7779d73c |
1 | //----------------------------------------------------------------------------- |
2 | // Merlok - June 2011 |
3 | // Roel - Dec 2009 |
4 | // Unknown author |
5 | // |
6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
7 | // at your option, any later version. See the LICENSE.txt file for the text of |
8 | // the license. |
9 | //----------------------------------------------------------------------------- |
10 | // MIFARE Darkside hack |
11 | //----------------------------------------------------------------------------- |
12 | |
4cb4b588 |
13 | #include "mfkey.h" |
7779d73c |
14 | |
d0067d07 |
15 | #include "mifare.h" |
7779d73c |
16 | #include "crapto1/crapto1.h" |
17 | |
4cb4b588 |
18 | |
7779d73c |
19 | // recover key from 2 different reader responses on same tag challenge |
20 | bool mfkey32(nonces_t data, uint64_t *outputkey) { |
21 | struct Crypto1State *s,*t; |
22 | uint64_t outkey = 0; |
23 | uint64_t key = 0; // recovered key |
24 | bool isSuccess = false; |
25 | uint8_t counter = 0; |
26 | |
7779d73c |
27 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); |
28 | |
29 | for(t = s; t->odd | t->even; ++t) { |
30 | lfsr_rollback_word(t, 0, 0); |
31 | lfsr_rollback_word(t, data.nr, 1); |
32 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); |
33 | crypto1_get_lfsr(t, &key); |
34 | crypto1_word(t, data.cuid ^ data.nonce, 0); |
35 | crypto1_word(t, data.nr2, 1); |
36 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce, 64))) { |
37 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); |
38 | outkey = key; |
39 | counter++; |
40 | if (counter == 20) break; |
41 | } |
42 | } |
43 | isSuccess = (counter == 1); |
7779d73c |
44 | *outputkey = ( isSuccess ) ? outkey : 0; |
45 | crypto1_destroy(s); |
46 | /* //un-comment to save all keys to a stats.txt file |
47 | FILE *fout; |
48 | if ((fout = fopen("stats.txt","ab")) == NULL) { |
49 | PrintAndLog("Could not create file name stats.txt"); |
50 | return 1; |
51 | } |
52 | fprintf(fout, "mfkey32,%d,%08x,%d,%s,%04x%08x,%.0Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t)(outkey>>32) & 0xFFFF,(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); |
53 | fclose(fout); |
54 | */ |
55 | return isSuccess; |
56 | } |
57 | |
58 | // recover key from 2 reader responses on 2 different tag challenges |
59 | bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) { |
60 | struct Crypto1State *s, *t; |
61 | uint64_t outkey = 0; |
62 | uint64_t key = 0; // recovered key |
63 | bool isSuccess = false; |
64 | int counter = 0; |
65 | |
7779d73c |
66 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); |
67 | |
68 | for(t = s; t->odd | t->even; ++t) { |
69 | lfsr_rollback_word(t, 0, 0); |
70 | lfsr_rollback_word(t, data.nr, 1); |
71 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); |
72 | crypto1_get_lfsr(t, &key); |
73 | |
74 | crypto1_word(t, data.cuid ^ data.nonce2, 0); |
75 | crypto1_word(t, data.nr2, 1); |
76 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce2, 64))) { |
77 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); |
78 | outkey=key; |
79 | ++counter; |
80 | if (counter==20) |
81 | break; |
82 | } |
83 | } |
84 | isSuccess = (counter == 1); |
7779d73c |
85 | *outputkey = ( isSuccess ) ? outkey : 0; |
86 | crypto1_destroy(s); |
87 | /* // un-comment to output all keys to stats.txt |
88 | FILE *fout; |
89 | if ((fout = fopen("stats.txt","ab")) == NULL) { |
90 | PrintAndLog("Could not create file name stats.txt"); |
91 | return 1; |
92 | } |
93 | fprintf(fout, "moebius,%d,%08x,%d,%s,%04x%08x,%0.Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t) (outkey>>32),(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); |
94 | fclose(fout); |
95 | */ |
96 | return isSuccess; |
97 | } |
98 | |
99 | // recover key from reader response and tag response of one authentication sequence |
100 | int mfkey64(nonces_t data, uint64_t *outputkey){ |
101 | uint64_t key = 0; // recovered key |
102 | uint32_t ks2; // keystream used to encrypt reader response |
103 | uint32_t ks3; // keystream used to encrypt tag response |
104 | struct Crypto1State *revstate; |
105 | |
7779d73c |
106 | // Extract the keystream from the messages |
107 | ks2 = data.ar ^ prng_successor(data.nonce, 64); |
108 | ks3 = data.at ^ prng_successor(data.nonce, 96); |
109 | revstate = lfsr_recovery64(ks2, ks3); |
110 | lfsr_rollback_word(revstate, 0, 0); |
111 | lfsr_rollback_word(revstate, 0, 0); |
112 | lfsr_rollback_word(revstate, data.nr, 1); |
113 | lfsr_rollback_word(revstate, data.cuid ^ data.nonce, 0); |
114 | crypto1_get_lfsr(revstate, &key); |
115 | // PrintAndLog("Found Key: [%012" PRIx64 "]", key); |
116 | crypto1_destroy(revstate); |
117 | *outputkey = key; |
118 | |
7779d73c |
119 | return 0; |
120 | } |
4cb4b588 |
121 | |
122 | |