| | 1 | //-----------------------------------------------------------------------------\r |
| | 2 | // Merlok, May 2011, 2012\r |
| | 3 | // Many authors, whom made it possible\r |
| | 4 | //\r |
| | 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or,\r |
| | 6 | // at your option, any later version. See the LICENSE.txt file for the text of\r |
| | 7 | // the license.\r |
| | 8 | //-----------------------------------------------------------------------------\r |
| | 9 | // Work with mifare cards.\r |
| | 10 | //-----------------------------------------------------------------------------\r |
| | 11 | \r |
| | 12 | #include "proxmark3.h"\r |
| | 13 | #include "apps.h"\r |
| | 14 | #include "util.h"\r |
| | 15 | #include "string.h"\r |
| | 16 | \r |
| | 17 | #include "iso14443crc.h"\r |
| | 18 | #include "iso14443a.h"\r |
| | 19 | #include "crapto1.h"\r |
| | 20 | #include "mifareutil.h"\r |
| | 21 | #include "des.h"\r |
| | 22 | \r |
| | 23 | int MF_DBGLEVEL = MF_DBG_ALL;\r |
| | 24 | \r |
| | 25 | // crypto1 helpers\r |
| | 26 | void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){\r |
| | 27 | uint8_t bt = 0;\r |
| | 28 | int i;\r |
| | 29 | \r |
| | 30 | if (len != 1) {\r |
| | 31 | for (i = 0; i < len; i++)\r |
| | 32 | data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];\r |
| | 33 | } else {\r |
| | 34 | bt = 0;\r |
| | 35 | for (i = 0; i < 4; i++)\r |
| | 36 | bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], i)) << i;\r |
| | 37 | \r |
| | 38 | data[0] = bt;\r |
| | 39 | }\r |
| | 40 | return;\r |
| | 41 | }\r |
| | 42 | \r |
| | 43 | void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) {\r |
| | 44 | uint8_t bt = 0;\r |
| | 45 | int i;\r |
| | 46 | par[0] = 0;\r |
| | 47 | \r |
| | 48 | for (i = 0; i < len; i++) {\r |
| | 49 | bt = data[i];\r |
| | 50 | data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];\r |
| | 51 | if((i&0x0007) == 0) \r |
| | 52 | par[i>>3] = 0;\r |
| | 53 | par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));\r |
| | 54 | } \r |
| | 55 | return;\r |
| | 56 | }\r |
| | 57 | \r |
| | 58 | uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data) {\r |
| | 59 | uint8_t bt = 0;\r |
| | 60 | int i;\r |
| | 61 | \r |
| | 62 | for (i = 0; i < 4; i++)\r |
| | 63 | bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data, i)) << i;\r |
| | 64 | \r |
| | 65 | return bt;\r |
| | 66 | }\r |
| | 67 | \r |
| | 68 | // send commands\r |
| | 69 | int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 70 | {\r |
| | 71 | return mifare_sendcmd_shortex(pcs, crypted, cmd, data, answer, answer_parity, timing);\r |
| | 72 | }\r |
| | 73 | \r |
| | 74 | int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 75 | {\r |
| | 76 | uint8_t dcmd[8];\r |
| | 77 | dcmd[0] = cmd;\r |
| | 78 | dcmd[1] = data[0];\r |
| | 79 | dcmd[2] = data[1];\r |
| | 80 | dcmd[3] = data[2];\r |
| | 81 | dcmd[4] = data[3];\r |
| | 82 | dcmd[5] = data[4];\r |
| | 83 | AppendCrc14443a(dcmd, 6);\r |
| | 84 | ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r |
| | 85 | int len = ReaderReceive(answer, answer_parity);\r |
| | 86 | if(!len) {\r |
| | 87 | if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");\r |
| | 88 | return 2;\r |
| | 89 | }\r |
| | 90 | return len;\r |
| | 91 | }\r |
| | 92 | \r |
| | 93 | int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 94 | {\r |
| | 95 | uint8_t dcmd[19];\r |
| | 96 | int len; \r |
| | 97 | dcmd[0] = cmd;\r |
| | 98 | memcpy(dcmd+1,data,16);\r |
| | 99 | AppendCrc14443a(dcmd, 17);\r |
| | 100 | \r |
| | 101 | ReaderTransmit(dcmd, sizeof(dcmd), timing);\r |
| | 102 | len = ReaderReceive(answer, answer_parity);\r |
| | 103 | if(!len) {\r |
| | 104 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");\r |
