From: Martin Holst Swende Date: Mon, 26 Jan 2015 19:59:36 +0000 (+0100) Subject: Merge pull request #46 from holiman/master X-Git-Tag: v2.0.0-rc1~44 X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/2595390c6d97d373253f6397a167875f37a90454?hp=b689b842b68c061340f18ff595ffdabf34bdc4f0 Merge pull request #46 from holiman/master Iceman's changes, part 2 --- diff --git a/armsrc/Makefile b/armsrc/Makefile index b9019541..929f1e79 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -10,7 +10,7 @@ APP_INCLUDES = apps.h #remove one of the following defines and comment out the relevant line #in the next section to remove that particular feature from compilation -APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -fno-strict-aliasing +APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -fno-strict-aliasing #-DWITH_LCD #SRC_LCD = fonts.c LCD.c @@ -18,7 +18,8 @@ SRC_LF = lfops.c hitag2.c SRC_ISO15693 = iso15693.c iso15693tools.c SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c SRC_ISO14443b = iso14443.c -SRC_CRAPTO1 = crapto1.c crypto1.c +SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c +SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c THUMBSRC = start.c \ $(SRC_LCD) \ @@ -34,15 +35,14 @@ THUMBSRC = start.c \ # These are to be compiled in ARM mode ARMSRC = fpgaloader.c \ legicrf.c \ - iso14443crc.c \ - crc16.c \ lfdemod.c \ $(SRC_ISO14443a) \ $(SRC_ISO14443b) \ $(SRC_CRAPTO1) \ + $(SRC_CRC) \ legic_prng.c \ - iclass.c \ - crc.c + iclass.c + # stdint.h provided locally until GCC 4.5 becomes C99 compliant APP_CFLAGS += -I. diff --git a/armsrc/aes.c b/armsrc/aes.c new file mode 100644 index 00000000..3df006bb --- /dev/null +++ b/armsrc/aes.c @@ -0,0 +1,1168 @@ +#include "stdio.h" +#include "aes.h" + +static const unsigned int Te0[256] = { + 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, + 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, + 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL, + 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL, + 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL, + 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL, + 0x41adadecUL, 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL, + 0x239c9cbfUL, 0x53a4a4f7UL, 0xe4727296UL, 0x9bc0c05bUL, + 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL, 0x4c26266aUL, + 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL, + 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL, + 0xe2717193UL, 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL, + 0x0804040cUL, 0x95c7c752UL, 0x46232365UL, 0x9dc3c35eUL, + 0x30181828UL, 0x379696a1UL, 0x0a05050fUL, 0x2f9a9ab5UL, + 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL, + 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL, + 0x1209091bUL, 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL, + 0x361b1b2dUL, 0xdc6e6eb2UL, 0xb45a5aeeUL, 0x5ba0a0fbUL, + 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL, 0x7db3b3ceUL, + 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL, + 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL, + 0x40202060UL, 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL, + 0xd46a6abeUL, 0x8dcbcb46UL, 0x67bebed9UL, 0x7239394bUL, + 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL, 0x85cfcf4aUL, + 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL, + 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL, + 0x8a4545cfUL, 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL, + 0xa05050f0UL, 0x783c3c44UL, 0x259f9fbaUL, 0x4ba8a8e3UL, + 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL, 0x058f8f8aUL, + 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL, + 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL, + 0x20101030UL, 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL, + 0x81cdcd4cUL, 0x180c0c14UL, 0x26131335UL, 0xc3ecec2fUL, + 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL, 0x2e171739UL, + 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL, + 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL, + 0xc06060a0UL, 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL, + 0x44222266UL, 0x542a2a7eUL, 0x3b9090abUL, 0x0b888883UL, + 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL, 0x2814143cUL, + 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL, + 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL, + 0x924949dbUL, 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL, + 0x9fc2c25dUL, 0xbdd3d36eUL, 0x43acacefUL, 0xc46262a6UL, + 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL, 0xf279798bUL, + 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL, + 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL, + 0xd86c6cb4UL, 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL, + 0xca6565afUL, 0xf47a7a8eUL, 0x47aeaee9UL, 0x10080818UL, + 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL, 0x5c2e2e72UL, + 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL, + 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL, + 0x964b4bddUL, 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL, + 0xe0707090UL, 0x7c3e3e42UL, 0x71b5b5c4UL, 0xcc6666aaUL, + 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL, 0x1c0e0e12UL, + 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL, + 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL, + 0xd9e1e138UL, 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL, + 0xd26969bbUL, 0xa9d9d970UL, 0x078e8e89UL, 0x339494a7UL, + 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL, 0xc9e9e920UL, + 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL, + 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL, + 0x65bfbfdaUL, 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL, + 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL, + 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL, +}; +static const unsigned int Te1[256] = { + 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL, + 0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL, + 0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL, + 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL, + 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL, + 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL, + 0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL, + 0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL, + 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL, + 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL, + 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL, + 0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL, + 0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL, + 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL, + 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL, + 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL, + 0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL, + 0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL, + 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL, + 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL, + 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL, + 0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL, + 0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL, + 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL, + 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL, + 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL, + 0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL, + 0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL, + 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL, + 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL, + 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL, + 0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL, + 0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL, + 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL, + 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL, + 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL, + 0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL, + 0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL, + 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL, + 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL, + 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL, + 0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL, + 0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL, + 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL, + 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL, + 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL, + 0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL, + 0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL, + 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL, + 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL, + 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL, + 0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL, + 0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL, + 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL, + 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL, + 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL, + 0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL, + 0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL, + 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL, + 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL, + 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL, + 0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL, + 0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL, + 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL, +}; +static const unsigned int Te2[256] = { + 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL, + 0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL, + 0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL, + 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL, + 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL, + 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL, + 0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL, + 0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL, + 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL, + 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL, + 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL, + 0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL, + 0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL, + 0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL, + 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL, + 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL, + 0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL, + 0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL, + 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL, + 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL, + 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL, + 0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL, + 0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL, + 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL, + 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL, + 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL, + 0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL, + 0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL, + 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL, + 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL, + 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL, + 0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL, + 0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL, + 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL, + 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL, + 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL, + 0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL, + 0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL, + 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL, + 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL, + 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL, + 0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL, + 0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL, + 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL, + 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL, + 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL, + 0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL, + 0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL, + 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL, + 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL, + 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL, + 0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL, + 0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL, + 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL, + 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL, + 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL, + 0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL, + 0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL, + 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL, + 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL, + 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL, + 0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL, + 0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL, + 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL, +}; +static const unsigned int Te3[256] = { + 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL, + 0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL, + 0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL, + 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL, + 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL, + 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL, + 0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL, + 0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL, + 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL, + 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL, + 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL, + 0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL, + 0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL, + 0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL, + 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL, + 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL, + 0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL, + 0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL, + 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL, + 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL, + 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL, + 0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL, + 0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL, + 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL, + 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL, + 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL, + 0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL, + 0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL, + 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL, + 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL, + 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL, + 0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL, + 0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL, + 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL, + 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL, + 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL, + 0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL, + 0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL, + 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL, + 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL, + 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL, + 0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL, + 0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL, + 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL, + 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL, + 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL, + 0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL, + 0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL, + 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL, + 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL, + 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL, + 0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL, + 0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL, + 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL, + 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL, + 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL, + 0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL, + 0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL, + 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL, + 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL, + 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL, + 0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL, + 0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL, + 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL, +}; +static const unsigned int Te4[256] = { + 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL, + 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL, + 0x30303030UL, 0x01010101UL, 0x67676767UL, 0x2b2b2b2bUL, + 0xfefefefeUL, 0xd7d7d7d7UL, 0xababababUL, 0x76767676UL, + 0xcacacacaUL, 0x82828282UL, 0xc9c9c9c9UL, 0x7d7d7d7dUL, + 0xfafafafaUL, 0x59595959UL, 0x47474747UL, 0xf0f0f0f0UL, + 0xadadadadUL, 0xd4d4d4d4UL, 0xa2a2a2a2UL, 0xafafafafUL, + 0x9c9c9c9cUL, 0xa4a4a4a4UL, 0x72727272UL, 0xc0c0c0c0UL, + 0xb7b7b7b7UL, 0xfdfdfdfdUL, 0x93939393UL, 0x26262626UL, + 0x36363636UL, 0x3f3f3f3fUL, 0xf7f7f7f7UL, 0xccccccccUL, + 0x34343434UL, 0xa5a5a5a5UL, 0xe5e5e5e5UL, 0xf1f1f1f1UL, + 0x71717171UL, 0xd8d8d8d8UL, 0x31313131UL, 0x15151515UL, + 0x04040404UL, 0xc7c7c7c7UL, 0x23232323UL, 0xc3c3c3c3UL, + 0x18181818UL, 0x96969696UL, 0x05050505UL, 0x9a9a9a9aUL, + 0x07070707UL, 0x12121212UL, 0x80808080UL, 0xe2e2e2e2UL, + 0xebebebebUL, 0x27272727UL, 0xb2b2b2b2UL, 0x75757575UL, + 0x09090909UL, 0x83838383UL, 0x2c2c2c2cUL, 0x1a1a1a1aUL, + 0x1b1b1b1bUL, 0x6e6e6e6eUL, 0x5a5a5a5aUL, 0xa0a0a0a0UL, + 0x52525252UL, 0x3b3b3b3bUL, 0xd6d6d6d6UL, 0xb3b3b3b3UL, + 0x29292929UL, 0xe3e3e3e3UL, 0x2f2f2f2fUL, 0x84848484UL, + 0x53535353UL, 0xd1d1d1d1UL, 0x00000000UL, 0xededededUL, + 0x20202020UL, 0xfcfcfcfcUL, 0xb1b1b1b1UL, 0x5b5b5b5bUL, + 0x6a6a6a6aUL, 0xcbcbcbcbUL, 0xbebebebeUL, 0x39393939UL, + 0x4a4a4a4aUL, 0x4c4c4c4cUL, 0x58585858UL, 0xcfcfcfcfUL, + 0xd0d0d0d0UL, 0xefefefefUL, 0xaaaaaaaaUL, 0xfbfbfbfbUL, + 0x43434343UL, 0x4d4d4d4dUL, 0x33333333UL, 0x85858585UL, + 0x45454545UL, 0xf9f9f9f9UL, 0x02020202UL, 0x7f7f7f7fUL, + 0x50505050UL, 0x3c3c3c3cUL, 0x9f9f9f9fUL, 0xa8a8a8a8UL, + 0x51515151UL, 0xa3a3a3a3UL, 0x40404040UL, 0x8f8f8f8fUL, + 0x92929292UL, 0x9d9d9d9dUL, 0x38383838UL, 0xf5f5f5f5UL, + 0xbcbcbcbcUL, 0xb6b6b6b6UL, 0xdadadadaUL, 0x21212121UL, + 0x10101010UL, 0xffffffffUL, 0xf3f3f3f3UL, 0xd2d2d2d2UL, + 0xcdcdcdcdUL, 0x0c0c0c0cUL, 0x13131313UL, 0xececececUL, + 0x5f5f5f5fUL, 0x97979797UL, 0x44444444UL, 0x17171717UL, + 0xc4c4c4c4UL, 0xa7a7a7a7UL, 0x7e7e7e7eUL, 0x3d3d3d3dUL, + 0x64646464UL, 0x5d5d5d5dUL, 0x19191919UL, 0x73737373UL, + 0x60606060UL, 0x81818181UL, 0x4f4f4f4fUL, 0xdcdcdcdcUL, + 0x22222222UL, 0x2a2a2a2aUL, 0x90909090UL, 0x88888888UL, + 0x46464646UL, 0xeeeeeeeeUL, 0xb8b8b8b8UL, 0x14141414UL, + 0xdedededeUL, 0x5e5e5e5eUL, 0x0b0b0b0bUL, 0xdbdbdbdbUL, + 0xe0e0e0e0UL, 0x32323232UL, 0x3a3a3a3aUL, 0x0a0a0a0aUL, + 0x49494949UL, 0x06060606UL, 0x24242424UL, 0x5c5c5c5cUL, + 0xc2c2c2c2UL, 0xd3d3d3d3UL, 0xacacacacUL, 0x62626262UL, + 0x91919191UL, 0x95959595UL, 0xe4e4e4e4UL, 0x79797979UL, + 0xe7e7e7e7UL, 0xc8c8c8c8UL, 0x37373737UL, 0x6d6d6d6dUL, + 0x8d8d8d8dUL, 0xd5d5d5d5UL, 0x4e4e4e4eUL, 0xa9a9a9a9UL, + 0x6c6c6c6cUL, 0x56565656UL, 0xf4f4f4f4UL, 0xeaeaeaeaUL, + 0x65656565UL, 0x7a7a7a7aUL, 0xaeaeaeaeUL, 0x08080808UL, + 0xbabababaUL, 0x78787878UL, 0x25252525UL, 0x2e2e2e2eUL, + 0x1c1c1c1cUL, 0xa6a6a6a6UL, 0xb4b4b4b4UL, 0xc6c6c6c6UL, + 0xe8e8e8e8UL, 0xddddddddUL, 0x74747474UL, 0x1f1f1f1fUL, + 0x4b4b4b4bUL, 0xbdbdbdbdUL, 0x8b8b8b8bUL, 0x8a8a8a8aUL, + 0x70707070UL, 0x3e3e3e3eUL, 0xb5b5b5b5UL, 0x66666666UL, + 0x48484848UL, 0x03030303UL, 0xf6f6f6f6UL, 0x0e0e0e0eUL, + 0x61616161UL, 0x35353535UL, 0x57575757UL, 0xb9b9b9b9UL, + 0x86868686UL, 0xc1c1c1c1UL, 0x1d1d1d1dUL, 0x9e9e9e9eUL, + 0xe1e1e1e1UL, 0xf8f8f8f8UL, 0x98989898UL, 0x11111111UL, + 0x69696969UL, 0xd9d9d9d9UL, 0x8e8e8e8eUL, 0x94949494UL, + 0x9b9b9b9bUL, 0x1e1e1e1eUL, 0x87878787UL, 0xe9e9e9e9UL, + 0xcecececeUL, 0x55555555UL, 0x28282828UL, 0xdfdfdfdfUL, + 0x8c8c8c8cUL, 0xa1a1a1a1UL, 0x89898989UL, 0x0d0d0d0dUL, + 0xbfbfbfbfUL, 0xe6e6e6e6UL, 0x42424242UL, 0x68686868UL, + 0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL, + 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL, +}; +static const unsigned int Td0[256] = { + 0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL, + 0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL, + 0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL, + 0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL, + 0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL, + 0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL, + 0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL, + 0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL, + 0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL, + 0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL, + 0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL, + 0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL, + 0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL, + 0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL, + 0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL, + 0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL, + 0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL, + 0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL, + 0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL, + 0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL, + 0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL, + 0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL, + 0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL, + 0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL, + 0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL, + 0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL, + 0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL, + 0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL, + 0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL, + 0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL, + 0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL, + 0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL, + 0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL, + 0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL, + 0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL, + 0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL, + 0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL, + 0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL, + 0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL, + 0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL, + 0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL, + 0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL, + 0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL, + 0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL, + 0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL, + 0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL, + 0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL, + 0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL, + 0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL, + 0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL, + 0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL, + 0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL, + 0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL, + 0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL, + 0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL, + 0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL, + 0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL, + 0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL, + 0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL, + 0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL, + 0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL, + 0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL, + 0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL, + 0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL, +}; +static const unsigned int Td1[256] = { + 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL, + 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL, + 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL, + 0xfc4fe5d7UL, 0xd7c52acbUL, 0x80263544UL, 0x8fb562a3UL, + 0x49deb15aUL, 0x6725ba1bUL, 0x9845ea0eUL, 0xe15dfec0UL, + 0x02c32f75UL, 0x12814cf0UL, 0xa38d4697UL, 0xc66bd3f9UL, + 0xe7038f5fUL, 0x9515929cUL, 0xebbf6d7aUL, 0xda955259UL, + 0x2dd4be83UL, 0xd3587421UL, 0x2949e069UL, 0x448ec9c8UL, + 0x6a75c289UL, 0x78f48e79UL, 0x6b99583eUL, 0xdd27b971UL, + 0xb6bee14fUL, 0x17f088adUL, 0x66c920acUL, 0xb47dce3aUL, + 0x1863df4aUL, 0x82e51a31UL, 0x60975133UL, 0x4562537fUL, + 0xe0b16477UL, 0x84bb6baeUL, 0x1cfe81a0UL, 0x94f9082bUL, + 0x58704868UL, 0x198f45fdUL, 0x8794de6cUL, 0xb7527bf8UL, + 0x23ab73d3UL, 0xe2724b02UL, 0x57e31f8fUL, 0x2a6655abUL, + 0x07b2eb28UL, 0x032fb5c2UL, 0x9a86c57bUL, 0xa5d33708UL, + 0xf2302887UL, 0xb223bfa5UL, 0xba02036aUL, 0x5ced1682UL, + 0x2b8acf1cUL, 0x92a779b4UL, 0xf0f307f2UL, 0xa14e69e2UL, + 0xcd65daf4UL, 0xd50605beUL, 0x1fd13462UL, 0x8ac4a6feUL, + 0x9d342e53UL, 0xa0a2f355UL, 0x32058ae1UL, 0x75a4f6ebUL, + 0x390b83ecUL, 0xaa4060efUL, 0x065e719fUL, 0x51bd6e10UL, + 0xf93e218aUL, 0x3d96dd06UL, 0xaedd3e05UL, 0x464de6bdUL, + 0xb591548dUL, 0x0571c45dUL, 0x6f0406d4UL, 0xff605015UL, + 0x241998fbUL, 0x97d6bde9UL, 0xcc894043UL, 0x7767d99eUL, + 0xbdb0e842UL, 0x8807898bUL, 0x38e7195bUL, 0xdb79c8eeUL, + 0x47a17c0aUL, 0xe97c420fUL, 0xc9f8841eUL, 0x00000000UL, + 0x83098086UL, 0x48322bedUL, 0xac1e1170UL, 0x4e6c5a72UL, + 0xfbfd0effUL, 0x560f8538UL, 0x1e3daed5UL, 0x27362d39UL, + 0x640a0fd9UL, 0x21685ca6UL, 0xd19b5b54UL, 0x3a24362eUL, + 0xb10c0a67UL, 0x0f9357e7UL, 0xd2b4ee96UL, 0x9e1b9b91UL, + 0x4f80c0c5UL, 0xa261dc20UL, 0x695a774bUL, 0x161c121aUL, + 0x0ae293baUL, 0xe5c0a02aUL, 0x433c22e0UL, 0x1d121b17UL, + 0x0b0e090dUL, 0xadf28bc7UL, 0xb92db6a8UL, 0xc8141ea9UL, + 0x8557f119UL, 0x4caf7507UL, 0xbbee99ddUL, 0xfda37f60UL, + 0x9ff70126UL, 0xbc5c72f5UL, 0xc544663bUL, 0x345bfb7eUL, + 0x768b4329UL, 0xdccb23c6UL, 0x68b6edfcUL, 0x63b8e4f1UL, + 0xcad731dcUL, 0x10426385UL, 0x40139722UL, 0x2084c611UL, + 0x7d854a24UL, 0xf8d2bb3dUL, 0x11aef932UL, 0x6dc729a1UL, + 0x4b1d9e2fUL, 0xf3dcb230UL, 0xec0d8652UL, 0xd077c1e3UL, + 0x6c2bb316UL, 0x99a970b9UL, 0xfa119448UL, 0x2247e964UL, + 0xc4a8fc8cUL, 0x1aa0f03fUL, 0xd8567d2cUL, 0xef223390UL, + 0xc787494eUL, 0xc1d938d1UL, 0xfe8ccaa2UL, 0x3698d40bUL, + 0xcfa6f581UL, 0x28a57adeUL, 0x26dab78eUL, 0xa43fadbfUL, + 0xe42c3a9dUL, 0x0d507892UL, 0x9b6a5fccUL, 0x62547e46UL, + 0xc2f68d13UL, 0xe890d8b8UL, 0x5e2e39f7UL, 0xf582c3afUL, + 0xbe9f5d80UL, 0x7c69d093UL, 0xa96fd52dUL, 0xb3cf2512UL, + 0x3bc8ac99UL, 0xa710187dUL, 0x6ee89c63UL, 0x7bdb3bbbUL, + 0x09cd2678UL, 0xf46e5918UL, 0x01ec9ab7UL, 0xa8834f9aUL, + 0x65e6956eUL, 0x7eaaffe6UL, 0x0821bccfUL, 0xe6ef15e8UL, + 0xd9bae79bUL, 0xce4a6f36UL, 0xd4ea9f09UL, 0xd629b07cUL, + 0xaf31a4b2UL, 0x312a3f23UL, 0x30c6a594UL, 0xc035a266UL, + 0x37744ebcUL, 0xa6fc82caUL, 0xb0e090d0UL, 0x1533a7d8UL, + 0x4af10498UL, 0xf741ecdaUL, 0x0e7fcd50UL, 0x2f1791f6UL, + 0x8d764dd6UL, 0x4d43efb0UL, 0x54ccaa4dUL, 0xdfe49604UL, + 0xe39ed1b5UL, 0x1b4c6a88UL, 0xb8c12c1fUL, 0x7f466551UL, + 0x049d5eeaUL, 0x5d018c35UL, 0x73fa8774UL, 0x2efb0b41UL, + 0x5ab3671dUL, 0x5292dbd2UL, 0x33e91056UL, 0x136dd647UL, + 0x8c9ad761UL, 0x7a37a10cUL, 0x8e59f814UL, 0x89eb133cUL, + 0xeecea927UL, 0x35b761c9UL, 0xede11ce5UL, 0x3c7a47b1UL, + 0x599cd2dfUL, 0x3f55f273UL, 0x791814ceUL, 0xbf73c737UL, + 0xea53f7cdUL, 0x5b5ffdaaUL, 0x14df3d6fUL, 0x867844dbUL, + 0x81caaff3UL, 0x3eb968c4UL, 0x2c382434UL, 0x5fc2a340UL, + 0x72161dc3UL, 0x0cbce225UL, 0x8b283c49UL, 0x41ff0d95UL, + 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL, + 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL, +}; +static const unsigned int Td2[256] = { + 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL, + 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL, + 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL, + 0xd7fc4fe5UL, 0xcbd7c52aUL, 0x44802635UL, 0xa38fb562UL, + 0x5a49deb1UL, 0x1b6725baUL, 0x0e9845eaUL, 0xc0e15dfeUL, + 0x7502c32fUL, 0xf012814cUL, 0x97a38d46UL, 0xf9c66bd3UL, + 0x5fe7038fUL, 0x9c951592UL, 0x7aebbf6dUL, 0x59da9552UL, + 0x832dd4beUL, 0x21d35874UL, 0x692949e0UL, 0xc8448ec9UL, + 0x896a75c2UL, 0x7978f48eUL, 0x3e6b9958UL, 0x71dd27b9UL, + 0x4fb6bee1UL, 0xad17f088UL, 0xac66c920UL, 0x3ab47dceUL, + 0x4a1863dfUL, 0x3182e51aUL, 0x33609751UL, 0x7f456253UL, + 0x77e0b164UL, 0xae84bb6bUL, 0xa01cfe81UL, 0x2b94f908UL, + 0x68587048UL, 0xfd198f45UL, 0x6c8794deUL, 0xf8b7527bUL, + 0xd323ab73UL, 0x02e2724bUL, 0x8f57e31fUL, 0xab2a6655UL, + 0x2807b2ebUL, 0xc2032fb5UL, 0x7b9a86c5UL, 0x08a5d337UL, + 0x87f23028UL, 0xa5b223bfUL, 0x6aba0203UL, 0x825ced16UL, + 0x1c2b8acfUL, 0xb492a779UL, 0xf2f0f307UL, 0xe2a14e69UL, + 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL, + 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL, + 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL, + 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL, + 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL, + 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL, + 0x42bdb0e8UL, 0x8b880789UL, 0x5b38e719UL, 0xeedb79c8UL, + 0x0a47a17cUL, 0x0fe97c42UL, 0x1ec9f884UL, 0x00000000UL, + 0x86830980UL, 0xed48322bUL, 0x70ac1e11UL, 0x724e6c5aUL, + 0xfffbfd0eUL, 0x38560f85UL, 0xd51e3daeUL, 0x3927362dUL, + 0xd9640a0fUL, 0xa621685cUL, 0x54d19b5bUL, 0x2e3a2436UL, + 0x67b10c0aUL, 0xe70f9357UL, 0x96d2b4eeUL, 0x919e1b9bUL, + 0xc54f80c0UL, 0x20a261dcUL, 0x4b695a77UL, 0x1a161c12UL, + 0xba0ae293UL, 0x2ae5c0a0UL, 0xe0433c22UL, 0x171d121bUL, + 0x0d0b0e09UL, 0xc7adf28bUL, 0xa8b92db6UL, 0xa9c8141eUL, + 0x198557f1UL, 0x074caf75UL, 0xddbbee99UL, 0x60fda37fUL, + 0x269ff701UL, 0xf5bc5c72UL, 0x3bc54466UL, 0x7e345bfbUL, + 0x29768b43UL, 0xc6dccb23UL, 0xfc68b6edUL, 0xf163b8e4UL, + 0xdccad731UL, 0x85104263UL, 0x22401397UL, 0x112084c6UL, + 0x247d854aUL, 0x3df8d2bbUL, 0x3211aef9UL, 0xa16dc729UL, + 0x2f4b1d9eUL, 0x30f3dcb2UL, 0x52ec0d86UL, 0xe3d077c1UL, + 0x166c2bb3UL, 0xb999a970UL, 0x48fa1194UL, 0x642247e9UL, + 0x8cc4a8fcUL, 0x3f1aa0f0UL, 0x2cd8567dUL, 0x90ef2233UL, + 0x4ec78749UL, 0xd1c1d938UL, 0xa2fe8ccaUL, 0x0b3698d4UL, + 0x81cfa6f5UL, 0xde28a57aUL, 0x8e26dab7UL, 0xbfa43fadUL, + 0x9de42c3aUL, 0x920d5078UL, 0xcc9b6a5fUL, 0x4662547eUL, + 0x13c2f68dUL, 0xb8e890d8UL, 0xf75e2e39UL, 0xaff582c3UL, + 0x80be9f5dUL, 0x937c69d0UL, 0x2da96fd5UL, 0x12b3cf25UL, + 0x993bc8acUL, 0x7da71018UL, 0x636ee89cUL, 0xbb7bdb3bUL, + 0x7809cd26UL, 0x18f46e59UL, 0xb701ec9aUL, 0x9aa8834fUL, + 0x6e65e695UL, 0xe67eaaffUL, 0xcf0821bcUL, 0xe8e6ef15UL, + 0x9bd9bae7UL, 0x36ce4a6fUL, 0x09d4ea9fUL, 0x7cd629b0UL, + 0xb2af31a4UL, 0x23312a3fUL, 0x9430c6a5UL, 0x66c035a2UL, + 0xbc37744eUL, 0xcaa6fc82UL, 0xd0b0e090UL, 0xd81533a7UL, + 0x984af104UL, 0xdaf741ecUL, 0x500e7fcdUL, 0xf62f1791UL, + 0xd68d764dUL, 0xb04d43efUL, 0x4d54ccaaUL, 0x04dfe496UL, + 0xb5e39ed1UL, 0x881b4c6aUL, 0x1fb8c12cUL, 0x517f4665UL, + 