLog("kenc: %s", sprint_hex(kenc, 16));
+ }
+
+ uint8_t kmac[16] = {0};
+ memcpy(&kmac[0], &RndA[7], 5);
+ memcpy(&kmac[5], &RndB[7], 5);
+ for(int i = 0; i < 5; i++)
+ kmac[10 + i] = RndA[0 + i] ^ RndB[0 + i];
+ kmac[15] = 0x22;
+
+ aes_encode(NULL, key, kmac, kmac, 16);
+ if (verbose) {
+ PrintAndLog("kmac: %s", sprint_hex(kmac, 16));
+ }
+
if (!leaveSignalON)
DropField();
if (session) {
session->Authenticated = true;
+ session->R_Ctr = 0;
+ session->W_Ctr = 0;
session->KeyNum = keyn[1] + (keyn[0] << 8);
- memmove(session->Rnd1, Rnd1, 16);
- memmove(session->Rnd2, Rnd2, 16);
+ memmove(session->RndA, RndA, 16);
+ memmove(session->RndB, RndB, 16);
memmove(session->Key, key, 16);
+ memmove(session->TI, raw, 4);
+ memmove(session->PICCap2, &raw[20], 6);
+ memmove(session->PCDCap2, &raw[26], 6);
+ memmove(session->Kenc, kenc, 16);
+ memmove(session->Kmac, kmac, 16);
}
PrintAndLog("Authentication OK");
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
+// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
bool Authenticated;
uint8_t Key[16];
uint16_t KeyNum;
- uint8_t Rnd1[16];
- uint8_t Rnd2[16];
-
+ uint8_t RndA[16];
+ uint8_t RndB[16];
+ uint8_t TI[4];
+ uint8_t PICCap2[6];
+ uint8_t PCDCap2[6];
+ uint8_t Kenc[16];
+ uint8_t Kmac[16];
+ uint16_t R_Ctr;
+ uint16_t W_Ctr;
}mf4Session;
-extern int CalculateMAC(mf4Session *session, uint8_t *data, int datalen, uint8_t *mac, bool verbose);
+typedef enum {
+ mtypReadCmd,
+ mtypReadResp,
+ mtypWriteCmd,
+ mtypWriteResp,
+} MACType_t;
+
+extern int CalculateMAC(mf4Session *session, MACType_t mtype, uint8_t blockNum, uint8_t blockCount, uint8_t *data, int datalen, uint8_t *mac, bool verbose);
extern int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose);
extern uint8_t mfNumBlocksPerSector(uint8_t sectorNo);
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
+// Copyright (C) 2018 drHatson
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
return 0;
}
-// NIST Special Publication 800-38B \97 Recommendation for block cipher modes of operation: The CMAC mode for authentication.
+// NIST Special Publication 800-38B \97 Recommendation for block cipher modes of operation: The CMAC mode for authentication.
// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
int aes_cmac(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *mac, int length) {
memset(mac, 0x00, 16);
if (iv)
memcpy(iiv, iv, 16);
- // padding: ISO/IEC 9797-1 Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher
- uint8_t data[2049] = {0}; // length + 16
- memcpy(data, input, length);
- data[length] = 0x80;
- int datalen = (length & 0xfffffff0) + 0x10;
-
// NIST 800-38B
aes_cmac128_context ctx;
aes_cmac128_starts(&ctx, key);
- aes_cmac128_update(&ctx, data, datalen);
+ aes_cmac128_update(&ctx, input, length);
aes_cmac128_final(&ctx, mac);
return 0;
projects / proxmark3-svn / commitdiff