]>
Commit | Line | Data |
---|---|---|
1 | #include <stdio.h> | |
2 | #include <string.h> | |
3 | #include <inttypes.h> | |
4 | #include "crapto1/crapto1.h" | |
5 | #include "util.h" | |
6 | ||
7 | int main (int argc, char *argv[]) | |
8 | { | |
9 | uint32_t uid; // serial numDber | |
10 | uint32_t nt; // tag challenge | |
11 | uint32_t nr_enc; // encrypted reader challenge | |
12 | uint32_t ar_enc; // encrypted reader response | |
13 | uint32_t at_enc; // encrypted tag response | |
14 | uint64_t key = 0; // recovered key | |
15 | struct Crypto1State *revstate; | |
16 | uint32_t ks2; // keystream used to encrypt reader response | |
17 | uint32_t ks3; // keystream used to encrypt tag response | |
18 | ||
19 | printf("MIFARE Classic key recovery - based on 64 bits of keystream\n"); | |
20 | printf("Recover key from only one complete authentication!\n\n"); | |
21 | ||
22 | if (argc < 6 ) { | |
23 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]); | |
24 | return 1; | |
25 | } | |
26 | ||
27 | int encc = argc - 6; | |
28 | int enclen[encc]; | |
29 | uint8_t enc[encc][120]; | |
30 | ||
31 | sscanf(argv[1], "%x", &uid); | |
32 | sscanf(argv[2], "%x", &nt); | |
33 | sscanf(argv[3], "%x", &nr_enc); | |
34 | sscanf(argv[4], "%x", &ar_enc); | |
35 | sscanf(argv[5], "%x", &at_enc); | |
36 | for (int i = 0; i < encc; i++) { | |
37 | enclen[i] = strlen(argv[i + 6]) / 2; | |
38 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
39 | sscanf(argv[i+6] + i2*2,"%2x", (unsigned int*)&enc[i][i2]); | |
40 | } | |
41 | } | |
42 | ||
43 | printf("Recovering key for:\n"); | |
44 | printf(" uid: %08x\n", uid); | |
45 | printf(" nt: %08x\n", nt); | |
46 | printf(" {nr}: %08x\n", nr_enc); | |
47 | printf(" {ar}: %08x\n", ar_enc); | |
48 | printf(" {at}: %08x\n", at_enc); | |
49 | for (int i = 0; i < encc; i++) { | |
50 | printf("{enc%d}: ", i); | |
51 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
52 | printf("%02x", enc[i][i2]); | |
53 | } | |
54 | printf("\n"); | |
55 | } | |
56 | ||
57 | printf("\nLFSR successors of the tag challenge:\n"); | |
58 | printf(" nt' : %08x\n",prng_successor(nt, 64)); | |
59 | printf(" nt'': %08x\n",prng_successor(nt, 96)); | |
60 | ||
61 | // Extract the keystream from the messages | |
62 | ks2 = ar_enc ^ prng_successor(nt, 64); | |
63 | ks3 = at_enc ^ prng_successor(nt, 96); | |
64 | ||
65 | uint64_t start_time = msclock(); | |
66 | revstate = lfsr_recovery64(ks2, ks3); | |
67 | uint64_t time_spent = msclock() - start_time; | |
68 | printf("Time spent in lfsr_recovery64(): %1.2f seconds\n", (float)time_spent/1000.0); | |
69 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
70 | printf(" ks2: %08x\n",ks2); | |
71 | printf(" ks3: %08x\n",ks3); | |
72 | ||
73 | // Decrypting communication using keystream if presented | |
74 | if (argc > 6 ) { | |
75 | printf("\nDecrypted communication:\n"); | |
76 | uint8_t ks4; | |
77 | int rollb = 0; | |
78 | for (int i = 0; i < encc; i++) { | |
79 | printf("{dec%d}: ", i); | |
80 | for (int i2 = 0; i2 < enclen[i]; i2++) { | |
81 | ks4 = crypto1_byte(revstate, 0, 0); | |
82 | printf("%02x", ks4 ^ enc[i][i2]); | |
83 | rollb += 1; | |
84 | } | |
85 | printf("\n"); | |
86 | } | |
87 | for (int i = 0; i < rollb; i++) { | |
88 | lfsr_rollback_byte(revstate, 0, 0); | |
89 | } | |
90 | } | |
91 | ||
92 | lfsr_rollback_word(revstate, 0, 0); | |
93 | lfsr_rollback_word(revstate, 0, 0); | |
94 | lfsr_rollback_word(revstate, nr_enc, 1); | |
95 | lfsr_rollback_word(revstate, uid ^ nt, 0); | |
96 | crypto1_get_lfsr(revstate, &key); | |
97 | crypto1_destroy(revstate); | |
98 | ||
99 | printf("\nFound Key: [%012" PRIx64"]\n\n",key); | |
100 | ||
101 | } |