X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/65348213652320c30ff5dce04374ac58c86b9acc..6a1aa12df0e5ed2f49b7b5810734b3b391cf8fc5:/armsrc/mifaredesfire.c?ds=sidebyside diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index d46d2931..0a3fdc34 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -218,13 +218,22 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain // des, nyckel 0, switch (mode){ case 1:{ + if (algo == 1) { + uint8_t keybytes[8]; + uint8_t RndA[8] = {0x00}; + uint8_t RndB[8] = {0x00}; + if (datain[1] == 0xff){ memcpy(keybytes,null_key_data8,8); } else{ memcpy(keybytes, datain+1, datalen); } + struct desfire_key defaultkey = {0}; + desfirekey_t key = &defaultkey; + Desfire_des_key_new(keybytes, key); + cmd[0] = AUTHENTICATE; cmd[1] = keyno; //keynumber len = DesfireAPDU(cmd, 2, resp); @@ -245,13 +254,16 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain memcpy( encRndB, resp+3, 8); - des_dec(&decRndB, &encRndB, &keybytes); + des_dec(&decRndB, &encRndB, key->data); + memcpy(RndB, decRndB, 8); rol(decRndB,8); + // This should be random uint8_t decRndA[8] = {0x00}; + memcpy(RndA, decRndA, 8); uint8_t encRndA[8] = {0x00}; - des_dec(&encRndA, &decRndA, &keybytes); + des_dec(&encRndA, &decRndA, key->data); memcpy(both, encRndA, 8); @@ -260,7 +272,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain } - des_dec(&encRndB, &decRndB, &keybytes); + des_dec(&encRndB, &decRndB, key->data); memcpy(both + 8, encRndB, 8); @@ -277,15 +289,33 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain } if ( resp[2] == 0x00 ){ - // TODO: Create session key. + + struct desfire_key sessionKey = {0}; + desfirekey_t skey = &sessionKey; + Desfire_session_key_new( RndA, RndB , key, skey ); + //print_result("SESSION : ", skey->data, 8); + OnSuccess(); + cmd_send(CMD_ACK,1,0,0,skey->data,8); + } else { DbpString("Authetication failed."); OnError(); return; } - // TODO: Optionally, confirm ek0RndA' = RndA' to varify PICC + memcpy(encRndA, resp+3, 8); + des_dec(&encRndA, &encRndA, key->data); + rol(decRndA,8); + for (int x = 0; x < 8; x++) { + if (decRndA[x] != encRndA[x]) { + DbpString("Authetication failed. Cannot varify PICC."); + OnError(); + return; + } + } + + } } break; case 2: