]> git.zerfleddert.de Git - proxmark3-svn/blob - client/cmdanalyse.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FIX: some compiler warnings, sscanf is using unsigned int.
[proxmark3-svn] / client / cmdanalyse.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2016 iceman
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Analyse bytes commands
9 //-----------------------------------------------------------------------------
10 #include "cmdanalyse.h"
11 #include "nonce2key/nonce2key.h"
12
13 static int CmdHelp(const char *Cmd);
14
15 int usage_analyse_lcr(void) {
16 PrintAndLog("Specifying the bytes of a UID with a known LRC will find the last byte value");
17 PrintAndLog("needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX.");
18 PrintAndLog("");
19 PrintAndLog("Usage: analyse lcr [h] <bytes>");
20 PrintAndLog("Options:");
21 PrintAndLog(" h This help");
22 PrintAndLog(" <bytes> bytes to calc missing XOR in a LCR");
23 PrintAndLog("");
24 PrintAndLog("Samples:");
25 PrintAndLog(" analyse lcr 04008064BA");
26 PrintAndLog("expected output: Target (BA) requires final LRC XOR byte value: 5A");
27 return 0;
28 }
29 int usage_analyse_checksum(void) {
30 PrintAndLog("The bytes will be added with eachother and than limited with the applied mask");
31 PrintAndLog("Finally compute ones' complement of the least significant bytes");
32 PrintAndLog("");
33 PrintAndLog("Usage: analyse chksum [h] b <bytes> m <mask>");
34 PrintAndLog("Options:");
35 PrintAndLog(" h This help");
36 PrintAndLog(" b <bytes> bytes to calc missing XOR in a LCR");
37 PrintAndLog(" m <mask> bit mask to limit the outpuyt");
38 PrintAndLog("");
39 PrintAndLog("Samples:");
40 PrintAndLog(" analyse chksum b 137AF00A0A0D m FF");
41 PrintAndLog("expected output: 0x61");
42 return 0;
43 }
44 int usage_analyse_crc(void){
45 PrintAndLog("A stub method to test different crc implementations inside the PM3 sourcecode. Just because you figured out the poly, doesn't mean you get the desired output");
46 PrintAndLog("");
47 PrintAndLog("Usage: analyse crc [h] <bytes>");
48 PrintAndLog("Options:");
49 PrintAndLog(" h This help");
50 PrintAndLog(" <bytes> bytes to calc crc");
51 PrintAndLog("");
52 PrintAndLog("Samples:");
53 PrintAndLog(" analyse crc 137AF00A0A0D");
54 return 0;
55 }
56 int usage_analyse_hid(void){
57 PrintAndLog("Permute function from 'heart of darkness' paper.");
58 PrintAndLog("");
59 PrintAndLog("Usage: analyse hid [h] <r|f> <bytes>");
60 PrintAndLog("Options:");
61 PrintAndLog(" h This help");
62 PrintAndLog(" r reverse permuted key");
63 PrintAndLog(" f permute key");
64 PrintAndLog(" <bytes> input bytes");
65 PrintAndLog("");
66 PrintAndLog("Samples:");
67 PrintAndLog(" analyse hid r 0123456789abcdef");
68 return 0;
69 }
70
71 static uint8_t calculateLRC( uint8_t* bytes, uint8_t len) {
72 uint8_t LRC = 0;
73 for (uint8_t i = 0; i < len; i++)
74 LRC ^= bytes[i];
75 return LRC;
76 }
77
78 static uint8_t calcSumCrumbAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
79 uint8_t sum = 0;
80 for (uint8_t i = 0; i < len; i++) {
81 sum += CRUMB(bytes[i], 0);
82 sum += CRUMB(bytes[i], 2);
83 sum += CRUMB(bytes[i], 4);
84 sum += CRUMB(bytes[i], 6);
85 }
86 sum &= mask;
87 return sum;
88 }
89 static uint8_t calcSumCrumbAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
90 return ~calcSumCrumbAdd(bytes, len, mask);
91 }
92 static uint8_t calcSumNibbleAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
93 uint8_t sum = 0;
94 for (uint8_t i = 0; i < len; i++) {
95 sum += NIBBLE_LOW(bytes[i]);
96 sum += NIBBLE_HIGH(bytes[i]);
97 }
98 sum &= mask;
99 return sum;
100 }
101 static uint8_t calcSumNibbleAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask){
102 return ~calcSumNibbleAdd(bytes, len, mask);
103 }
104 static uint8_t calcSumCrumbXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
