git.zerfleddert.de Git - proxmark3-svn/blob - client/loclass/blaine.c

   1 #include <stdio.h>
   2 #include <stdlib.h>
   3 #include "des.h"
   4
   5 int main(int argc, const char* argv[]) {
   6         des_context ctx;
   7
   8         unsigned char key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
   9     printf("Key: ");
  10     for (int i = 0; i < 8; i++) {
  11         printf("%02x ", key[i]);
  12     }
  13     printf("\n\n");
  14
  15     // This is the challange sent from PICC
  16     unsigned char ek0RandB[8] = {0x4f, 0xb1, 0xed, 0x2e, 0x11, 0x37, 0xd5, 0x1a};
  17
  18     if (argc == 8 + 1) {
  19         for (int i = 0 + 1; i < 8 + 1; i++) {
  20             ek0RandB[i - 1] = strtol(argv[i], NULL, 16);
  21         }
  22     }
  23
  24     printf("ek0RandB (Challange): ");
  25     for (int i = 0; i < 8; i++) {
  26         printf("%02x ", ek0RandB[i]);
  27     }
  28     printf("\n\n");
  29
  30     unsigned char RandB[8];
  31         unsigned char RandBP[8];
  32     unsigned char ek0RandBP[8];
  33
  34     // TODO: Make this randomly generated
  35         unsigned char RandA[8] = {0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
  36         unsigned char ek0RandA[8];
  37
  38     unsigned char sessionKey[8];
  39
  40         des_setkey_dec(&ctx, key);
  41
  42     //Decrypt RandB from PICC
  43         des_crypt_ecb(&ctx, ek0RandB, RandB);
  44
  45         printf("RandB: ");
  46         for (int i = 0; i < 8; i++) {
  47                 printf("%02x ", RandB[i]);
  48         }
  49         printf("\n");
  50
  51         //Shift RandB left by 8 bits to produce RandB’
  52         for (int x = 0; x < 7; x++) {
  53                 RandBP[x] = RandB[x + 1];
  54         }
  55         RandBP[7] = RandB[0];
  56
  57         printf("RandB’: ");
  58         for (int i = 0; i < 8; i++) {
  59                 printf("%02x ", RandBP[i]);
  60         }
  61         printf("\n");
  62
  63         //Print RandA
  64         printf("RandA: ");
  65         for (int i = 0; i < 8; i++) {
  66                 printf("%02x ", RandA[i]);
  67         }
  68         printf("\n\n");
  69
  70         //Encrypt RandA into ek0RandA
  71         des_crypt_ecb(&ctx, RandA, ek0RandA);
  72
  73         printf("ek0RandA: ");
  74         for (int i = 0; i < 8; i++) {
  75                 printf("%02x ", ek0RandA[i]);
  76         }
  77         printf("\n");
  78
  79         //Encrypt ( ek0RandA XOR RandB' ) for CBC Mode chaining
  80         for (int i = 0; i < 8; i++) {
  81                 ek0RandBP[i] = RandBP[i] ^ ek0RandA[i];
  82         }
  83
  84         des_crypt_ecb(&ctx, ek0RandBP, ek0RandBP);
  85
  86     printf("ek0(RandB' XOR ek0RandA): ");
  87         for (int i = 0; i < 8; i++) {
  88                 printf("%02x ", ek0RandBP[i]);
  89         }
  90         printf("\n\n");
  91
  92     //Varibles used in checking for proper reply from PICC
  93     unsigned char RandAP[8];
  94     unsigned char ek0RandAP[8];
  95
  96     //Shift RandA left by 8 bits to produce RandA’
  97     for (int x = 0; x < 7; x++) {
  98         RandAP[x] = RandA[x + 1];
  99     }
 100     RandAP[7] = RandA[0];
 101
 102     //Encrypt RandA' to check PICC's response.
 103     des_crypt_ecb(&ctx, RandAP, ek0RandAP);
 104
 105     printf("ek0RandA' (Expected reply): ");
 106     for (int i = 0; i < 8; i++) {
 107         printf("%02x ", ek0RandAP[i]);
 108     }
 109     printf("\n");
 110
 111     //Create session key
 112     sessionKey[0] = RandA[0];
 113     sessionKey[1] = RandA[1];
 114     sessionKey[2] = RandA[2];
 115     sessionKey[3] = RandA[3];
 116     sessionKey[4] = RandB[0];
 117     sessionKey[5] = RandB[1];
 118     sessionKey[6] = RandB[2];
 119     sessionKey[7] = RandB[3];
 120
 121     printf("Session Key: ");
 122     for (int i = 0; i < 8; i++) {
 123         printf("%02x ", sessionKey[i]);
 124     }
 125     printf("\n");
 126
 127         return 1;
 128 }
 129
 130 /*
 131  Recorded Activity
 132
 133  Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
 134  All times are in carrier periods (1/13.56Mhz)
 135
 136  Start |       End | Src | Data
 137  -----------|-----------|-----|--------
 138  0 |       992 | Rdr | 52
 139  2228 |      4596 | Tag | 44  03
 140  1836032 |   1838496 | Rdr | 93  20
 141  1839668 |   1845492 | Tag | 88  04  6e  22  c0
 142  3806976 |   3817440 | Rdr | 93  70  88  04  6e  22  c0  dc  b8
 143  3818676 |   3822196 | Tag | 24  d8  36
 144  5815808 |   5818272 | Rdr | 95  20
 145  5819444 |   5825268 | Tag | 72  63  34  80  a5
 146  7757824 |   7768288 | Rdr | 95  70  72  63  34  80  a5  a7  a5
 147  7769524 |   7773108 | Tag | 20  fc  70
 148  9715072 |   9719840 | Rdr | e0  80  31  73
 149  9721012 |   9730292 | Tag | 06  75  77  81  02  80  02  f0
 150  12074624 |  12080480 | Rdr | 02  0a  00  dc  ed
 151  12111924 |  12125812 | Tag | 02  af  4f  b1  ed  2e  11  37  d5  1a  bf  55
 152  229214720 | 229237856 | Rdr | 03  af  f3  56  83  43  79  d1  65  cd  6c  6d  17  e8  14  6e  52  eb  6d  2b
 153  229268916 | 229282804 | Tag | 03  00  0d  9f  27  9b  a5  d8  72  60  f3  6f
 154 */
 155
 156 /*
 157  hf 14a raw -p -a -b 7 52
 158  hf 14a raw -p 93 20
 159  hf 14a raw -p -c 93  70  88  04  6e  22  c0
 160  hf 14a raw -p 95 20
 161  hf 14a raw -p -c 95  70  72  63  34  80  a5
 162  hf 14a raw -p e0  80  31  73
 163  hf 14a raw -p -c 02 0a 00
 164  hf 14a raw -p -c 03 af ...
 165 */