| cda056bb |
1 | #define __STDC_FORMAT_MACROS |
| 2 | #include <inttypes.h> |
| 7847961b |
3 | #include "crapto1.h" |
| 4 | #include <stdio.h> |
| 838c15a6 |
5 | #include <time.h> |
| 6 | |
| 7 | #define llx PRIx64 |
| 8 | #define lli PRIi64 |
| 7847961b |
9 | |
| 10 | int main (int argc, char *argv[]) { |
| 838c15a6 |
11 | struct Crypto1State *revstate; |
| 12 | uint64_t key; // recovered key |
| 13 | uint32_t uid; // serial number |
| 14 | uint32_t nt; // tag challenge |
| 15 | uint32_t nr_enc; // encrypted reader challenge |
| 16 | uint32_t ar_enc; // encrypted reader response |
| 17 | uint32_t at_enc; // encrypted tag response |
| 18 | uint32_t ks2; // keystream used to encrypt reader response |
| 19 | uint32_t ks3; // keystream used to encrypt tag response |
| 7847961b |
20 | |
| 838c15a6 |
21 | printf("MIFARE Classic key recovery - based 64 bits of keystream\n"); |
| 22 | printf("Recover key from only one complete authentication!\n\n"); |
| 7847961b |
23 | |
| 838c15a6 |
24 | if (argc < 6) { |
| a81b99b9 |
25 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc...]\n\n", argv[0]); |
| 838c15a6 |
26 | return 1; |
| 27 | } |
| 7847961b |
28 | |
| a81b99b9 |
29 | int encc = argc - 6; |
| 30 | int enclen[encc]; |
| 31 | uint8_t enc[encc][120]; |
| 32 | |
| 838c15a6 |
33 | sscanf(argv[1],"%x",&uid); |
| 34 | sscanf(argv[2],"%x",&nt); |
| 35 | sscanf(argv[3],"%x",&nr_enc); |
| 36 | sscanf(argv[4],"%x",&ar_enc); |
| 37 | sscanf(argv[5],"%x",&at_enc); |
| a81b99b9 |
38 | for (int i = 0; i < encc; i++) { |
| 39 | enclen[i] = strlen(argv[i + 6]) / 2; |
| 40 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 41 | sscanf(argv[i+6] + i2*2,"%2x", (uint8_t*)&enc[i][i2]); |
| 42 | } |
| 43 | } |
| 44 | |
| 838c15a6 |
45 | printf("Recovering key for:\n"); |
| a81b99b9 |
46 | |
| 838c15a6 |
47 | printf(" uid: %08x\n",uid); |
| 48 | printf(" nt: %08x\n",nt); |
| 49 | printf(" {nr}: %08x\n",nr_enc); |
| 50 | printf(" {ar}: %08x\n",ar_enc); |
| 51 | printf(" {at}: %08x\n",at_enc); |
| 7847961b |
52 | |
| a81b99b9 |
53 | for (int i = 0; i < encc; i++) { |
| 54 | printf("{enc%d}: ", i); |
| 55 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 56 | printf("%02x", enc[i][i2]); |
| 57 | } |
| 58 | printf("\n"); |
| 59 | } |
| 60 | |
| 7847961b |
61 | // Generate lfsr succesors of the tag challenge |
| 838c15a6 |
62 | printf("\nLFSR succesors of the tag challenge:\n"); |
| 63 | printf(" nt': %08x\n",prng_successor(nt, 64)); |
| 64 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
| 65 | |
| 66 | clock_t t1 = clock(); |
| 67 | |
| 68 | // Extract the keystream from the messages |
| 69 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
| 70 | ks2 = ar_enc ^ prng_successor(nt, 64); |
| 71 | ks3 = at_enc ^ prng_successor(nt, 96); |
| 72 | printf(" ks2: %08x\n",ks2); |
| 73 | printf(" ks3: %08x\n",ks3); |
| 7847961b |
74 | |
| 838c15a6 |
75 | revstate = lfsr_recovery64(ks2, ks3); |
| a81b99b9 |
76 | |
| 77 | // Decrypting communication using keystream if presented |
| 78 | if (argc > 6 ) { |
| 79 | printf("\nDecrypted communication:\n"); |
| 80 | uint8_t ks4; |
| 81 | int rollb = 0; |
| 82 | for (int i = 0; i < encc; i++) { |
| 83 | printf("{dec%d}: ", i); |
| 84 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 85 | ks4 = crypto1_byte(revstate, 0, 0); |
| 86 | printf("%02x", ks4 ^ enc[i][i2]); |
| 87 | rollb += 1; |
| 88 | } |
| 89 | printf("\n"); |
| 90 | } |
| 91 | for (int i = 0; i < rollb; i++) |
| 92 | lfsr_rollback_byte(revstate, 0, 0); |
| 93 | } |
| 94 | |
| 838c15a6 |
95 | lfsr_rollback_word(revstate, 0, 0); |
| 96 | lfsr_rollback_word(revstate, 0, 0); |
| 97 | lfsr_rollback_word(revstate, nr_enc, 1); |
| 98 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
| 99 | crypto1_get_lfsr(revstate, &key); |
| 100 | printf("\nFound Key: [%012"llx"]\n\n",key); |
| 101 | crypto1_destroy(revstate); |
| 102 | |
| 103 | t1 = clock() - t1; |
| 104 | if ( t1 > 0 ) printf("Time : %.0f ticks \n", (float)t1); |
| 105 | return 0; |
| 7847961b |
106 | } |
projects / proxmark3-svn / blame