X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/1defcf606f59d93d80fe45dc91d28cc552db0c51..0ab9002f36f8297c640cf9920c06d106ccae2d70:/client/loclass/elite_crack.c?ds=sidebyside diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index c824eaa1..21a67f54 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -22,7 +22,7 @@ * * This is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as published - * by the Free Software Foundation. + * by the Free Software Foundation, or, at your option, any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -33,20 +33,20 @@ * along with loclass. If not, see . * * - * ****************************************************************************/ #include #include #include #include -#include +#include "util.h" +#include "util_posix.h" #include "cipherutils.h" #include "cipher.h" #include "ikeys.h" #include "elite_crack.h" #include "fileutils.h" -#include "des.h" +#include "mbedtls/des.h" /** * @brief Permutes a key from standard NIST format to Iclass specific format @@ -179,22 +179,22 @@ void rk(uint8_t *key, uint8_t n, uint8_t *outp_key) return; } -static des_context ctx_enc = {DES_ENCRYPT,{0}}; -static des_context ctx_dec = {DES_DECRYPT,{0}}; +static mbedtls_des_context ctx_enc = { {0} }; +static mbedtls_des_context ctx_dec = { {0} }; void desdecrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) { uint8_t key_std_format[8] = {0}; permutekey_rev(iclass_key, key_std_format); - des_setkey_dec( &ctx_dec, key_std_format); - des_crypt_ecb(&ctx_dec,input,output); + mbedtls_des_setkey_dec( &ctx_dec, key_std_format); + mbedtls_des_crypt_ecb(&ctx_dec,input,output); } void desencrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) { uint8_t key_std_format[8] = {0}; permutekey_rev(iclass_key, key_std_format); - des_setkey_enc( &ctx_enc, key_std_format); - des_crypt_ecb(&ctx_enc,input,output); + mbedtls_des_setkey_enc( &ctx_enc, key_std_format); + mbedtls_des_crypt_ecb(&ctx_enc,input,output); } /** @@ -333,16 +333,14 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) * Only the lower eight bits correspond to the (hopefully cracked) key-value. **/ uint8_t bytes_to_recover[3] = {0}; - uint8_t numbytes_to_recover = 0 ; - int i; - for(i =0 ; i < 8 ; i++) - { - if(keytable[key_index[i]] & (CRACKED | BEING_CRACKED)) continue; + uint8_t numbytes_to_recover = 0; + + for(int i = 0; i < 8; i++) { + if (keytable[key_index[i]] & (CRACKED | BEING_CRACKED)) continue; bytes_to_recover[numbytes_to_recover++] = key_index[i]; keytable[key_index[i]] |= BEING_CRACKED; - if(numbytes_to_recover > 3) - { + if(numbytes_to_recover > 3) { prnlog("The CSN requires > 3 byte bruteforce, not supported"); printvar("CSN", item.csn,8); printvar("HASH1", key_index,8); @@ -370,15 +368,14 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) uint32_t endmask = 1 << 8*numbytes_to_recover; - for(i =0 ; i < numbytes_to_recover && numbytes_to_recover > 1; i++) + for (int i = 0; i < numbytes_to_recover && numbytes_to_recover > 1; i++) { prnlog("Bruteforcing byte %d", bytes_to_recover[i]); + } - while(!found && !(brute & endmask)) - { + while(!found && !