]>
git.zerfleddert.de Git - proxmark3-svn/blob - client/nonce2key/nonce2key.c
1 //-----------------------------------------------------------------------------
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
9 //-----------------------------------------------------------------------------
10 // MIFARE Darkside hack
11 //-----------------------------------------------------------------------------
13 #include "nonce2key.h"
16 int nonce2key(uint32_t uid
, uint32_t nt
, uint64_t par_info
, uint64_t ks_info
, uint64_t * key
) {
17 struct Crypto1State
*state
, *state_s
;
18 uint32_t pos
, nr
, rr
, nr_diff
;//, ks1, ks2;
19 byte_t bt
, i
, ks3x
[8], par
[8][8];
20 uint64_t key_recovered
;
23 // Reset the last three significant bits of the reader nonce
26 PrintAndLog("\nuid(%08x) nt(%08x) par(%016llx) ks(%016llx)\n\n",uid
,nt
,par_info
,ks_info
);
28 for (pos
=0; pos
<8; pos
++)
30 ks3x
[7-pos
] = (ks_info
>> (pos
*8)) & 0x0f;
31 bt
= (par_info
>> (pos
*8)) & 0xff;
34 par
[7-pos
][i
] = (bt
>> i
) & 0x01;
38 printf("|diff|{nr} |ks3|ks3^5|parity |\n");
39 printf("+----+--------+---+-----+---------------+\n");
42 nr_diff
= nr
| i
<< 5;
43 printf("| %02x |%08x|",i
<< 5, nr_diff
);
44 printf(" %01x | %01x |",ks3x
[i
], ks3x
[i
]^5);
45 for (pos
=0; pos
<7; pos
++) printf("%01x,", par
[i
][pos
]);
46 printf("%01x|\n", par
[i
][7]);
49 state
= lfsr_common_prefix(nr
, rr
, ks3x
, par
);
51 for (i
= 0; (state
) && ((state
+ i
)->odd
!= 0 || (state
+ i
)->even
!= 0) && (i
< 10); i
++)
53 printf("%08x|%08x\n",(state
+i
)->odd
, (state
+i
)->even
);
56 if (!state_s
) return 1;
58 lfsr_rollback_word(state_s
, uid
^nt
, 0);
59 crypto1_get_lfsr(state_s
, &key_recovered
);
60 if (!state
) free(state
);