Minor formatting change

[proxmark3-svn] / armsrc / mifaredesfire.c

diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c
index b1a6b3fb5af156948b86b566ce17f2c3d1582cf3..b7c1bc5b17cda086e0a05090897c239d8337d42b 100644 (file)
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@@ -218,15 +218,24 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
        // des, nyckel 0, 
        switch (mode){
         case 1:{
        // des, nyckel 0, 
        switch (mode){
         case 1:{

+            if (algo == 1) {
+

             uint8_t keybytes[8];
             uint8_t keybytes[8];

+            uint8_t RndA[8] = {0x00};
+            uint8_t RndB[8] = {0x00};
+            

             if (datain[1] == 0xff){
                 memcpy(keybytes,null_key_data8,8);
             } else{
                 memcpy(keybytes, datain+1, datalen);
             }
             
             if (datain[1] == 0xff){
                 memcpy(keybytes,null_key_data8,8);
             } else{
                 memcpy(keybytes, datain+1, datalen);
             }
             

+            struct desfire_key defaultkey = {0};
+            desfirekey_t key = &defaultkey;
+            Desfire_des_key_new(keybytes, key);
+            

             cmd[0] = AUTHENTICATE;
             cmd[0] = AUTHENTICATE;

-            cmd[1] = 0x00;  //keynumber
+            cmd[1] = keyno;  //keynumber

             len = DesfireAPDU(cmd, 2, resp);
             if ( !len ) {
                 if (MF_DBGLEVEL >= 1) {
             len = DesfireAPDU(cmd, 2, resp);
             if ( !len ) {
                 if (MF_DBGLEVEL >= 1) {


@@ -236,19 +245,25 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                 return;
             }
             
                 return;
             }
             

+            if ( resp[2] == 0xaf ){
+            } else {
+                DbpString("Authetication failed. Invalid key number.");
+                OnError();
+                return;
+            }
+            

             memcpy( encRndB, resp+3, 8);
             
             memcpy( encRndB, resp+3, 8);
             

-            des_dec(&decRndB, &encRndB, &keybytes);
-            Dbprintf("RndB: %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);
+            des_dec(&decRndB, &encRndB, key->data);
+            memcpy(RndB, decRndB, 8);

             rol(decRndB,8);
             rol(decRndB,8);

-            Dbprintf("RndB': %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);

             
             

+            // This should be random

             uint8_t decRndA[8] = {0x00};
             uint8_t decRndA[8] = {0x00};

+            memcpy(RndA, decRndA, 8);

             uint8_t encRndA[8] = {0x00};
             
             uint8_t encRndA[8] = {0x00};
             

-            des_dec(&encRndA, &decRndA, &keybytes);
-            Dbprintf("RndA: %02x%02x%02x%02x%02x%02x%02x%02x",decRndA[0],decRndA[1],decRndA[2],decRndA[3],decRndA[4],decRndA[5],decRndA[6],decRndA[7]);
-            Dbprintf("ek0RandA: %02x%02x%02x%02x%02x%02x%02x%02x",encRndA[0],encRndA[1],encRndA[2],encRndA[3],encRndA[4],encRndA[5],encRndA[6],encRndA[7]);
+            des_dec(&encRndA, &decRndA, key->data);

             
             memcpy(both, encRndA, 8);
             
             
             memcpy(both, encRndA, 8);
             


@@ -257,13 +272,93 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
 
             }
             
 
             }
             

-            des_dec(&encRndB, &decRndB, &keybytes);
+            des_dec(&encRndB, &decRndB, key->data);

             
             memcpy(both + 8, encRndB, 8);
             
             memcpy(both + 8, encRndB, 8);

-            Dbprintf("both: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",both[0],both[1],both[2],both[3],both[4],both[5],both[6],both[7],both[8],both[9],both[10],both[11],both[12],both[13],both[14],both[15]);

             
             

-            // TODO: Send response
+            cmd[0] = ADDITIONAL_FRAME;
+            memcpy(cmd+1, both, 16 );
+            
+            len = DesfireAPDU(cmd, 17, resp);
+            if ( !len ) {
+                if (MF_DBGLEVEL >= 1) {
+                    DbpString("Authentication failed. Card timeout.");
+                }
+                OnError();
+                return;
+            }
+            
+            if ( resp[2] == 0x00 ){
+                
+                struct desfire_key sessionKey = {0};
+                desfirekey_t skey = &sessionKey;
+                Desfire_session_key_new( RndA, RndB , key, skey );
+                //print_result("SESSION : ", skey->data, 8);
+                
+                memcpy(encRndA, resp+3, 8);
+                des_dec(&encRndA, &encRndA, key->data);
+                rol(decRndA,8);
+                for (int x = 0; x < 8; x++) {
+                    if (decRndA[x] != encRndA[x]) {
+                        DbpString("Authetication failed. Cannot varify PICC.");
+                        OnError();
+                        return;
+                    }
+                }
+                
+                //Change the selected key to a new value.
+                /*
+                 
+                cmd[0] = 0xc4;
+                cmd[1] = keyno;
+                
+                uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
+                
+                uint8_t first, second;
+                uint8_t buff1[8] = {0x00};
+                uint8_t buff2[8] = {0x00};
+                uint8_t buff3[8] = {0x00};
+                
+                memcpy(buff1,newKey, 8);
+                memcpy(buff2,newKey + 8, 8);
+                
+                ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
+                memcpy(buff3, &first, 1);
+                memcpy(buff3 + 1, &second, 1);
+                
+                des_dec(&buff1, &buff1, skey->data);
+                memcpy(cmd+2,buff1,8);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff2[x] = buff2[x] ^ buff1[x];
+                }
+                des_dec(&buff2, &buff2, skey->data);
+                memcpy(cmd+10,buff2,8);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff3[x] = buff3[x] ^ buff2[x];
+                }
+                des_dec(&buff3, &buff3, skey->data);
+                memcpy(cmd+18,buff3,8);
+                
+                // The command always times out on the first attempt, this will retry until a response
+                // is recieved.
+                len = 0;
+                while(!len) {
+                    len = DesfireAPDU(cmd,26,resp);
+                }
+                */
+                
+                OnSuccess();
+                cmd_send(CMD_ACK,1,0,0,skey->data,8);
+                
+            } else {
+                DbpString("Authetication failed.");
+                OnError();
+                return;
+            }

             
             

+            }

             }
                        break;
                case 2:
             }
                        break;
                case 2: