X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2e350b19f7f107a8d7d7d0f12753072be1e991a3..b9b480d0813a18ccd31ea8535c1f336d06942dcf:/client/cmdhfmfhard.c diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index 0df1f157..6da4a1d1 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -30,12 +30,12 @@ #ifdef __WIN32 #include #endif -#include +// don't include for APPLE/mac which has malloc stuff elsewhere. +#ifndef __APPLE__ + #include +#endif #include -// uint32_t test_state_odd = 0; -// uint32_t test_state_even = 0; - #define CONFIDENCE_THRESHOLD 0.95 // Collect nonces until we are certain enough that the following brute force is successfull #define GOOD_BYTES_REQUIRED 28 @@ -73,7 +73,6 @@ static const float p_K[257] = { // the probability that a random nonce has a Su 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0000, 0.0290 }; - typedef struct noncelistentry { uint32_t nonce_enc; @@ -92,7 +91,6 @@ typedef struct noncelist { float score1, score2; } noncelist_t; - static size_t nonces_to_bruteforce = 0; static noncelistentry_t *brute_force_nonces[256]; static uint32_t cuid = 0; @@ -130,10 +128,8 @@ typedef struct { static partial_indexed_statelist_t partial_statelist[17]; static partial_indexed_statelist_t statelist_bitflip; - static statelist_t *candidates = NULL; - static int add_nonce(uint32_t nonce_enc, uint8_t par_enc) { uint8_t first_byte = nonce_enc >> 24; @@ -448,32 +444,31 @@ static void Tests() // crypto1_destroy(pcs); - // printf("\nTests: number of states with BitFlipProperty: %d, (= %1.3f%% of total states)\n", statelist_bitflip.len[0], 100.0 * statelist_bitflip.len[0] / (1<<20)); - printf("\nTests: Actual BitFlipProperties odd/even:\n"); - for (uint16_t i = 0; i < 256; i++) { - printf("[%02x]:%c ", i, nonces[i].BitFlip[ODD_STATE]?'o':nonces[i].BitFlip[EVEN_STATE]?'e':' '); - if (i % 8 == 7) { - printf("\n"); - } - } + // printf("\nTests: Actual BitFlipProperties odd/even:\n"); + // for (uint16_t i = 0; i < 256; i++) { + // printf("[%02x]:%c ", i, nonces[i].BitFlip[ODD_STATE]?'o':nonces[i].BitFlip[EVEN_STATE]?'e':' '); + // if (i % 8 == 7) { + // printf("\n"); + // } + // } - printf("\nTests: Sorted First Bytes:\n"); - for (uint16_t i = 0; i < 256; i++) { - uint8_t best_byte = best_first_bytes[i]; - printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c\n", - //printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c, score1: %1.5f, score2: %1.0f\n", - i, best_byte, - nonces[best_byte].num, - nonces[best_byte].Sum, - nonces[best_byte].Sum8_guess, - nonces[best_byte].Sum8_prob * 100, - nonces[best_byte].BitFlip[ODD_STATE]?'o':nonces[best_byte].BitFlip[EVEN_STATE]?'e':' ' - //nonces[best_byte].score1, - //nonces[best_byte].score2 - ); - } + // printf("\nTests: Sorted First Bytes:\n"); + // for (uint16_t i = 0; i < 256; i++) { + // uint8_t best_byte = best_first_bytes[i]; + // printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c\n", + // //printf("#%03d Byte: %02x, n = %3d, k = %3d, Sum(a8): %3d, Confidence: %5.1f%%, Bitflip: %c, score1: %1.5f, score2: %1.0f\n", + // i, best_byte, + // nonces[best_byte].num, + // nonces[best_byte].Sum, + // nonces[best_byte].Sum8_guess, + // nonces[best_byte].Sum8_prob * 100, + // nonces[best_byte].BitFlip[ODD_STATE]?'o':nonces[best_byte].BitFlip[EVEN_STATE]?'e':' ' + // //nonces[best_byte].score1, + // //nonces[best_byte].score2 + // ); + // } // printf("\nTests: parity performance\n"); // time_t time1p = clock(); @@ -613,11 +608,11 @@ static uint16_t estimate_second_byte_sum(void) static int read_nonce_file(void) { FILE *fnonces = NULL; - uint8_t trgBlockNo; - uint8_t trgKeyType; + uint8_t trgBlockNo = 0; + uint8_t trgKeyType = 0; uint8_t read_buf[9]; - uint32_t nt_enc1, nt_enc2; - uint8_t par_enc; + uint32_t nt_enc1 = 0, nt_enc2 = 0; + uint8_t par_enc = 0; int total_num_nonces = 0; if ((fnonces = fopen("nonces.bin","rb")) == NULL) { @@ -648,7 +643,6 @@ static int read_nonce_file(void) } fclose(fnonces); PrintAndLog("Read %d nonces from file. cuid=%08x, Block=%d, Keytype=%c", total_num_nonces, cuid, trgBlockNo, trgKeyType==0?'A':'B'); - return 0; } @@ -822,7 +816,6 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ //printf("Encrypted nonce: %08x, encrypted_parity: %02x\n", nt_enc2, par_enc & 0x0f); total_added_nonces += add_nonce(nt_enc2, par_enc & 0x0f); - if (nonce_file_write) { fwrite(bufp, 1, 9, fnonces); } @@ -1320,8 +1313,8 @@ static void generate_candidates(uint16_t sum_a0, uint16_t sum_a8) *p = 0xffffffff; } } - printf("Odd state candidates: %6d (2^%0.1f)\n", current_candidates->len[ODD_STATE], log(current_candidates->len[ODD_STATE])/log(2)); - printf("Even state candidates: %6d (2^%0.1f)\n", current_candidates->len[EVEN_STATE], log(current_candidates->len[EVEN_STATE])/log(2)); + //printf("Odd state candidates: %6d (2^%0.1f)\n", current_candidates->len[ODD_STATE], log(current_candidates->len[ODD_STATE])/log(2)); + //printf("Even state candidates: %6d (2^%0.1f)\n", current_candidates->len[EVEN_STATE], log(current_candidates->len[EVEN_STATE])/log(2)); } } } @@ -1365,6 +1358,7 @@ static void free_statelist_cache(void) } } +uint64_t foundkey = 0; size_t keys_found = 0; size_t bucket_count = 0; statelist_t* buckets[128]; @@ -1407,7 +1401,11 @@ static const uint64_t crack_states_bitsliced(statelist_t *p){ bitslice_t * restrict lstate_p = _aligned_malloc((STATE_SIZE+ROLLBACK_SIZE) * bSize, bSize); #endif #else + #ifdef __APPLE__ + bitslice_t * restrict lstate_p = malloc((STATE_SIZE+ROLLBACK_SIZE) * bSize); + #else bitslice_t * restrict lstate_p = memalign(bSize, (STATE_SIZE+ROLLBACK_SIZE) * bSize); + #endif #endif if ( !lstate_p ) { @@ -1614,8 +1612,8 @@ static void* crack_states_thread(void* x){ if(bucket){ const uint64_t key = crack_states_bitsliced(bucket); if(key != -1){ - printf("\nFound key: %012"PRIx64"\n", key); __sync_fetch_and_add(&keys_found, 1); + __sync_fetch_and_add(&foundkey, key); break; } else if(keys_found){ break; @@ -1628,7 +1626,7 @@ static void* crack_states_thread(void* x){ } return NULL; } -#define _USE_32BIT_TIME_T + static void brute_force(void) { if (known_target_key != -1) { @@ -1639,14 +1637,15 @@ static void brute_force(void) time_t start, end; time(&start); keys_found = 0; - + foundkey = 0; + crypto1_bs_init(); PrintAndLog("Using %u-bit bitslices", MAX_BITSLICES); PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02x...", best_first_bytes[0]^(cuid>>24)); // convert to 32 bit little-endian - crypto1_bs_bitslice_value32(rev32((best_first_bytes[0]^(cuid>>24))), bitsliced_rollback_byte, 8); - + crypto1_bs_bitslice_value32((best_first_bytes[0]<<24)^cuid, bitsliced_rollback_byte, 8); + PrintAndLog("Bitslicing nonces..."); for(size_t tests = 0; tests < NONCE_TESTS; tests++){ uint32_t test_nonce = brute_force_nonces[tests]->nonce_enc; @@ -1655,7 +1654,7 @@ static void brute_force(void) crypto1_bs_bitslice_value32(cuid^test_nonce, bitsliced_encrypted_nonces[tests], 32); // convert to 32 bit little-endian crypto1_bs_bitslice_value32(rev32( ~(test_parity ^ ~(parity(cuid>>24 & 0xff)<<3 | parity(cuid>>16 & 0xff)<<2 | parity(cuid>>8 & 0xff)<<1 | parity(cuid&0xff)))), bitsliced_encrypted_parity_bits[tests], 4); - } + } total_states_tested = 0; // count number of states to go @@ -1667,7 +1666,10 @@ static void brute_force(void) #ifndef __WIN32 thread_count = sysconf(_SC_NPROCESSORS_CONF); + if ( thread_count < 1) + thread_count = 1; #endif /* _WIN32 */ + pthread_t threads[thread_count]; // enumerate states using all hardware threads, each thread handles one bucket @@ -1682,10 +1684,12 @@ static void brute_force(void) time(&end); unsigned long elapsed_time = difftime(end, start); - PrintAndLog("Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time); - if(!keys_found){ - assert(total_states_tested == maximum_states); - } + if(keys_found){ + PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time); + PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey); + } else { + PrintAndLog("Fail! Tested %"PRIu32" states, in %u seconds", total_states_tested, elapsed_time); + } // reset this counter for the next call nonces_to_bruteforce = 0; } @@ -1744,10 +1748,10 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc } } - Tests(); + //Tests(); - PrintAndLog(""); - PrintAndLog("Sum(a0) = %d", first_byte_Sum); + //PrintAndLog(""); + //PrintAndLog("Sum(a0) = %d", first_byte_Sum); // PrintAndLog("Best 10 first bytes: %02x, %02x, %02x, %02x, %02x, %02x, %02x, %02x, %02x, %02x", // best_first_bytes[0], // best_first_bytes[1],