]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifaredesfire.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Minor formatting change
[proxmark3-svn] / armsrc / mifaredesfire.c
diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c
index 66fe00bddf0fa52e1df3b7e273669d36fa082f4e..b7c1bc5b17cda086e0a05090897c239d8337d42b 100644 (file)
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@@ -218,15 +218,24 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
        // des, nyckel 0, 
        switch (mode){
         case 1:{
+            if (algo == 1) {
+
             uint8_t keybytes[8];
+            uint8_t RndA[8] = {0x00};
+            uint8_t RndB[8] = {0x00};
+            
             if (datain[1] == 0xff){
                 memcpy(keybytes,null_key_data8,8);
             } else{
                 memcpy(keybytes, datain+1, datalen);
             }
             
+            struct desfire_key defaultkey = {0};
+            desfirekey_t key = &defaultkey;
+            Desfire_des_key_new(keybytes, key);
+            
             cmd[0] = AUTHENTICATE;
-            cmd[1] = 0x00;  //keynumber
+            cmd[1] = keyno;  //keynumber
             len = DesfireAPDU(cmd, 2, resp);
             if ( !len ) {
                 if (MF_DBGLEVEL >= 1) {
@@ -236,15 +245,25 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                 return;
             }
             
+            if ( resp[2] == 0xaf ){
+            } else {
+                DbpString("Authetication failed. Invalid key number.");
+                OnError();
+                return;
+            }
+            
             memcpy( encRndB, resp+3, 8);
             
-            des_dec(&decRndB, &encRndB, &keybytes);
+            des_dec(&decRndB, &encRndB, key->data);
+            memcpy(RndB, decRndB, 8);
             rol(decRndB,8);
             
+            // This should be random
             uint8_t decRndA[8] = {0x00};
+            memcpy(RndA, decRndA, 8);
             uint8_t encRndA[8] = {0x00};
             
-            des_dec(&encRndA, &decRndA, &keybytes);
+            des_dec(&encRndA, &decRndA, key->data);
             
             memcpy(both, encRndA, 8);
             
@@ -253,7 +272,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
 
             }
             
-            des_dec(&encRndB, &decRndB, &keybytes);
+            des_dec(&encRndB, &decRndB, key->data);
             
             memcpy(both + 8, encRndB, 8);
             
@@ -270,15 +289,76 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
             }
             
             if ( resp[2] == 0x00 ){
-                // TODO: Create session key.
+                
+                struct desfire_key sessionKey = {0};
+                desfirekey_t skey = &sessionKey;
+                Desfire_session_key_new( RndA, RndB , key, skey );
+                //print_result("SESSION : ", skey->data, 8);
+                
+                memcpy(encRndA, resp+3, 8);
+                des_dec(&encRndA, &encRndA, key->data);
+                rol(decRndA,8);
+                for (int x = 0; x < 8; x++) {
+                    if (decRndA[x] != encRndA[x]) {
+                        DbpString("Authetication failed. Cannot varify PICC.");
+                        OnError();
+                        return;
+                    }
+                }
+                
+                //Change the selected key to a new value.
+                /*
+                 
+                cmd[0] = 0xc4;
+                cmd[1] = keyno;
+                
+                uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
+                
+                uint8_t first, second;
+                uint8_t buff1[8] = {0x00};
+                uint8_t buff2[8] = {0x00};
+                uint8_t buff3[8] = {0x00};
+                
+                memcpy(buff1,newKey, 8);
+                memcpy(buff2,newKey + 8, 8);
+                
+                ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
+                memcpy(buff3, &first, 1);
+                memcpy(buff3 + 1, &second, 1);
+                
+                des_dec(&buff1, &buff1, skey->data);
+                memcpy(cmd+2,buff1,8);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff2[x] = buff2[x] ^ buff1[x];
+                }
+                des_dec(&buff2, &buff2, skey->data);
+                memcpy(cmd+10,buff2,8);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff3[x] = buff3[x] ^ buff2[x];
+                }
+                des_dec(&buff3, &buff3, skey->data);
+                memcpy(cmd+18,buff3,8);
+                
+                // The command always times out on the first attempt, this will retry until a response
+                // is recieved.
+                len = 0;
+                while(!len) {
+                    len = DesfireAPDU(cmd,26,resp);
+                }
+                */
+                
+                OnSuccess();
+                cmd_send(CMD_ACK,1,0,0,skey->data,8);
+                
             } else {
                 DbpString("Authetication failed.");
                 OnError();
                 return;
             }
             
-                // TOD: Optionally, confirm ek0RndA' = RndA' to varify PICC
-            
+            }
             }
                        break;
                case 2:
Proxmark3 GIT tracking
Impressum, Datenschutz