| cda056bb |
1 | #include <inttypes.h> |
| 4cb4b588 |
2 | #include <stdbool.h> |
| cda056bb |
3 | #include <stdio.h> |
| 4 | #include <stdlib.h> |
| 4cb4b588 |
5 | #include "crapto1/crapto1.h" |
| 6 | #include "mfkey.h" |
| ec9c7112 |
7 | #include "util_posix.h" |
| 8 | |
| cda056bb |
9 | |
| 4cb4b588 |
10 | // 32 bit recover key from 2 nonces |
| cda056bb |
11 | int main (int argc, char *argv[]) { |
| 4cb4b588 |
12 | |
| 13 | nonces_t data; |
| cda056bb |
14 | uint32_t ks2; // keystream used to encrypt reader response |
| 4cb4b588 |
15 | uint64_t key; // recovered key |
| cda056bb |
16 | |
| 4cb4b588 |
17 | printf("MIFARE Classic key recovery - based on 32 bits of keystream\n"); |
| cda056bb |
18 | printf("Recover key from two 32-bit reader authentication answers only!\n\n"); |
| 19 | |
| 4cb4b588 |
20 | if (argc != 7 && argc != 8) { |
| 21 | printf(" syntax: %s <uid> <nt0> <{nr_0}> <{ar_0}> [<nt1>] <{nr_1}> <{ar_1}>\n", argv[0]); |
| 22 | printf(" (you may omit nt1 if it is equal to nt0)\n\n"); |
| cda056bb |
23 | return 1; |
| 24 | } |
| 25 | |
| 4cb4b588 |
26 | bool moebius_attack = (argc == 8); |
| 27 | |
| 28 | sscanf(argv[1],"%x",&data.cuid); |
| 29 | sscanf(argv[2],"%x",&data.nonce); |
| 30 | data.nonce2 = data.nonce; |
| 31 | sscanf(argv[3],"%x",&data.nr); |
| 32 | sscanf(argv[4],"%x",&data.ar); |
| 33 | if (moebius_attack) { |
| 34 | sscanf(argv[5],"%x",&data.nonce2); |
| 35 | sscanf(argv[6],"%x",&data.nr2); |
| 36 | sscanf(argv[7],"%x",&data.ar2); |
| 37 | } else { |
| 38 | sscanf(argv[5],"%x",&data.nr2); |
| 39 | sscanf(argv[6],"%x",&data.ar2); |
| 40 | } |
| cda056bb |
41 | |
| 42 | printf("Recovering key for:\n"); |
| 4cb4b588 |
43 | printf(" uid: %08x\n",data.cuid); |
| 44 | printf(" nt0: %08x\n",data.nonce); |
| 45 | printf(" {nr_0}: %08x\n",data.nr); |
| 46 | printf(" {ar_0}: %08x\n",data.ar); |
| 47 | printf(" nt1: %08x\n",data.nonce2); |
| 48 | printf(" {nr_1}: %08x\n",data.nr2); |
| 49 | printf(" {ar_1}: %08x\n",data.ar2); |
| cda056bb |
50 | |
| 4cb4b588 |
51 | uint64_t start_time = msclock(); |
| 52 | |
| cda056bb |
53 | // Generate lfsr succesors of the tag challenge |
| 54 | printf("\nLFSR succesors of the tag challenge:\n"); |
| 4cb4b588 |
55 | printf(" nt': %08x\n",prng_successor(data.nonce, 64)); |
| 56 | printf(" nt'': %08x\n",prng_successor(data.nonce, 96)); |
| cda056bb |
57 | |
| 58 | // Extract the keystream from the messages |
| 59 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
| 4cb4b588 |
60 | ks2 = data.ar ^ prng_successor(data.nonce, 64); |
| cda056bb |
61 | printf(" ks2: %08x\n",ks2); |
| 62 | |
| 4cb4b588 |
63 | bool success; |
| 64 | if (moebius_attack) { |
| 65 | success = mfkey32_moebius(data, &key); |
| 66 | } else { |
| 67 | success = mfkey32(data, &key); |
| 68 | } |
| 69 | |
| 70 | if (success) { |
| 71 | printf("Recovered key: %012" PRIx64 "\n", key); |
| 72 | } else { |
| 73 | printf("Couldn't recover key.\n"); |
| cda056bb |
74 | } |
| cda056bb |
75 | |
| 4cb4b588 |
76 | printf("Time spent: %1.2f seconds\n", (float)(msclock() - start_time)/1000.0); |
| cda056bb |
77 | } |
projects / proxmark3-svn / blame