git.zerfleddert.de Git - proxmark3-svn/blame_incremental

... / ...

Commit	Line	Data
	1	//-----------------------------------------------------------------------------
	2	// Merlok - June 2011
	3	// Roel - Dec 2009
	4	// Unknown author
	5	//
	6	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	7	// at your option, any later version. See the LICENSE.txt file for the text of
	8	// the license.
	9	//-----------------------------------------------------------------------------
	10	// MIFARE Darkside hack
	11	//-----------------------------------------------------------------------------
	12	#include "nonce2key.h"
	13	#include "mifarehost.h"
	14	#include "ui.h"
	15	#include "proxmark3.h"
	16
	17	int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key) {
	18
	19
	20	struct Crypto1State *state;
	21	uint32_t i, pos, rr = 0, nr_diff;
	22	byte_t bt, ks3x[8], par[8][8];
	23
	24	// Reset the last three significant bits of the reader nonce
	25	nr &= 0xffffff1f;
	26
	27	PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx") nr(%08"llx")\n\n", uid, nt, par_info, ks_info, nr);
	28
	29	for ( pos = 0; pos < 8; pos++ ) {
	30	ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f;
	31	bt = (par_info >> (pos*8)) & 0xff;
	32
	33	for ( i = 0; i < 8; i++) {
	34	par[7-pos][i] = (bt >> i) & 0x01;
	35	}
	36	}
	37
	38	printf("\|diff\|{nr} \|ks3\|ks3^5\|parity \|\n");
	39	printf("+----+--------+---+-----+---------------+\n");
	40
	41	for ( i = 0; i < 8; i++) {
	42	nr_diff = nr \| i << 5;
	43	printf("\| %02x \|%08x\| %01x \| %01x \|", i << 5, nr_diff, ks3x[i], ks3x[i]^5);
	44
	45	for (pos = 0; pos < 7; pos++) printf("%01x,", par[i][pos]);
	46	printf("%01x\|\n", par[i][7]);
	47	}
	48	printf("+----+--------+---+-----+---------------+\n");
	49
	50	clock_t t1 = clock();
	51
	52	state = lfsr_common_prefix(nr, rr, ks3x, par);
	53	lfsr_rollback_word(state, uid^nt, 0);
	54	crypto1_get_lfsr(state, key);
	55	crypto1_destroy(state);
	56
	57	t1 = clock() - t1;
	58	if ( t1 > 0 ) PrintAndLog("Time in nonce2key: %.0f ticks \n", (float)t1);
	59	return 0;
	60	}
	61
	62	// *outputkey is not used...
	63	int tryMfk32(uint64_t myuid, uint8_t data, uint8_t outputkey ){
	64
	65	struct Crypto1State s,t;
	66	uint64_t key; // recovered key
	67	uint32_t uid; // serial number
	68	uint32_t nt; // tag challenge
	69	uint32_t nr0_enc; // first encrypted reader challenge
	70	uint32_t ar0_enc; // first encrypted reader response
	71	uint32_t nr1_enc; // second encrypted reader challenge
	72	uint32_t ar1_enc; // second encrypted reader response
	73	bool isSuccess = FALSE;
	74	int counter = 0;
	75
	76	uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
	77	nt = (uint32_t)(data+8);
	78	nr0_enc = (uint32_t)(data+12);
	79	ar0_enc = (uint32_t)(data+16);
	80	nr1_enc = (uint32_t)(data+32);
	81	ar1_enc = (uint32_t)(data+36);
	82
	83	// PrintAndLog("recovering key for:");
	84	// PrintAndLog(" uid: %08x %08x",uid, myuid);
	85	// PrintAndLog(" nt: %08x",nt);
	86	// PrintAndLog(" {nr_0}: %08x",nr0_enc);
	87	// PrintAndLog(" {ar_0}: %08x",ar0_enc);
	88	// PrintAndLog(" {nr_1}: %08x",nr1_enc);
	89	// PrintAndLog(" {ar_1}: %08x",ar1_enc);
	90
	91	s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0);
	92
	93	for(t = s; t->odd \| t->even; ++t) {
	94	lfsr_rollback_word(t, 0, 0);
	95	lfsr_rollback_word(t, nr0_enc, 1);
	96	lfsr_rollback_word(t, uid ^ nt, 0);
	97	crypto1_get_lfsr(t, &key);
	98	crypto1_word(t, uid ^ nt, 0);
