]>
Commit | Line | Data |
---|---|---|
db25599d | 1 | #define __STDC_FORMAT_MACROS |
2 | #include <inttypes.h> | |
3 | #define llx PRIx64 | |
4 | #define lli PRIi64 | |
5 | ||
6 | // Test-file: test2.c | |
7 | #include "crapto1.h" | |
8 | #include <stdio.h> | |
9 | #include <stdlib.h> | |
10 | ||
11 | int main (int argc, char *argv[]) { | |
12 | struct Crypto1State *s,*t; | |
13 | uint64_t key; // recovered key | |
14 | uint32_t uid; // serial number | |
15 | uint32_t nt0; // tag challenge first | |
16 | uint32_t nt1; // tag challenge second | |
17 | uint32_t nr0_enc; // first encrypted reader challenge | |
18 | uint32_t ar0_enc; // first encrypted reader response | |
19 | uint32_t nr1_enc; // second encrypted reader challenge | |
20 | uint32_t ar1_enc; // second encrypted reader response | |
21 | uint32_t ks2; // keystream used to encrypt reader response | |
22 | ||
23 | printf("MIFARE Classic key recovery - based 32 bits of keystream VERSION2\n"); | |
24 | printf("Recover key from two 32-bit reader authentication answers only"); | |
25 | printf("This version implements Moebius two different nonce solution (like the supercard)\n\n"); | |
26 | ||
27 | if (argc < 8) { | |
28 | printf(" syntax: %s <uid> <nt> <{nr_0}> <{ar_0}> <nt1> <{nr_1}> <{ar_1}>\n\n",argv[0]); | |
29 | return 1; | |
30 | } | |
31 | ||
32 | sscanf(argv[1],"%x",&uid); | |
33 | sscanf(argv[2],"%x",&nt0); | |
34 | sscanf(argv[3],"%x",&nr0_enc); | |
35 | sscanf(argv[4],"%x",&ar0_enc); | |
36 | sscanf(argv[5],"%x",&nt1); | |
37 | sscanf(argv[6],"%x",&nr1_enc); | |
38 | sscanf(argv[7],"%x",&ar1_enc); | |
39 | ||
40 | printf("Recovering key for:\n"); | |
41 | printf(" uid: %08x\n",uid); | |
42 | printf(" nt_0: %08x\n",nt0); | |
43 | printf(" {nr_0}: %08x\n",nr0_enc); | |
44 | printf(" {ar_0}: %08x\n",ar0_enc); | |
45 | printf(" nt_1: %08x\n",nt1); | |
46 | printf(" {nr_1}: %08x\n",nr1_enc); | |
47 | printf(" {ar_1}: %08x\n",ar1_enc); | |
48 | ||
49 | // Generate lfsr succesors of the tag challenge | |
50 | printf("\nLFSR succesors of the tag challenge:\n"); | |
51 | printf(" nt': %08x\n",prng_successor(nt0, 64)); | |
52 | printf(" nt'': %08x\n",prng_successor(nt0, 96)); | |
53 | ||
54 | // Extract the keystream from the messages | |
55 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
56 | ks2 = ar0_enc ^ prng_successor(nt0, 64); | |
57 | printf(" ks2: %08x\n",ks2); | |
58 | ||
59 | s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0); | |
60 | ||
61 | for(t = s; t->odd | t->even; ++t) { | |
62 | lfsr_rollback_word(t, 0, 0); | |
63 | lfsr_rollback_word(t, nr0_enc, 1); | |
64 | lfsr_rollback_word(t, uid ^ nt0, 0); | |
65 | crypto1_get_lfsr(t, &key); | |
66 | ||
67 | crypto1_word(t, uid ^ nt1, 0); | |
68 | crypto1_word(t, nr1_enc, 1); | |
69 | if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) { | |
70 | printf("\nFound Key: [%012"llx"]\n\n",key); | |
71 | break;} | |
72 | } | |
73 | free(s); | |
74 | ||
75 | return 0; | |
76 | } |