| | 105 | len = ReaderReceive(answer,answer_parity);\r |
| | 106 | }\r |
| | 107 | if(len==1) {\r |
| | 108 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed.");\r |
| | 109 | return 1;\r |
| | 110 | }\r |
| | 111 | return len;\r |
| | 112 | }\r |
| | 113 | \r |
| | 114 | int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 115 | {\r |
| | 116 | uint8_t dcmd[7];\r |
| | 117 | int len; \r |
| | 118 | dcmd[0] = cmd;\r |
| | 119 | memcpy(dcmd+1,data,4);\r |
| | 120 | AppendCrc14443a(dcmd, 5);\r |
| | 121 | \r |
| | 122 | ReaderTransmit(dcmd, sizeof(dcmd), timing);\r |
| | 123 | len = ReaderReceive(answer, answer_parity);\r |
| | 124 | if(!len) {\r |
| | 125 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");\r |
| | 126 | len = ReaderReceive(answer,answer_parity);\r |
| | 127 | }\r |
| | 128 | if(len==1) {\r |
| | 129 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed.");\r |
| | 130 | return 1;\r |
| | 131 | }\r |
| | 132 | return len;\r |
| | 133 | }\r |
| | 134 | \r |
| | 135 | int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 136 | {\r |
| | 137 | uint8_t dcmd[4], ecmd[4];\r |
| | 138 | uint16_t pos, res;\r |
| | 139 | uint8_t par[1]; // 1 Byte parity is enough here\r |
| | 140 | dcmd[0] = cmd;\r |
| | 141 | dcmd[1] = data;\r |
| | 142 | AppendCrc14443a(dcmd, 2);\r |
| | 143 | \r |
| | 144 | memcpy(ecmd, dcmd, sizeof(dcmd));\r |
| | 145 | \r |
| | 146 | if (crypted) {\r |
| | 147 | par[0] = 0;\r |
| | 148 | for (pos = 0; pos < 4; pos++)\r |
| | 149 | {\r |
| | 150 | ecmd[pos] = crypto1_byte(pcs, 0x00, 0) ^ dcmd[pos];\r |
| | 151 | par[0] |= (((filter(pcs->odd) ^ oddparity(dcmd[pos])) & 0x01) << (7-pos));\r |
| | 152 | } \r |
| | 153 | \r |
| | 154 | ReaderTransmitPar(ecmd, sizeof(ecmd), par, timing);\r |
| | 155 | \r |
| | 156 | } else {\r |
| | 157 | ReaderTransmit(dcmd, sizeof(dcmd), timing);\r |
| | 158 | }\r |
| | 159 | \r |
| | 160 | int len = ReaderReceive(answer, par);\r |
| | 161 | \r |
| | 162 | if (answer_parity) *answer_parity = par[0];\r |
| | 163 | \r |
| | 164 | if (crypted == CRYPT_ALL) {\r |
| | 165 | if (len == 1) {\r |
| | 166 | res = 0;\r |
| | 167 | for (pos = 0; pos < 4; pos++)\r |
| | 168 | res |= (crypto1_bit(pcs, 0, 0) ^ BIT(answer[0], pos)) << pos;\r |
| | 169 | \r |
| | 170 | answer[0] = res;\r |
| | 171 | \r |
| | 172 | } else {\r |
| | 173 | for (pos = 0; pos < len; pos++)\r |
| | 174 | {\r |
| | 175 | answer[pos] = crypto1_byte(pcs, 0x00, 0) ^ answer[pos];\r |
| | 176 | }\r |
| | 177 | }\r |
| | 178 | }\r |
| | 179 | \r |
| | 180 | return len;\r |
| | 181 | }\r |
| | 182 | \r |
| | 183 | // mifare classic commands\r |
| | 184 | int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested) \r |
| | 185 | {\r |
| | 186 | return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL);\r |
| | 187 | }\r |
| | 188 | \r |
| | 189 | int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *ntptr, uint32_t *timing) \r |
| | 190 | {\r |
| | 191 | // variables\r |
| | 192 | int len; \r |
| | 193 | uint32_t pos;\r |
| | 194 | uint8_t tmp4[4];\r |
| | 195 | uint8_t par[1] = {0x00};\r |
| | 196 | byte_t nr[4];\r |
| | 197 | uint32_t nt, ntpp; // Supplied tag nonce\r |
| | 198 | \r |
| | 199 | uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };\r |
| | 200 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 201 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 202 | \r |
| | 203 | // Transmit MIFARE_CLASSIC_AUTH\r |
| | 204 | len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);\r |
| | 205 | if (MF_DBGLEVEL >= 4) Dbprintf("rand tag nonce len: %x", len); \r |
| | 206 | if (len != 4) return 1;\r |
| | 207 | \r |
| | 208 | // "random" reader nonce:\r |
| | 209 | nr[0] = 0x55;\r |
| | 210 | nr[1] = 0x41;\r |
| | 211 | nr[2] = 0x49;\r |