(brute & endmask)) { //Update the keytable with the brute-values - for(i =0 ; i < numbytes_to_recover; i++) - { + for (int i = 0; i < numbytes_to_recover; i++) { keytable[bytes_to_recover[i]] &= 0xFF00; keytable[bytes_to_recover[i]] |= (brute >> (i*8) & 0xFF); } @@ -394,42 +391,34 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) //Diversify diversifyKey(item.csn, key_sel_p, div_key); //Calc mac - doMAC(item.cc_nr, div_key,calculated_MAC); + doMAC(item.cc_nr, div_key, calculated_MAC); - if(memcmp(calculated_MAC, item.mac, 4) == 0) - { - for(i =0 ; i < numbytes_to_recover; i++) - prnlog("=> %d: 0x%02x", bytes_to_recover[i],0xFF & keytable[bytes_to_recover[i]]); + if (memcmp(calculated_MAC, item.mac, 4) == 0) { + for (int i =0 ; i < numbytes_to_recover; i++) + prnlog("=> %d: 0x%02x", bytes_to_recover[i], 0xFF & keytable[bytes_to_recover[i]]); found = true; break; } brute++; - if((brute & 0xFFFF) == 0) - { + if ((brute & 0xFFFF) == 0) { printf("%d",(brute >> 16) & 0xFF); fflush(stdout); } } - if(! found) - { + if (! found) { prnlog("Failed to recover %d bytes using the following CSN",numbytes_to_recover); printvar("CSN",item.csn,8); errors++; //Before we exit, reset the 'BEING_CRACKED' to zero - for(i =0 ; i < numbytes_to_recover; i++) - { + for (int i = 0; i < numbytes_to_recover; i++) { keytable[bytes_to_recover[i]] &= 0xFF; keytable[bytes_to_recover[i]] |= CRACK_FAILED; } - - }else - { - for(i =0 ; i < numbytes_to_recover; i++) - { + } else { + for (int i = 0 ;i < numbytes_to_recover; i++) { keytable[bytes_to_recover[i]] &= 0xFF; keytable[bytes_to_recover[i]] |= CRACKED; } - } return errors; } @@ -449,7 +438,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) */ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) { - des_context ctx_e = {DES_ENCRYPT,{0}}; + mbedtls_des_context ctx_e = { {0} }; uint8_t z_0[8] = {0}; uint8_t y_0[8] = {0}; @@ -468,8 +457,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) permutekey_rev(z_0, z_0_rev); // ~K_cus = DESenc(z[0], y[0]) - des_setkey_enc( &ctx_e, z_0_rev ); - des_crypt_ecb(&ctx_e, y_0, key64_negated); + mbedtls_des_setkey_enc( &ctx_e, z_0_rev ); + mbedtls_des_crypt_ecb(&ctx_e, y_0, key64_negated); int i; for(i = 0; i < 8 ; i++) @@ -482,8 +471,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) uint8_t key64_stdformat[8] = {0}; permutekey_rev(key64, key64_stdformat); - des_setkey_enc( &ctx_e, key64_stdformat ); - des_crypt_ecb(&ctx_e, key64_negated, result); + mbedtls_des_setkey_enc( &ctx_e, key64_stdformat ); + mbedtls_des_crypt_ecb(&ctx_e, key64_negated, result); prnlog("\nHigh security custom key (Kcus):"); printvar("Std format ", key64_stdformat,8); printvar("Iclass format", key64,8); @@ -512,19 +501,19 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]) uint8_t i; int errors = 0; size_t itemsize = sizeof(dumpdata); - clock_t t1 = clock(); + uint64_t t1 = msclock(); dumpdata* attack = (dumpdata* ) malloc(itemsize); - for(i = 0 ; i * itemsize < dumpsize ; i++ ) + for (i = 0 ; i * itemsize < dumpsize ; i++ ) { memcpy(attack,dump+i*itemsize, itemsize); errors += bruteforceItem(*attack, keytable); } free(attack); - clock_t t2 = clock(); - float diff = (((float)t2 - (float)t1) / CLOCKS_PER_SEC ); - prnlog("\nPerformed full crack in %f seconds",diff); + t1 = msclock() - t1; + float diff = (float)t1 / 1000.0; + prnlog("\nPerformed full crack in %f seconds", diff); // Pick out the first 16 bytes of the keytable. // The keytable is now in 16-bit ints, where the upper 8 bits @@ -563,15 +552,23 @@ int bruteforceFile(const char *filename, uint16_t keytable[]) long fsize = ftell(f); fseek(f, 0, SEEK_SET); + if (fsize < 0) { + prnlog("Error, when getting fsize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); - if (bytes_read < fsize) - { - prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize ); - } - return bruteforceDump(dump,fsize,keytable); + if (bytes_read < fsize) { + prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize ); + } + + uint8_t res = bruteforceDump(dump,fsize,keytable); + free(dump); + return res; } /** *