uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
int uidlen = 0;
bool useUIDfromEML = TRUE;
- bool showMaths = false;
+ bool verbose = false;
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) {
break;
case 'v':
case 'V':
- showMaths = true;
+ verbose = true;
cmdp++;
break;
case 'x':
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
memcpy( data, resp.d.asBytes, sizeof(data) );
- readerAttack(data, TRUE, showMaths);
+ readerAttack(data, TRUE, verbose);
}
return 0;
}
#define ATTACK_KEY_COUNT 8\r
sector *k_sector = NULL;\r
uint8_t k_sectorsCount = 16;\r
-void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths) {\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {\r
\r
// initialize storage for found keys\r
if (k_sector == NULL)\r
\r
// We can probably skip this, mfkey32v2 is more reliable.\r
#ifdef HFMF_TRYMFK32\r
- if (tryMfk32(data[i], &key)) {\r
+ if (tryMfk32(data[i], &key, verbose)) {\r
PrintAndLog("Found Key%s for sector %02d: [%012"llx"]"\r
, (data[i].keytype) ? "B" : "A"\r
, data[i].sector\r
}\r
#endif\r
//moebius attack \r
- if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, showMaths)) {\r
+ if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, verbose)) {\r
uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;\r
uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;\r
\r
bool errors = false;\r
\r
// If set to true, we should show our workings when doing NR_AR_ATTACK.\r
- bool showMaths = false;\r
+ bool verbose = false;\r
\r
while(param_getchar(Cmd, cmdp) != 0x00) {\r
switch(param_getchar(Cmd, cmdp)) {\r
break;\r
case 'v':\r
case 'V':\r
- showMaths = true;\r
+ verbose = true;\r
cmdp++;\r
break;\r
case 'x':\r
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;\r
\r
memcpy( data, resp.d.asBytes, sizeof(data) ); \r
- readerAttack(data, setEmulatorMem, showMaths);\r
+ readerAttack(data, setEmulatorMem, verbose);\r
}\r
\r
if (k_sector != NULL) {\r
int CmdHF14AMfCSave(const char* cmd);\r
int CmdHf14MfDecryptBytes(const char *Cmd);\r
\r
-void readerAttack(nonces_t data[], bool setEmulatorMem, bool showMaths);\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose);\r
void printKeyTable( uint8_t sectorscnt, sector *e_sector );\r
#endif\r
for (int16_t i = N; i >= N-n+1; i--) {
log_result -= log(i);
}
- return exp(log_result);
+ if ( log_result > 0 )
+ return exp(log_result);
+ else
+ return 0.0;
} else {
if (n-k == N-K) { // special case. The published recursion below would fail with a divide by zero exception
double log_result = 0.0;
if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
- printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2.0));
+ printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2));
init_statelist_cache();
// and eliminate the need to calculate the other part
if (MIN(partial_statelist[p].len[ODD_STATE], partial_statelist[r].len[ODD_STATE])
< MIN(partial_statelist[q].len[EVEN_STATE], partial_statelist[s].len[EVEN_STATE])) {
- add_matching_states(current_candidates, p, r, ODD_STATE);
+ add_matching_states(current_candidates, p, r, ODD_STATE);
if(current_candidates->len[ODD_STATE]) {
- add_matching_states(current_candidates, q, s, EVEN_STATE);
+ add_matching_states(current_candidates, q, s, EVEN_STATE);
} else {
current_candidates->len[EVEN_STATE] = 0;
uint32_t *p = current_candidates->states[EVEN_STATE] = malloc(sizeof(uint32_t));
if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
- float kcalc = log(maximum_states)/log(2.0);
+ float kcalc = log(maximum_states)/log(2);
printf("Number of remaining possible keys: %"PRIu64" (2^%1.1f)\n", maximum_states, kcalc);
if (write_stats) {
if (maximum_states != 0) {
crypto1_bs_init();
PrintAndLog("Using %u-bit bitslices", MAX_BITSLICES);
- PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02x...", best_first_bytes[0]^(cuid>>24));
+ PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02X ...", best_first_bytes[0]^(cuid>>24));
// convert to 32 bit little-endian
crypto1_bs_bitslice_value32((best_first_bytes[0]<<24)^cuid, bitsliced_rollback_byte, 8);