0xea049d5eUL, 0x355d018cUL, 0x7473fa87UL, 0x412efb0bUL, + 0x1d5ab367UL, 0xd25292dbUL, 0x5633e910UL, 0x47136dd6UL, + 0x618c9ad7UL, 0x0c7a37a1UL, 0x148e59f8UL, 0x3c89eb13UL, + 0x27eecea9UL, 0xc935b761UL, 0xe5ede11cUL, 0xb13c7a47UL, + 0xdf599cd2UL, 0x733f55f2UL, 0xce791814UL, 0x37bf73c7UL, + 0xcdea53f7UL, 0xaa5b5ffdUL, 0x6f14df3dUL, 0xdb867844UL, + 0xf381caafUL, 0xc43eb968UL, 0x342c3824UL, 0x405fc2a3UL, + 0xc372161dUL, 0x250cbce2UL, 0x498b283cUL, 0x9541ff0dUL, + 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL, + 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL, +}; +static const unsigned int Td3[256] = { + 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL, + 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL, + 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL, + 0xe5d7fc4fUL, 0x2acbd7c5UL, 0x35448026UL, 0x62a38fb5UL, + 0xb15a49deUL, 0xba1b6725UL, 0xea0e9845UL, 0xfec0e15dUL, + 0x2f7502c3UL, 0x4cf01281UL, 0x4697a38dUL, 0xd3f9c66bUL, + 0x8f5fe703UL, 0x929c9515UL, 0x6d7aebbfUL, 0x5259da95UL, + 0xbe832dd4UL, 0x7421d358UL, 0xe0692949UL, 0xc9c8448eUL, + 0xc2896a75UL, 0x8e7978f4UL, 0x583e6b99UL, 0xb971dd27UL, + 0xe14fb6beUL, 0x88ad17f0UL, 0x20ac66c9UL, 0xce3ab47dUL, + 0xdf4a1863UL, 0x1a3182e5UL, 0x51336097UL, 0x537f4562UL, + 0x6477e0b1UL, 0x6bae84bbUL, 0x81a01cfeUL, 0x082b94f9UL, + 0x48685870UL, 0x45fd198fUL, 0xde6c8794UL, 0x7bf8b752UL, + 0x73d323abUL, 0x4b02e272UL, 0x1f8f57e3UL, 0x55ab2a66UL, + 0xeb2807b2UL, 0xb5c2032fUL, 0xc57b9a86UL, 0x3708a5d3UL, + 0x2887f230UL, 0xbfa5b223UL, 0x036aba02UL, 0x16825cedUL, + 0xcf1c2b8aUL, 0x79b492a7UL, 0x07f2f0f3UL, 0x69e2a14eUL, + 0xdaf4cd65UL, 0x05bed506UL, 0x34621fd1UL, 0xa6fe8ac4UL, + 0x2e539d34UL, 0xf355a0a2UL, 0x8ae13205UL, 0xf6eb75a4UL, + 0x83ec390bUL, 0x60efaa40UL, 0x719f065eUL, 0x6e1051bdUL, + 0x218af93eUL, 0xdd063d96UL, 0x3e05aeddUL, 0xe6bd464dUL, + 0x548db591UL, 0xc45d0571UL, 0x06d46f04UL, 0x5015ff60UL, + 0x98fb2419UL, 0xbde997d6UL, 0x4043cc89UL, 0xd99e7767UL, + 0xe842bdb0UL, 0x898b8807UL, 0x195b38e7UL, 0xc8eedb79UL, + 0x7c0a47a1UL, 0x420fe97cUL, 0x841ec9f8UL, 0x00000000UL, + 0x80868309UL, 0x2bed4832UL, 0x1170ac1eUL, 0x5a724e6cUL, + 0x0efffbfdUL, 0x8538560fUL, 0xaed51e3dUL, 0x2d392736UL, + 0x0fd9640aUL, 0x5ca62168UL, 0x5b54d19bUL, 0x362e3a24UL, + 0x0a67b10cUL, 0x57e70f93UL, 0xee96d2b4UL, 0x9b919e1bUL, + 0xc0c54f80UL, 0xdc20a261UL, 0x774b695aUL, 0x121a161cUL, + 0x93ba0ae2UL, 0xa02ae5c0UL, 0x22e0433cUL, 0x1b171d12UL, + 0x090d0b0eUL, 0x8bc7adf2UL, 0xb6a8b92dUL, 0x1ea9c814UL, + 0xf1198557UL, 0x75074cafUL, 0x99ddbbeeUL, 0x7f60fda3UL, + 0x01269ff7UL, 0x72f5bc5cUL, 0x663bc544UL, 0xfb7e345bUL, + 0x4329768bUL, 0x23c6dccbUL, 0xedfc68b6UL, 0xe4f163b8UL, + 0x31dccad7UL, 0x63851042UL, 0x97224013UL, 0xc6112084UL, + 0x4a247d85UL, 0xbb3df8d2UL, 0xf93211aeUL, 0x29a16dc7UL, + 0x9e2f4b1dUL, 0xb230f3dcUL, 0x8652ec0dUL, 0xc1e3d077UL, + 0xb3166c2bUL, 0x70b999a9UL, 0x9448fa11UL, 0xe9642247UL, + 0xfc8cc4a8UL, 0xf03f1aa0UL, 0x7d2cd856UL, 0x3390ef22UL, + 0x494ec787UL, 0x38d1c1d9UL, 0xcaa2fe8cUL, 0xd40b3698UL, + 0xf581cfa6UL, 0x7ade28a5UL, 0xb78e26daUL, 0xadbfa43fUL, + 0x3a9de42cUL, 0x78920d50UL, 0x5fcc9b6aUL, 0x7e466254UL, + 0x8d13c2f6UL, 0xd8b8e890UL, 0x39f75e2eUL, 0xc3aff582UL, + 0x5d80be9fUL, 0xd0937c69UL, 0xd52da96fUL, 0x2512b3cfUL, + 0xac993bc8UL, 0x187da710UL, 0x9c636ee8UL, 0x3bbb7bdbUL, + 0x267809cdUL, 0x5918f46eUL, 0x9ab701ecUL, 0x4f9aa883UL, + 0x956e65e6UL, 0xffe67eaaUL, 0xbccf0821UL, 0x15e8e6efUL, + 0xe79bd9baUL, 0x6f36ce4aUL, 0x9f09d4eaUL, 0xb07cd629UL, + 0xa4b2af31UL, 0x3f23312aUL, 0xa59430c6UL, 0xa266c035UL, + 0x4ebc3774UL, 0x82caa6fcUL, 0x90d0b0e0UL, 0xa7d81533UL, + 0x04984af1UL, 0xecdaf741UL, 0xcd500e7fUL, 0x91f62f17UL, + 0x4dd68d76UL, 0xefb04d43UL, 0xaa4d54ccUL, 0x9604dfe4UL, + 0xd1b5e39eUL, 0x6a881b4cUL, 0x2c1fb8c1UL, 0x65517f46UL, + 0x5eea049dUL, 0x8c355d01UL, 0x877473faUL, 0x0b412efbUL, + 0x671d5ab3UL, 0xdbd25292UL, 0x105633e9UL, 0xd647136dUL, + 0xd7618c9aUL, 0xa10c7a37UL, 0xf8148e59UL, 0x133c89ebUL, + 0xa927eeceUL, 0x61c935b7UL, 0x1ce5ede1UL, 0x47b13c7aUL, + 0xd2df599cUL, 0xf2733f55UL, 0x14ce7918UL, 0xc737bf73UL, + 0xf7cdea53UL, 0xfdaa5b5fUL, 0x3d6f14dfUL, 0x44db8678UL, + 0xaff381caUL, 0x68c43eb9UL, 0x24342c38UL, 0xa3405fc2UL, + 0x1dc37216UL, 0xe2250cbcUL, 0x3c498b28UL, 0x0d9541ffUL, + 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL, + 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL, +}; +static const unsigned int Td4[256] = { + 0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL, + 0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL, + 0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL, + 0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL, + 0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL, + 0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL, + 0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL, + 0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL, + 0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL, + 0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL, + 0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL, + 0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL, + 0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL, + 0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL, + 0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL, + 0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL, + 0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL, + 0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL, + 0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL, + 0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL, + 0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL, + 0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL, + 0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL, + 0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL, + 0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL, + 0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL, + 0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL, + 0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL, + 0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL, + 0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL, + 0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL, + 0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL, + 0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL, + 0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL, + 0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL, + 0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL, + 0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL, + 0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL, + 0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL, + 0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL, + 0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL, + 0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL, + 0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL, + 0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL, + 0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL, + 0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL, + 0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL, + 0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL, + 0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL, + 0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL, + 0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL, + 0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL, + 0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL, + 0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL, + 0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL, + 0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL, + 0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL, + 0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL, + 0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL, + 0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL, + 0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL, + 0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL, + 0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL, + 0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL, +}; +static const unsigned int rcon[] = { + 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, + 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, + 0x1B000000UL, 0x36000000UL, +}; + +#define GETU32(pt) (((unsigned int)(pt)[0] << 24) ^ \ + ((unsigned int)(pt)[1] << 16) ^ \ + ((unsigned int)(pt)[2] << 8) ^ \ + ((unsigned int)(pt)[3])) + +#define PUTU32(ct, st) { (ct)[0] = (unsigned char)((st) >> 24); \ + (ct)[1] = (unsigned char)((st) >> 16); \ + (ct)[2] = (unsigned char)((st) >> 8); \ + (ct)[3] = (unsigned char)(st); } + +/* +* Expand the cipher key into the encryption key schedule and return the +* number of rounds for the given cipher key size. +*/ +int aes_setkey_enc(unsigned int rk[], const unsigned char cipherKey[], int keyBytes) +{ + int i = 0; + unsigned int temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + if (keyBytes == 16) { // 128 bits + for (;;) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 10; + } + rk += 4; + } + } + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + if (keyBytes == 24) { // 192 bits + for (;;) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 12; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + if (keyBytes == 32) { // 256 bits + for (;;) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/* +* Expand the cipher key into encryption and decryption key schedule and +* return the number of rounds for the given cipher key size. +*/ +int AesGenKeySched(unsigned int rk[], unsigned int rrk[], const unsigned char cipherKey[], int keyBytes) +{ + int Nr, i; + + // expand the cipher key + Nr = aes_setkey_enc(rk, cipherKey, keyBytes); + // invert the order of the first round keys + rrk += Nr * 4; + rrk[0] = rk[0]; + rrk[1] = rk[1]; + rrk[2] = rk[2]; + rrk[3] = rk[3]; + + /* + * apply the inverse MixColumn transform to all round keys but the first + * and the last + */ + for (i = 1; i < Nr; i++) { + rrk -= 4; + rk += 4; + rrk[0] = + Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + rrk[1] = + Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + rrk[2] = + Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + rrk[3] = + Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + } + // invert the order of the last round keys + rrk -= 4; + rk += 4; + rrk[0] = rk[0]; + rrk[1] = rk[1]; + rrk[2] = rk[2]; + rrk[3] = rk[3]; + + return Nr; +} + +/* +* Encrypt the plain text into cipher +*/ +void AesEncBlk(AesCtx *pCtx, const unsigned char pt[], unsigned char ct[]) +{ + unsigned int s0, s1, s2, s3, t0, t1, t2, t3, *iv; + const unsigned int *rk; + int r; + + rk = pCtx->Ek; + iv = pCtx->Iv; + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; + if (pCtx->Mode) { + s0 = s0 ^ iv[0]; + s1 = s1 ^ iv[1]; + s2 = s2 ^ iv[2]; + s3 = s3 ^ iv[3]; + } + /* + * Nr - 1 full rounds: + */ + r = pCtx->Nr >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; + } + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4[(t0 >> 24) ] & 0xff000000) ^ + (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(ct , s0); + s1 = + (Te4[(t1 >> 24) ] & 0xff000000) ^ + (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(ct + 4, s1); + s2 = + (Te4[(t2 >> 24) ] & 0xff000000) ^ + (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(ct + 8, s2); + s3 = + (Te4[(t3 >> 24) ] & 0xff000000) ^ + (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(ct + 12, s3); + + if (pCtx->Mode) { + iv[0] = s0; + iv[1] = s1; + iv[2] = s2; + iv[3] = s3; + } +} + +/* +* Decrypt the cipher into plain text +*/ +void AesDecBlk(AesCtx *pCtx, const unsigned char ct[], unsigned char pt[]) +{ + unsigned int s0, s1, s2, s3, t0, t1, t2, t3, v0, v1, v2, v3, *iv; + const unsigned int *rk; + int r; + + rk = pCtx->Dk; + iv = pCtx->Iv; + /* + * map byte array block to cipher state + * and add initial round key: + */ + v0 = GETU32(ct ); s0 = v0 ^ rk[0]; + v1 = GETU32(ct + 4); s1 = v1 ^ rk[1]; + v2 = GETU32(ct + 8); s2 = v2 ^ rk[2]; + v3 = GETU32(ct + 12); s3 = v3 ^ rk[3]; + /* + * Nr - 1 full rounds: + */ + r = pCtx->Nr >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; + } + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; + + if (pCtx->Mode) { + s0 = s0 ^ iv[0]; iv[0] = v0; + s1 = s1 ^ iv[1]; iv[1] = v1; + s2 = s2 ^ iv[2]; iv[2] = v2; + s3 = s3 ^ iv[3]; iv[3] = v3; + } + + PUTU32(pt , s0); + PUTU32(pt + 4, s1); + PUTU32(pt + 8, s2); + PUTU32(pt + 12, s3); +} + +////////////////////////////////////////////////////////////////////////////// +// API functions // +////////////////////////////////////////////////////////////////////////////// + +/* +* initialize AES context +*/ +int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode) +{ + if (pKey == 0 || pCtx == 0 || (KeyLen != KEY128 && KeyLen != KEY192 && KeyLen != KEY256)) + return -1; + + // generate key schedule + pCtx->Nr = AesGenKeySched(pCtx->Ek, pCtx->Dk, pKey, KeyLen); + + // initialize IV + if (pIV != 0) { + pCtx->Iv[0] = GETU32(pIV ); + pCtx->Iv[1] = GETU32(pIV + 4 ); + pCtx->Iv[2] = GETU32(pIV + 8 ); + pCtx->Iv[3] = GETU32(pIV + 12); + } + + // mode + pCtx->Mode = Mode; + + return 0; +} + +/* +* Encrypt plain text +*/ +int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen) +{ + int i; + + if (pData == 0 || pCipher == 0 || pCtx == 0 || (DataLen & 0xf) != 0) + return -1; + + for (i = 0; i < DataLen; i += BLOCKSZ) { + // encrypt block by block + AesEncBlk(pCtx, pData, pCipher); + pCipher += BLOCKSZ; + pData += BLOCKSZ; + } + return DataLen; +} + +/* +* Decrypt cipher +*/ +int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen) +{ + int i; + + if (pData == 0 || pCipher == 0 || pCtx == 0 || (CipherLen & 0xf) != 0) + return -1; + + for (i = 0; i < CipherLen; i += BLOCKSZ) { + // decrypt block by block + AesDecBlk(pCtx, pCipher, pData); + pCipher += BLOCKSZ; + pData += BLOCKSZ; + } + return CipherLen; +} + +////////////////////////////////////////////////////////////////////////////// +// Sample main program // +////////////////////////////////////////////////////////////////////////////// + +#ifndef EMBEDDED +int main() +{ + AesCtx ctx; + unsigned char iv[] = "INI VECTINI VECT"; + unsigned char key[] = "This is a sample AESKey"; + unsigned char databuf[] = "Data : AES Test"; // must be in multiple of 16 + + // initialize context and encrypt data at one end + + if( AesCtxIni(&ctx, iv, key, KEY128, CBC) < 0) + printf("init error\n"); + + if (AesEncrypt(&ctx, databuf, databuf, sizeof databuf) < 0) + printf("error in encryption\n"); + + // initialize context and decrypt cipher at other end + + if( AesCtxIni(&ctx, iv, key, KEY128, CBC) < 0) + printf("init error\n"); + + if (AesDecrypt(&ctx, databuf, databuf, sizeof databuf) < 0) + printf("error in decryption\n"); + + printf("%s\n", databuf); + + return 0; +} +#endif \ No newline at end of file diff --git a/armsrc/aes.h b/armsrc/aes.h new file mode 100644 index 00000000..85944873 --- /dev/null +++ b/armsrc/aes.h @@ -0,0 +1,30 @@ +/* +* AES Cryptographic Algorithm Header File. Include this header file in +* your source which uses these given APIs. (This source is kept under +* public domain) +*/ + +// AES context structure +typedef struct { + unsigned int Ek[60]; + unsigned int Dk[60]; + unsigned int Iv[4]; + unsigned char Nr; + unsigned char Mode; +} AesCtx; + +// key length in bytes +#define KEY128 16 +#define KEY192 24 +#define KEY256 32 +// block size in bytes +#define BLOCKSZ 16 +// mode +#define EBC 0 +#define CBC 1 + +// AES API function prototype + +int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode); +int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen); +int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen); \ No newline at end of file diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 