]> git.zerfleddert.de Git - proxmark3-svn/blob - client/nonce2key/nonce2key.c
7459f1bb59aa44653f2205622bf51f5d71ad6211
[proxmark3-svn] / client / nonce2key / nonce2key.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011
3 // Roel - Dec 2009
4 // Unknown author
5 //
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
8 // the license.
9 //-----------------------------------------------------------------------------
10 // MIFARE Darkside hack
11 //-----------------------------------------------------------------------------
12
13 #define __STDC_FORMAT_MACROS
14 #include <inttypes.h>
15 #define llx PRIx64
16
17 #include "nonce2key.h"
18 #include "ui.h"
19
20 int nonce2key(uint32_t uid, uint32_t nt, uint64_t par_info, uint64_t ks_info, uint64_t * key) {
21 struct Crypto1State *state, *state_s;
22 uint32_t pos, nr, rr, nr_diff;//, ks1, ks2;
23 byte_t bt, i, ks3x[8], par[8][8];
24 uint64_t key_recovered;
25 nr = rr = 0;
26
27 // Reset the last three significant bits of the reader nonce
28 nr &= 0xffffff1f;
29
30 PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx")\n\n",uid,nt,par_info,ks_info);
31
32 for (pos=0; pos<8; pos++)
33 {
34 ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f;
35 bt = (par_info >> (pos*8)) & 0xff;
36 for (i=0; i<8; i++)
37 {
38 par[7-pos][i] = (bt >> i) & 0x01;
39 }
40 }
41
42 printf("|diff|{nr} |ks3|ks3^5|parity |\n");
43 printf("+----+--------+---+-----+---------------+\n");
44 for (i=0; i<8; i++)
45 {
46 nr_diff = nr | i << 5;
47 printf("| %02x |%08x|",i << 5, nr_diff);
48 printf(" %01x | %01x |",ks3x[i], ks3x[i]^5);
49 for (pos=0; pos<7; pos++) printf("%01x,", par[i][pos]);
50 printf("%01x|\n", par[i][7]);
51 }
52
53 state = lfsr_common_prefix(nr, rr, ks3x, par);
54 state_s = 0;
55 for (i = 0; (state) && ((state + i)->odd != 0 || (state + i)->even != 0) && (i < 10); i++)
56 {
57 printf("%08x|%08x\n",(state+i)->odd, (state+i)->even);
58 state_s = state + i;
59 }
60 if (!state_s) return 1;
61
62 lfsr_rollback_word(state_s, uid^nt, 0);
63 crypto1_get_lfsr(state_s, &key_recovered);
64 if (!state) free(state);
65
66 *key = key_recovered;
67
68 return 0;
69 }
Impressum, Datenschutz