105 uint8_t sum = 0;
106 for (uint8_t i = 0; i < len; i++) {
107 sum ^= CRUMB(bytes[i], 0);
108 sum ^= CRUMB(bytes[i], 2);
109 sum ^= CRUMB(bytes[i], 4);
110 sum ^= CRUMB(bytes[i], 6);
111 }
112 sum &= mask;
113 return sum;
114 }
115 static uint8_t calcSumNibbleXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
116 uint8_t sum = 0;
117 for (uint8_t i = 0; i < len; i++) {
118 sum ^= NIBBLE_LOW(bytes[i]);
119 sum ^= NIBBLE_HIGH(bytes[i]);
120 }
121 sum &= mask;
122 return sum;
123 }
124 static uint8_t calcSumByteXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
125 uint8_t sum = 0;
126 for (uint8_t i = 0; i < len; i++)
127 sum ^= bytes[i];
128 sum &= mask;
129 return sum;
130 }
131
132 static uint8_t calcSumByteAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
133 uint8_t sum = 0;
134 for (uint8_t i = 0; i < len; i++)
135 sum += bytes[i];
136 sum &= mask;
137 return sum;
138 }
139 // Ones complement
140 static uint8_t calcSumByteAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
141 return ~calcSumByteAdd(bytes, len, mask);
142 }
143
144
145
146 static uint8_t calcSumByteSub( uint8_t* bytes, uint8_t len, uint32_t mask) {
147 uint8_t sum = 0;
148 for (uint8_t i = 0; i < len; i++)
149 sum -= bytes[i];
150 sum &= mask;
151 return sum;
152 }
153 static uint8_t calcSumByteSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask){
154 return ~calcSumByteSub(bytes, len, mask);
155 }
156 static uint8_t calcSumNibbleSub( uint8_t* bytes, uint8_t len, uint32_t mask) {
157 uint8_t sum = 0;
158 for (uint8_t i = 0; i < len; i++) {
159 sum -= NIBBLE_LOW(bytes[i]);
160 sum -= NIBBLE_HIGH(bytes[i]);
161 }
162 sum &= mask;
163 return sum;
164 }
165 static uint8_t calcSumNibbleSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
166 return ~calcSumNibbleSub(bytes, len, mask);
167 }
168
169 // measuring LFSR maximum length
170 int CmdAnalyseLfsr(const char *Cmd){
171
172 uint16_t start_state = 0; /* Any nonzero start state will work. */
173 uint16_t lfsr = start_state;
174 //uint32_t period = 0;
175
176 uint8_t iv = param_get8ex(Cmd, 0, 0, 16);
177 uint8_t find = param_get8ex(Cmd, 1, 0, 16);
178
179 printf("LEGIC LFSR IV 0x%02X: \n", iv);
180 printf(" bit# | lfsr | ^0x40 | 0x%02X ^ lfsr \n",find);
181
182 for (uint8_t i = 0x01; i < 0x30; i += 1) {
183 //period = 0;
184 legic_prng_init(iv);
185 legic_prng_forward(i);
186 lfsr = legic_prng_get_bits(12);
187
188 printf(" %02X | %03X | %03X | %03X \n",i, lfsr, 0x40 ^ lfsr, find ^ lfsr);
189 }
190 return 0;
191 }
192 int CmdAnalyseLCR(const char *Cmd) {
193 uint8_t data[50];
194 char cmdp = param_getchar(Cmd, 0);
195 if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_lcr();
196
197 int len = 0;
198 param_gethex_ex(Cmd, 0, data, &len);
199 if ( len%2 ) return usage_analyse_lcr();
200 len >>= 1;
201 uint8_t finalXor = calculateLRC(data, len);
202 PrintAndLog("Target [%02X] requires final LRC XOR byte value: 0x%02X",data[len-1] ,finalXor);
203 return 0;
204 }
205 int CmdAnalyseCRC(const char *Cmd) {
206
207 char cmdp = param_getchar(Cmd, 0);
208 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_analyse_crc();
209
210 int len = strlen(Cmd);
211 if ( len & 1 ) return usage_analyse_crc();
212
213 // add 1 for null terminator.
214 uint8_t *data = malloc(len+1);
215 if ( data == NULL ) return 1;
216
217 if ( param_gethex(Cmd, 0, data, len)) {
218 free(data);
219 return usage_analyse_crc();
220 }
221 len >>= 1;
222
223 //PrintAndLog("\nTests with '%s' hex bytes", sprint_hex(data, len));
224
225 PrintAndLog("\nTests of reflection. Two current methods in source code");
226 PrintAndLog(" reflect(0x3e23L,3) is %04X == 0x3e26", reflect(0x3e23L,3) );
227 PrintAndLog(" SwapBits(0x3e23L,3) is %04X == 0x3e26", SwapBits(0x3e23L,3) );
228 PrintAndLog(" 0xB400 == %04X", reflect( (1 << 16 | 0xb400),16) );
229
230 //
231 // Test of CRC16, '123456789' string.
