From b19bd5d6898f929de30e9110e011204a6c5622ad Mon Sep 17 00:00:00 2001
From: "douniwan5788@gmail.com"
 <douniwan5788@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Date: Sun, 29 Sep 2013 11:44:07 +0000
Subject: [PATCH] Add support in 'hf mf mifare' for some unlicensed/compatible
 mifare card which always answer NACK. Change the 'nttmp' start from nt
 distance 500 to 100 in mifarecmd.c to compatible some unlicensed/compatible
 mifare card.

---
 armsrc/mifarecmd.c           |   4 +-
 client/Makefile              |   2 +-
 client/nonce2key/crapto1.c   |  19 +++---
 client/nonce2key/crapto1.h   |   2 +-
 client/nonce2key/nonce2key.c | 112 ++++++++++++++++++++++++++++++-----
 5 files changed, 112 insertions(+), 27 deletions(-)

diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index fa0ff627..91ae9054 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -370,8 +370,8 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 				continue;
 			};
 
-			nttmp = prng_successor(nt1, 500);
-			for (i = 501; i < 1200; i++) {
+			nttmp = prng_successor(nt1, 100);				//NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
+			for (i = 101; i < 1200; i++) {
 				nttmp = prng_successor(nttmp, 1);
 				if (nttmp == nt2) break;
 			}
diff --git a/client/Makefile b/client/Makefile
index 3967360a..0d97d41c 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -15,7 +15,7 @@ OBJDIR = obj
 
 LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread ../liblua/liblua.a
 LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall -Wno-unused-function $(COMMON_FLAGS) -g -O4 
+CFLAGS = -std=c99 -fms-extensions -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall -Wno-unused-function $(COMMON_FLAGS) -g -O4 
 LUAPLATFORM = generic
 
 ifneq (,$(findstring MINGW,$(platform)))
diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c
index fc878a0d..c509581c 100644
--- a/client/nonce2key/crapto1.c
+++ b/client/nonce2key/crapto1.c
@@ -507,7 +507,7 @@ uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd)
  */
 static struct Crypto1State*
 brute_top(uint32_t prefix, uint32_t rresp, unsigned char parities[8][8],
-          uint32_t odd, uint32_t even, struct Crypto1State* sl)
+          uint32_t odd, uint32_t even, struct Crypto1State* sl, uint8_t no_chk)
 {
 	struct Crypto1State s;
 	uint32_t ks1, nr, ks2, rr, ks3, good, c;
@@ -525,6 +525,9 @@ brute_top(uint32_t prefix, uint32_t rresp, unsigned char parities[8][8],
 		
 		sl->odd = s.odd;
 		sl->even = s.even;
+		
+		if (no_chk)
+			break;
 	
 		ks1 = crypto1_word(&s, prefix | c << 5, 1);
 		ks2 = crypto1_word(&s,0,0);
@@ -557,7 +560,7 @@ brute_top(uint32_t prefix, uint32_t rresp, unsigned char parities[8][8],
  * tag nonce was fed in
  */
 struct Crypto1State*
-lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8])
+lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8], uint8_t no_par)
 {
 	struct Crypto1State *statelist, *s;
 	uint32_t *odd, *even, *o, *e, top;
@@ -565,21 +568,21 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8])
 	odd = lfsr_prefix_ks(ks, 1);
 	even = lfsr_prefix_ks(ks, 0);
 
-	statelist = malloc((sizeof *statelist) << 20);
+	statelist = malloc((sizeof *statelist) << 21);	//how large should be? 
 	if(!statelist || !odd || !even)
                 return 0;
 
-
 	s = statelist;
-	for(o = odd; *o != 0xffffffff; ++o)
-		for(e = even; *e != 0xffffffff; ++e)
+	for(o = odd; *o != -1; ++o)
+		for(e = even; *e != -1; ++e)
 			for(top = 0; top < 64; ++top) {
 				*o = (*o & 0x1fffff) | (top << 21);
 				*e = (*e & 0x1fffff) | (top >> 3) << 21;
-				s = brute_top(pfx, rr, par, *o, *e, s);
+				s = brute_top(pfx, rr, par, *o, *e, s, no_par);
 			}
 
-	s->odd = s->even = 0;
+	s->odd = s->even = -1;	
+	//printf("state count = %d\n",s-statelist);
 
 	free(odd);
 	free(even);
diff --git a/client/nonce2key/crapto1.h b/client/nonce2key/crapto1.h
index 67af4642..f6653124 100644
--- a/client/nonce2key/crapto1.h
+++ b/client/nonce2key/crapto1.h
@@ -37,7 +37,7 @@ struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in);
 struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3);
 uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd);
 struct Crypto1State*
-lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8]);
+lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8], uint8_t no_par);
 
 
 void lfsr_rollback_bit(struct Crypto1State* s, uint32_t in, int fb);
diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c
index d2e50d5e..7c63722d 100644
--- a/client/nonce2key/nonce2key.c
+++ b/client/nonce2key/nonce2key.c
@@ -15,15 +15,36 @@
 #define llx PRIx64
 