| | 212 | nr[3] = 0x92; \r |
| | 213 | \r |
| | 214 | // Save the tag nonce (nt)\r |
| | 215 | nt = bytes_to_num(receivedAnswer, 4);\r |
| | 216 | \r |
| | 217 | // ----------------------------- crypto1 create\r |
| | 218 | if (isNested)\r |
| | 219 | crypto1_destroy(pcs);\r |
| | 220 | \r |
| | 221 | // Init cipher with key\r |
| | 222 | crypto1_create(pcs, ui64Key);\r |
| | 223 | \r |
| | 224 | if (isNested == AUTH_NESTED) {\r |
| | 225 | // decrypt nt with help of new key \r |
| | 226 | nt = crypto1_word(pcs, nt ^ uid, 1) ^ nt;\r |
| | 227 | } else {\r |
| | 228 | // Load (plain) uid^nt into the cipher\r |
| | 229 | crypto1_word(pcs, nt ^ uid, 0);\r |
| | 230 | }\r |
| | 231 | \r |
| | 232 | // some statistic\r |
| | 233 | if (!ntptr && (MF_DBGLEVEL >= 3))\r |
| | 234 | Dbprintf("auth uid: %08x nt: %08x", uid, nt); \r |
| | 235 | \r |
| | 236 | // save Nt\r |
| | 237 | if (ntptr)\r |
| | 238 | *ntptr = nt;\r |
| | 239 | \r |
| | 240 | // Generate (encrypted) nr+parity by loading it into the cipher (Nr)\r |
| | 241 | par[0] = 0;\r |
| | 242 | for (pos = 0; pos < 4; pos++)\r |
| | 243 | {\r |
| | 244 | mf_nr_ar[pos] = crypto1_byte(pcs, nr[pos], 0) ^ nr[pos];\r |
| | 245 | par[0] |= (((filter(pcs->odd) ^ oddparity(nr[pos])) & 0x01) << (7-pos));\r |
| | 246 | } \r |
| | 247 | \r |
| | 248 | // Skip 32 bits in pseudo random generator\r |
| | 249 | nt = prng_successor(nt,32);\r |
| | 250 | \r |
| | 251 | // ar+parity\r |
| | 252 | for (pos = 4; pos < 8; pos++)\r |
| | 253 | {\r |
| | 254 | nt = prng_successor(nt,8);\r |
| | 255 | mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff);\r |
| | 256 | par[0] |= (((filter(pcs->odd) ^ oddparity(nt & 0xff)) & 0x01) << (7-pos));\r |
| | 257 | } \r |
| | 258 | \r |
| | 259 | // Transmit reader nonce and reader answer\r |
| | 260 | ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);\r |
| | 261 | \r |
| | 262 | // Receive 4 byte tag answer\r |
| | 263 | len = ReaderReceive(receivedAnswer, receivedAnswerPar);\r |
| | 264 | if (!len)\r |
| | 265 | {\r |
| | 266 | if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");\r |
| | 267 | return 2;\r |
| | 268 | }\r |
| | 269 | \r |
| | 270 | memcpy(tmp4, receivedAnswer, 4);\r |
| | 271 | ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0);\r |
| | 272 | \r |
| | 273 | if (ntpp != bytes_to_num(tmp4, 4)) {\r |
| | 274 | if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Error card response.");\r |
| | 275 | return 3;\r |
| | 276 | }\r |
| | 277 | \r |
| | 278 | return 0;\r |
| | 279 | }\r |
| | 280 | \r |
| | 281 | int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) \r |
| | 282 | {\r |
| | 283 | // variables\r |
| | 284 | int len; \r |
| | 285 | uint8_t bt[2];\r |
| | 286 | \r |
| | 287 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 288 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 289 | \r |
| | 290 | // command MIFARE_CLASSIC_READBLOCK\r |
| | 291 | len = mifare_sendcmd_short(pcs, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 292 | if (len == 1) {\r |
| | 293 | if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); \r |
| | 294 | return 1;\r |
| | 295 | }\r |
| | 296 | if (len != 18) {\r |
| | 297 | if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len); \r |
| | 298 | return 2;\r |
| | 299 | }\r |
| | 300 | \r |
| | 301 | memcpy(bt, receivedAnswer + 16, 2);\r |
| | 302 | AppendCrc14443a(receivedAnswer, 16);\r |
| | 303 | if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {\r |
| | 304 | if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error."); \r |
| | 305 | return 3;\r |
| | 306 | }\r |
| | 307 | \r |
| | 308 | memcpy(blockData, receivedAnswer, 16);\r |
| | 309 | return 0;\r |
| | 310 | }\r |
| | 311 | \r |
