git.zerfleddert.de Git - proxmark3-svn/blob - client/nonce2key/nonce2key.c

   1 //-----------------------------------------------------------------------------
   2 // Merlok - June 2011
   3 // Roel - Dec 2009
   4 // Unknown author
   5 //
   6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
   7 // at your option, any later version. See the LICENSE.txt file for the text of
   8 // the license.
   9 //-----------------------------------------------------------------------------
  10 // MIFARE Darkside hack
  11 //-----------------------------------------------------------------------------
  12
  13 #define __STDC_FORMAT_MACROS
  14 #include <inttypes.h>
  15 #define llx PRIx64
  16
  17 #include "nonce2key.h"
  18 #include "mifarehost.h"
  19 #include "ui.h"
  20
  21 int compar_state(const void * a, const void * b) {
  22         // didn't work: (the result is truncated to 32 bits)
  23         //return (*(int64_t*)b - *(int64_t*)a);
  24
  25         // better:
  26         if (*(int64_t*)b == *(int64_t*)a) return 0;
  27         else if (*(int64_t*)b > *(int64_t*)a) return 1;
  28         else return -1;
  29 }
  30
  31 int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key) {
  32   struct Crypto1State *state;
  33   uint32_t i, pos, rr, nr_diff, key_count;//, ks1, ks2;
  34   byte_t bt, ks3x[8], par[8][8];
  35   uint64_t key_recovered;
  36   int64_t *state_s;
  37   static uint32_t last_uid;
  38   static int64_t *last_keylist;
  39   rr = 0;
  40
  41   if (last_uid != uid && last_keylist != NULL)
  42   {
  43         free(last_keylist);
  44         last_keylist = NULL;
  45   }
  46   last_uid = uid;
  47
  48   // Reset the last three significant bits of the reader nonce
  49   nr &= 0xffffff1f;
  50
  51   PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx") nr(%08"llx")\n\n",uid,nt,par_info,ks_info,nr);
  52
  53   for (pos=0; pos<8; pos++)
  54   {
  55     ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f;
  56     bt = (par_info >> (pos*8)) & 0xff;
  57     for (i=0; i<8; i++)
  58     {
  59       par[7-pos][i] = (bt >> i) & 0x01;
  60     }
  61   }
  62
  63   printf("|diff|{nr}    |ks3|ks3^5|parity         |\n");
  64   printf("+----+--------+---+-----+---------------+\n");
  65   for (i=0; i<8; i++)
  66   {
  67     nr_diff = nr | i << 5;
  68     printf("| %02x |%08x|",i << 5, nr_diff);
  69     printf(" %01x |  %01x  |",ks3x[i], ks3x[i]^5);
  70     for (pos=0; pos<7; pos++) printf("%01x,", par[i][pos]);
  71     printf("%01x|\n", par[i][7]);
  72   }
  73
  74         if (par_info==0)
  75                 PrintAndLog("parity is all zero,try special attack!just wait for few more seconds...");
  76
  77         state = lfsr_common_prefix(nr, rr, ks3x, par, par_info==0);
  78         state_s = (int64_t*)state;
  79
  80         //char filename[50] ;
  81     //sprintf(filename, "nt_%08x_%d.txt", nt, nr);
  82     //printf("name %s\n", filename);
  83         //FILE* fp = fopen(filename,"w");
  84         for (i = 0; (state) && ((state + i)->odd != -1); i++)
  85         {
  86                 lfsr_rollback_word(state+i, uid^nt, 0);
  87                 crypto1_get_lfsr(state + i, &key_recovered);
  88                 *(state_s + i) = key_recovered;
  89                 //fprintf(fp, "%012llx\n",key_recovered);
  90         }
  91         //fclose(fp);
  92
  93         if(!state)
  94                 return 1;
  95
  96         qsort(state_s, i, sizeof(*state_s), compar_state);
  97         *(state_s + i) = -1;
  98
  99         //Create the intersection:
 100         if (par_info == 0 )
 101                 if ( last_keylist != NULL)
 102                 {
 103                         int64_t *p1, *p2, *p3;
 104                         p1 = p3 = last_keylist;
 105                         p2 = state_s;
 106                         while ( *p1 != -1 && *p2 != -1 ) {
 107                                 if (compar_state(p1, p2) == 0) {
 108                                         printf("p1:%"llx" p2:%"llx" p3:%"llx" key:%012"llx"\n",(uint64_t)(p1-last_keylist),(uint64_t)(p2-state_s),(uint64_t)(p3-last_keylist),*p1);
 109                                         *p3++ = *p1++;
 110                                         p2++;
 111                                 }
 112                                 else {
 113                                         while (compar_state(p1, p2) == -1) ++p1;
 114                                         while (compar_state(p1, p2) == 1) ++p2;
 115                                 }
 116                         }
 117                         key_count = p3 - last_keylist;;
 118                 }
 119                 else
 120                         key_count = 0;
 121         else
 122         {
 123                 last_keylist = state_s;
 124                 key_count = i;
 125         }
 126
 127         printf("key_count:%d\n", key_count);
 128
 129         // The list may still contain several key candidates. Test each of them with mfCheckKeys
 130         for (i = 0; i < key_count; i++) {
 131                 uint8_t keyBlock[6];
 132                 uint64_t key64;
 133                 key64 = *(last_keylist + i);
 134                 num_to_bytes(key64, 6, keyBlock);
 135                 key64 = 0;
 136                 if (!mfCheckKeys(0, 0, 1, keyBlock, &key64)) {
 137                         *key = key64;
 138                         free(last_keylist);
 139                         last_keylist = NULL;
 140                         if (par_info ==0)
 141                                 free(state);
 142                         return 0;
 143                 }
 144         }
 145
 146
 147         free(last_keylist);
 148         last_keylist = state_s;
 149
 150         return 1;
 151 }