| | 1 | #include <inttypes.h> |
| | 2 | #include "crapto1/crapto1.h" |
| | 3 | #include <stdio.h> |
| | 4 | #include <string.h> |
| | 5 | |
| | 6 | int main (int argc, char *argv[]) { |
| | 7 | struct Crypto1State *revstate; |
| | 8 | uint64_t key; // recovered key |
| | 9 | uint32_t uid; // serial number |
| | 10 | uint32_t nt; // tag challenge |
| | 11 | uint32_t nr_enc; // encrypted reader challenge |
| | 12 | uint32_t ar_enc; // encrypted reader response |
| | 13 | uint32_t at_enc; // encrypted tag response |
| | 14 | uint32_t ks2; // keystream used to encrypt reader response |
| | 15 | uint32_t ks3; // keystream used to encrypt tag response |
| | 16 | |
| | 17 | printf("MIFARE Classic key recovery - based 64 bits of keystream\n"); |
| | 18 | printf("Recover key from only one complete authentication!\n\n"); |
| | 19 | |
| | 20 | if (argc < 6 ) { |
| | 21 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]); |
| | 22 | return 1; |
| | 23 | } |
| | 24 | |
| | 25 | int encc = argc - 6; |
| | 26 | int enclen[encc]; |
| | 27 | uint8_t enc[encc][120]; |
| | 28 | |
| | 29 | sscanf(argv[1], "%x", &uid); |
| | 30 | sscanf(argv[2], "%x", &nt); |
| | 31 | sscanf(argv[3], "%x", &nr_enc); |
| | 32 | sscanf(argv[4], "%x", &ar_enc); |
| | 33 | sscanf(argv[5], "%x", &at_enc); |
| | 34 | for (int i = 0; i < encc; i++) { |
| | 35 | enclen[i] = strlen(argv[i + 6]) / 2; |
| | 36 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| | 37 | sscanf(argv[i+6] + i2*2,"%2x", (unsigned int *)&enc[i][i2]); |
| | 38 | } |
| | 39 | } |
| | 40 | printf("Recovering key for:\n"); |
| | 41 | |
| | 42 | printf(" uid: %08x\n", uid); |
| | 43 | printf(" nt: %08x\n", nt); |
| | 44 | printf(" {nr}: %08x\n", nr_enc); |
| | 45 | printf(" {ar}: %08x\n", ar_enc); |
| | 46 | printf(" {at}: %08x\n", at_enc); |
| | 47 | for (int i = 0; i < encc; i++) { |
| | 48 | printf("{enc%d}: ", i); |
| | 49 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| | 50 | printf("%02x", enc[i][i2]); |
| | 51 | } |
| | 52 | printf("\n"); |
| | 53 | } |
| | 54 | |
| | 55 | |
| | 56 | /* |
| | 57 | uint32_t uid = 0x9c599b32; |
| | 58 | uint32_t tag_challenge = 0x82a4166c; |
| | 59 | uint32_t nr_enc = 0xa1e458ce; |
| | 60 | uint32_t reader_response = 0x6eea41e0; |
| | 61 | uint32_t tag_response = 0x5cadf439; |
| | 62 | */ |
| | 63 | // Generate lfsr succesors of the tag challenge |
| | 64 | printf("\nLFSR succesors of the tag challenge:\n"); |
| | 65 | printf(" nt': %08x\n",prng_successor(nt, 64)); |
| | 66 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
| | 67 | |
| | 68 | // Extract the keystream from the messages |
| | 69 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
| | 70 | ks2 = ar_enc ^ prng_successor(nt, 64); |
| | 71 | ks3 = at_enc ^ prng_successor(nt, 96); |
| | 72 | printf(" ks2: %08x\n",ks2); |
| | 73 | printf(" ks3: %08x\n",ks3); |
| | 74 | |
| | 75 | revstate = lfsr_recovery64(ks2, ks3); |
| | 76 | |
| | 77 | // Decrypting communication using keystream if presented |
| | 78 | if (argc > 6 ) { |
| | 79 | printf("\nDecrypted communication:\n"); |
| | 80 | uint8_t ks4; |
| | 81 | int rollb = 0; |
| | 82 | for (int i = 0; i < encc; i++) { |
| | 83 | printf("{dec%d}: ", i); |
| | 84 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| | 85 | ks4 = crypto1_byte(revstate, 0, 0); |
| | 86 | printf("%02x", ks4 ^ enc[i][i2]); |
| | 87 | rollb += 1; |
| | 88 | } |
| | 89 | printf("\n"); |
| | 90 | } |
| | 91 | for (int i = 0; i < rollb; i++) { |
| | 92 | lfsr_rollback_byte(revstate, 0, 0); |
| | 93 | } |
| | 94 | } |
| | 95 | |
| | 96 | lfsr_rollback_word(revstate, 0, 0); |
| | 97 | lfsr_rollback_word(revstate, 0, 0); |
| | 98 | lfsr_rollback_word(revstate, nr_enc, 1); |
| | 99 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
| | 100 | crypto1_get_lfsr(revstate, &key); |
| | 101 | printf("\nFound Key: [%012" PRIx64"]\n\n",key); |
| | 102 | crypto1_destroy(revstate); |
| | 103 | |
| | 104 | return 0; |
| | 105 | } |
projects / proxmark3-svn / blame_incremental