From 31cf80487727e43b6a7e75416a4a1c25d2c4dc8c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 10 Aug 2016 16:25:56 +0200 Subject: [PATCH] CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones. --- client/nonce2key/crapto1.c | 25 +++++++++++-------------- client/nonce2key/nonce2key.c | 8 +++----- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c index b5532396..9f349e17 100644 --- a/client/nonce2key/crapto1.c +++ b/client/nonce2key/crapto1.c @@ -1,4 +1,4 @@ -/* crapto1.c +1/* crapto1.c This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License @@ -383,7 +383,7 @@ uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb) /** nonce_distance * x,y valid tag nonces, then prng_successor(x, nonce_distance(x, y)) = y */ -static uint16_t *dist; +static uint16_t *dist = 0; int nonce_distance(uint32_t from, uint32_t to) { uint16_t x, i; @@ -391,7 +391,7 @@ int nonce_distance(uint32_t from, uint32_t to) dist = malloc(2 << 16); if(!dist) return -1; - for (x = 1, i = 1; i; ++i) { + for (x = i = 1; i; ++i) { dist[(x & 0xff) << 8 | x >> 8] = i; x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15; } @@ -468,21 +468,18 @@ static struct Crypto1State* check_pfx_parity(uint32_t prefix, uint32_t rresp, ui return sl + good; } static struct Crypto1State* check_pfx_parity_ex(uint32_t prefix, uint32_t odd, uint32_t even, struct Crypto1State* sl) { - struct Crypto1State s; + uint32_t c = 0; - s.odd = odd ^ fastfwd[1][c]; - s.even = even ^ fastfwd[0][c]; - - lfsr_rollback_bit(&s, 0, 0); - lfsr_rollback_bit(&s, 0, 0); - lfsr_rollback_bit(&s, 0, 0); + sl.odd = odd ^ fastfwd[1][c]; + sl.even = even ^ fastfwd[0][c]; - lfsr_rollback_word(&s, 0, 0); - lfsr_rollback_word(&s, prefix | c << 5, 1); + lfsr_rollback_bit(&sl, 0, 0); + lfsr_rollback_bit(&sl, 0, 0); + lfsr_rollback_bit(&sl, 0, 0); + lfsr_rollback_word(&sl, 0, 0); + lfsr_rollback_word(&sl, prefix | c << 5, 1); - sl->odd = s.odd; - sl->even = s.even; return ++sl; } diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index ac2db645..ab97f597 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -101,7 +101,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui *(state_s + i) = key_recovered; } - PrintAndLog("zero"); if(!state) return 1; @@ -115,7 +114,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui p1 = p3 = last_keylist; p2 = state_s; - PrintAndLog("one"); while ( *p1 != -1 && *p2 != -1 ) { if (compar_int(p1, p2) == 0) { printf("p1:%"llx" p2:%"llx" p3:%"llx" key:%012"llx"\n",(uint64_t)(p1-last_keylist),(uint64_t)(p2-state_s),(uint64_t)(p3-last_keylist),*p1); @@ -127,9 +125,11 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui while (compar_int(p1, p2) == 1) ++p2; } } - key_count = p3 - last_keylist;; + key_count = p3 - last_keylist; + PrintAndLog("one A"); } else { key_count = 0; + PrintAndLog("one B"); } printf("key_count:%d\n", key_count); @@ -137,7 +137,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui // The list may still contain several key candidates. Test each of them with mfCheckKeys uint8_t keyBlock[6] = {0,0,0,0,0,0}; uint64_t key64; - PrintAndLog("two"); for (i = 0; i < key_count; i++) { key64 = *(last_keylist + i); num_to_bytes(key64, 6, keyBlock); @@ -151,7 +150,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui } } - free(last_keylist); last_keylist = state_s; return 1; -- 2.39.2