530dc39c..88ade851 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -801,8 +801,17 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFAREU_READBL: MifareUReadBlock(c->arg[0],c->d.asBytes); break; + case CMD_MIFAREUC_AUTH1: + MifareUC_Auth1(c->arg[0],c->d.asBytes); + break; + case CMD_MIFAREUC_AUTH2: + MifareUC_Auth2(c->arg[0],c->d.asBytes); + break; case CMD_MIFAREU_READCARD: - MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes); + MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes); + break; + case CMD_MIFAREUC_READCARD: + MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes); break; case CMD_MIFARE_READSC: MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); @@ -858,6 +867,7 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_MIFARE_SNIFFER: SniffMifare(c->arg[0]); break; + #endif #ifdef WITH_ICLASS diff --git a/armsrc/apps.h b/armsrc/apps.h index 5a1ab690..376e52c8 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -18,6 +18,8 @@ #include "hitag2.h" #include "mifare.h" +#include "../common/crc32.h" + // The large multi-purpose buffer, typically used to hold A/D samples, // maybe processed in some way. #define BIGBUF_SIZE 40000 @@ -198,7 +200,9 @@ void ReaderMifare(bool first_try); int32_t dist_nt(uint32_t nt1, uint32_t nt2); void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); void MifareUReadBlock(uint8_t arg0,uint8_t *datain); -void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain); +void MifareUC_Auth1(uint8_t arg0, uint8_t *datain); +void MifareUC_Auth2(uint32_t arg0, uint8_t *datain); +void MifareUReadCard(uint8_t arg0, int Pages, uint8_t *datain); void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void MifareUWriteBlock(uint8_t arg0,uint8_t *datain); @@ -215,6 +219,25 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareCIdent(); // is "magic chinese" card? +//desfire +void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain); +void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); + +// mifaredesfire.h +bool InitDesfireCard(); +void MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain); +void MifareDesfireGetInformation(); +void MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain); +void ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain); +int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout); +size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout); +void OnSuccess(); +void OnError(uint8_t reason); + + + + + /// iso15693.h void RecordRawAdcSamplesIso15693(void); void AcquireRawAdcSamplesIso15693(void); diff --git a/armsrc/des.c b/armsrc/des.c new file mode 100644 index 00000000..0a27503e --- /dev/null +++ b/armsrc/des.c @@ -0,0 +1,383 @@ +/* des.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file des.c + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2007-06-16 + * \brief DES and EDE-DES implementation + * \license GPLv3 or later + * + */ +#include +#include + +const uint8_t sbox[256] = { + /* S-box 1 */ + 0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07, + 0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38, + 0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50, + 0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D, + /* S-box 2 */ + 0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A, + 0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5, + 0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F, + 0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9, + /* S-box 3 */ + 0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28, + 0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1, + 0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7, + 0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C, + /* S-box 4 */ + 0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F, + 0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9, + 0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84, + 0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E, + /* S-box 5 */ + 0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9, + 0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86, + 0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E, + 0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53, + /* S-box 6 */ + 0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B, + 0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38, + 0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6, + 0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D, + /* S-box 7 */ + 0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61, + 0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86, + 0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92, + 0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C, + /* S-box 8 */ + 0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7, + 0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92, + 0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58, + 0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B +}; + +const uint8_t e_permtab[] ={ + 4, 6, /* 4 bytes in 6 bytes out*/ + 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 +}; + +const uint8_t p_permtab[] ={ + 4, 4, /* 32 bit -> 32 bit */ + 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 +}; + +const uint8_t ip_permtab[] ={ + 8, 8, /* 64 bit -> 64 bit */ + 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 +}; + +const uint8_t inv_ip_permtab[] ={ + 8, 8, /* 64 bit -> 64 bit */ + 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 +}; + +const uint8_t pc1_permtab[] ={ + 8, 7, /* 64 bit -> 56 bit*/ + 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +const uint8_t pc2_permtab[] ={ + 7, 6, /* 56 bit -> 48 bit */ + 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +const uint8_t splitin6bitword_permtab[] = { + 8, 8, /* 64 bit -> 64 bit */ + 64, 64, 1, 6, 2, 3, 4, 5, + 64, 64, 7, 12, 8, 9, 10, 11, + 64, 64, 13, 18, 14, 15, 16, 17, + 64, 64, 19, 24, 20, 21, 22, 23, + 64, 64, 25, 30, 26, 27, 28, 29, + 64, 64, 31, 36, 32, 33, 34, 35, + 64, 64, 37, 42, 38, 39, 40, 41, + 64, 64, 43, 48, 44, 45, 46, 47 +}; + +const uint8_t shiftkey_permtab[] = { + 7, 7, /* 56 bit -> 56 bit */ + 2, 3, 4, 5, 6, 7, 8, 9, + 10, 11, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, + 26, 27, 28, 1, + 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 29 +}; + +const uint8_t shiftkeyinv_permtab[] = { + 7, 7, + 28, 1, 2, 3, 4, 5, 6, 7, + 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, + 56, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, + 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55 +}; + +/* +1 0 +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +---- +1 0 +2 1 +2 1 +2 1 +2 1 +2 1 +2 1 +1 0 +*/ +#define ROTTABLE 0x7EFC +#define ROTTABLE_INV 0x3F7E +/******************************************************************************/ + +void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out){ + uint8_t ob; /* in-bytes and out-bytes */ + uint8_t byte, bit; /* counter for bit and byte */ + ob = ptable[1]; + ptable = &(ptable[2]); + for(byte=0; byte>(x%8)) ){ + t|=0x01; + } + } + out[byte]=t; + } +} + +/******************************************************************************/ + +void changeendian32(uint32_t * a){ + *a = (*a & 0x000000FF) << 24 | + (*a & 0x0000FF00) << 8 | + (*a & 0x00FF0000) >> 8 | + (*a & 0xFF000000) >> 24; +} + +/******************************************************************************/ +static inline +void shiftkey(uint8_t *key){ + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t*)shiftkey_permtab, k, key); +} + +/******************************************************************************/ +static inline +void shiftkey_inv(uint8_t *key){ + uint8_t k[7]; + memcpy(k, key, 7); + permute((uint8_t*)shiftkeyinv_permtab, k, key); + +} + +/******************************************************************************/ +static inline +uint64_t splitin6bitwords(uint64_t a){ + uint64_t ret=0; + a &= 0x0000ffffffffffffLL; + permute((uint8_t*)splitin6bitword_permtab, (uint8_t*)&a, (uint8_t*)&ret); + return ret; +} + +/******************************************************************************/ + +static inline +uint8_t substitute(uint8_t a, uint8_t * sbp){ + uint8_t x; + x = sbp[a>>1]; + x = (a&1)?x&0x0F:x>>4; + return x; + +} + +/******************************************************************************/ + +uint32_t des_f(uint32_t r, uint8_t* kr){ + uint8_t i; + uint32_t t=0,ret; + uint64_t data; + uint8_t *sbp; /* sboxpointer */ + permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data); + for(i=0; i<7; ++i) + ((uint8_t*)&data)[i] ^= kr[i]; + + /* Sbox substitution */ + data = splitin6bitwords(data); + sbp=(uint8_t*)sbox; + for(i=0; i<8; ++i){ + uint8_t x; + x = substitute(((uint8_t*)&data)[i], sbp); + t<<=4; + t |= x; + sbp += 32; + } + changeendian32(&t); + + permute((uint8_t*)p_permtab,(uint8_t*)&t, (uint8_t*)&ret); + + return ret; +} + +/******************************************************************************/ + +void des_enc(void* out, const void* in, const void* key){ +#define R *((uint32_t*)&(data[4])) +#define L *((uint32_t*)&(data[0])) + + uint8_t data[8],kr[6],k[7]; + uint8_t i; + + permute((uint8_t*)ip_permtab, (uint8_t*)in, data); + permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k); + for(i=0; i<8; ++i){ + shiftkey(k); + if(ROTTABLE&((1<<((i<<1)+0))) ) + shiftkey(k); + permute((uint8_t*)pc2_permtab, k, kr); + L ^= des_f(R, kr); + + shiftkey(k); + if(ROTTABLE&((1<<((i<<1)+1))) ) + shiftkey(k); + permute((uint8_t*)pc2_permtab, k, kr); + R ^= des_f(L, kr); + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out); +} + +/******************************************************************************/ + +void des_dec(void* out, const void* in, const uint8_t* key){ +#define R *((uint32_t*)&(data[4])) +#define L *((uint32_t*)&(data[0])) + + uint8_t data[8],kr[6],k[7]; + int8_t i; + permute((uint8_t*)ip_permtab, (uint8_t*)in, data); + permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k); + for(i=7; i>=0; --i){ + + permute((uint8_t*)pc2_permtab, k, kr); + L ^= des_f(R, kr); + shiftkey_inv(k); + if(ROTTABLE&((1<<((i<<1)+1))) ){ + shiftkey_inv(k); + } + + permute((uint8_t*)pc2_permtab, k, kr); + R ^= des_f(L, kr); + shiftkey_inv(k); + if(ROTTABLE&((1<<((i<<1)+0))) ){ + shiftkey_inv(k); + } + + } + /* L <-> R*/ + R ^= L; + L ^= R; + R ^= L; + + permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out); +} + +/******************************************************************************/ + +void tdes_enc(void* out, void* in, const void* key){ + des_enc(out, in, (uint8_t*)key + 0); + des_dec(out, out, (uint8_t*)key + 8); + des_enc(out, out, (uint8_t*)key +16); +} + +/******************************************************************************/ + +void tdes_dec(void* out, void* in, const uint8_t* key){ + des_dec(out, in, (uint8_t*)key +16); + des_enc(out, out, (uint8_t*)key + 8); + des_dec(out, out, (uint8_t*)key + 0); +} + +/******************************************************************************/ + + diff --git a/armsrc/des.h b/armsrc/des.h new file mode 100644 index 00000000..652886fd --- /dev/null +++ b/armsrc/des.h @@ -0,0 +1,107 @@ +/* des.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file des.h + * \author Daniel Otte + * \date 2007-06-16 + * \brief des and tdes declarations + * \license GPLv3 or later + * + */ +#ifndef DES_H_ +#define DES_H_ + +/* the FIPS 46-3 (1999-10-25) name for triple DES is triple data encryption algorithm so TDEA. + * Also we only implement the three key mode */ + +/** \def tdea_enc + * \brief defining an alias for void tdes_enc(void* out, const void* in, const void* key) + */ + +/** \def tdea_dec + * \brief defining an alias for void tdes_dec(void* out, const void* in, const void* key) + */ + +#define tdea_enc tdes_enc +#define tdea_dec tdes_dec + +/** \fn void des_enc(void* out, const void* in, const void* key) + * \brief encrypt a block with DES + * + * This function encrypts a block of 64 bits (8 bytes) with the DES algorithm. + * Key expansion is done automatically. The key is 64 bits long, but note that + * only 56 bits are used (the LSB of each byte is dropped). The input and output + * blocks may overlap. + * + * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to + * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from + * \param key pointer to the key (64 bit = 8 byte) + */ +void des_enc(void* out, const void* in, const void* key); + +/** \fn void des_dec(void* out, const void* in, const void* key) + * \brief decrypt a block with DES + * + * This function decrypts a block of 64 bits (8 bytes) with the DES algorithm. + * Key expansion is done automatically. The key is 64 bits long, but note that + * only 56 bits are used (the LSB of each byte is dropped). The input and output + * blocks may overlap. + * + * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to + * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from + * \param key pointer to the key (64 bit = 8 byte) + */ +void des_dec(void* out, const void* in, const void* key); + +/** \fn void tdes_enc(void* out, const void* in, const void* key) + * \brief encrypt a block with Tripple-DES + * + * This function encrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE) + * algorithm. Key expansion is done automatically. The key is 192 bits long, but + * note that only 178 bits are used (the LSB of each byte is dropped). The input + * and output blocks may overlap. + * + * \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to + * \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from + * \param key pointer to the key (192 bit = 24 byte) + */ +void tdes_enc(void* out, const void* in, const void* key); + +/** \fn void tdes_dec(void* out, const void* in, const void* key) + * \brief decrypt a block with Tripple-DES + * + * This function decrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE) + * algorithm. Key expansion is done automatically. The key is 192 bits long, but + * note that only 178 bits are used (the LSB of each byte is dropped). The input + * and output blocks may overlap. + * + * \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to + * \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from + * \param key pointer to the key (192 bit = 24 byte) + */ + void tdes_dec(void* out, const void* in, const void* key); + +#endif /*DES_H_*/ + +// Copied from des.h in desfire imp. +typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */ +typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */ + + +extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */ diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index d326be2c..2722ccb2 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1001,10 +1001,11 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) } // The second response contains the (mandatory) first 24 bits of the UID - uint8_t response2[5]; + uint8_t response2[5] = {0x00}; // Check if the uid uses the (optional) part - uint8_t response2a[5]; + uint8_t response2a[5] = {0x00}; + if (uid_2nd) { response2[0] = 0x88; num_to_bytes(uid_1st,3,response2+1); @@ -1025,12 +1026,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3]; // Prepare the mandatory SAK (for 4 and 7 byte UID) - uint8_t response3[3]; + uint8_t response3[3] = {0x00}; response3[0] = sak; ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]); // Prepare the optional second SAK (for 7 byte UID), drop the cascade bit - uint8_t response3a[3]; + uint8_t response3a[3] = {0x00}; response3a[0] = sak & 0xFB; ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index ecd8728d..a96164fc 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -17,6 +17,8 @@ #include "apps.h" #include "util.h" +#include "crc.h" + //----------------------------------------------------------------------------- // Select, Authenticate, Read