| | 312 | // mifare ultralight commands\r |
| | 313 | int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){\r |
| | 314 | \r |
| | 315 | uint16_t len;\r |
| | 316 | uint8_t resp[4];\r |
| | 317 | uint8_t respPar[1];\r |
| | 318 | uint8_t key[4] = {0x00}; \r |
| | 319 | memcpy(key, keybytes, 4);\r |
| | 320 | \r |
| | 321 | Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]);\r |
| | 322 | len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);\r |
| | 323 | if (len != 4) {\r |
| | 324 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);\r |
| | 325 | return 0;\r |
| | 326 | }\r |
| | 327 | \r |
| | 328 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED)\r |
| | 329 | Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]);\r |
| | 330 | \r |
| | 331 | memcpy(pack, resp, 4);\r |
| | 332 | return 1;\r |
| | 333 | }\r |
| | 334 | \r |
| | 335 | int mifare_ultra_auth(uint8_t *keybytes){\r |
| | 336 | \r |
| | 337 | // 3des2k\r |
| | 338 | uint8_t random_a[8] = {1,1,1,1,1,1,1,1};\r |
| | 339 | uint8_t random_b[8] = {0x00};\r |
| | 340 | uint8_t enc_random_b[8] = {0x00};\r |
| | 341 | uint8_t rnd_ab[16] = {0x00};\r |
| | 342 | uint8_t IV[8] = {0x00};\r |
| | 343 | uint8_t key[16] = {0x00}; \r |
| | 344 | memcpy(key, keybytes, 16);\r |
| | 345 | \r |
| | 346 | uint16_t len;\r |
| | 347 | uint8_t resp[19] = {0x00};\r |
| | 348 | uint8_t respPar[3] = {0,0,0};\r |
| | 349 | \r |
| | 350 | // REQUEST AUTHENTICATION\r |
| | 351 | len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL);\r |
| | 352 | if (len != 11) {\r |
| | 353 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);\r |
| | 354 | return 0;\r |
| | 355 | }\r |
| | 356 | \r |
| | 357 | // tag nonce.\r |
| | 358 | memcpy(enc_random_b,resp+1,8);\r |
| | 359 | \r |
| | 360 | // decrypt nonce.\r |
| | 361 | tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r |
| | 362 | rol(random_b,8);\r |
| | 363 | memcpy(rnd_ab ,random_a,8);\r |
| | 364 | memcpy(rnd_ab+8,random_b,8);\r |
| | 365 | \r |
| | 366 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r |
| | 367 | Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 368 | enc_random_b[0],enc_random_b[1],enc_random_b[2],enc_random_b[3],enc_random_b[4],enc_random_b[5],enc_random_b[6],enc_random_b[7]);\r |
| | 369 | \r |
| | 370 | Dbprintf(" B: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 371 | random_b[0],random_b[1],random_b[2],random_b[3],random_b[4],random_b[5],random_b[6],random_b[7]);\r |
| | 372 | \r |
| | 373 | Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 374 | rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r |
| | 375 | \r |
| | 376 | Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 377 | rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15] );\r |
| | 378 | }\r |
| | 379 | \r |
| | 380 | // encrypt out, in, length, key, iv\r |
| | 381 | tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r |
| | 382 | \r |
| | 383 | len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);\r |
| | 384 | if (len != 11) {\r |
| | 385 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);\r |
| | 386 | return 0;\r |
| | 387 | }\r |
| | 388 | \r |
| | 389 | uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 };\r |
| | 390 | uint8_t resp_random_a[8] = { 0,0,0,0,0,0,0,0 };\r |
| | 391 | memcpy(enc_resp, resp+1, 8);\r |
| | 392 | \r |
| | 393 | // decrypt out, in, length, key, iv \r |
| | 394 | tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r |
| | 395 | if ( memcmp(resp_random_a, random_a, 8) != 0 ) {\r |
| | 396 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");\r |
| | 397 | return 0;\r |
| | 398 | } \r |
| | 399 | \r |
| | 400 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r |
| | 401 | Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", \r |
