]>
git.zerfleddert.de Git - proxmark3-svn/blob - tools/mfkey/mfkey32.c
5 #include "crapto1/crapto1.h"
6 #include "mifare/mfkey.h"
7 #include "util_posix.h"
10 // 32 bit recover key from 2 nonces
11 int main (int argc
, char *argv
[]) {
14 uint32_t ks2
; // keystream used to encrypt reader response
15 uint64_t key
; // recovered key
17 printf("MIFARE Classic key recovery - based on 32 bits of keystream\n");
18 printf("Recover key from two 32-bit reader authentication answers only!\n\n");
20 if (argc
!= 7 && argc
!= 8) {
21 printf(" syntax: %s <uid> <nt0> <{nr_0}> <{ar_0}> [<nt1>] <{nr_1}> <{ar_1}>\n", argv
[0]);
22 printf(" (you may omit nt1 if it is equal to nt0)\n\n");
26 bool moebius_attack
= (argc
== 8);
28 sscanf(argv
[1],"%" SCNx32
, &data
.cuid
);
29 sscanf(argv
[2],"%" SCNx32
, &data
.nonce
);
30 data
.nonce2
= data
.nonce
;
31 sscanf(argv
[3],"%" SCNx32
, &data
.nr
);
32 sscanf(argv
[4],"%" SCNx32
, &data
.ar
);
34 sscanf(argv
[5],"%" SCNx32
, &data
.nonce2
);
35 sscanf(argv
[6],"%" SCNx32
, &data
.nr2
);
36 sscanf(argv
[7],"%" SCNx32
, &data
.ar2
);
38 sscanf(argv
[5],"%" SCNx32
, &data
.nr2
);
39 sscanf(argv
[6],"%" SCNx32
, &data
.ar2
);
42 printf("Recovering key for:\n");
43 printf(" uid: %08x\n",data
.cuid
);
44 printf(" nt0: %08x\n",data
.nonce
);
45 printf(" {nr_0}: %08x\n",data
.nr
);
46 printf(" {ar_0}: %08x\n",data
.ar
);
47 printf(" nt1: %08x\n",data
.nonce2
);
48 printf(" {nr_1}: %08x\n",data
.nr2
);
49 printf(" {ar_1}: %08x\n",data
.ar2
);
51 uint64_t start_time
= msclock();
53 // Generate lfsr succesors of the tag challenge
54 printf("\nLFSR succesors of the tag challenge:\n");
55 printf(" nt': %08x\n",prng_successor(data
.nonce
, 64));
56 printf(" nt'': %08x\n",prng_successor(data
.nonce
, 96));
58 // Extract the keystream from the messages
59 printf("\nKeystream used to generate {ar} and {at}:\n");
60 ks2
= data
.ar
^ prng_successor(data
.nonce
, 64);
61 printf(" ks2: %08x\n",ks2
);
65 success
= mfkey32_moebius(data
, &key
);
67 success
= mfkey32(data
, &key
);
71 printf("Recovered key: %012" PRIx64
"\n", key
);
73 printf("Couldn't recover key.\n");
76 printf("Time spent: %1.2f seconds\n", (float)(msclock() - start_time
)/1000.0);