k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
k[2] = rr(swap( csn[2]+k[1] ));
- k[3] = rr(swap( csn[3]+k[0] ));
- k[4] = ~rr(swap( csn[4]+k[2] ))+1;
- k[5] = ~rr(swap( csn[5]+k[3] ))+1;
+ k[3] = rl(swap( csn[3]+k[0] ));
+ k[4] = ~rr( csn[4]+k[2] )+1;
+ k[5] = ~rl( csn[5]+k[3] )+1;
k[6] = rr( csn[6]+(k[4]^0x3c) );
k[7] = rl( csn[7]+(k[5]^0xc3) );
int i;
//Diversify
diversifyKey(item.csn, key_sel_p, div_key);
//Calc mac
- doMAC(item.cc_nr,12, div_key,calculated_MAC);
+ doMAC(item.cc_nr, div_key,calculated_MAC);
if(memcmp(calculated_MAC, item.mac, 4) == 0)
{
errors += bruteforceItem(*attack, keytable);
}
free(attack);
- clock_t t2 = clock();
- float diff = (((float)t2 - (float)t1) / CLOCKS_PER_SEC );
+ t1 = clock() - t1;
+ float diff = ((float)t1 / CLOCKS_PER_SEC );
prnlog("\nPerformed full crack in %f seconds",diff);
// Pick out the first 16 bytes of the keytable.
*/
int bruteforceFile(const char *filename, uint16_t keytable[])
{
-
FILE *f = fopen(filename, "rb");
if(!f) {
prnlog("Failed to read from file '%s'", filename);
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
+ if (fsize < 0) {
+ prnlog("Error, when getting filesize");
+ if (f) {
+ fclose(f);
+ f = NULL;
+ }
+ return 1;
+ }
+
uint8_t *dump = malloc(fsize);
- fread(dump, fsize, 1, f);
- fclose(f);
+ size_t bytes_read = fread(dump, 1, fsize, f);
- return bruteforceDump(dump,fsize,keytable);
+ if (f) {
+ fclose(f);
+ f = NULL;
+ }
+ if (bytes_read < fsize) {
+ prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize );
+ }
+ uint8_t res = bruteforceDump(dump,fsize,keytable);
+ free(dump);
+ return res;
}
/**
*
**** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 ****
**/
uint16_t keytable[128] = {0};
- //save some time...
- startvalue = 0x7B0000;
- errors |= bruteforceFile("iclass_dump.bin",keytable);
+
+ //Test a few variants
+ if(fileExists("iclass_dump.bin"))
+ {
+ errors |= bruteforceFile("iclass_dump.bin",keytable);
+ }else if(fileExists("loclass/iclass_dump.bin")){
+ errors |= bruteforceFile("loclass/iclass_dump.bin",keytable);
+ }else if(fileExists("client/loclass/iclass_dump.bin")){
+ errors |= bruteforceFile("client/loclass/iclass_dump.bin",keytable);
+ }else{
+ prnlog("Error: The file iclass_dump.bin was not found!");
+ }
}
return errors;
}
prnlog("[+] Iclass key permutation OK!");
return 0;
}
+int _testHash1()
+{
+ uint8_t csn[8]= {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0};
+ uint8_t k[8] = {0};
+ hash1(csn, k);
+ uint8_t expected[8] = {0x7E,0x72,0x2F,0x40,0x2D,0x02,0x51,0x42};
+ if(memcmp(k,expected,8) != 0)
+ {
+ prnlog("Error with hash1!");
+ printarr("calculated", k, 8);
+ printarr("expected", expected, 8);
+ return 1;
+ }
+ return 0;
+}
int testElite()
{
prnlog("[+] Hash2 looks fine...");
}
- prnlog("[+] Testing key diversification ...");
-
int errors = 0 ;
- errors +=_test_iclass_key_permutation();
+ prnlog("[+] Testing hash1...");
+ errors += _testHash1();
+ prnlog("[+] Testing key diversification ...");
+ errors +=_test_iclass_key_permutation();
errors += _testBruteforce();
+
return errors;
}