| | 402 | rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],\r |
| | 403 | rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r |
| | 404 | \r |
| | 405 | Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 406 | rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],\r |
| | 407 | rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15]);\r |
| | 408 | \r |
| | 409 | Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 410 | random_a[0],random_a[1],random_a[2],random_a[3],\r |
| | 411 | random_a[4],random_a[5],random_a[6],random_a[7]);\r |
| | 412 | \r |
| | 413 | Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x",\r |
| | 414 | resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],\r |
| | 415 | resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);\r |
| | 416 | }\r |
| | 417 | return 1;\r |
| | 418 | }\r |
| | 419 | \r |
| | 420 | int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)\r |
| | 421 | {\r |
| | 422 | uint16_t len;\r |
| | 423 | uint8_t bt[2];\r |
| | 424 | uint8_t receivedAnswer[MAX_FRAME_SIZE];\r |
| | 425 | uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r |
| | 426 | \r |
| | 427 | len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 428 | if (len == 1) {\r |
| | 429 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r |
| | 430 | return 1;\r |
| | 431 | }\r |
| | 432 | if (len != 18) {\r |
| | 433 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: card timeout. len: %x", len);\r |
| | 434 | return 2;\r |
| | 435 | }\r |
| | 436 | \r |
| | 437 | memcpy(bt, receivedAnswer + 16, 2);\r |
| | 438 | AppendCrc14443a(receivedAnswer, 16);\r |
| | 439 | if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {\r |
| | 440 | if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd CRC response error.");\r |
| | 441 | return 3;\r |
| | 442 | }\r |
| | 443 | \r |
| | 444 | memcpy(blockData, receivedAnswer, 14);\r |
| | 445 | return 0;\r |
| | 446 | }\r |
| | 447 | \r |
| | 448 | int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) \r |
| | 449 | {\r |
| | 450 | // variables\r |
| | 451 | uint16_t len, i; \r |
| | 452 | uint32_t pos = 0;\r |
| | 453 | uint8_t par[3] = {0x00}; // enough for 18 Bytes to send\r |
| | 454 | byte_t res = 0;\r |
| | 455 | \r |
| | 456 | uint8_t d_block[18], d_block_enc[18];\r |
| | 457 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 458 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 459 | \r |
| | 460 | // command MIFARE_CLASSIC_WRITEBLOCK\r |
| | 461 | len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 462 | \r |
| | 463 | if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK\r |
| | 464 | if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); \r |
| | 465 | return 1;\r |
| | 466 | }\r |
| | 467 | \r |
| | 468 | memcpy(d_block, blockData, 16);\r |
| | 469 | AppendCrc14443a(d_block, 16);\r |
| | 470 | \r |
| | 471 | // crypto\r |
| | 472 | for (pos = 0; pos < 18; pos++)\r |
| | 473 | {\r |
| | 474 | d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos];\r |
| | 475 | par[pos>>3] |= (((filter(pcs->odd) ^ oddparity(d_block[pos])) & 0x01) << (7 - (pos&0x0007)));\r |
| | 476 | } \r |
| | 477 | \r |
| | 478 | ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par, NULL);\r |
| | 479 | \r |
| | 480 | // Receive the response\r |
| | 481 | len = ReaderReceive(receivedAnswer, receivedAnswerPar); \r |
| | 482 | \r |
| | 483 | res = 0;\r |
| | 484 | for (i = 0; i < 4; i++)\r |
| | 485 | res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i;\r |
| | 486 | \r |
| | 487 | if ((len != 1) || (res != 0x0A)) {\r |
| | 488 | if (MF_DBGLEVEL >= 1) Dbprintf("Cmd send data2 Error: %02x", res); \r |
| | 489 | return 2;\r |
| | 490 | }\r |
| | 491 | \r |
| | 492 | return 0;\r |
| | 493 | }\r |
