]>
Commit | Line | Data |
---|---|---|
f89c7050 M |
1 | //----------------------------------------------------------------------------- |
2 | // Merlok - June 2011 | |
3 | // Roel - Dec 2009 | |
4 | // Unknown author | |
5 | // | |
6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
7 | // at your option, any later version. See the LICENSE.txt file for the text of | |
8 | // the license. | |
9 | //----------------------------------------------------------------------------- | |
10 | // MIFARE Darkside hack | |
11 | //----------------------------------------------------------------------------- | |
f89c7050 | 12 | #include "nonce2key.h" |
b19bd5d6 | 13 | #include "mifarehost.h" |
f89c7050 | 14 | #include "ui.h" |
a0f33b66 | 15 | #include "proxmark3.h" |
f89c7050 | 16 | |
b19bd5d6 | 17 | int compar_state(const void * a, const void * b) { |
18 | // didn't work: (the result is truncated to 32 bits) | |
19 | //return (*(int64_t*)b - *(int64_t*)a); | |
20 | ||
21 | // better: | |
22 | if (*(int64_t*)b == *(int64_t*)a) return 0; | |
23 | else if (*(int64_t*)b > *(int64_t*)a) return 1; | |
24 | else return -1; | |
25 | } | |
26 | ||
1c611bbd | 27 | int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key) { |
738eeccd | 28 | |
0de8e387 | 29 | struct Crypto1State *state; |
a0f33b66 | 30 | uint32_t i, pos, rr = 0, nr_diff; |
0de8e387 | 31 | byte_t bt, ks3x[8], par[8][8]; |
b19bd5d6 | 32 | |
0de8e387 | 33 | // Reset the last three significant bits of the reader nonce |
34 | nr &= 0xffffff1f; | |
f89c7050 | 35 | |
0de8e387 | 36 | PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx") nr(%08"llx")\n\n", uid, nt, par_info, ks_info, nr); |
37 | ||
738eeccd | 38 | for ( pos = 0; pos < 8; pos++ ) { |
0de8e387 | 39 | ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f; |
40 | bt = (par_info >> (pos*8)) & 0xff; | |
738eeccd | 41 | |
42 | for ( i = 0; i < 8; i++) { | |
0de8e387 | 43 | par[7-pos][i] = (bt >> i) & 0x01; |
44 | } | |
45 | } | |
f89c7050 | 46 | |
0de8e387 | 47 | printf("|diff|{nr} |ks3|ks3^5|parity |\n"); |
48 | printf("+----+--------+---+-----+---------------+\n"); | |
738eeccd | 49 | |
50 | for ( i = 0; i < 8; i++) { | |
0de8e387 | 51 | nr_diff = nr | i << 5; |
52 | printf("| %02x |%08x|", i << 5, nr_diff); | |
53 | printf(" %01x | %01x |", ks3x[i], ks3x[i]^5); | |
a0f33b66 | 54 | for (pos = 0; pos < 7; pos++) printf("%01x,", par[i][pos]); |
0de8e387 | 55 | printf("%01x|\n", par[i][7]); |
56 | } | |
57 | printf("+----+--------+---+-----+---------------+\n"); | |
f89c7050 | 58 | |
a0f33b66 | 59 | state = lfsr_common_prefix(nr, rr, ks3x, par); |
60 | lfsr_rollback_word(state, uid^nt, 0); | |
61 | crypto1_get_lfsr(state, key); | |
8130eba4 | 62 | printf("\nkey recovered: %012"llx"\n\n",key); |
a0f33b66 | 63 | crypto1_destroy(state); |
64 | return 0; | |
f89c7050 | 65 | } |
46cd801c | 66 | |
738eeccd | 67 | // *outputkey is not used... |
46cd801c | 68 | int tryMfk32(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ |
69 | ||
70 | struct Crypto1State *s,*t; | |
71 | uint64_t key; // recovered key | |
72 | uint32_t uid; // serial number | |
73 | uint32_t nt; // tag challenge | |
74 | uint32_t nr0_enc; // first encrypted reader challenge | |
75 | uint32_t ar0_enc; // first encrypted reader response | |
76 | uint32_t nr1_enc; // second encrypted reader challenge | |
77 | uint32_t ar1_enc; // second encrypted reader response | |
78 | bool isSuccess = FALSE; | |
79 | int counter = 0; | |
80 | ||
81 | uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4); | |
82 | nt = *(uint32_t*)(data+8); | |
83 | nr0_enc = *(uint32_t*)(data+12); | |
84 | ar0_enc = *(uint32_t*)(data+16); | |
85 | nr1_enc = *(uint32_t*)(data+32); | |
86 | ar1_enc = *(uint32_t*)(data+36); | |
87 | ||
b69947c2 | 88 | // PrintAndLog("recovering key for:"); |
89 | // PrintAndLog(" uid: %08x %08x",uid, myuid); | |
46cd801c | 90 | // PrintAndLog(" nt: %08x",nt); |
91 | // PrintAndLog(" {nr_0}: %08x",nr0_enc); | |
92 | // PrintAndLog(" {ar_0}: %08x",ar0_enc); | |
93 | // PrintAndLog(" {nr_1}: %08x",nr1_enc); | |
94 | // PrintAndLog(" {ar_1}: %08x",ar1_enc); | |
95 | ||
96 | s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0); | |
97 | ||
98 | for(t = s; t->odd | t->even; ++t) { | |
99 | lfsr_rollback_word(t, 0, 0); | |
100 | lfsr_rollback_word(t, nr0_enc, 1); | |
