]>
Commit | Line | Data |
---|---|---|
3ad48540 MHS |
1 | #ifndef ELITE_CRACK_H |
2 | #define ELITE_CRACK_H | |
3 | void permutekey(uint8_t key[8], uint8_t dest[8]); | |
4 | /** | |
5 | * Permutes a key from iclass specific format to NIST format | |
6 | * @brief permutekey_rev | |
7 | * @param key | |
8 | * @param dest | |
9 | */ | |
10 | void permutekey_rev(uint8_t key[8], uint8_t dest[8]); | |
11 | //Crack status, see below | |
12 | #define CRACKED 0x0100 | |
13 | #define BEING_CRACKED 0x0200 | |
14 | #define CRACK_FAILED 0x0400 | |
15 | ||
16 | /** | |
17 | * Perform a bruteforce against a file which has been saved by pm3 | |
18 | * | |
19 | * @brief bruteforceFile | |
20 | * @param filename | |
21 | * @param keytable an arrah (128 x 16 bit ints). This is where the keydata is stored. | |
22 | * OBS! the upper part of the 16 bits store crack-status, | |
23 | * @return | |
24 | */ | |
25 | int bruteforceFile(const char *filename, uint16_t keytable[]); | |
26 | /** | |
27 | * | |
28 | * @brief Same as above, if you don't care about the returned keytable (results only printed on screen) | |
29 | * @param filename | |
30 | * @return | |
31 | */ | |
32 | int bruteforceFileNoKeys(const char *filename); | |
33 | /** | |
34 | * @brief Same as bruteforcefile, but uses a an array of dumpdata instead | |
35 | * @param dump | |
36 | * @param dumpsize | |
37 | * @param keytable | |
38 | * @return | |
39 | */ | |
40 | int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]); | |
41 | ||
42 | /** | |
43 | This is how we expect each 'entry' in a dumpfile to look | |
44 | **/ | |
45 | typedef struct { | |
46 | uint8_t csn[8]; | |
47 | uint8_t cc_nr[12]; | |
48 | uint8_t mac[4]; | |
49 | ||
50 | }dumpdata; | |
51 | ||
52 | /** | |
53 | * @brief Performs brute force attack against a dump-data item, containing csn, cc_nr and mac. | |
54 | *This method calculates the hash1 for the CSN, and determines what bytes need to be bruteforced | |
55 | *on the fly. If it finds that more than three bytes need to be bruteforced, it aborts. | |
56 | *It updates the keytable with the findings, also using the upper half of the 16-bit ints | |
57 | *to signal if the particular byte has been cracked or not. | |
58 | * | |
59 | * @param dump The dumpdata from iclass reader attack. | |
60 | * @param keytable where to write found values. | |
61 | * @return | |
62 | */ | |
63 | int bruteforceItem(dumpdata item, uint16_t keytable[]); | |
64 | /** | |
65 | * Hash1 takes CSN as input, and determines what bytes in the keytable will be used | |
66 | * when constructing the K_sel. | |
67 | * @param csn the CSN used | |
68 | * @param k output | |
69 | */ | |
70 | void hash1(uint8_t csn[] , uint8_t k[]); | |
9b82de75 | 71 | void hash2(uint8_t *key64, uint8_t *outp_keytable); |
3ad48540 MHS |
72 | /** |
73 | * From dismantling iclass-paper: | |
74 | * Assume that an adversary somehow learns the first 16 bytes of hash2(K_cus ), i.e., y [0] and z [0] . | |
75 | * Then he can simply recover the master custom key K_cus by computing | |
76 | * K_cus = ~DES(z[0] , y[0] ) . | |
77 | * | |
78 | * Furthermore, the adversary is able to verify that he has the correct K cus by | |
79 | * checking whether z [0] = DES enc (K_cus , ~K_cus ). | |
80 | * @param keytable an array (128 bytes) of hash2(kcus) | |
81 | * @param master_key where to put the master key | |
82 | * @return 0 for ok, 1 for failz | |
83 | */ | |
84 | int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ); | |
85 | ||
86 | /** | |
87 | * @brief Test function | |
88 | * @return | |
89 | */ | |
90 | int testElite(); | |
91 | ||
92 | /** | |
93 | Here are some pretty optimal values that can be used to recover necessary data in only | |
94 | eight auth attempts. | |
95 | // CSN HASH1 Bytes recovered // | |
96 | { {0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0} , {0x01,0x01,0x00,0x00,0x45,0x01,0x45,0x45 } ,{0,1 }}, | |
97 | { {0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0} , {0x02,0x0c,0x01,0x00,0x45,0x01,0x45,0x45} , {2,12}}, | |
98 | { {0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0} , {0x07,0x45,0x0b,0x00,0x45,0x01,0x45,0x45} , {7,11}}, | |
99 | { {0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0} , {0x03,0x0f,0x00,0x00,0x45,0x01,0x45,0x45} , {3,15}}, | |
100 | { {0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0} , {0x04,0x00,0x08,0x00,0x45,0x01,0x45,0x45} , {4,8}}, | |
101 | { {0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0} , {0x0e,0x06,0x08,0x00,0x45,0x01,0x45,0x45} , {6,14}}, | |
102 | { {0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0} , {0x0b,0x09,0x0f,0x00,0x45,0x01,0x05,0x45} , {9,5}}, | |
103 | { {0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0} , {0x0d,0x0f,0x0a,0x00,0x45,0x01,0x05,0x45} , {10,13}}, | |
104 | ||
105 | **/ | |
106 | ||
107 | ||
108 | #endif |