| | 494 | \r |
| | 495 | int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData) \r |
| | 496 | {\r |
| | 497 | uint16_t len; \r |
| | 498 | uint8_t par[3] = {0}; // enough for 18 parity bits\r |
| | 499 | uint8_t d_block[18] = {0x00};\r |
| | 500 | uint8_t receivedAnswer[MAX_FRAME_SIZE];\r |
| | 501 | uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r |
| | 502 | \r |
| | 503 | // command MIFARE_CLASSIC_WRITEBLOCK\r |
| | 504 | len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 505 | \r |
| | 506 | if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK\r |
| | 507 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 508 | Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]); \r |
| | 509 | return 1;\r |
| | 510 | }\r |
| | 511 | \r |
| | 512 | memcpy(d_block, blockData, 16);\r |
| | 513 | AppendCrc14443a(d_block, 16);\r |
| | 514 | \r |
| | 515 | ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);\r |
| | 516 | \r |
| | 517 | len = ReaderReceive(receivedAnswer, receivedAnswerPar); \r |
| | 518 | \r |
| | 519 | if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK\r |
| | 520 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 521 | Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);\r |
| | 522 | return 2;\r |
| | 523 | } \r |
| | 524 | return 0;\r |
| | 525 | } \r |
| | 526 | \r |
| | 527 | int mifare_ultra_special_writeblock(uint8_t blockNo, uint8_t *blockData)\r |
| | 528 | {\r |
| | 529 | uint16_t len;\r |
| | 530 | uint8_t d_block[8] = {0x00};\r |
| | 531 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 532 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 533 | \r |
| | 534 | // command MIFARE_CLASSIC_WRITEBLOCK\r |
| | 535 | d_block[0]= blockNo;\r |
| | 536 | memcpy(d_block+1,blockData,4);\r |
| | 537 | AppendCrc14443a(d_block, 6);\r |
| | 538 | \r |
| | 539 | len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 540 | \r |
| | 541 | if (receivedAnswer[0] != 0x0A) { // 0x0a - ACK\r |
| | 542 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 543 | Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);\r |
| | 544 | return 1;\r |
| | 545 | }\r |
| | 546 | return 0;\r |
| | 547 | }\r |
| | 548 | \r |
| | 549 | int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) \r |
| | 550 | {\r |
| | 551 | uint16_t len; \r |
| | 552 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 553 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 554 | \r |
| | 555 | len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 556 | if (len != 0) {\r |
| | 557 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 558 | Dbprintf("halt error. response len: %x", len); \r |
| | 559 | return 1;\r |
| | 560 | }\r |
| | 561 | \r |
| | 562 | return 0;\r |
| | 563 | }\r |
| | 564 | \r |
| | 565 | int mifare_ultra_halt()\r |
| | 566 | {\r |
| | 567 | uint16_t len;\r |
| | 568 | uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r |
| | 569 | uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r |
| | 570 | \r |
| | 571 | len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);\r |
| | 572 | if (len != 0) {\r |
| | 573 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 574 | Dbprintf("halt error. response len: %x", len);\r |
| | 575 | return 1;\r |
| | 576 | }\r |
| | 577 | return 0;\r |
| | 578 | }\r |
| | 579 | \r |
| | 580 | \r |
| | 581 | // Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards),\r |
| | 582 | // plus evtl. 8 sectors with 16 blocks each (4k cards)\r |
| | 583 | uint8_t NumBlocksPerSector(uint8_t sectorNo) \r |
| | 584 | {\r |
| | 585 | if (sectorNo < 32) \r |
| | 586 | return 4;\r |
| | 587 | else\r |
| | 588 | return 16;\r |
| | 589 | }\r |
| | 590 | \r |
| | 591 | uint8_t FirstBlockOfSector(uint8_t sectorNo) \r |