}
time(&end);
- double elapsed_time = difftime(end, start);
+ unsigned long elapsed_time = difftime(end, start);
if (keys_found && TestIfKeyExists(foundkey)) {
- PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %.f seconds", total_states_tested, keys_found, elapsed_time);
+ PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time);
PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey);
ret = true;
} else {
- PrintAndLog("Fail! Tested %"PRIu32" states, in %.f seconds", total_states_tested, elapsed_time);
+ PrintAndLog("Fail! Tested %"PRIu32" states, in %u seconds", total_states_tested, elapsed_time);
}
// reset this counter for the next call
}
// 32 bit recover key from 2 nonces
-bool tryMfk32(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose) {
struct Crypto1State *s,*t;
uint64_t outkey = 0;
uint64_t key=0; // recovered key
uint32_t ar0_enc = data.ar; // first encrypted reader response
uint32_t nr1_enc = data.nr2; // second encrypted reader challenge
uint32_t ar1_enc = data.ar2; // second encrypted reader response
- clock_t t1 = clock();
bool isSuccess = FALSE;
uint8_t counter = 0;
-
- printf("Recovering key for:\n");
- printf(" uid: %08x\n",uid);
- printf(" nt: %08x\n",nt);
- printf(" {nr_0}: %08x\n",nr0_enc);
- printf(" {ar_0}: %08x\n",ar0_enc);
- printf(" {nr_1}: %08x\n",nr1_enc);
- printf(" {ar_1}: %08x\n",ar1_enc);
-
- printf("\nLFSR succesors of the tag challenge:\n");
+
+ clock_t t1 = clock();
uint32_t p64 = prng_successor(nt, 64);
- printf(" nt': %08x\n", p64);
- printf(" nt'': %08x\n", prng_successor(p64, 32));
+
+ if ( verbose ) {
+ printf("Recovering key for:\n");
+ printf(" uid: %08x\n",uid);
+ printf(" nt: %08x\n",nt);
+ printf(" {nr_0}: %08x\n",nr0_enc);
+ printf(" {ar_0}: %08x\n",ar0_enc);
+ printf(" {nr_1}: %08x\n",nr1_enc);
+ printf(" {ar_1}: %08x\n",ar1_enc);
+ printf("\nLFSR succesors of the tag challenge:\n");
+ printf(" nt': %08x\n", p64);
+ printf(" nt'': %08x\n", prng_successor(p64, 32));
+ }
s = lfsr_recovery32(ar0_enc ^ p64, 0);
crypto1_word(t, uid ^ nt, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ p64)) {
- //PrintAndLog("Found Key: [%012"llx"]", key);
outkey = key;
++counter;
if (counter==20) break;
return isSuccess;
}
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths) {
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose) {
struct Crypto1State *s, *t;
uint64_t outkey = 0;
uint64_t key = 0; // recovered key
uint32_t ar1_enc = data.ar2; // second encrypted reader response
bool isSuccess = FALSE;
int counter = 0;
+
+ clock_t t1 = clock();
+
+ uint32_t p640 = prng_successor(nt0, 64);
+ uint32_t p641 = prng_successor(nt1, 64);
- if (showMaths) {
+ if (verbose) {
printf("Recovering key for:\n");
printf(" uid: %08x\n", uid);
printf(" nt_0: %08x\n", nt0);
printf(" nt_1: %08x\n", nt1);
printf(" {nr_1}: %08x\n", nr1_enc);
printf(" {ar_1}: %08x\n", ar1_enc);
- }
-
- //PrintAndLog("Enter mfkey32_moebius");
- clock_t t1 = clock();
-
- uint32_t p640 = prng_successor(nt0, 64);
- uint32_t p641 = prng_successor(nt1, 64);
-
- if (showMaths) {
printf("\nLFSR succesors of the tag challenge:\n");
printf(" nt': %08x\n", p640);
printf(" nt'': %08x\n", prng_successor(p640, 32));
crypto1_word(t, uid ^ nt1, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ p641)) {
- //PrintAndLog("Found Key: [%012"llx"]",key);
outkey=key;
++counter;
if (counter==20) break;
extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, uint32_t nr, uint64_t ks_info, uint64_t * key);
//iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim"
-bool tryMfk32(nonces_t data, uint64_t *outputkey );
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool showMaths ); // <<-- this one has best success
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose );
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose); // <<-- this one has best success
int tryMfk64_ex(uint8_t *data, uint64_t *outputkey );
int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
#endif
projects / proxmark3-svn / commitdiff