101 | lfsr_rollback_word(t, uid ^ nt, 0); | |
102 | crypto1_get_lfsr(t, &key); | |
103 | crypto1_word(t, uid ^ nt, 0); | |
104 | crypto1_word(t, nr1_enc, 1); | |
105 | if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) { | |
738eeccd | 106 | PrintAndLog("Found Key: [%012"llx"]", key); |
46cd801c | 107 | isSuccess = TRUE; |
108 | ++counter; | |
b69947c2 | 109 | if (counter==20) |
46cd801c | 110 | break; |
111 | } | |
112 | } | |
a0f33b66 | 113 | |
114 | num_to_bytes(key, 6, outputkey); | |
738eeccd | 115 | crypto1_destroy(t); |
46cd801c | 116 | return isSuccess; |
117 | } | |
118 | ||
d8af608f | 119 | int tryMfk32_moebius(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ |
120 | ||
738eeccd | 121 | struct Crypto1State *s, *t; |
d8af608f | 122 | uint64_t key; // recovered key |
123 | uint32_t uid; // serial number | |
738eeccd | 124 | uint32_t nt0; // tag challenge first |
125 | uint32_t nt1; // tag challenge second | |
d8af608f | 126 | uint32_t nr0_enc; // first encrypted reader challenge |
127 | uint32_t ar0_enc; // first encrypted reader response | |
128 | uint32_t nr1_enc; // second encrypted reader challenge | |
129 | uint32_t ar1_enc; // second encrypted reader response | |
130 | bool isSuccess = FALSE; | |
131 | int counter = 0; | |
132 | ||
133 | uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4); | |
134 | nt0 = *(uint32_t*)(data+8); | |
135 | nr0_enc = *(uint32_t*)(data+12); | |
136 | ar0_enc = *(uint32_t*)(data+16); | |
137 | nt1 = *(uint32_t*)(data+8); | |
138 | nr1_enc = *(uint32_t*)(data+32); | |
139 | ar1_enc = *(uint32_t*)(data+36); | |
140 | ||
141 | s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0); | |
142 | ||
143 | for(t = s; t->odd | t->even; ++t) { | |
144 | lfsr_rollback_word(t, 0, 0); | |
145 | lfsr_rollback_word(t, nr0_enc, 1); | |
146 | lfsr_rollback_word(t, uid ^ nt0, 0); | |
147 | crypto1_get_lfsr(t, &key); | |
148 | ||
149 | crypto1_word(t, uid ^ nt1, 0); | |
150 | crypto1_word(t, nr1_enc, 1); | |
151 | if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) { | |
152 | PrintAndLog("Found Key: [%012"llx"]",key); | |
153 | isSuccess = TRUE; | |
154 | ++counter; | |
155 | if (counter==20) | |
156 | break; | |
157 | } | |
158 | } | |
a0f33b66 | 159 | num_to_bytes(key, 6, outputkey); |
738eeccd | 160 | crypto1_destroy(t); |
d8af608f | 161 | return isSuccess; |
162 | } | |
163 | ||
46cd801c | 164 | int tryMfk64(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ |
165 | ||
166 | struct Crypto1State *revstate; | |
167 | uint64_t key; // recovered key | |
168 | uint32_t uid; // serial number | |
169 | uint32_t nt; // tag challenge | |
170 | uint32_t nr_enc; // encrypted reader challenge | |
171 | uint32_t ar_enc; // encrypted reader response | |
172 | uint32_t at_enc; // encrypted tag response | |
173 | uint32_t ks2; // keystream used to encrypt reader response | |
174 | uint32_t ks3; // keystream used to encrypt tag response | |
175 | ||
176 | struct Crypto1State mpcs = {0, 0}; | |
177 | struct Crypto1State *pcs; | |
178 | pcs = &mpcs; | |
179 | ||
180 | uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4); | |
181 | nt = *(uint32_t*)(data+8); | |
182 | nr_enc = *(uint32_t*)(data+12); | |
183 | ar_enc = *(uint32_t*)(data+16); | |
184 | ||
185 | crypto1_word(pcs, nr_enc , 1); | |
186 | at_enc = prng_successor(nt, 96) ^ crypto1_word(pcs, 0, 0); | |
187 | ||
188 | // printf("Recovering key for:\n"); | |
189 | // printf(" uid: %08x\n",uid); | |
190 | // printf(" nt: %08x\n",nt); | |
191 | // printf(" {nr}: %08x\n",nr_enc); | |
192 | // printf(" {ar}: %08x\n",ar_enc); | |
193 | // printf(" {at}: %08x\n",at_enc); | |
194 | ||
195 | // Extract the keystream from the messages | |
196 | ks2 = ar_enc ^ prng_successor(nt, 64); | |
197 | ks3 = at_enc ^ prng_successor(nt, 96); | |
198 | ||
199 | revstate = lfsr_recovery64(ks2, ks3); | |
200 | lfsr_rollback_word(revstate, 0, 0); | |
201 | lfsr_rollback_word(revstate, 0, 0); | |
202 | lfsr_rollback_word(revstate, nr_enc, 1); | |
203 | lfsr_rollback_word(revstate, uid ^ nt, 0); | |
204 | crypto1_get_lfsr(revstate, &key); | |
205 | PrintAndLog("Found Key: [%012"llx"]",key); | |
a0f33b66 | 206 | num_to_bytes(key, 6, outputkey); |
46cd801c | 207 | crypto1_destroy(revstate); |
46cd801c | 208 | return 0; |
e98572a1 | 209 | } |