| | 592 | {\r |
| | 593 | if (sectorNo < 32)\r |
| | 594 | return sectorNo * 4;\r |
| | 595 | else\r |
| | 596 | return 32*4 + (sectorNo - 32) * 16;\r |
| | 597 | \r |
| | 598 | }\r |
| | 599 | \r |
| | 600 | \r |
| | 601 | // work with emulator memory\r |
| | 602 | void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {\r |
| | 603 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 604 | memcpy(emCARD + blockNum * 16, data, blocksCount * 16);\r |
| | 605 | }\r |
| | 606 | \r |
| | 607 | void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {\r |
| | 608 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 609 | memcpy(data, emCARD + blockNum * 16, blocksCount * 16);\r |
| | 610 | }\r |
| | 611 | \r |
| | 612 | void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {\r |
| | 613 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 614 | memcpy(data, emCARD + bytePtr, byteCount);\r |
| | 615 | }\r |
| | 616 | \r |
| | 617 | int emlCheckValBl(int blockNum) {\r |
| | 618 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 619 | uint8_t* data = emCARD + blockNum * 16;\r |
| | 620 | \r |
| | 621 | if ((data[0] != (data[4] ^ 0xff)) || (data[0] != data[8]) ||\r |
| | 622 | (data[1] != (data[5] ^ 0xff)) || (data[1] != data[9]) ||\r |
| | 623 | (data[2] != (data[6] ^ 0xff)) || (data[2] != data[10]) ||\r |
| | 624 | (data[3] != (data[7] ^ 0xff)) || (data[3] != data[11]) ||\r |
| | 625 | (data[12] != (data[13] ^ 0xff)) || (data[12] != data[14]) ||\r |
| | 626 | (data[12] != (data[15] ^ 0xff))\r |
| | 627 | ) \r |
| | 628 | return 1;\r |
| | 629 | return 0;\r |
| | 630 | }\r |
| | 631 | \r |
| | 632 | int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {\r |
| | 633 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 634 | uint8_t* data = emCARD + blockNum * 16;\r |
| | 635 | \r |
| | 636 | if (emlCheckValBl(blockNum)) {\r |
| | 637 | return 1;\r |
| | 638 | }\r |
| | 639 | \r |
| | 640 | memcpy(blReg, data, 4);\r |
| | 641 | *blBlock = data[12];\r |
| | 642 | return 0;\r |
| | 643 | }\r |
| | 644 | \r |
| | 645 | int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum) {\r |
| | 646 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 647 | uint8_t* data = emCARD + blockNum * 16;\r |
| | 648 | \r |
| | 649 | memcpy(data + 0, &blReg, 4);\r |
| | 650 | memcpy(data + 8, &blReg, 4);\r |
| | 651 | blReg = blReg ^ 0xffffffff;\r |
| | 652 | memcpy(data + 4, &blReg, 4);\r |
| | 653 | \r |
| | 654 | data[12] = blBlock;\r |
| | 655 | data[13] = blBlock ^ 0xff;\r |
| | 656 | data[14] = blBlock;\r |
| | 657 | data[15] = blBlock ^ 0xff;\r |
| | 658 | \r |
| | 659 | return 0;\r |
| | 660 | }\r |
| | 661 | \r |
| | 662 | uint64_t emlGetKey(int sectorNum, int keyType) {\r |
| | 663 | uint8_t key[6];\r |
| | 664 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 665 | \r |
| | 666 | memcpy(key, emCARD + 16 * (FirstBlockOfSector(sectorNum) + NumBlocksPerSector(sectorNum) - 1) + keyType * 10, 6);\r |
| | 667 | return bytes_to_num(key, 6);\r |
| | 668 | }\r |
| | 669 | \r |
| | 670 | void emlClearMem(void) {\r |
| | 671 | int b;\r |
| | 672 | \r |
| | 673 | const uint8_t trailer[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0x80, 0x69, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};\r |
| | 674 | const uint8_t uid[] = {0xe6, 0x84, 0x87, 0xf3, 0x16, 0x88, 0x04, 0x00, 0x46, 0x8e, 0x45, 0x55, 0x4d, 0x70, 0x41, 0x04};\r |
| | 675 | uint8_t* emCARD = BigBuf_get_EM_addr();\r |
| | 676 | \r |
| | 677 | memset(emCARD, 0, CARD_MEMORY_SIZE);\r |
| | 678 | \r |
| | 679 | // fill sectors trailer data\r |
| | 680 | for(b = 3; b < 256; b<127?(b+=4):(b+=16)) {\r |
| | 681 | emlSetMem((uint8_t *)trailer, b , 1);\r |
| | 682 | } \r |
| | 683 | \r |
| | 684 | // uid\r |
| | 685 | emlSetMem((uint8_t *)uid, 0, 1);\r |