a MIFARE tag. // read block @@ -80,7 +82,71 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16); LED_B_OFF(); - // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + + +void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){ + + byte_t isOK = 0; + byte_t dataoutbuf[16] = {0x00}; + uint8_t uid[10] = {0x00}; + uint32_t cuid; + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + iso14a_clear_trace(); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + if(!iso14443a_select_card(uid, NULL, &cuid)) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Can't select card"); + //OnError(0); + return; + }; + + if(mifare_ultra_auth1(cuid, dataoutbuf)){ + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Authentication part1: Fail."); + //OnError(1); + return; + } + + isOK = 1; + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) + DbpString("AUTH 1 FINISHED"); + + cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11); + LEDsoff(); +} +void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){ + + uint32_t cuid = arg0; + uint8_t key[16] = {0x00}; + byte_t isOK = 0; + byte_t dataoutbuf[16] = {0x00}; + + memcpy(key, datain, 16); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + if(mifare_ultra_auth2(cuid, key, dataoutbuf)){ + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Authentication part2: Fail..."); + //OnError(1); + return; + } + + isOK = 1; + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) + DbpString("AUTH 2 FINISHED"); + + cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } @@ -1061,3 +1127,58 @@ void MifareCIdent(){ // // DESFIRE // + +void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){ + + byte_t dataout[11] = {0x00}; + uint8_t uid[10] = {0x00}; + uint32_t cuid; + + iso14a_clear_trace(); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + int len = iso14443a_select_card(uid, NULL, &cuid); + if(!len) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Can't select card"); + //OnError(1); + return; + }; + + if(mifare_desfire_des_auth1(cuid, dataout)){ + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Authentication part1: Fail."); + //OnError(4); + return; + } + + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED"); + + cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout)); +} + +void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){ + + uint32_t cuid = arg0; + uint8_t key[16] = {0x00}; + byte_t isOK = 0; + byte_t dataout[12] = {0x00}; + + memcpy(key, datain, 16); + + isOK = mifare_desfire_des_auth2(cuid, key, dataout); + + if( isOK) { + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) + Dbprintf("Authentication part2: Failed"); + //OnError(4); + return; + } + + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) + DbpString("AUTH 2 FINISHED"); + + cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout)); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} \ No newline at end of file diff --git a/armsrc/mifaresniff.c b/armsrc/mifaresniff.c index fed12772..9b6f5f04 100644 --- a/armsrc/mifaresniff.c +++ b/armsrc/mifaresniff.c @@ -13,10 +13,10 @@ static int sniffState = SNF_INIT; static uint8_t sniffUIDType; -static uint8_t sniffUID[8]; -static uint8_t sniffATQA[2]; +static uint8_t sniffUID[8] = {0x00}; +static uint8_t sniffATQA[2] = {0x00}; static uint8_t sniffSAK; -static uint8_t sniffBuf[16]; +static uint8_t sniffBuf[16] = {0x00}; static uint32_t timerData = 0; diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 976f6dca..163eca79 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -93,10 +93,30 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint AppendCrc14443a(dcmd, 6); ReaderTransmit(dcmd, sizeof(dcmd), NULL); int len = ReaderReceive(answer, answer_parity); - if(!len) - { + if(!len) { if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout."); return 2; + } + return len; +} + +int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing) +{ + uint8_t dcmd[19]; + int len; + dcmd[0] = cmd; + memcpy(dcmd+1,data,16); + AppendCrc14443a(dcmd, 17); + + ReaderTransmit(dcmd, sizeof(dcmd), timing); + len = ReaderReceive(answer, answer_parity); + if(!len) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout."); + len = ReaderReceive(answer,answer_parity); + } + if(len==1) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed."); + return 1; } return len; } @@ -278,6 +298,57 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo return 0; } +// mifare ultralight commands +int mifare_ultra_auth1(uint32_t uid, uint8_t *blockData){ + + uint16_t len; + uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf(); + uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; + + len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL); + if (len == 1) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + return 1; + } + if (len != 11) + return 1; + + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4], + receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9], + receivedAnswer[10]); + } + memcpy(blockData, receivedAnswer, 11); + return 0; +} + +int mifare_ultra_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ + + uint16_t len; + uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf(); + uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; + + len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer, receivedAnswerPar, NULL); + if (len == 1) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + return 1; + } + if (len != 11) + return 1; + + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4], + receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9], + receivedAnswer[10]); + } + memcpy(blockData, receivedAnswer, 11); + return 0; +} + int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) { uint16_t len; @@ -552,3 +623,98 @@ void emlClearMem(void) { emlSetMem((uint8_t *)uid, 0, 1); return; } + + +// Mifare desfire commands +int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing) +{ + uint8_t dcmd[5] = {0x00}; + dcmd[0] = cmd; + memcpy(dcmd+1,data,2); + AppendCrc14443a(dcmd, 3); + + ReaderTransmit(dcmd, sizeof(dcmd), NULL); + int len = ReaderReceive(answer, answer_parity); + if(!len) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Authentication failed. Card timeout."); + return 1; + } + return len; +} + +int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing) +{ + uint8_t dcmd[20] = {0x00}; + dcmd[0] = cmd; + memcpy(dcmd+1,data,17); + AppendCrc14443a(dcmd, 18); + + ReaderTransmit(dcmd, sizeof(dcmd), NULL); + int len = ReaderReceive(answer, answer_parity); + if(!len){ + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Authentication failed. Card timeout."); + return 1; + } + return len; +} + +int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){ + + int len; + // load key, keynumber + uint8_t data[2]={0x0a, 0x00}; + uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf(); + uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; + + len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL); + if (len == 1) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + return 1; + } + + if (len == 12) { + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4], + receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9], + receivedAnswer[10],receivedAnswer[11]); + } + memcpy(blockData, receivedAnswer, 12); + return 0; + } + return 1; +} + +int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){ + + int len; + uint8_t data[17] = {0x00}; + data[0] = 0xAF; + memcpy(data+1,key,16); + + uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf(); + uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; + + len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL); + + if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) { + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]); + return 1; + } + + if (len == 12){ + if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { + Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4], + receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9], + receivedAnswer[10],receivedAnswer[11]); + } + memcpy(blockData, receivedAnswer, 12); + return 0; + } + return 1; +} \ No newline at end of file diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index c8f3dadf..2770a442 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -56,17 +56,27 @@ extern int MF_DBGLEVEL; uint8_t* mifare_get_bigbufptr(void); int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing); int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing); + +int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing); int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing); int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested); int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing); int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); +int mifare_ultra_auth1(uint32_t cuid, uint8_t *blockData); +int mifare_ultra_auth2(uint32_t cuid, uint8_t *key, uint8_t *blockData); int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); int mifare_ultra_halt(uint32_t uid); + +// desfire +int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing); +int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing); +int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData); +int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData); // crypto functions void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len); diff --git a/armsrc/util.h b/armsrc/util.h index d7eacd70..bf5d0cc8 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -13,7 +13,7 @@ #include #include -#include +#include "common.h" #define BYTEx(x, n) (((x) >> (n * 8)) & 0xff ) diff --git a/client/Makefile b/client/Makefile index 523a1ad1..823ee445 100644 --- a/client/Makefile +++ b/client/Makefile @@ -9,15 +9,13 @@ include ../common/Makefile.common CC=gcc CXX=g++ #COMMON_FLAGS = -m32 - VPATH = ../common OBJDIR = obj LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm LDFLAGS = $(COMMON_FLAGS) -CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 +CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 LUAPLATFORM = generic - ifneq (,$(findstring MINGW,$(platform))) CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 @@ -79,6 +77,7 @@ CMDSRCS = nonce2key/crapto1.c\ cmdhflegic.c \ cmdhficlass.c \ cmdhfmf.c \ + cmdhfmfu.c \ cmdhw.c \ cmdlf.c \ cmdlfio.c \ diff --git a/client/cmddata.c b/client/cmddata.c index a88fa4e1..820e44e2 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -511,10 +511,6 @@ int CmdBitstream(const char *Cmd) bit ^= 1; AppendGraph(0, clock, bit); - // for (j = 0; j < (int)(clock/2); j++) - // GraphBuffer[(i * clock) + j] = bit ^ 1; - // for (j = (int)(clock/2); j < clock; j++) - // GraphBuffer[(i * clock) + j] = bit; } RepaintGraphWindow(); @@ -800,8 +796,7 @@ int CmdFSKdemod(const char *Cmd) //old CmdFSKdemod needs updating PrintAndLog("actual data bits start at sample %d", maxPos); PrintAndLog("length %d/%d", highLen, lowLen); - uint8_t bits[46]; - bits[sizeof(bits)-1] = '\0'; + uint8_t bits[46] = {0x00}; // find bit pairs and manchester decode them for (i = 0; i < arraylen(bits) - 1; ++i) { @@ -1054,7 +1049,7 @@ int CmdHpf(const char *Cmd) int CmdSamples(const char *Cmd) { - uint8_t got[40000]; + uint8_t got[40000] = {0x00}; int n = strtol(Cmd, NULL, 0); if (n == 0) diff --git a/client/cmdhf.c b/client/cmdhf.c index 9acc9825..637b2b08 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -22,6 +22,7 @@ #include "cmdhflegic.h" #include "cmdhficlass.h" #include "cmdhfmf.h" +#include "cmdhfmfu.h" static int CmdHelp(const char *Cmd); @@ -601,6 +602,7 @@ static command_t CommandTable[] = {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, + {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, {"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, {"list", CmdHFList, 1, "List protocol data in trace buffer"}, {NULL, NULL, 0, NULL} diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 01602d76..147e790e 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -412,9 +412,9 @@ int CmdHF14ASim(const char *Cmd) PrintAndLog(" syntax: hf 14a sim "); PrintAndLog(" types: 1 = MIFARE Classic"); PrintAndLog(" 2 = MIFARE Ultralight"); - PrintAndLog(" 3 = MIFARE DESFIRE"); + PrintAndLog(" 3 = MIFARE Desfire"); PrintAndLog(" 4 = ISO/IEC 14443-4"); - PrintAndLog(" 5 = MIFARE TNP3XXX"); + PrintAndLog(" 5 = MIFARE Tnp3xxx"); PrintAndLog(""); return 1; } @@ -480,7 +480,8 @@ int CmdHF14ASim(const char *Cmd) int CmdHF14ASnoop(const char *Cmd) { int param = 0; - if (param_getchar(Cmd, 0) == 'h') { + uint8_t ctmp = param_getchar(Cmd, 0) ; + if (ctmp == 'h' || ctmp == 'H') { PrintAndLog("It get data from the field and saves it into command buffer."); PrintAndLog("Buffer accessible from command hf list 14a."); PrintAndLog("Usage: hf 14a snoop [c][r]"); @@ -491,7 +492,7 @@ int CmdHF14ASnoop(const char *Cmd) { } for (int i = 0; i < 2; i++) { - char ctmp = param_getchar(Cmd, i); + ctmp = param_getchar(Cmd, i); if (ctmp == 'c' || ctmp == 'C') param |= 0x01; if (ctmp == 'r' || ctmp == 'R') param |= 0x02; } @@ -670,7 +671,7 @@ static command_t CommandTable[] = {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, {"cuids", CmdHF14ACUIDs, 0, " Collect n>0 ISO14443 Type A UIDs in one go"}, - {"sim", CmdHF14ASim, 0, " -- Fake ISO 14443a tag"}, + {"sim", CmdHF14ASim, 0, " -- Simulate ISO 14443a tag"}, {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"}, {"raw", CmdHF14ACmdRaw, 0, "Send raw hex data to tag"}, {NULL, NULL, 0, NULL} diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index e3d0fc23..ea07b894 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -280,7 +280,7 @@ int CmdHF14BCmdRaw (const char *cmd) { uint8_t power=0; char buf[5]=""; int i=0; - uint8_t data[100]; + uint8_t data[100] = {0x00}; unsigned int datalen=0, temp; char *hexout; @@ -334,7 +334,7 @@ int CmdHF14BCmdRaw (const char *cmd) { continue; } PrintAndLog("Invalid char on input"); - return 0; + return 1; } if (datalen == 0) { @@ -448,7 +448,7 @@ int CmdHF14BWrite( const char *Cmd){ else PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) ); - sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]); + sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]); CmdHF14BCmdRaw(str); return 0; diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index aae6290d..24d04dc2 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -140,117 +140,6 @@ int CmdHF14AMfWrBl(const char *Cmd) return 0; } -int CmdHF14AMfUWrBl(const char *Cmd) -{ - uint8_t blockNo = 0; - bool chinese_card=0; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - UsbCommand resp; - - if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf uwrbl "); - PrintAndLog(" sample: hf mf uwrbl 0 01020304"); - return 0; - } - - blockNo = param_get8(Cmd, 0); - if (param_gethex(Cmd, 1, bldata, 8)) { - PrintAndLog("Block data must include 8 HEX symbols"); - return 1; - } - - if (strchr(Cmd,'w') != 0) { - chinese_card=1; - } - - switch(blockNo){ - case 0: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 1: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 2: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(c.d.asBytes, bldata, 4); - SendCommand(&c); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 3: - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - default: - PrintAndLog("--block no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(e.d.asBytes,bldata, 4); - SendCommand(&e); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - } - return 0; -} - - int CmdHF14AMfRdBl(const char *Cmd) { uint8_t blockNo = 0; @@ -299,87 +188,6 @@ int CmdHF14AMfRdBl(const char *Cmd) return 0; } -int CmdHF14AMfURdBl(const char *Cmd) -{ - uint8_t blockNo = 0; - - if (strlen(Cmd)<1) { - PrintAndLog("Usage: hf mf urdbl "); - PrintAndLog(" sample: hf mf urdbl 0"); - return 0; - } - - blockNo = param_get8(Cmd, 0); - PrintAndLog("--block