| 1 | //----------------------------------------------------------------------------- |
| 2 | // Copyright (C) 2016, 2017 by piwi |
| 3 | // |
| 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
| 5 | // at your option, any later version. See the LICENSE.txt file for the text of |
| 6 | // the license. |
| 7 | //----------------------------------------------------------------------------- |
| 8 | // Implements a card only attack based on crypto text (encrypted nonces |
| 9 | // received during a nested authentication) only. Unlike other card only |
| 10 | // attacks this doesn't rely on implementation errors but only on the |
| 11 | // inherent weaknesses of the crypto1 cypher. Described in |
| 12 | // Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened |
| 13 | // Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on |
| 14 | // Computer and Communications Security, 2015 |
| 15 | //----------------------------------------------------------------------------- |
| 16 | // |
| 17 | // brute forcing is based on @aczids bitsliced brute forcer |
| 18 | // https://github.com/aczid/crypto1_bs with some modifications. Mainly: |
| 19 | // - don't rollback. Start with 2nd byte of nonce instead |
| 20 | // - reuse results of filter subfunctions |
| 21 | // - reuse results of previous nonces if some first bits are identical |
| 22 | // |
| 23 | //----------------------------------------------------------------------------- |
| 24 | // aczid's Copyright notice: |
| 25 | // |
| 26 | // Bit-sliced Crypto-1 brute-forcing implementation |
| 27 | // Builds on the data structures returned by CraptEV1 craptev1_get_space(nonces, threshold, uid) |
| 28 | /* |
| 29 | Copyright (c) 2015-2016 Aram Verstegen |
| 30 | |
| 31 | Permission is hereby granted, free of charge, to any person obtaining a copy |
| 32 | of this software and associated documentation files (the "Software"), to deal |
| 33 | in the Software without restriction, including without limitation the rights |
| 34 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
| 35 | copies of the Software, and to permit persons to whom the Software is |
| 36 | furnished to do so, subject to the following conditions: |
| 37 | |
| 38 | The above copyright notice and this permission notice shall be included in |
| 39 | all copies or substantial portions of the Software. |
| 40 | |
| 41 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| 42 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 43 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| 44 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 45 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 46 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
| 47 | THE SOFTWARE. |
| 48 | */ |
| 49 | |
| 50 | #ifndef HARDNESTED_BF_CORE_H__ |
| 51 | #define HARDNESTED_BF_CORE_H__ |
| 52 | |
| 53 | #include "hardnested_bruteforce.h" // statelist_t |
| 54 | |
| 55 | extern const uint64_t crack_states_bitsliced(uint32_t cuid, uint8_t *best_first_bytes, statelist_t *p, uint32_t *keys_found, uint64_t *num_keys_tested, uint32_t nonces_to_bruteforce, uint8_t *bf_test_nonces_2nd_byte, noncelist_t *nonces); |
| 56 | extern void bitslice_test_nonces(uint32_t nonces_to_bruteforce, uint32_t *bf_test_nonces, uint8_t *bf_test_nonce_par); |
| 57 | |
| 58 | #endif |