232 //
233 PrintAndLog("\nTests with '123456789' string");
234 uint8_t dataStr[] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39 };
235 uint8_t legic8 = CRC8Legic(dataStr, sizeof(dataStr));
236
237 PrintAndLog("LEGIC: CRC16: %X", CRC16Legic(dataStr, sizeof(dataStr), legic8));
238
239 //these below has been tested OK.
240 PrintAndLog("Confirmed CRC Implementations");
241 PrintAndLog("LEGIC: CRC8 : %X (0xC6 expected)", legic8);
242 PrintAndLog("MAXIM: CRC8 : %X (0xA1 expected)", CRC8Maxim(dataStr, sizeof(dataStr)));
243 PrintAndLog("DNP : CRC16: %X (0x82EA expected)", CRC16_DNP(dataStr, sizeof(dataStr)));
244 PrintAndLog("CCITT: CRC16: %X (0xE5CC expected)", CRC16_CCITT(dataStr, sizeof(dataStr)));
245
246 PrintAndLog("ICLASS org: CRC16: %X (0x expected)",iclass_crc16( (char*)dataStr, sizeof(dataStr)));
247 PrintAndLog("ICLASS ice: CRC16: %X (0x expected)",CRC16_ICLASS(dataStr, sizeof(dataStr)));
248
249
250
251 uint8_t dataStr1234[] = { 0x1,0x2,0x3,0x4};
252 PrintAndLog("ISO15693 org: : CRC16: %X (0xF0B8 expected)", Iso15693Crc(dataStr1234, sizeof(dataStr1234)));
253 PrintAndLog("ISO15693 ice: : CRC16: %X (0xF0B8 expected)", CRC16_Iso15693(dataStr1234, sizeof(dataStr1234)));
254
255 free(data);
256 return 0;
257 }
258 int CmdAnalyseCHKSUM(const char *Cmd){
259
260 uint8_t data[50];
261 uint8_t cmdp = 0;
262 uint32_t mask = 0xFFFF;
263 bool errors = false;
264 int len = 0;
265 memset(data, 0x0, sizeof(data));
266
267 while(param_getchar(Cmd, cmdp) != 0x00) {
268 switch(param_getchar(Cmd, cmdp)) {
269 case 'b':
270 case 'B':
271 param_gethex_ex(Cmd, cmdp+1, data, &len);
272 if ( len%2 ) errors = true;
273 len >>= 1;
274 cmdp += 2;
275 break;
276 case 'm':
277 case 'M':
278 mask = param_get32ex(Cmd, cmdp+1, 0, 16);
279 cmdp += 2;
280 break;
281 case 'h':
282 case 'H':
283 return usage_analyse_checksum();
284 default:
285 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
286 errors = true;
287 break;
288 }
289 if(errors) break;
290 }
291 //Validations
292 if(errors) return usage_analyse_checksum();
293
294 PrintAndLog(" add | sub | add 1's compl | sub 1's compl | xor");
295 PrintAndLog("byte nibble crumb | byte nibble | byte nibble cumb | byte nibble | byte nibble cumb");
296 PrintAndLog("------------------+-------------+------------------+-----------------+--------------------");
297 PrintAndLog("0x%02X 0x%02X 0x%02X | 0x%02X 0x%02X | 0x%02X 0x%02X 0x%02X | 0x%02X 0x%02X | 0x%02X 0x%02X 0x%02X",
298 calcSumByteAdd(data, len, mask)
299 , calcSumNibbleAdd(data, len, mask)
300 , calcSumCrumbAdd(data, len, mask)
301 , calcSumByteSub(data, len, mask)
302 , calcSumNibbleSub(data, len, mask)
303 , calcSumByteAddOnes(data, len, mask)
304 , calcSumNibbleAddOnes(data, len, mask)
305 , calcSumCrumbAddOnes(data, len, mask)
306 , calcSumByteSubOnes(data, len, mask)
307 , calcSumNibbleSubOnes(data, len, mask)
308 , calcSumByteXor(data, len, mask)
309 , calcSumNibbleXor(data, len, mask)
310 , calcSumCrumbXor(data, len, mask)
311 );
312 return 0;
313 }
314
315 int CmdAnalyseDates(const char *Cmd){
316 // look for datestamps in a given array of bytes
317 PrintAndLog("To be implemented. Feel free to contribute!");
318 return 0;
319 }
320 int CmdAnalyseTEASelfTest(const char *Cmd){
321
322 uint8_t v[8], v_le[8];
323 memset(v, 0x00, sizeof(v));
324 memset(v_le, 0x00, sizeof(v_le));