no:%d", blockNo); - - UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}}; - SendCommand(&c); - - UsbCommand resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - uint8_t *data = resp.d.asBytes; - - if (isOK) - PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4)); - else - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - - return 0; -} - - -int CmdHF14AMfURdCard(const char *Cmd) -{ - int i; - uint8_t sectorNo = 0; - uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - - uint8_t isOK = 0; - uint8_t * data = NULL; - - PrintAndLog("Attempting to Read Ultralight... "); - - UsbCommand c = {CMD_MIFAREU_READCARD, {sectorNo}}; - SendCommand(&c); - - UsbCommand resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - isOK = resp.arg[0] & 0xff; - data = resp.d.asBytes; - - PrintAndLog("isOk:%02x", isOK); - if (isOK) - { // bit 0 and 1 - PrintAndLog("Block %3d:%s ", 0,sprint_hex(data + 0 * 4, 4)); - PrintAndLog("Block %3d:%s ", 1,sprint_hex(data + 1 * 4, 4)); - // bit 2 - //process lock bytes - lockbytes_t=data+(2*4); - lockbytes[0]=lockbytes_t[2]; - lockbytes[1]=lockbytes_t[3]; - for(int j=0; j<16; j++){ - bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8)); - } - //remaining - for (i = 3; i < 16; i++) { - int bitnum = (23-i) % 16; - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[bitnum]); - } - - } - } else { - PrintAndLog("Command execute timeout"); - } - return 0; -} - - int CmdHF14AMfRdSc(const char *Cmd) { int i; @@ -970,12 +778,14 @@ int CmdHF14AMfNested(const char *Cmd) int CmdHF14AMfChk(const char *Cmd) { if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf chk |<*card memory> [t] [] []"); + PrintAndLog("Usage: hf mf chk |<*card memory> [t|d] [] []"); PrintAndLog(" * - all sectors"); PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, - 1K"); PrintAndLog("d - write keys to binary file\n"); + PrintAndLog("t - write keys to emulator memory"); PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic"); PrintAndLog(" hf mf chk *1 ? t"); + PrintAndLog(" hf mf chk *1 ? d"); return 0; } @@ -1202,12 +1012,16 @@ int CmdHF14AMf1kSim(const char *Cmd) uint8_t exitAfterNReads = 0; uint8_t flags = 0; - if (param_getchar(Cmd, 0) == 'h') { + uint8_t cmdp = param_getchar(Cmd, 0); + + if (cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: hf mf sim u n i x"); + PrintAndLog(" h this help"); PrintAndLog(" u (Optional) UID. If not specified, the UID from emulator memory will be used"); PrintAndLog(" n (Optional) Automatically exit simulation after blocks have been read by reader. 0 = infinite"); PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted"); PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); + PrintAndLog(""); PrintAndLog(" sample: hf mf sim u 0a0a0a0a "); return 0; } @@ -1288,7 +1102,7 @@ int CmdHF14AMfDbg(const char *Cmd) int CmdHF14AMfEGet(const char *Cmd) { uint8_t blockNo = 0; - uint8_t data[16]; + uint8_t data[16] = {0x00}; if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { PrintAndLog("Usage: hf mf eget "); @@ -1355,14 +1169,11 @@ int CmdHF14AMfELoad(const char *Cmd) FILE * f; char filename[FILE_PATH_SIZE]; char *fnameptr = filename; - char buf[64]; - uint8_t buf8[64]; + char buf[64] = {0x00}; + uint8_t buf8[64] = {0x00}; int i, len, blockNum, numBlocks; int nameParamNo = 1; - memset(filename, 0, sizeof(filename)); - memset(buf, 0, sizeof(buf)); - char ctmp = param_getchar(Cmd, 0); if ( ctmp == 'h' || ctmp == 0x00) { @@ -1432,11 +1243,13 @@ int CmdHF14AMfELoad(const char *Cmd) fclose(f); return 3; } + printf("."); blockNum++; if (blockNum >= numBlocks) break; } fclose(f); + printf("\n"); if ((blockNum != numBlocks)) { PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks); @@ -1638,7 +1451,7 @@ int CmdHF14AMfCSetUID(const char *Cmd) char ctmp = param_getchar(Cmd, 1); if (ctmp == 'w' || ctmp == 'W') wipeCard = 1; - PrintAndLog("--wipe card:%02x uid:%s", wipeCard, sprint_hex(uid, 4)); + PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4)); res = mfCSetUID(uid, oldUid, wipeCard); if (res) { @@ -1653,11 +1466,10 @@ int CmdHF14AMfCSetUID(const char *Cmd) int CmdHF14AMfCSetBlk(const char *Cmd) { - uint8_t uid[8]; - uint8_t memBlock[16]; + uint8_t uid[8] = {0x00}; + uint8_t memBlock[16] = {0x00}; uint8_t blockNo = 0; int res; - memset(memBlock, 0x00, sizeof(memBlock)); if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { PrintAndLog("Usage: hf mf csetblk "); @@ -1682,7 +1494,6 @@ int CmdHF14AMfCSetBlk(const char *Cmd) return 1; } - PrintAndLog("UID:%s", sprint_hex(uid, 4)); return 0; } @@ -1697,11 +1508,8 @@ int CmdHF14AMfCLoad(const char *Cmd) uint8_t fillFromEmulator = 0; int i, len, blockNum, flags; - // memset(filename, 0, sizeof(filename)); - // memset(buf, 0, sizeof(buf)); - if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { - PrintAndLog("It loads magic Chinese card (only works with!!!) from the file `filename.eml`"); + PrintAndLog("It loads magic Chinese card from the file `filename.eml`"); PrintAndLog("or from emulator memory (option `e`)"); PrintAndLog("Usage: hf mf cload "); PrintAndLog(" or: hf mf cload e "); @@ -1748,7 +1556,9 @@ int CmdHF14AMfCLoad(const char *Cmd) blockNum = 0; flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; while(!feof(f)){ + memset(buf, 0, sizeof(buf)); + if (fgets(buf, sizeof(buf), f) == NULL) { PrintAndLog("File reading error."); return 2; @@ -1783,6 +1593,7 @@ int CmdHF14AMfCLoad(const char *Cmd) PrintAndLog("Loaded from file: %s", filename); return 0; } + return 0; } int CmdHF14AMfCGetBlk(const char *Cmd) { @@ -1814,10 +1625,9 @@ int CmdHF14AMfCGetBlk(const char *Cmd) { int CmdHF14AMfCGetSc(const char *Cmd) { - uint8_t memBlock[16]; + uint8_t memBlock[16] = {0x00}; uint8_t sectorNo = 0; int i, res, flags; - memset(memBlock, 0x00, sizeof(memBlock)); if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { PrintAndLog("Usage: hf mf cgetsc "); @@ -1957,16 +1767,16 @@ int CmdHF14AMfSniff(const char *Cmd){ int blockLen = 0; int num = 0; int pckNum = 0; - uint8_t uid[7]; + uint8_t uid[7] = {0x00}; uint8_t uid_len; - uint8_t atqa[2]; + uint8_t atqa[2] = {0x00}; uint8_t sak; bool isTag; - uint8_t buf[3000]; + uint8_t buf[3000] = {0x00}; uint8_t * bufPtr = buf; - memset(buf, 0x00, 3000); - if (param_getchar(Cmd, 0) == 'h') { + char ctmp = param_getchar(Cmd, 0); + if ( ctmp == 'h' || ctmp == 'H' ) { PrintAndLog("It continuously gets data from the field and saves it to: log, emulator, emulator file."); PrintAndLog("You can specify:"); PrintAndLog(" l - save encrypted sequence to logfile `uid.log`"); @@ -1979,7 +1789,7 @@ int CmdHF14AMfSniff(const char *Cmd){ } for (int i = 0; i < 4; i++) { - char ctmp = param_getchar(Cmd, i); + ctmp = param_getchar(Cmd, i); if (ctmp == 'l' || ctmp == 'L') wantLogToFile = true; if (ctmp == 'd' || ctmp == 'D') wantDecrypt = true; //if (ctmp == 'e' || ctmp == 'E') wantSaveToEml = true; TODO @@ -2080,9 +1890,6 @@ static command_t CommandTable[] = {"help", CmdHelp, 1, "This help"}, {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"}, {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"}, - {"urdbl", CmdHF14AMfURdBl, 0, "Read MIFARE Ultralight block"}, - {"urdcard", CmdHF14AMfURdCard, 0,"Read MIFARE Ultralight Card"}, - {"uwrbl", CmdHF14AMfUWrBl, 0,"Write MIFARE Ultralight block"}, {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"}, {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"}, {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"}, diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c new file mode 100644 index 00000000..8dfb9a3b --- /dev/null +++ b/client/cmdhfmfu.c @@ -0,0 +1,741 @@ +//----------------------------------------------------------------------------- +// Ultralight Code (c) 2013,2014 Midnitesnake & Andy Davies of Pentura +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency MIFARE ULTRALIGHT (C) commands +//----------------------------------------------------------------------------- +//#include +#include "loclass/des.h" +#include "cmdhfmfu.h" +#include "cmdhfmf.h" +#include "cmdhf14a.h" + + +#define MAX_ULTRA_BLOCKS 0x0f +#define MAX_ULTRAC_BLOCKS 0x2f +//#define MAX_ULTRAC_BLOCKS 0x2c + + +static int CmdHelp(const char *Cmd); + +int CmdHF14AMfUInfo(const char *Cmd){ + + uint8_t datatemp[7] = {0x00}; + uint8_t isOK = 0; + uint8_t *data = NULL; + + UsbCommand c = {CMD_MIFAREU_READCARD, {0, 4}}; + SendCommand(&c); + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + isOK = resp.arg[0] & 0xff; + data = resp.d.asBytes; + + if (!isOK) { + PrintAndLog("Error reading from tag"); + return -1; + } + } else { + PrintAndLog("Command execute timed out"); + return -1; + } + + PrintAndLog(""); + PrintAndLog("-- Mifare Ultralight / Ultralight-C Tag Information ---------"); + PrintAndLog("-------------------------------------------------------------"); + + // UID + memcpy( datatemp, data, 3); + memcpy( datatemp+3, data+4, 4); + + PrintAndLog("MANUFACTURER : %s", getTagInfo(datatemp[0])); + PrintAndLog(" UID : %s ", sprint_hex(datatemp, 7)); + // BBC + // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2 + int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2]; + if ( data[3] == crc0 ) + PrintAndLog(" BCC0 : %02x - Ok", data[3]); + else + PrintAndLog(" BCC0 : %02x - crc should be %02x", data[3], crc0); + + int crc1 = data[4] ^ data[5] ^ data[6] ^data[7]; + if ( data[8] == crc1 ) + PrintAndLog(" BCC1 : %02x - Ok", data[8]); + else + PrintAndLog(" BCC1 : %02x - crc should be %02x", data[8], crc1 ); + + PrintAndLog(" Internal : %s ", sprint_hex(data + 9, 1)); + + memcpy(datatemp, data+10, 2); + PrintAndLog(" Lock : %s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) ); + PrintAndLog(" OneTimePad : %s ", sprint_hex(data + 3*4, 4)); + PrintAndLog(""); + + int len = CmdHF14AMfucAuth("K 0"); +// PrintAndLog("CODE: %d",len); + + PrintAndLog("Seems to be a Ultralight %s", (len==0) ? "-C" :""); + return 0; +} + +// +// Mifare Ultralight Write Single Block +// +int CmdHF14AMfUWrBl(const char *Cmd){ + uint8_t blockNo = -1; + bool chinese_card = FALSE; + uint8_t bldata[16] = {0x00}; + UsbCommand resp; + + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) < 3 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: hf mfu wrbl [w]"); + PrintAndLog(" [block number]"); + PrintAndLog(" [block data] - (8 hex symbols)"); + PrintAndLog(" [w] - Chinese magic ultralight tag"); + PrintAndLog(""); + PrintAndLog(" sample: hf mfu wrbl 0 01020304"); + PrintAndLog(""); + return 0; + } + + blockNo = param_get8(Cmd, 0); + + if (blockNo > MAX_ULTRA_BLOCKS){ + PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!"); + return 1; + } + + if (param_gethex(Cmd, 1, bldata, 8)) { + PrintAndLog("Block data must include 8 HEX symbols"); + return 1; + } + + if (strchr(Cmd,'w') != 0 || strchr(Cmd,'W') != 0 ) { + chinese_card = TRUE; + } + + if ( blockNo <= 3) { + if (!chinese_card){ + PrintAndLog("Access Denied"); + } else { + PrintAndLog("--specialblock no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(d.d.asBytes,bldata, 4); + SendCommand(&d); + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + } else { + PrintAndLog("--block no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(e.d.asBytes,bldata, 4); + SendCommand(&e); + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + return 0; +} + +// +// Mifare Ultralight Read Single Block +// +int CmdHF14AMfURdBl(const char *Cmd){ + + uint8_t blockNo = -1; + + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: hf mfu rdbl "); + PrintAndLog(" sample: hfu mfu rdbl 0"); + return 0; + } + + blockNo = param_get8(Cmd, 0); + + if (blockNo > MAX_ULTRA_BLOCKS){ + PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!"); + return 1; + } + + PrintAndLog("--block no:0x%02X (%d)", (int)blockNo, blockNo); + UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}}; + SendCommand(&c); + + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + uint8_t * data = resp.d.asBytes; + + PrintAndLog("isOk: %02x", isOK); + + if (isOK) + PrintAndLog("Data: %s", sprint_hex(data, 4)); + } else { + PrintAndLog("Command execute timeout"); + } + return 0; +} + +// +// Mifare Ultralight / Ultralight-C; Read and Dump Card Contents +// +int CmdHF14AMfUDump(const char *Cmd){ + + FILE *fout; + char filename[FILE_PATH_SIZE] = {0x00}; + char * fnameptr = filename; + + uint8_t *lockbytes_t = NULL; + uint8_t lockbytes[2] = {0x00}; + + uint8_t *lockbytes_t2 = NULL; + uint8_t lockbytes2[2] = {0x00}; + + bool bit[16] = {0x00}; + bool bit2[16] = {0x00}; + + int i; + uint8_t BlockNo = 0; + int Pages = 16; + + bool tmplockbit = false; + uint8_t isOK = 0; + uint8_t *data = NULL; + + char cmdp = param_getchar(Cmd, 0); + + if (cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Reads all pages from Mifare Ultralight or Ultralight-C tag."); + PrintAndLog("It saves binary dump into the file `filename.bin` or `cardUID.bin`"); + PrintAndLog("Usage: hf mfu dump "); + PrintAndLog(" optional cardtype c == Ultralight-C, if not defaults to Ultralight"); + PrintAndLog(" sample: hf mfu dump"); + PrintAndLog(" : hf mfu dump myfile"); + PrintAndLog(" : hf mfu dump c myfile"); + return 0; + } + + // UL or UL-C? + Pages = (cmdp == 'c' || cmdp == 'C') ? 44 : 16; + + PrintAndLog("Dumping Ultralight%s Card Data...", (Pages ==16)?"":"-C"); + + UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}}; + SendCommand(&c); + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + isOK = resp.arg[0] & 0xff; + if (!isOK) { + PrintAndLog("Command error"); + return 0; + } + data = resp.d.asBytes; + } else { + PrintAndLog("Command execute timeout"); + return 0; + } + + // Load lock bytes. + int j = 0; + + lockbytes_t = data + 8; + lockbytes[0] = lockbytes_t[2]; + lockbytes[1] = lockbytes_t[3]; + for(j = 0; j < 16; j++){ + bit[j] = lockbytes[j/8] & ( 1 <<(7-j%8)); + } + + // Load bottom lockbytes if available + if ( Pages == 44 ) { + + lockbytes_t2 = data + (40*4); + lockbytes2[0] = lockbytes_t2[2]; + lockbytes2[1] = lockbytes_t2[3]; + for (j = 0; j < 16; j++) { + bit2[j] = lockbytes2[j/8] & ( 1 <<(7-j%8)); + } + } + + for (i = 0; i < Pages; ++i) { + + if ( i < 3 ) { + PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4)); + continue; + } + + switch(i){ + case 3: tmplockbit = bit[4]; break; + case 4: tmplockbit = bit[3]; break; + case 5: tmplockbit = bit[2]; break; + case 6: tmplockbit = bit[1]; break; + case 7: tmplockbit = bit[0]; break; + case 8: tmplockbit = bit[15]; break; + case 9: tmplockbit = bit[14]; break; + case 10: tmplockbit = bit[13]; break; + case 11: tmplockbit = bit[12]; break; + case 12: tmplockbit = bit[11]; break; + case 13: tmplockbit = bit[10]; break; + case 14: tmplockbit = bit[9]; break; + case 15: tmplockbit = bit[8]; break; + case 16: + case 17: + case 18: + case 19: tmplockbit = bit2[6]; break; + case 20: + case 21: + case 22: + case 23: tmplockbit = bit2[5]; break; + case 24: + case 25: + case 26: + case 27: tmplockbit = bit2[4]; break; + case 28: + case 29: + case 30: + case 31: tmplockbit = bit2[2]; break; + case 32: + case 33: + case 34: + case 35: tmplockbit = bit2[1]; break; + case 36: + case 37: + case 38: + case 39: tmplockbit = bit2[0]; break; + case 40: tmplockbit = bit2[12]; break; + case 41: tmplockbit = bit2[11]; break; + case 42: tmplockbit = bit2[10]; break; //auth0 + case 43: tmplockbit = bit2[9]; break; //auth1 + default: break; + } + PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),tmplockbit); + } + + int len = 0; + if ( Pages == 16 ) + len = param_getstr(Cmd,0,filename); + else + len = param_getstr(Cmd,1,filename); + + if (len > FILE_PATH_SIZE-5) len = FILE_PATH_SIZE-5; + + // user supplied filename? + if (len < 1) { + + // UID = data 0-1-2 4-5-6-7 (skips a beat) + sprintf(fnameptr,"%02X%02X%02X%02X%02X%02X%02X.bin", + data[0],data[1], data[2], data[4],data[5],data[6], data[7]); + + } else { + sprintf(fnameptr + len," .bin"); + } + + + if ((fout = fopen(filename,"wb")) == NULL) { + PrintAndLog("Could not create file name %s", filename); + return 1; + } + fwrite( data, 1, Pages*4, fout ); + fclose(fout); + + PrintAndLog("Dumped %d pages, wrote %d bytes to %s", Pages, Pages*4, filename); + return 0; +} + +// Needed to Authenticate to Ultralight C tags +void rol (uint8_t *data, const size_t len){ + uint8_t first = data[0]; + for (size_t i = 0; i < len-1; i++) { + data[i] = data[i+1]; + } + data[len-1] = first; +} + +//------------------------------------------------------------------------------- +// Ultralight C Methods +//------------------------------------------------------------------------------- + +// +// Ultralight C Authentication Demo {currently uses hard-coded key} +// +int CmdHF14AMfucAuth(const char *Cmd){ + + uint8_t default_keys[5][16] = { + { 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 },// 3des std key + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },// all zeroes + { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },// 0x00-0x0F + { 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 },// NFC-key + { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 } // all ones + }; + + char cmdp = param_getchar(Cmd, 0); + + uint8_t keyNo = 0; + bool errors = false; + //Change key to user defined one + if (cmdp == 'k' || cmdp == 'K'){ + keyNo = param_get8(Cmd, 1); + if(keyNo >= 4) errors = true; + } + + if (cmdp == 'h' || cmdp == 'H') { + errors = true; + } + + if (errors) { + PrintAndLog("Usage: hf mfu cauth k "); + PrintAndLog(" 0 (default): 3DES standard key"); + PrintAndLog(" 1 : all zeros key"); + PrintAndLog(" 2 : 0x00-0x0F key"); + PrintAndLog(" 3 : nfc key"); + PrintAndLog(" 4 : all ones key"); + PrintAndLog(" sample : hf mfu cauth k"); + PrintAndLog(" : hf mfu cauth k 3"); + return 0; + } + + uint8_t random_a[8] = { 1,1,1,1,1,1,1,1 }; + //uint8_t enc_random_a[8] = { 0 }; + uint8_t random_b[8] = { 0 }; + uint8_t enc_random_b[8] = { 0 }; + uint8_t random_a_and_b[16] = { 0 }; + des3_context ctx = { 0 }; + uint8_t *key = default_keys[keyNo]; + uint8_t blockNo = 0; + uint32_t cuid = 0; + + //Auth1 + UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}}; + SendCommand(&c); + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + cuid = resp.arg[1]; + uint8_t * data= resp.d.asBytes; + + if (isOK){ + PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8)); + memcpy(enc_random_b,data+1,8); + } else { + PrintAndLog("Auth failed"); + return 2; // auth failed. + } + } else { + PrintAndLog("Command execute timeout"); + return 1; + } + + uint8_t iv[8] = { 0 }; + // Do we need random ? Right now we use all ones, is that random enough ? +// DES_random_key(&RndA); + + PrintAndLog(" RndA :%s",sprint_hex(random_a, 8)); + PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8)); + + des3_set2key_dec(&ctx, key); + + des3_crypt_cbc(&ctx // des3_context *ctx + , DES_DECRYPT // int mode + , sizeof(random_b) // size_t length + , iv // unsigned char iv[8] + , enc_random_b // const unsigned char *input + , random_b // unsigned char *output + ); + + PrintAndLog(" RndB:%s",sprint_hex(random_b, 8)); + + rol(random_b,8); + memcpy(random_a_and_b ,random_a,8); + memcpy(random_a_and_b+8,random_b,8); + + PrintAndLog(" RA+B:%s",sprint_hex(random_a_and_b, 16)); + + des3_set2key_enc(&ctx, key); + + des3_crypt_cbc(&ctx // des3_context *ctx + , DES_ENCRYPT // int mode + , sizeof(random_a_and_b) // size_t length + , enc_random_b // unsigned char iv[8] + , random_a_and_b // const unsigned char *input + , random_a_and_b // unsigned char *output + ); + + PrintAndLog("enc(RA+B):%s",sprint_hex(random_a_and_b, 16)); + + //Auth2 + UsbCommand d = {CMD_MIFAREUC_AUTH2, {cuid}}; + memcpy(d.d.asBytes,random_a_and_b, 16); + SendCommand(&d); + + UsbCommand respb; + if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) { + uint8_t isOK = respb.arg[0] & 0xff; + uint8_t * data2= respb.d.asBytes; + + if (isOK){ + PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8)); + } else { + return 2; + } + + } else { + PrintAndLog("Command execute timeout"); + return 1; + } + return 0; +} +/** +A test function to validate that the polarssl-function works the same +was as the openssl-implementation. +Commented out, since it requires openssl + +int CmdTestDES(const char * cmd) +{ + uint8_t key[16] = {0x00}; + + memcpy(key,key3_3des_data,16); + DES_cblock RndA, RndB; + + PrintAndLog("----------OpenSSL DES implementation----------"); + { + uint8_t e_RndB[8] = {0x00}; + unsigned char RndARndB[16] = {0x00}; + + DES_cblock iv = { 0 }; + DES_key_schedule ks1,ks2; + DES_cblock key1,key2; + + memcpy(key,key3_3des_data,16); + memcpy(key1,key,8); + memcpy(key2,key+8,8); + + + DES_set_key((DES_cblock *)key1,&ks1); + DES_set_key((DES_cblock *)key2,&ks2); + + DES_random_key(&RndA); + PrintAndLog(" RndA:%s",sprint_hex(RndA, 8)); + PrintAndLog(" e_RndB:%s",sprint_hex(e_RndB, 8)); + //void DES_ede2_cbc_encrypt(const unsigned char *input, + // unsigned char *output, long length, DES_key_schedule *ks1, + // DES_key_schedule *ks2, DES_cblock *ivec, int enc); + DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0); + + PrintAndLog(" RndB:%s",sprint_hex(RndB, 8)); + rol(RndB,8); + memcpy(RndARndB,RndA,8); + memcpy(RndARndB+8,RndB,8); + PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16)); + DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1); + PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16)); + + } + PrintAndLog("----------PolarSSL implementation----------"); + { + uint8_t random_a[8] = { 0 }; + uint8_t enc_random_a[8] = { 0 }; + uint8_t random_b[8] = { 0 }; + uint8_t enc_random_b[8] = { 0 }; + uint8_t random_a_and_b[16] = { 0 }; + des3_context ctx = { 0 }; + + memcpy(random_a, RndA,8); + + uint8_t output[8] = { 0 }; + uint8_t iv[8] = { 0 }; + + PrintAndLog(" RndA :%s",sprint_hex(random_a, 8)); + PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8)); + + des3_set2key_dec(&ctx, key); + + des3_crypt_cbc(&ctx // des3_context *ctx + , DES_DECRYPT // int mode + , sizeof(random_b) // size_t length + , iv // unsigned char iv[8] + , enc_random_b // const unsigned char *input + , random_b // unsigned char *output + ); + + PrintAndLog(" RndB:%s",sprint_hex(random_b, 8)); + + rol(random_b,8); + memcpy(random_a_and_b ,random_a,8); + memcpy(random_a_and_b+8,random_b,8); + + PrintAndLog(" RA+B:%s",sprint_hex(random_a_and_b, 16)); + + des3_set2key_enc(&ctx, key); + + des3_crypt_cbc(&ctx // des3_context *ctx + , DES_ENCRYPT // int mode + , sizeof(random_a_and_b) // size_t length + , enc_random_b // unsigned char iv[8] + , random_a_and_b // const unsigned char *input + , random_a_and_b // unsigned char *output + ); + + PrintAndLog("enc(RA+B):%s",sprint_hex(random_a_and_b, 16)); + } + return 0; +} +**/ +// +// Ultralight C Read Single Block +// +int CmdHF14AMfUCRdBl(const char *Cmd) +{ + uint8_t blockNo = -1; + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: hf mfu crdbl "); + PrintAndLog(" sample: hf mfu crdbl 0"); + return 0; + } + + blockNo = param_get8(Cmd, 0); + if (blockNo < 0) { + PrintAndLog("Wrong block number"); + return 1; + } + + if (blockNo > MAX_ULTRAC_BLOCKS ){ + PrintAndLog("Error: Maximum number of readable blocks is 47 for Ultralight-C Cards!"); + return 1; + } + + PrintAndLog("--block no: 0x%02X (%d)", (int)blockNo, blockNo); + + //Read Block + UsbCommand e = {CMD_MIFAREU_READBL, {blockNo}}; + SendCommand(&e); + UsbCommand resp_c; + if (WaitForResponseTimeout(CMD_ACK,&resp_c,1500)) { + uint8_t isOK = resp_c.arg[0] & 0xff; + uint8_t *data = resp_c.d.asBytes; + + PrintAndLog("isOk: %02x", isOK); + if (isOK) + PrintAndLog("Data: %s", sprint_hex(data, 4)); + + } else { + PrintAndLog("Command execute timeout"); + } + return 0; +} + +// +// Mifare Ultralight C Write Single Block +// +int CmdHF14AMfUCWrBl(const char *Cmd){ + + uint8_t blockNo = -1; + bool chinese_card = FALSE; + uint8_t bldata[16] = {0x00}; + UsbCommand resp; + + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) < 3 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: hf mfu cwrbl [w]"); + PrintAndLog(" [block number]"); + PrintAndLog(" [block data] - (8 hex symbols)"); + PrintAndLog(" [w] - Chinese magic ultralight tag"); + PrintAndLog(""); + PrintAndLog(" sample: hf mfu cwrbl 0 01020304"); + PrintAndLog(""); + return 0; + } + + blockNo = param_get8(Cmd, 0); + if (blockNo > MAX_ULTRAC_BLOCKS ){ + PrintAndLog("Error: Maximum number of blocks is 47 for Ultralight-C Cards!"); + return 1; + } + + if (param_gethex(Cmd, 1, bldata, 8)) { + PrintAndLog("Block data must include 8 HEX symbols"); + return 1; + } + + if (strchr(Cmd,'w') != 0 || strchr(Cmd,'W') != 0 ) { + chinese_card = TRUE; + } + + if ( blockNo <= 3 ) { + if (!chinese_card){ + PrintAndLog("Access Denied"); + } else { + PrintAndLog("--Special block no: 0x%02x", blockNo); + PrintAndLog("--Data: %s", sprint_hex(bldata, 4)); + UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(d.d.asBytes,bldata, 4); + SendCommand(&d); + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + } else { + PrintAndLog("--Block no : 0x%02x", blockNo); + PrintAndLog("--Data: %s", sprint_hex(bldata, 4)); + UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(e.d.asBytes,bldata, 4); + SendCommand(&e); + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk : %02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + return 0; +} + +//------------------------------------ +// Menu Stuff +//------------------------------------ +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1,"This help"}, + {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"}, + {"info", CmdHF14AMfUInfo, 0,"Taginfo"}, + {"dump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight / Ultralight-C tag to binary file"}, + {"rdbl", CmdHF14AMfURdBl, 0,"Read block - MIFARE Ultralight"}, + {"wrbl", CmdHF14AMfUWrBl, 0,"Write block - MIFARE Ultralight"}, + {"crdbl", CmdHF14AMfUCRdBl, 0,"Read block - MIFARE Ultralight C"}, + {"cwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"}, + {"cauth", CmdHF14AMfucAuth, 0,"try a Ultralight C Authentication"}, + //{"testdes", CmdTestDES , 1, "Test DES"}, + {NULL, NULL, 0, NULL} +}; + +int CmdHFMFUltra(const char *Cmd){ + WaitForResponseTimeout(CMD_ACK,NULL,100); + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd){ + CmdsHelp(CommandTable); + return 0; +} \ No newline at end of file diff --git a/client/cmdhfmfu.h b/client/cmdhfmfu.h new file mode 100644 index 00000000..c4bc0341 --- /dev/null +++ b/client/cmdhfmfu.h @@ -0,0 +1,19 @@ +#include "cmdhfmf.h" +#include "cmdhf14a.h" + +//standard ultralight +int CmdHF14AMfUWrBl(const char *Cmd); +int CmdHF14AMfURdBl(const char *Cmd); + +//Crypto Cards +int CmdHF14AMfUCRdBl(const char *Cmd); +int CmdHF14AMfUCRdCard(const char *Cmd); +int CmdHF14AMfucAuth(const char *Cmd); + +//general stuff +int CmdHF14AMfUDump(const char *Cmd); +void rol (uint8_t *data, const size_t len); + + +int CmdHFMFUltra(const char *Cmd); +int CmdHF14AMfUInfo(const char *Cmd); diff --git a/client/cmdlf.c b/client/cmdlf.c index e3361cb5..729a3875 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -465,8 +465,11 @@ int CmdLFSnoop(const char *Cmd) sscanf(Cmd, "h %"lli, &c.arg[1]); } else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) { PrintAndLog("usage 1: snoop"); - PrintAndLog(" 2: snoop {l,h} [trigger threshold]"); + PrintAndLog(" 2: snoop [trigger threshold]"); PrintAndLog(" 3: snoop [trigger threshold]"); + PrintAndLog(""); + PrintAndLog("Sample: lf snoop l 200"); + PrintAndLog(" : lf snoop 95 200"); return 0; } diff --git a/client/graph.c b/client/graph.c index 6362c8fe..94d6054f 100644 --- a/client/graph.c +++ b/client/graph.c @@ -9,6 +9,7 @@ //----------------------------------------------------------------------------- #include +#include #include #include "ui.h" #include "graph.h" @@ -50,7 +51,11 @@ int ClearGraph(int redraw) void setGraphBuf(uint8_t *buff, size_t size) { - int i=0; + if ( buff == NULL ) return; + + uint16_t i = 0; + if ( size > MAX_GRAPH_TRACE_LEN ) + size = MAX_GRAPH_TRACE_LEN; ClearGraph(0); for (; i < size; ++i){ GraphBuffer[i]=buff[i]-128; @@ -61,6 +66,8 @@ void setGraphBuf(uint8_t *buff, size_t size) } size_t getFromGraphBuf(uint8_t *buff) { + if ( buff == NULL ) return 0; + uint32_t i; for (i=0;i127) GraphBuffer[i]=127; //trim @@ -72,24 +79,59 @@ size_t getFromGraphBuf(uint8_t *buff) // Get or auto-detect clock rate int GetClock(const char *str, int peak, int verbose) { - int clock; - sscanf(str, "%i", &clock); - if (!strcmp(str, "")) - clock = 0; + int clock; + sscanf(str, "%i", &clock); + if (!strcmp(str, "")) + clock = 0; // Auto-detect clock - if (!clock) - { - uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; + if (!clock) + { + uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; size_t size = getFromGraphBuf(grph); - clock = DetectASKClock(grph,size,0); + if ( size == 0 ) { + PrintAndLog("Failed to copy from graphbuffer"); + return -1; + } + clock = DetectASKClock(grph,size,0); // Only print this message if we're not looping something - if (!verbose){ - PrintAndLog("Auto-detected clock rate: %d", clock); - } - } + if (!verbose){ + PrintAndLog("Auto-detected clock rate: %d", clock); + } + } + return clock; +} - return clock; +// A simple test to see if there is any data inside Graphbuffer. +bool HasGraphData(){ + + if ( GraphTraceLen <= 0) { + PrintAndLog("No data available, try reading something first"); + return false; + } + return true; +} + +// Detect high and lows in Grapbuffer. +// Only loops the first 256 values. +void DetectHighLowInGraph(int *high, int *low, bool addFuzz) { + + uint8_t loopMax = 255; + if ( loopMax > GraphTraceLen) + loopMax = GraphTraceLen; + + for (uint8_t i = 0; i < loopMax; ++i) { + if (GraphBuffer[i] > *high) + *high = GraphBuffer[i]; + else if (GraphBuffer[i] < *low) + *low = GraphBuffer[i]; + } + + //12% fuzz in case highs and lows aren't clipped + if (addFuzz) { + *high = (int)(*high * .88); + *low = (int)(*low * .88); + } } int GetNRZpskClock(const char *str, int peak, int verbose) @@ -104,6 +146,10 @@ int GetNRZpskClock(const char *str, int peak, int verbose) { uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; size_t size = getFromGraphBuf(grph); + if ( size == 0 ) { + PrintAndLog("Failed to copy from graphbuffer"); + return -1; + } clock = DetectpskNRZClock(grph,size,0); // Only print this message if we're not looping something if (!verbose){ @@ -111,4 +157,4 @@ int GetNRZpskClock(const char *str, int peak, int verbose) } } return clock; -} +} \ No newline at end of file diff --git a/client/graph.h b/client/graph.h index 1abeeb25..fe35d4f1 100644 --- a/client/graph.h +++ b/client/graph.h @@ -20,8 +20,10 @@ int GetClock(const char *str, int peak, int verbose); int GetNRZpskClock(const char *str, int peak, int verbose); void setGraphBuf(uint8_t *buff, size_t size); +bool HasGraphData(); +void DetectHighLowInGraph(int *high, int *low, bool addFuzz); + #define MAX_GRAPH_TRACE_LEN (1024*128) extern int GraphBuffer[MAX_GRAPH_TRACE_LEN]; extern int GraphTraceLen; - #endif diff --git a/client/loclass/des.h b/client/loclass/des.h index 907d56b1..8b8e6a35 100644 --- a/client/loclass/des.h +++ b/client/loclass/des.h @@ -28,7 +28,13 @@ #define POLARSSL_DES_H //#include "config.h" - +/** + * \def POLARSSL_CIPHER_MODE_CBC + * + * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. + */ +#define POLARSSL_CIPHER_MODE_CBC + #include #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32) diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 13b9c8e7..a5442f2a 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -49,7 +49,7 @@ local _commands = { CMD_EM4X_WRITE_WORD = 0x0219, CMD_IO_DEMOD_FSK = 0x021A, CMD_IO_CLONE_TAG = 0x021B, - CMD_EM410X_DEMOD = 0x021C, + CMD_EM410X_DEMOD = 0x021c, --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ --// For the 13.56 MHz tags diff --git a/client/lualibs/utils.lua b/client/lualibs/utils.lua index e84f70ad..c5baa406 100644 --- a/client/lualibs/utils.lua +++ b/client/lualibs/utils.lua @@ -108,6 +108,24 @@ local Utils = return retval end, + -- input parameter is a string + -- Swaps the endianess and returns a string, + -- IE: 'cd7a' -> '7acd' -> 0x7acd + SwapEndiannessStr = function(s, len) + if s == nil then return nil end + if #s == 0 then return '' end + if type(s) ~= 'string' then return nil end + + local retval + if len == 16 then + retval = s:sub(3,4)..s:sub(1,2) + elseif len == 24 then + retval = s:sub(5,6)..s:sub(3,4)..s:sub(1,2) + elseif len == 32 then + retval = s:sub(7,8)..s:sub(5,6)..s:sub(3,4)..s:sub(1,2) + end + return retval + end, ------------ CONVERSIONS -- @@ -116,7 +134,7 @@ local Utils = local B,K,OUT,I,D=16,"0123456789ABCDEF","",0 while IN>0 do I=I+1 - IN,D=math.floor(IN/B),math.mod(IN,B)+1 + IN , D = math.floor(IN/B), math.modf(IN,B)+1 OUT=string.sub(K,D,D)..OUT end return OUT diff --git a/client/mifarehost.c b/client/mifarehost.c index d025918d..7f784850 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -232,14 +232,27 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) { // "MAGIC" CARD int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) { + + uint8_t oldblock0[16] = {0x00}; uint8_t block0[16] = {0x00}; memcpy(block0, uid, 4); block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC // mifare classic SAK(byte 5) and ATQA(byte 6 and 7) - block0[5] = 0x08; - block0[6] = 0x04; - block0[7] = 0x00; + //block0[5] = 0x08; + //block0[6] = 0x04; + //block0[7] = 0x00; + + block0[5] = 0x01; //sak + block0[6] = 0x01; + block0[7] = 0x0f; + int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER); + if ( old == 0) { + memcpy(block0+8, oldblock0+8, 8); + PrintAndLog("block 0: %s", sprint_hex(block0,16)); + } else { + PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0."); + } return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER); } @@ -253,8 +266,10 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin UsbCommand resp; if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { isOK = resp.arg[0] & 0xff; - if (uid != NULL) memcpy(uid, resp.d.asBytes, 4); - if (!isOK) return 2; + if (uid != NULL) + memcpy(uid, resp.d.asBytes, 4); + if (!isOK) + return 2; } else { PrintAndLog("Command execute timeout"); return 1; @@ -286,9 +301,9 @@ int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) { static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00}; // variables -char logHexFileName[200] = {0x00}; +char logHexFileName[FILE_PATH_SIZE] = {0x00}; static uint8_t traceCard[4096] = {0x00}; -static char traceFileName[200] = {0x00}; +static char traceFileName[FILE_PATH_SIZE] = {0x00}; static int traceState = TRACE_IDLE; static uint8_t traceCurBlock = 0; static uint8_t traceCurKey = 0; @@ -323,20 +338,28 @@ int isBlockTrailer(int blockN) { int loadTraceCard(uint8_t *tuid) { FILE * f; - char buf[64]; - uint8_t buf8[64]; + char buf[64] = {0x00}; + uint8_t buf8[64] = {0x00}; int i, blockNum; - if (!isTraceCardEmpty()) saveTraceCard(); + if (!isTraceCardEmpty()) + saveTraceCard(); + memset(traceCard, 0x00, 4096); memcpy(traceCard, tuid + 3, 4); + FillFileNameByUID(traceFileName, tuid, ".eml", 7); f = fopen(traceFileName, "r"); - if (!f) return 1; + if (!f) { + fclose(f); + return 1; + } blockNum = 0; + while(!feof(f)){ + memset(buf, 0, sizeof(buf)); if (fgets(buf, sizeof(buf), f) == NULL) { PrintAndLog("File reading error."); @@ -368,22 +391,30 @@ int saveTraceCard(void) { if ((!strlen(traceFileName)) || (isTraceCardEmpty())) return 0; f = fopen(traceFileName, "w+"); + if ( !f ) { + fclose(f); + return 1; + } + for (int i = 0; i < 64; i++) { // blocks for (int j = 0; j < 16; j++) // bytes fprintf(f, "%02x", *(traceCard + i * 16 + j)); fprintf(f,"\n"); } fclose(f); - return 0; } int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) { - if (traceCrypto1) crypto1_destroy(traceCrypto1); + if (traceCrypto1) + crypto1_destroy(traceCrypto1); + traceCrypto1 = NULL; - if (wantSaveToEmlFile) loadTraceCard(tuid); + if (wantSaveToEmlFile) + loadTraceCard(tuid); + traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3]; traceCard[5] = sak; memcpy(&traceCard[6], atqa, 2); diff --git a/client/mifarehost.h b/client/mifarehost.h index 3e946cd9..96eb75f7 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -47,7 +47,7 @@ typedef struct { int foundKey[2]; } sector; -extern char logHexFileName[200]; +extern char logHexFileName[FILE_PATH_SIZE]; int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * ResultKeys, bool calibrate); int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key); diff --git a/client/scripts/remagic.lua b/client/scripts/remagic.lua new file mode 100644 index 00000000..d2b869c3 --- /dev/null +++ b/client/scripts/remagic.lua @@ -0,0 +1,63 @@ +local getopt = require('getopt') + +example = "script run remagic" +author = "Iceman" + +desc = +[[ +This is a script that tries to bring back a chinese magic card (1k generation1) +from the dead when it's block 0 has been written with bad values. + +Arguments: + -h this help +]] +--- +-- A debug printout-function +function dbg(args) + if DEBUG then + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end + +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end + +--- +-- The main entry point +function main(args) + + + -- Read the parameters + for o, a in getopt.getopt(args, 'h') do + if o == "h" then help() return end + end + + local _cmds = { + --[[ + --]] + [0] = "hf 14a raw -p -a -b 7 40", + [1] = "hf 14a raw -p -a 43", + [2] = "hf 14a raw -c -p -a A000", + [3] = "hf 14a raw -c -p -a 01 02 03 04 04 98 02 00 00 00 00 00 00 00 10 01", + } + core.clearCommandBuffer() + + local i + --for _,c in pairs(_cmds) do + for i = 0, 3 do + print ( _cmds[i] ) + core.console( _cmds[i] ) + end +end + +main(args) diff --git a/client/scripts/test_t55x7_psk.lua b/client/scripts/test_t55x7_psk.lua new file mode 100644 index 00000000..1b964094 --- /dev/null +++ b/client/scripts/test_t55x7_psk.lua @@ -0,0 +1,173 @@ +local cmds = require('commands') +local getopt = require('getopt') +local bin = require('bin') +local utils = require('utils') +local dumplib = require('html_dumplib') + +example =[[ + 1. script run tracetest + 2. script run tracetest -o + +]] +author = "Iceman" +usage = "script run test_t55x7_psk -o " +desc =[[ +This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 +The outlined procedure is as following: + +"lf t55xx write 0 00088040" +"lf read" +"data samples" +"data pskdet" +"data psknrz" +"data pskindala" +"data psknrzraw" + +Loop OUTER: + change the configuretion block 0 with: + -xxxx8xxx = PSK RF/2 with Manchester modulation + -xxxx1xxx = PSK RF/2 with PSK1 modulation (phase change when input changes) + -xxxx2xxx = PSK RF/2 with PSk2 modulation (phase change on bitclk if input high) + -xxxx3xxx = PSK RF/2 with PSk3 modulation (phase change on rising edge of input) + Loop INNER + for each outer configuration, also do + XXXXX0XX = PSK RF/2 + XXXXX4XX = PSK RF/4 + XXXXX8XX = PSK RF/8 + +In all 12 individual test for the PSK demod + +Arguments: + -h : this help + -o : logfile name +]] + +local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds +local DEBUG = true -- the debug flag + +--BLOCK 0 = 00088040 +local config1 = '0008' +local config2 = '40' + +local procedurecmds = { + [1] = '%s%s%s%s', + [2] = 'lf read', + --[3] = '', + [3] = 'data samples', + [4] = 'data pskdetectclock', + [5] = 'data psknrzrawdemod', + [6] = 'data pskindalademod', +} + +--- +-- A debug printout-function +function dbg(args) + if not DEBUG then + return + end + + if type(args) == "table" then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end +-- +-- Exit message +function ExitMsg(msg) + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print(msg) + print() +end + +function pskTest(modulation) + local y + for y = 0, 8, 4 do + for _ = 1, #procedurecmds do + local cmd = procedurecmds[_] + + if #cmd == 0 then + + elseif _ == 1 then + + dbg("Writing to T55x7 TAG") + + local configdata = cmd:format( config1, modulation , y, config2) + + dbg( configdata) + + local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = configdata ,arg2 = 0, arg3 = 0} + local err = core.SendCommand(writecommand:getBytes()) + if err then return oops(err) end + local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) + + if response then + local count,cmd,arg0 = bin.unpack('LL',response) + if(arg0==1) then + dbg("Writing success") + else + return nil, "Couldn't read block.." + end + end + + else + dbg(cmd) + core.console( cmd ) + end + end + core.clearCommandBuffer() + end + print( string.rep('--',20) ) + +end + +local function main(args) + + print( string.rep('--',20) ) + print( string.rep('--',20) ) + + local outputTemplate = os.date("testpsk_%Y-%m-%d_%H%M%S") + + -- Arguments for the script + for o, arg in getopt.getopt(args, 'ho:') do + if o == "h" then return help() end + if o == "o" then outputTemplate = arg end + end + + core.clearCommandBuffer() + + pskTest(1) + pskTest(2) + pskTest(3) + pskTest(8) + + print( string.rep('--',20) ) +end +main(args) + +-- Where it iterates over + -- xxxx8xxx = PSK RF/2 with Manchester modulation + -- xxxx1xxx = PSK RF/2 with PSK1 modulation (phase change when input changes) + -- xxxx2xxx = PSK RF/2 with PSk2 modulation (phase change on bitclk if input high) + -- xxxx3xxx = PSK RF/2 with PSk3 modulation (phase change on rising edge of input) + + -- XXXXX0XX = PSK RF/2 + -- XXXXX4XX = PSK RF/4 + -- XXXXX8XX = PSK RF/8 \ No newline at end of file diff --git a/client/scripts/tnp3dump.lua b/client/scripts/tnp3dump.lua index 520161b9..f41fe8ab 100644 --- a/client/scripts/tnp3dump.lua +++ b/client/scripts/tnp3dump.lua @@ -249,18 +249,19 @@ local function main(args) end end + + local uid = block0:sub(1,8) + local itemtype = block1:sub(1,4) + local cardid = block1:sub(9,24) + -- Write dump to files if not DEBUG then - local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'.bin') + local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin') print(("Wrote a BIN dump to the file %s"):format(foo)) - local bar = dumplib.SaveAsText(emldata, outputTemplate..'.eml') + local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml') print(("Wrote a EML dump to the file %s"):format(bar)) end - local uid = block0:sub(1,8) - local itemtype = block1:sub(1,4) - local cardid = block1:sub(9,24) - -- Show info print( string.rep('--',20) ) print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) ) diff --git a/client/scripts/tnp3sim.lua b/client/scripts/tnp3sim.lua index f43dafa2..adc34cce 100644 --- a/client/scripts/tnp3sim.lua +++ b/client/scripts/tnp3sim.lua @@ -241,18 +241,20 @@ local function main(args) local cmdSetDbgOff = "hf mf dbg 0" core.console( cmdSetDbgOff) - -- Look for tag present on reader, - result, err = lib14a.read1443a(false) - if not result then return oops(err) end + -- if not loadFromDump then + -- -- Look for tag present on reader, + -- result, err = lib14a.read1443a(false) + -- if not result then return oops(err) end - core.clearCommandBuffer() + -- core.clearCommandBuffer() - if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx - return oops('This is not a TNP3xxx tag. aborting.') - end + -- if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx + -- return oops('This is not a TNP3xxx tag. aborting.') + -- end - -- Show tag info - print((' Found tag : %s'):format(result.name)) + -- -- Show tag info + -- print((' Found tag : %s'):format(result.name)) + -- end -- Load dump.bin file print( (' Load data from %s'):format(inputTemplate)) @@ -349,7 +351,7 @@ local function main(args) err = LoadEmulator(blocks) if err then return oops(err) end core.clearCommandBuffer() - print('The simulation is now prepared.\n --> run \"hf mf sim 5 '..uid..'\" <--') + print('The simulation is now prepared.\n --> run \"hf mf sim u '..uid..' x\" <--') end end main(args) \ No newline at end of file diff --git a/client/scripts/tracetest.lua b/client/scripts/tracetest.lua new file mode 100644 index 00000000..e4a9215c --- /dev/null +++ b/client/scripts/tracetest.lua @@ -0,0 +1,132 @@ +local cmds = require('commands') +local getopt = require('getopt') +local bin = require('bin') +local utils = require('utils') +local dumplib = require('html_dumplib') + +example =[[ + 1. script run tracetest + 2. script run tracetest -o + +]] +author = "Iceman" +usage = "script run tracetest -o " +desc =[[ +This script will load several traces files in ../traces/ folder and do +"data load" +"lf search" + +Arguments: + -h : this help + -o : logfile name +]] + +local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds +local DEBUG = true -- the debug flag +--- +-- A debug printout-function +function dbg(args) + if not DEBUG then + return + end + + if type(args) == "table" then + local i = 1 + while result[i] do + dbg(result[i]) + i = i+1 + end + else + print("###", args) + end +end +--- +-- This is only meant to be used when errors occur +function oops(err) + print("ERROR: ",err) +end +--- +-- Usage help +function help() + print(desc) + print("Example usage") + print(example) +end +-- +-- Exit message +function ExitMsg(msg) + print( string.rep('--',20) ) + print( string.rep('--',20) ) + print(msg) + print() +end + + +local function main(args) + + print( string.rep('--',20) ) + print( string.rep('--',20) ) + + local cmdDataLoad = 'data load %s'; + local tracesEM = "find '../traces/' -iname 'em*.pm3' -type f" + local tracesMOD = "find '../traces/' -iname 'm*.pm3' -type f" + + local outputTemplate = os.date("testtest_%Y-%m-%d_%H%M%S") + + -- Arguments for the script + for o, arg in getopt.getopt(args, 'ho:') do + if o == "h" then return help() end + if o == "o" then outputTemplate = arg end + end + + core.clearCommandBuffer() + + local files = {} + + -- Find a set of traces staring with EM + local p = assert( io.popen(tracesEM)) + for file in p:lines() do + table.insert(files, file) + end + p.close(); + + -- Find a set of traces staring with MOD + p = assert( io.popen(tracesMOD) ) + for file in p:lines() do + table.insert(files, file) + end + p.close(); + + local cmdLFSEARCH = "lf search 1" + + -- main loop + io.write('Starting to test traces > ') + for _,file in pairs(files) do + + local x = "data load "..file + dbg(x) + core.console(x) + + dbg(cmdLFSEARCH) + core.console(cmdLFSEARCH) + + core.clearCommandBuffer() + + if core.ukbhit() then + print("aborted by user") + break + end + end + io.write('\n') + + -- Write dump to files + if not DEBUG then + local bar = dumplib.SaveAsText(emldata, outputTemplate..'.txt') + print(("Wrote output to: %s"):format(bar)) + end + + -- Show info + print( string.rep('--',20) ) + +end +main(args) \ No newline at end of file diff --git a/common/cmd.h b/common/cmd.h index b330a219..bc69ff61 100644 --- a/common/cmd.h +++ b/common/cmd.h @@ -33,8 +33,8 @@ #ifndef _PROXMARK_CMD_H_ #define _PROXMARK_CMD_H_ -#include -#include +#include "common.h" +#include "usb_cmd.h" #include "usb_cdc.h" bool cmd_receive(UsbCommand* cmd); diff --git a/common/usb_cdc.c b/common/usb_cdc.c index 54f6a8e8..ccbb3c50 100644 --- a/common/usb_cdc.c +++ b/common/usb_cdc.c @@ -370,7 +370,7 @@ uint32_t usb_write(const byte_t* data, const size_t len) { //* \fn AT91F_USB_SendData //* \brief Send Data through the control endpoint //*---------------------------------------------------------------------------- -unsigned int csrTab[100]; +unsigned int csrTab[100] = {0x00}; unsigned char csrIdx = 0; static void AT91F_USB_SendData(AT91PS_UDP pUdp, const char *pData, uint32_t length) { diff --git a/common/usb_cdc.h b/common/usb_cdc.h index d7b9c2e5..59e73a47 100644 --- a/common/usb_cdc.h +++ b/common/usb_cdc.h @@ -35,7 +35,7 @@ #ifndef _USB_CDC_H_ #define _USB_CDC_H_ -#include +#include "common.h" void usb_disable(); void usb_enable();