]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifaredesfire.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Create session key
[proxmark3-svn] / armsrc / mifaredesfire.c
diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c
index b1a6b3fb5af156948b86b566ce17f2c3d1582cf3..85e3175149fcebb2aebc2bf70976cdae97a21fec 100644 (file)
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@@ -219,14 +219,21 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
        switch (mode){
         case 1:{
             uint8_t keybytes[8];
+            uint8_t RndA[8] = {0x00};
+            uint8_t RndB[8] = {0x00};
+            
             if (datain[1] == 0xff){
                 memcpy(keybytes,null_key_data8,8);
             } else{
                 memcpy(keybytes, datain+1, datalen);
             }
             
+            struct desfire_key defaultkey = {0};
+            desfirekey_t key = &defaultkey;
+            Desfire_des_key_new(keybytes, key);
+            
             cmd[0] = AUTHENTICATE;
-            cmd[1] = 0x00;  //keynumber
+            cmd[1] = keyno;  //keynumber
             len = DesfireAPDU(cmd, 2, resp);
             if ( !len ) {
                 if (MF_DBGLEVEL >= 1) {
@@ -236,19 +243,24 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                 return;
             }
             
+            if ( resp[2] == 0xaf ){
+            } else {
+                DbpString("Authetication failed. Invalid key number.");
+                OnError();
+                return;
+            }
+            
             memcpy( encRndB, resp+3, 8);
             
-            des_dec(&decRndB, &encRndB, &keybytes);
-            Dbprintf("RndB: %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);
+            des_dec(&decRndB, &encRndB, key->data);
+            memcpy(RndB, decRndB, 8);
             rol(decRndB,8);
-            Dbprintf("RndB': %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);
             
             uint8_t decRndA[8] = {0x00};
+            memcpy(RndA, decRndA, 8);
             uint8_t encRndA[8] = {0x00};
             
-            des_dec(&encRndA, &decRndA, &keybytes);
-            Dbprintf("RndA: %02x%02x%02x%02x%02x%02x%02x%02x",decRndA[0],decRndA[1],decRndA[2],decRndA[3],decRndA[4],decRndA[5],decRndA[6],decRndA[7]);
-            Dbprintf("ek0RandA: %02x%02x%02x%02x%02x%02x%02x%02x",encRndA[0],encRndA[1],encRndA[2],encRndA[3],encRndA[4],encRndA[5],encRndA[6],encRndA[7]);
+            des_dec(&encRndA, &decRndA, key->data);
             
             memcpy(both, encRndA, 8);
             
@@ -257,12 +269,46 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
 
             }
             
-            des_dec(&encRndB, &decRndB, &keybytes);
+            des_dec(&encRndB, &decRndB, key->data);
             
             memcpy(both + 8, encRndB, 8);
-            Dbprintf("both: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",both[0],both[1],both[2],both[3],both[4],both[5],both[6],both[7],both[8],both[9],both[10],both[11],both[12],both[13],both[14],both[15]);
             
-            // TODO: Send response
+            cmd[0] = ADDITIONAL_FRAME;
+            memcpy(cmd+1, both, 16 );
+            
+            len = DesfireAPDU(cmd, 17, resp);
+            if ( !len ) {
+                if (MF_DBGLEVEL >= 1) {
+                    DbpString("Authentication failed. Card timeout.");
+                }
+                OnError();
+                return;
+            }
+            
+            if ( resp[2] == 0x00 ){
+                
+                struct desfire_key sessionKey = {0};
+                desfirekey_t skey = &sessionKey;
+                Desfire_session_key_new( RndA, RndB , key, skey );
+                print_result("SESSION : ", skey->data, 8);
+                
+            } else {
+                DbpString("Authetication failed.");
+                OnError();
+                return;
+            }
+            
+            memcpy(encRndA, resp+3, 8);
+            des_dec(&encRndA, &encRndA, key->data);
+            rol(decRndA,8);
+            for (int x = 0; x < 8; x++) {
+                if (decRndA[x] != encRndA[x]) {
+                    DbpString("Authetication failed. Cannot varify PICC.");
+                    OnError();
+                    return;
+                }
+            }
+            
             
             }
                        break;
Proxmark3 GIT tracking
Impressum, Datenschutz