 #include "nonce2key.h"
+#include "mifarehost.h"
 #include "ui.h"
 
+int compar_state(const void * a, const void * b) {
+	// didn't work: (the result is truncated to 32 bits)
+	//return (*(int64_t*)b - *(int64_t*)a);
+
+	// better:
+	if (*(int64_t*)b == *(int64_t*)a) return 0;
+	else if (*(int64_t*)b > *(int64_t*)a) return 1;
+	else return -1;
+}
+
 int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key) {
-  struct Crypto1State *state, *state_s;
-  uint32_t pos, rr, nr_diff;//, ks1, ks2;
-  byte_t bt, i, ks3x[8], par[8][8];
+  struct Crypto1State *state;
+  uint32_t i, pos, rr, nr_diff, key_count;//, ks1, ks2;
+  byte_t bt, ks3x[8], par[8][8];
   uint64_t key_recovered;
+  int64_t *state_s;
+  static uint32_t last_uid;
+  static int64_t *last_keylist;
   rr = 0;
   
+  if (last_uid != uid)
+  {
+	free(last_keylist);
+	last_keylist = NULL;
+  }
+  last_uid = uid;
+
   // Reset the last three significant bits of the reader nonce
   nr &= 0xffffff1f;
   
@@ -50,20 +71,81 @@ int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_
     printf("%01x|\n", par[i][7]);
   }
   
-  state = lfsr_common_prefix(nr, rr, ks3x, par);
-	state_s = 0;
-	for (i = 0; (state) && ((state + i)->odd != 0 || (state + i)->even != 0) && (i < 10); i++)
+	if (par_info==0)
+		PrintAndLog("parity is all zero,try special attack!just wait for few more seconds...");
+  
+	state = lfsr_common_prefix(nr, rr, ks3x, par, par_info==0);
+	state_s = (int64_t*)state;
+	
+	//char filename[50] ;
+    //sprintf(filename, "nt_%08x_%d.txt", nt, nr);
+    //printf("name %s\n", filename);
+	//FILE* fp = fopen(filename,"w");
+	for (i = 0; (state) && ((state + i)->odd != -1); i++)
 	{
-    printf("%08x|%08x\n",(state+i)->odd, (state+i)->even);
-		state_s = state + i;
+		lfsr_rollback_word(state+i, uid^nt, 0);
+		crypto1_get_lfsr(state + i, &key_recovered);
+		*(state_s + i) = key_recovered;
+		//fprintf(fp, "%012llx\n",key_recovered);
 	}
-  if (!state_s) return 1;
+	//fclose(fp);
 	
-  lfsr_rollback_word(state_s, uid^nt, 0);
-  crypto1_get_lfsr(state_s, &key_recovered);
-  if (!state) free(state);
+	if(!state)
+		return 1;
 	
-	*key = key_recovered;
-  
-  return 0;
+	qsort(state_s, i, sizeof(*state_s), compar_state);
+	*(state_s + i) = -1;
+	
+	//Create the intersection:
+	if (par_info == 0 )
+		if ( last_keylist != NULL)
+		{
+			int64_t *p1, *p2, *p3;
+			p1 = p3 = last_keylist; 
+			p2 = state_s;
+			while ( *p1 != -1 && *p2 != -1 ) {
+				if (compar_state(p1, p2) == 0) {
+					printf("p1:%d p2:%d p3:%d key:%012llx\n",p1-last_keylist, p2-state_s, p3-last_keylist,*p1);
+					*p3++ = *p1++;
+					p2++;
+				}
+				else {
+					while (compar_state(p1, p2) == -1) ++p1;
+					while (compar_state(p1, p2) == 1) ++p2;
+				}
+			}
+			key_count = p3 - last_keylist;;
+		}
+		else
+			key_count = 0;
+	else
+	{
+		last_keylist = state_s;
+		key_count = i;
+	}
+	
+	printf("key_count:%d\n", key_count);
+	
+	// The list may still contain several key candidates. Test each of them with mfCheckKeys
+	for (i = 0; i < key_count; i++) {
+		uint8_t keyBlock[6];
+		uint64_t key64;
+		key64 = *(last_keylist + i);
+		num_to_bytes(key64, 6, keyBlock);
+		key64 = 0;
+		if (!mfCheckKeys(0, 0, 1, keyBlock, &key64)) {
+			*key = key64;
+			free(last_keylist);
+			last_keylist = NULL;
+			if (par_info ==0)
+				free(state);
+			return 0;
+		}
+	}	
+
+	
+	free(last_keylist);
+	last_keylist = state_s;
+	
+	return 1;
 }
-- 
2.39.2