]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/mifarehost.c
CHG: moved to header file
[proxmark3-svn] / client / mifarehost.c
index 1939b92bdca16ca1c8e76a0deca7cd6da57b8454..f9e058071437f05a96dae18a360cd15405b409d6 100644 (file)
@@ -8,17 +8,10 @@
 // mifare commands\r
 //-----------------------------------------------------------------------------\r
 \r
-#include <stdio.h>\r
-#include <stdlib.h> \r
-#include <string.h>\r
-#include <pthread.h>\r
 #include "mifarehost.h"\r
-#include "proxmark3.h"\r
-//#include "radixsort.h"\r
-#include <time.h>\r
 \r
 // MIFARE\r
-int compar_int(const void * a, const void * b) {\r
+extern int compar_int(const void * a, const void * b) {\r
        // didn't work: (the result is truncated to 32 bits)\r
        //return (*(uint64_t*)b - *(uint64_t*)a);\r
 \r
@@ -44,25 +37,6 @@ int Compare16Bits(const void * a, const void * b) {
 */\r
 }\r
 \r
-typedef \r
-       struct {\r
-               union {\r
-                       struct Crypto1State *slhead;\r
-                       uint64_t *keyhead;\r
-               } head;\r
-               union {\r
-                       struct Crypto1State *sltail;\r
-                       uint64_t *keytail;\r
-               } tail;\r
-               uint32_t len;\r
-               uint32_t uid;\r
-               uint32_t blockNo;\r
-               uint32_t keyType;\r
-               uint32_t nt;\r
-               uint32_t ks1;\r
-       } StateList_t;\r
-\r
-\r
 // wrapper function for multi-threaded lfsr_recovery32\r
 void* nested_worker_thread(void *arg)\r
 {\r
@@ -151,8 +125,8 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
        p4->even = 0; p4->odd = 0;\r
        statelists[0].len = p3 - statelists[0].head.slhead;\r
        statelists[1].len = p4 - statelists[1].head.slhead;\r
-       statelists[0].tail.sltail=--p3;\r
-       statelists[1].tail.sltail=--p4;\r
+       statelists[0].tail.sltail = --p3;\r
+       statelists[1].tail.sltail = --p4;\r
 \r
        // the statelists now contain possible keys. The key we are searching for must be in the\r
        // intersection of both lists. Create the intersection:\r
@@ -229,15 +203,60 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t key
        *key = bytes_to_num(resp.d.asBytes, 6);\r
        return 0;\r
 }\r
+// PM3 imp of J-Run mf_key_brute (part 2)\r
+// ref: https://github.com/J-Run/mf_key_brute\r
+int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultkey){\r
+\r
+       #define KEYS_IN_BLOCK 85\r
+       #define KEYBLOCK_SIZE 510\r
+       #define CANDIDATE_SIZE 0xFFFF * 6\r
+       uint8_t found = FALSE;\r
+       uint64_t key64 = 0;\r
+       uint8_t candidates[CANDIDATE_SIZE] = {0x00};\r
+       uint8_t keyBlock[KEYBLOCK_SIZE] = {0x00};\r
 \r
-// EMULATOR\r
+       memset(candidates, 0, sizeof(candidates));\r
+       memset(keyBlock, 0, sizeof(keyBlock));\r
+       \r
+       // Generate all possible keys for the first two unknown bytes.\r
+       for (uint16_t i = 0; i < 0xFFFF; ++i) {         \r
+               uint32_t j = i * 6;             \r
+               candidates[0 + j] = i >> 8;     \r
+               candidates[1 + j] = i;\r
+               candidates[2 + j] = key[2];\r
+               candidates[3 + j] = key[3];\r
+               candidates[4 + j] = key[4];\r
+               candidates[5 + j] = key[5];\r
+       }\r
+       uint32_t counter, i;\r
+       for ( i = 0, counter = 1; i < CANDIDATE_SIZE; i += KEYBLOCK_SIZE, ++counter){\r
 \r
+               key64 = 0;\r
+               \r
+               // copy candidatekeys to test key block\r
+               memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE);\r
+\r
+               // check a block of generated candidate keys.\r
+               if (!mfCheckKeys(blockNo, keyType, TRUE, KEYS_IN_BLOCK, keyBlock, &key64)) {\r
+                       *resultkey = key64;\r
+                       found = TRUE;\r
+                       break;\r
+               }\r
+               \r
+               // progress \r
+               if ( counter % 20 == 0 )\r
+                       PrintAndLog("tried : %s.. \t %u keys", sprint_hex(candidates + i, 6),  counter * KEYS_IN_BLOCK  );\r
+       }\r
+       return found;\r
+}\r
+\r
+// EMULATOR\r
 int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount) {\r
        UsbCommand c = {CMD_MIFARE_EML_MEMGET, {blockNum, blocksCount, 0}};\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
        UsbCommand resp;\r
-       if (!WaitForResponseTimeout(CMD_ACK,&resp,1500)) return 1;\r
+       if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) return 1;\r
        memcpy(data, resp.d.asBytes, blocksCount * 16);\r
        return 0;\r
 }\r
@@ -391,14 +410,20 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
                memset(buf, 0, sizeof(buf));\r
                if (fgets(buf, sizeof(buf), f) == NULL) {\r
                        PrintAndLog("No trace file found or reading error.");\r
-                       fclose(f);\r
+                       if (f) {\r
+                               fclose(f);\r
+                               f = NULL;\r
+                       }\r
                        return 2;\r
                }\r
 \r
                if (strlen(buf) < 32){\r
                        if (feof(f)) break;\r
                        PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
-                       fclose(f);\r
+                       if (f) {\r
+                               fclose(f);\r
+                               f = NULL;\r
+                       }\r
                        return 2;\r
                }\r
                for (i = 0; i < 32; i += 2)\r
@@ -408,7 +433,10 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
 \r
                blockNum++;\r
        }\r
-       fclose(f);\r
+       if (f) {\r
+               fclose(f);\r
+               f = NULL;\r
+       }\r
        return 0;\r
 }\r
 \r
@@ -426,7 +454,10 @@ int saveTraceCard(void) {
                fprintf(f,"\n");\r
        }\r
        fflush(f);\r
-       fclose(f);\r
+       if (f) {\r
+               fclose(f);\r
+               f = NULL;\r
+       }\r
        return 0;\r
 }\r
 \r
@@ -633,12 +664,12 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
 \r
 int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len){\r
        PrintAndLog("\nEncrypted data: [%s]", sprint_hex(data, len) );\r
-       struct Crypto1State *pcs = NULL;\r
+       struct Crypto1State *s;\r
        ks2 = ar_enc ^ prng_successor(nt, 64);\r
        ks3 = at_enc ^ prng_successor(nt, 96);\r
-       pcs = lfsr_recovery64(ks2, ks3);\r
-       mf_crypto1_decrypt(pcs, data, len, FALSE);\r
+       s = lfsr_recovery64(ks2, ks3);\r
+       mf_crypto1_decrypt(s, data, len, FALSE);\r
        PrintAndLog("Decrypted data: [%s]", sprint_hex(data, len) );\r
-       crypto1_destroy(pcs);\r
+       crypto1_destroy(s);\r
        return 0;\r
 }\r
Impressum, Datenschutz