| | 686 | return;\r |
| | 687 | }\r |
| | 688 | \r |
| | 689 | \r |
| | 690 | // Mifare desfire commands\r |
| | 691 | int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r |
| | 692 | {\r |
| | 693 | uint8_t dcmd[5] = {0x00};\r |
| | 694 | dcmd[0] = cmd;\r |
| | 695 | memcpy(dcmd+1,data,2);\r |
| | 696 | AppendCrc14443a(dcmd, 3);\r |
| | 697 | \r |
| | 698 | ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r |
| | 699 | int len = ReaderReceive(answer, answer_parity);\r |
| | 700 | if(!len) {\r |
| | 701 | if (MF_DBGLEVEL >= MF_DBG_ERROR) \r |
| | 702 | Dbprintf("Authentication failed. Card timeout.");\r |
| | 703 | return 1;\r |
| | 704 | }\r |
| | 705 | return len;\r |
| | 706 | }\r |
| | 707 | \r |
| | 708 | int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)\r |
| | 709 | {\r |
| | 710 | uint8_t dcmd[20] = {0x00};\r |
| | 711 | dcmd[0] = cmd;\r |
| | 712 | memcpy(dcmd+1,data,17);\r |
| | 713 | AppendCrc14443a(dcmd, 18);\r |
| | 714 | \r |
| | 715 | ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r |
| | 716 | int len = ReaderReceive(answer, answer_parity);\r |
| | 717 | if(!len){\r |
| | 718 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 719 | Dbprintf("Authentication failed. Card timeout.");\r |
| | 720 | return 1;\r |
| | 721 | }\r |
| | 722 | return len;\r |
| | 723 | }\r |
| | 724 | \r |
| | 725 | int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){\r |
| | 726 | \r |
| | 727 | int len;\r |
| | 728 | // load key, keynumber\r |
| | 729 | uint8_t data[2]={0x0a, 0x00};\r |
| | 730 | uint8_t receivedAnswer[MAX_FRAME_SIZE];\r |
| | 731 | uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r |
| | 732 | \r |
| | 733 | len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);\r |
| | 734 | if (len == 1) {\r |
| | 735 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 736 | Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r |
| | 737 | return 1;\r |
| | 738 | }\r |
| | 739 | \r |
| | 740 | if (len == 12) {\r |
| | 741 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r |
| | 742 | Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r |
| | 743 | receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r |
| | 744 | receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r |
| | 745 | receivedAnswer[10],receivedAnswer[11]);\r |
| | 746 | }\r |
| | 747 | memcpy(blockData, receivedAnswer, 12);\r |
| | 748 | return 0;\r |
| | 749 | }\r |
| | 750 | return 1;\r |
| | 751 | }\r |
| | 752 | \r |
| | 753 | int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){\r |
| | 754 | \r |
| | 755 | int len;\r |
| | 756 | uint8_t data[17] = {0x00};\r |
| | 757 | data[0] = 0xAF;\r |
| | 758 | memcpy(data+1,key,16);\r |
| | 759 | \r |
| | 760 | uint8_t receivedAnswer[MAX_FRAME_SIZE];\r |
| | 761 | uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r |
| | 762 | \r |
| | 763 | len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);\r |
| | 764 | \r |
| | 765 | if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {\r |
| | 766 | if (MF_DBGLEVEL >= MF_DBG_ERROR)\r |
| | 767 | Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);\r |
| | 768 | return 1;\r |
| | 769 | }\r |
| | 770 | \r |
| | 771 | if (len == 12){\r |
| | 772 | if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r |
| | 773 | Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r |
| | 774 | receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r |
| | 775 | receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r |
| | 776 | receivedAnswer[10],receivedAnswer[11]);\r |
| | 777 | }\r |
| | 778 | memcpy(blockData, receivedAnswer, 12);\r |
| | 779 | return 0;\r |
| | 780 | }\r |
| | 781 | return 1;\r |
| | 782 | }\r |
projects / proxmark3-svn / blame_incremental