	99	crypto1_word(t, nr1_enc, 1);
	100	if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) {
	101	PrintAndLog("Found Key: [%012"llx"]", key);
	102	isSuccess = TRUE;
	103	++counter;
	104	if (counter==20)
	105	break;
	106	}
	107	}
	108
	109	num_to_bytes(key, 6, outputkey);
	110	crypto1_destroy(t);
	111	return isSuccess;
	112	}
	113
	114	int tryMfk32_moebius(uint64_t myuid, uint8_t data, uint8_t outputkey ){
	115
	116	struct Crypto1State s, t;
	117	uint64_t key; // recovered key
	118	uint32_t uid; // serial number
	119	uint32_t nt0; // tag challenge first
	120	uint32_t nt1; // tag challenge second
	121	uint32_t nr0_enc; // first encrypted reader challenge
	122	uint32_t ar0_enc; // first encrypted reader response
	123	uint32_t nr1_enc; // second encrypted reader challenge
	124	uint32_t ar1_enc; // second encrypted reader response
	125	bool isSuccess = FALSE;
	126	int counter = 0;
	127
	128	uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
	129	nt0 = (uint32_t)(data+8);
	130	nr0_enc = (uint32_t)(data+12);
	131	ar0_enc = (uint32_t)(data+16);
	132	nt1 = (uint32_t)(data+8);
	133	nr1_enc = (uint32_t)(data+32);
	134	ar1_enc = (uint32_t)(data+36);
	135
	136	s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0);
	137
	138	for(t = s; t->odd \| t->even; ++t) {
	139	lfsr_rollback_word(t, 0, 0);
	140	lfsr_rollback_word(t, nr0_enc, 1);
	141	lfsr_rollback_word(t, uid ^ nt0, 0);
	142	crypto1_get_lfsr(t, &key);
	143
	144	crypto1_word(t, uid ^ nt1, 0);
	145	crypto1_word(t, nr1_enc, 1);
	146	if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) {
	147	PrintAndLog("Found Key: [%012"llx"]",key);
	148	isSuccess = TRUE;
	149	++counter;
	150	if (counter==20)
	151	break;
	152	}
	153	}
	154	num_to_bytes(key, 6, outputkey);
	155	crypto1_destroy(t);
	156	return isSuccess;
	157	}
	158
	159	int tryMfk64(uint64_t myuid, uint8_t data, uint8_t outputkey ){
	160
	161	struct Crypto1State *revstate;
	162	uint64_t key; // recovered key
	163	uint32_t uid; // serial number
	164	uint32_t nt; // tag challenge
	165	uint32_t nr_enc; // encrypted reader challenge
	166	uint32_t ar_enc; // encrypted reader response
	167	uint32_t at_enc; // encrypted tag response
	168	uint32_t ks2; // keystream used to encrypt reader response
	169	uint32_t ks3; // keystream used to encrypt tag response
	170
	171	struct Crypto1State mpcs = {0, 0};
	172	struct Crypto1State *pcs;
	173	pcs = &mpcs;
	174
	175	uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
	176	nt = (uint32_t)(data+8);
	177	nr_enc = (uint32_t)(data+12);
	178	ar_enc = (uint32_t)(data+16);
	179
	180	crypto1_word(pcs, nr_enc , 1);
	181	at_enc = prng_successor(nt, 96) ^ crypto1_word(pcs, 0, 0);
	182
	183	// printf("Recovering key for:\n");
	184	// printf(" uid: %08x\n",uid);
	185	// printf(" nt: %08x\n",nt);
	186	// printf(" {nr}: %08x\n",nr_enc);
	187	// printf(" {ar}: %08x\n",ar_enc);
	188	// printf(" {at}: %08x\n",at_enc);
	189
	190	// Extract the keystream from the messages
	191	ks2 = ar_enc ^ prng_successor(nt, 64);
	192	ks3 = at_enc ^ prng_successor(nt, 96);
	193
	194	revstate = lfsr_recovery64(ks2, ks3);
	195	lfsr_rollback_word(revstate, 0, 0);
	196	lfsr_rollback_word(revstate, 0, 0);
	197	lfsr_rollback_word(revstate, nr_enc, 1);
	198	lfsr_rollback_word(revstate, uid ^ nt, 0);
	199	crypto1_get_lfsr(revstate, &key);
	200	PrintAndLog("Found Key: [%012"llx"]",key);
	201	num_to_bytes(key, 6, outputkey);
	202	crypto1_destroy(revstate);
	203	return 0;
	204	}