CHG: some minor adjustments.

[proxmark3-svn] / tools / mfkey / mfkey64.c

diff --git a/tools/mfkey/mfkey64.c b/tools/mfkey/mfkey64.c
index 8bb59ecc1d14e5294996a070e2eaca92dcdf124d..616c6f3d669594f18365e59b6d57cd803ac95133 100755 (executable)
--- a/tools/mfkey/mfkey64.c
+++ b/tools/mfkey/mfkey64.c
@@ -1,8 +1,9 @@
 #define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#include "crapto1.h"
 #include <stdio.h>
+#include <string.h>
 #include <time.h>
+#include <inttypes.h>
+#include "crapto1.h"
 
 #define llx PRIx64
 #define lli PRIi64
@@ -22,23 +23,42 @@ int main (int argc, char *argv[]) {
        printf("Recover key from only one complete authentication!\n\n");
 
        if (argc < 6) {
-               printf(" syntax: %s <uid> <nt> <nr> <ar> <at>\n\n",argv[0]);
+               printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc...]\n\n", argv[0]);
                return 1;
        }
 
+       int encc = argc - 6;
+       int enclen[encc];
+       uint8_t enc[encc][120]; 
+
        sscanf(argv[1],"%x",&uid);
        sscanf(argv[2],"%x",&nt);
        sscanf(argv[3],"%x",&nr_enc);
        sscanf(argv[4],"%x",&ar_enc);
        sscanf(argv[5],"%x",&at_enc);
-
+       for (int i = 0; i < encc; i++) {
+               enclen[i] = strlen(argv[i + 6]) / 2;
+               for (int i2 = 0; i2 < enclen[i]; i2++) {
+                       sscanf(argv[i+6] + i2*2, "%2x", (unsigned int *)&enc[i][i2]);
+               }
+       }
+       
        printf("Recovering key for:\n");
+
        printf("  uid: %08x\n",uid);
        printf("   nt: %08x\n",nt);
        printf(" {nr}: %08x\n",nr_enc);
        printf(" {ar}: %08x\n",ar_enc);
        printf(" {at}: %08x\n",at_enc);
 
+       for (int i = 0; i < encc; i++) {
+               printf("{enc%d}: ", i);
+               for (int i2 = 0; i2 < enclen[i]; i2++) {
+                       printf("%02x", enc[i][i2]);
+               }
+               printf("\n");
+       }
+
        // Generate lfsr succesors of the tag challenge
        printf("\nLFSR succesors of the tag challenge:\n");
        printf("  nt': %08x\n",prng_successor(nt, 64));
@@ -54,12 +74,31 @@ int main (int argc, char *argv[]) {
        printf("  ks3: %08x\n",ks3);
 
        revstate = lfsr_recovery64(ks2, ks3);
+
+       // Decrypting communication using keystream if presented
+       if (argc > 6 ) {
+               printf("\nDecrypted communication:\n");
+               uint8_t ks4; 
+               int rollb = 0;
+               for (int i = 0; i < encc; i++) {
+                       printf("{dec%d}: ", i);
+                       for (int i2 = 0; i2 < enclen[i]; i2++) {  
+                               ks4 = crypto1_byte(revstate, 0, 0);
+                               printf("%02x", ks4 ^ enc[i][i2]);
+                               rollb += 1;
+                       }
+                       printf("\n");
+               }
+               for (int i = 0; i < rollb; i++)
+                       lfsr_rollback_byte(revstate, 0, 0);
+       }
+  
        lfsr_rollback_word(revstate, 0, 0);
        lfsr_rollback_word(revstate, 0, 0);
        lfsr_rollback_word(revstate, nr_enc, 1);
        lfsr_rollback_word(revstate, uid ^ nt, 0);
        crypto1_get_lfsr(revstate, &key);
-       printf("\nFound Key: [%012"llx"]\n\n",key);
+       printf("\nFound Key: [%012"llx"]\n\n", key);
        crypto1_destroy(revstate);
   
        t1 = clock() - t1;