]>
git.zerfleddert.de Git - proxmark3-svn/blob - client/nonce2key/nonce2key.c
7459f1bb59aa44653f2205622bf51f5d71ad6211
1 //-----------------------------------------------------------------------------
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
9 //-----------------------------------------------------------------------------
10 // MIFARE Darkside hack
11 //-----------------------------------------------------------------------------
13 #define __STDC_FORMAT_MACROS
17 #include "nonce2key.h"
20 int nonce2key(uint32_t uid
, uint32_t nt
, uint64_t par_info
, uint64_t ks_info
, uint64_t * key
) {
21 struct Crypto1State
*state
, *state_s
;
22 uint32_t pos
, nr
, rr
, nr_diff
;//, ks1, ks2;
23 byte_t bt
, i
, ks3x
[8], par
[8][8];
24 uint64_t key_recovered
;
27 // Reset the last three significant bits of the reader nonce
30 PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx
") ks(%016"llx
")\n\n",uid
,nt
,par_info
,ks_info
);
32 for (pos
=0; pos
<8; pos
++)
34 ks3x
[7-pos
] = (ks_info
>> (pos
*8)) & 0x0f;
35 bt
= (par_info
>> (pos
*8)) & 0xff;
38 par
[7-pos
][i
] = (bt
>> i
) & 0x01;
42 printf("|diff|{nr} |ks3|ks3^5|parity |\n");
43 printf("+----+--------+---+-----+---------------+\n");
46 nr_diff
= nr
| i
<< 5;
47 printf("| %02x |%08x|",i
<< 5, nr_diff
);
48 printf(" %01x | %01x |",ks3x
[i
], ks3x
[i
]^5);
49 for (pos
=0; pos
<7; pos
++) printf("%01x,", par
[i
][pos
]);
50 printf("%01x|\n", par
[i
][7]);
53 state
= lfsr_common_prefix(nr
, rr
, ks3x
, par
);
55 for (i
= 0; (state
) && ((state
+ i
)->odd
!= 0 || (state
+ i
)->even
!= 0) && (i
< 10); i
++)
57 printf("%08x|%08x\n",(state
+i
)->odd
, (state
+i
)->even
);
60 if (!state_s
) return 1;
62 lfsr_rollback_word(state_s
, uid
^nt
, 0);
63 crypto1_get_lfsr(state_s
, &key_recovered
);
64 if (!state
) free(state
);