X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0127902ee6bf5b7e7611a0d6daba4c136cd1caa0..085b0e2ea97ae0a8427cce867428b32c79d40f9d:/armsrc/mifaredesfire.c diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index b1a6b3fb..85e31751 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -219,14 +219,21 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain switch (mode){ case 1:{ uint8_t keybytes[8]; + uint8_t RndA[8] = {0x00}; + uint8_t RndB[8] = {0x00}; + if (datain[1] == 0xff){ memcpy(keybytes,null_key_data8,8); } else{ memcpy(keybytes, datain+1, datalen); } + struct desfire_key defaultkey = {0}; + desfirekey_t key = &defaultkey; + Desfire_des_key_new(keybytes, key); + cmd[0] = AUTHENTICATE; - cmd[1] = 0x00; //keynumber + cmd[1] = keyno; //keynumber len = DesfireAPDU(cmd, 2, resp); if ( !len ) { if (MF_DBGLEVEL >= 1) { @@ -236,19 +243,24 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain return; } + if ( resp[2] == 0xaf ){ + } else { + DbpString("Authetication failed. Invalid key number."); + OnError(); + return; + } + memcpy( encRndB, resp+3, 8); - des_dec(&decRndB, &encRndB, &keybytes); - Dbprintf("RndB: %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]); + des_dec(&decRndB, &encRndB, key->data); + memcpy(RndB, decRndB, 8); rol(decRndB,8); - Dbprintf("RndB': %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]); uint8_t decRndA[8] = {0x00}; + memcpy(RndA, decRndA, 8); uint8_t encRndA[8] = {0x00}; - des_dec(&encRndA, &decRndA, &keybytes); - Dbprintf("RndA: %02x%02x%02x%02x%02x%02x%02x%02x",decRndA[0],decRndA[1],decRndA[2],decRndA[3],decRndA[4],decRndA[5],decRndA[6],decRndA[7]); - Dbprintf("ek0RandA: %02x%02x%02x%02x%02x%02x%02x%02x",encRndA[0],encRndA[1],encRndA[2],encRndA[3],encRndA[4],encRndA[5],encRndA[6],encRndA[7]); + des_dec(&encRndA, &decRndA, key->data); memcpy(both, encRndA, 8); @@ -257,12 +269,46 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain } - des_dec(&encRndB, &decRndB, &keybytes); + des_dec(&encRndB, &decRndB, key->data); memcpy(both + 8, encRndB, 8); - Dbprintf("both: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",both[0],both[1],both[2],both[3],both[4],both[5],both[6],both[7],both[8],both[9],both[10],both[11],both[12],both[13],both[14],both[15]); - // TODO: Send response + cmd[0] = ADDITIONAL_FRAME; + memcpy(cmd+1, both, 16 ); + + len = DesfireAPDU(cmd, 17, resp); + if ( !len ) { + if (MF_DBGLEVEL >= 1) { + DbpString("Authentication failed. Card timeout."); + } + OnError(); + return; + } + + if ( resp[2] == 0x00 ){ + + struct desfire_key sessionKey = {0}; + desfirekey_t skey = &sessionKey; + Desfire_session_key_new( RndA, RndB , key, skey ); + print_result("SESSION : ", skey->data, 8); + + } else { + DbpString("Authetication failed."); + OnError(); + return; + } + + memcpy(encRndA, resp+3, 8); + des_dec(&encRndA, &encRndA, key->data); + rol(decRndA,8); + for (int x = 0; x < 8; x++) { + if (decRndA[x] != encRndA[x]) { + DbpString("Authetication failed. Cannot varify PICC."); + OnError(); + return; + } + } + } break;