allows manual decryption of hf 14a snoop traces of a mf card.
someday we should fix hf mf sniff...
return 0;\r
}\r
\r
+//needs nt, ar, at, Data to decrypt\r
+int CmdDecryptTraceCmds(const char *Cmd){\r
+ uint8_t data[50];\r
+ int len = 0;\r
+ param_gethex_ex(Cmd,3,data,&len);\r
+ return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);\r
+}\r
\r
static command_t CommandTable[] =\r
{\r
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
+ {"decrypt", CmdDecryptTraceCmds,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
{NULL, NULL, 0, NULL}\r
};\r
\r
\r
return 0;\r
}\r
+\r
+int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len){\r
+ /*\r
+ uint32_t nt; // tag challenge\r
+ uint32_t ar_enc; // encrypted reader response\r
+ uint32_t at_enc; // encrypted tag response\r
+ */\r
+ if (traceCrypto1) {\r
+ crypto1_destroy(traceCrypto1);\r
+ }\r
+ ks2 = ar_enc ^ prng_successor(nt, 64);\r
+ ks3 = at_enc ^ prng_successor(nt, 96);\r
+ traceCrypto1 = lfsr_recovery64(ks2, ks3);\r
+\r
+ mf_crypto1_decrypt(traceCrypto1, data, len, 0);\r
+\r
+ PrintAndLog("Decrypted data: [%s]", sprint_hex(data,len) );\r
+ crypto1_destroy(traceCrypto1);\r
+ return 0;\r
+}\r
int isBlockTrailer(int blockN);\r
int loadTraceCard(uint8_t *tuid);\r
int saveTraceCard(void);\r
+int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);\r
return 0;
}
+int param_gethex_ex(const char *line, int paramnum, uint8_t * data, int *hexcnt)
+{
+ int bg, en, temp, i;
+
+ //if (hexcnt % 2)
+ // return 1;
+
+ if (param_getptr(line, &bg, &en, paramnum)) return 1;
+
+ *hexcnt = en - bg + 1;
+ if (*hexcnt % 2) //error if not complete hex bytes
+ return 1;
+ for(i = 0; i < *hexcnt; i += 2) {
+ if (!(isxdigit(line[bg + i]) && isxdigit(line[bg + i + 1])) ) return 1;
+
+ sscanf((char[]){line[bg + i], line[bg + i + 1], 0}, "%X", &temp);
+ data[i / 2] = temp & 0xff;
+ }
+
+ return 0;
+}
int param_getstr(const char *line, int paramnum, char * str)
{
int bg, en;
uint8_t param_getdec(const char *line, int paramnum, uint8_t *destination);
uint8_t param_isdec(const char *line, int paramnum);
int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt);
+int param_gethex_ex(const char *line, int paramnum, uint8_t * data, int *hexcnt);
int param_getstr(const char *line, int paramnum, char * str);
int hextobinarray( char *target, char *source);
projects / proxmark3-svn / commitdiff