325 uint8_t* v_ptr = v_le;
326
327 uint8_t cmdlen = strlen(Cmd);
328 cmdlen = ( sizeof(v)<<2 < cmdlen ) ? sizeof(v)<<2 : cmdlen;
329
330 if ( param_gethex(Cmd, 0, v, cmdlen) > 0 ){
331 PrintAndLog("can't read hex chars, uneven? :: %u", cmdlen);
332 return 1;
333 }
334
335 SwapEndian64ex(v , 8, 4, v_ptr);
336
337 // ENCRYPTION KEY:
338 uint8_t key[16] = {0x55,0xFE,0xF6,0x30,0x62,0xBF,0x0B,0xC1,0xC9,0xB3,0x7C,0x34,0x97,0x3E,0x29,0xFB };
339 uint8_t keyle[16];
340 uint8_t* key_ptr = keyle;
341 SwapEndian64ex(key , sizeof(key), 4, key_ptr);
342
343 PrintAndLog("TEST LE enc| %s", sprint_hex(v_ptr, 8));
344
345 tea_decrypt(v_ptr, key_ptr);
346 PrintAndLog("TEST LE dec | %s", sprint_hex_ascii(v_ptr, 8));
347
348 tea_encrypt(v_ptr, key_ptr);
349 tea_encrypt(v_ptr, key_ptr);
350 PrintAndLog("TEST enc2 | %s", sprint_hex_ascii(v_ptr, 8));
351
352 return 0;
353 }
354
355 int CmdAnalyseA(const char *Cmd){
356 /*
357 piwi
358 // uid(2e086b1a) nt(230736f6) ks(0b0008000804000e) nr(000000000)
359 // uid(2e086b1a) nt(230736f6) ks(0e0b0e0b090c0d02) nr(000000001)
360 // uid(2e086b1a) nt(230736f6) ks(0e05060e01080b08) nr(000000002)
361 uint64_t d1[] = {0x2e086b1a, 0x230736f6, 0x0000001, 0x0e0b0e0b090c0d02};
362 uint64_t d2[] = {0x2e086b1a, 0x230736f6, 0x0000002, 0x0e05060e01080b08};
363
364 // uid(17758822) nt(c0c69e59) ks(080105020705040e) nr(00000001)
365 // uid(17758822) nt(c0c69e59) ks(01070a05050c0705) nr(00000002)
366 uint64_t d1[] = {0x17758822, 0xc0c69e59, 0x0000001, 0x080105020705040e};
367 uint64_t d2[] = {0x17758822, 0xc0c69e59, 0x0000002, 0x01070a05050c0705};
368
369 // uid(6e442129) nt(8f699195) ks(090d0b0305020f02) nr(00000001)
370 // uid(6e442129) nt(8f699195) ks(03030508030b0c0e) nr(00000002)
371 // uid(6e442129) nt(8f699195) ks(02010f030c0d050d) nr(00000003)
372 // uid(6e442129) nt(8f699195) ks(00040f0f0305030e) nr(00000004)
373 uint64_t d1[] = {0x6e442129, 0x8f699195, 0x0000001, 0x090d0b0305020f02};
374 uint64_t d2[] = {0x6e442129, 0x8f699195, 0x0000004, 0x00040f0f0305030e};
375
376 uid(3e172b29) nt(039b7bd2) ks(0c0e0f0505080800) nr(00000001)
377 uid(3e172b29) nt(039b7bd2) ks(0e06090d03000b0f) nr(00000002)
378 */
379 uint64_t key = 0;
380 uint64_t d1[] = {0x3e172b29, 0x039b7bd2, 0x0000001, 0x0c0e0f0505080800};
381 uint64_t d2[] = {0x3e172b29, 0x039b7bd2, 0x0000002, 0x0e06090d03000b0f};
382
383 nonce2key_ex(0, 0 , d1[0], d1[1], d1[2], d1[3], &key);
384 nonce2key_ex(0, 0 , d2[0], d2[1], d2[2], d2[3], &key);
385 return 0;
386 }
387
388 static void permute(uint8_t *data, uint8_t len, uint8_t *output){
389 #define KEY_SIZE 8
390
391 if ( len > KEY_SIZE ) {
392 for(uint8_t m = 0; m < len; m += KEY_SIZE){
393 permute(data+m, KEY_SIZE, output+m);
394 }
395 return;
396 }
397 if ( len != KEY_SIZE ) {
398 printf("wrong key size\n");
399 return;
400 }
401 uint8_t i,j,p, mask;
402 for( i=0; i < KEY_SIZE; ++i){
403 p = 0;
404 mask = 0x80 >> i;
405 for( j=0; j < KEY_SIZE; ++j){
406 p >>= 1;
407 if (data[j] & mask)
408 p |= 0x80;
409 }
410 output[i] = p;
411 }
412 }
413 static void permute_rev(uint8_t *data, uint8_t len, uint8_t *output){
414 permute(data, len, output);
415 permute(output, len, data);
416 permute(data, len, output);
417 }
418 static void simple_crc(uint8_t *data, uint8_t len, uint8_t *output){
419 uint8_t crc = 0;
420 for( uint8_t i=0; i < len; ++i){
421 // seventh byte contains the crc.
422 if ( (i & 0x7) == 0x7 ) {
423 output[i] = crc ^ 0xFF;
424 crc = 0;
425 } else {
426 output[i] = data[i];
427 crc ^= data[i];
428 }
429 }
430 }
431 // DES doesn't use the MSB.
432 static void shave(uint8_t *data, uint8_t len){
433 for (uint8_t i=0; i<len; ++i)
434 data[i] &= 0xFE;
435 }
436 static void generate_rev(uint8_t *data, uint8_t len) {
437 uint8_t *key = calloc(len,1);
438 printf("input permuted key | %s \n", sprint_hex(data, len));
439 permute_rev(data, len, key);
440 printf(" unpermuted key | %s \n", sprint_hex(key, len));
441 shave(key, len);
442 printf(" key | %s \n", sprint_hex(key, len));
443 free(key);
444 }
445 static void generate(uint8_t *data, uint8_t len) {
446 uint8_t *key = calloc(len,1);
447 uint8_t *pkey = calloc(len,1);
448 printf(" input key | %s \n", sprint_hex(data, len));
449 permute(data, len, pkey);
450 printf(" permuted key | %s \n", sprint_hex(pkey, len));
451 simple_crc(pkey, len, key );
452 printf(" CRC'ed key | %s \n", sprint_hex(key, len));
453 free(key);
454 free(pkey);
455 }
456 int CmdAnalyseHid(const char *Cmd){
457
458 uint8_t key[8] = {0};
459 uint8_t key_std_format[8] = {0};
460 uint8_t key_iclass_format[8] = {0};
461 uint8_t data[16] = {0};
462 bool isReverse = FALSE;
463 int len = 0;
464 char cmdp = param_getchar(Cmd, 0);
465 if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_hid();
466
467 if ( cmdp == 'r' || cmdp == 'R' )
468 isReverse = TRUE;
469
470 param_gethex_ex(Cmd, 1, data, &len);
471 if ( len%2 ) return usage_analyse_hid();
472
473 len >>= 1;
474
475 memcpy(key, data, 8);
476
477 if ( isReverse ) {
478 generate_rev(data, len);
479 permutekey_rev(key, key_std_format);
480 printf(" holiman iclass key | %s \n", sprint_hex(key_std_format, 8));
481 }
482 else {
483 generate(data, len);
484 permutekey(key, key_iclass_format);
485 printf(" holiman std key | %s \n", sprint_hex(key_iclass_format, 8));
486 }
487 return 0;
488 }
489
490 static command_t CommandTable[] = {
491 {"help", CmdHelp, 1, "This help"},
492 {"lcr", CmdAnalyseLCR, 1, "Generate final byte for XOR LRC"},
493 {"crc", CmdAnalyseCRC, 1, "Stub method for CRC evaluations"},
494 {"chksum", CmdAnalyseCHKSUM, 1, "Checksum with adding, masking and one's complement"},
495 {"dates", CmdAnalyseDates, 1, "Look for datestamps in a given array of bytes"},
496 {"tea", CmdAnalyseTEASelfTest, 1, "Crypto TEA test"},
497 {"lfsr", CmdAnalyseLfsr, 1, "LFSR tests"},
498 {"a", CmdAnalyseA, 1, "num bits test"},
499 {"hid", CmdAnalyseHid, 1, "Permute function from 'heart of darkness' paper"},
500 {NULL, NULL, 0, NULL}
501 };
502
503 int CmdAnalyse(const char *Cmd) {
504 clearCommandBuffer();
505 CmdsParse(CommandTable, Cmd);
506 return 0;
507 }
508
509 int CmdHelp(const char *Cmd) {
510 CmdsHelp(CommandTable);
511 return 0;
512 }
Proxmark3 GIT tracking
Impressum, Datenschutz