RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-22 08:16:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
proxmark3/client/nonce2key/nonce2key.c

205 lines
6.1 KiB
C
Raw Normal View History

improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
//-----------------------------------------------------------------------------
// Merlok - June 2011
// Roel - Dec 2009
// Unknown author
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// MIFARE Darkside hack
//-----------------------------------------------------------------------------
#include "nonce2key.h"
Add support in 'hf mf mifare' for some unlicensed/compatible mifare card which always answer NACK. Change the 'nttmp' start from nt distance 500 to 100 in mifarecmd.c to compatible some unlicensed/compatible mifare card.
2013-09-29 19:44:07 +08:00
#include "mifarehost.h"
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
#include "ui.h"
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
#include "proxmark3.h"
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
2013-07-09 01:56:05 +08:00
int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key) {
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
CHG: some timing
2016-02-15 09:49:04 +08:00
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
struct Crypto1State *state;
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
uint32_t i, pos, rr = 0, nr_diff;
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
byte_t bt, ks3x[8], par[8][8];
Add support in 'hf mf mifare' for some unlicensed/compatible mifare card which always answer NACK. Change the 'nttmp' start from nt distance 500 to 100 in mifarecmd.c to compatible some unlicensed/compatible mifare card.
2013-09-29 19:44:07 +08:00
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
// Reset the last three significant bits of the reader nonce
nr &= 0xffffff1f;
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
PrintAndLog("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx") nr(%08"llx")\n\n", uid, nt, par_info, ks_info, nr);
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
for ( pos = 0; pos < 8; pos++ ) {
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f;
bt = (par_info >> (pos*8)) & 0xff;
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
for ( i = 0; i < 8; i++) {
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
par[7-pos][i] = (bt >> i) & 0x01;
}
}
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
printf("|diff|{nr} |ks3|ks3^5|parity |\n");
printf("+----+--------+---+-----+---------------+\n");
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
for ( i = 0; i < 8; i++) {
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
nr_diff = nr | i << 5;
CHG: some timing
2016-02-15 09:49:04 +08:00
printf("| %02x |%08x| %01x | %01x |", i << 5, nr_diff, ks3x[i], ks3x[i]^5);
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
for (pos = 0; pos < 7; pos++) printf("%01x,", par[i][pos]);
A lot of changes... .. ntag simulation stuff from @marshmellows branch "ntag/sim" .. hf mf mifare fixes from @pwpivi. .. hw status command .. speedtest function from @pwpivi .. Viking Functionalities, (not a proper DEMOD, but a start) .. GetCountUS better precision from @pwpivi .. bin2hex, hex2bin from @holiman ... starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished.. ... Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet. ... Started add SHA256.. not working yet..
2015-10-05 00:01:33 +08:00
printf("%01x|\n", par[i][7]);
}
printf("+----+--------+---+-----+---------------+\n");
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
CHG: some timing
2016-02-15 09:49:04 +08:00
clock_t t1 = clock();
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
state = lfsr_common_prefix(nr, rr, ks3x, par);
lfsr_rollback_word(state, uid^nt, 0);
crypto1_get_lfsr(state, key);
crypto1_destroy(state);
CHG: some timing
2016-02-15 09:49:04 +08:00
t1 = clock() - t1;
if ( t1 > 0 ) PrintAndLog("Time in nonce2key: %.0f ticks \n", (float)t1);
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
return 0;
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
}
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
// *outputkey is not used...
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
int tryMfk32(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){
struct Crypto1State *s,*t;
uint64_t key; // recovered key
uint32_t uid; // serial number
uint32_t nt; // tag challenge
uint32_t nr0_enc; // first encrypted reader challenge
uint32_t ar0_enc; // first encrypted reader response
uint32_t nr1_enc; // second encrypted reader challenge
uint32_t ar1_enc; // second encrypted reader response
bool isSuccess = FALSE;
int counter = 0;
uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
nt = *(uint32_t*)(data+8);
nr0_enc = *(uint32_t*)(data+12);
ar0_enc = *(uint32_t*)(data+16);
nr1_enc = *(uint32_t*)(data+32);
ar1_enc = *(uint32_t*)(data+36);
CHG: print up to 20 possible keys.
2015-05-26 17:05:57 +08:00
// PrintAndLog("recovering key for:");
// PrintAndLog(" uid: %08x %08x",uid, myuid);
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
// PrintAndLog(" nt: %08x",nt);
// PrintAndLog(" {nr_0}: %08x",nr0_enc);
// PrintAndLog(" {ar_0}: %08x",ar0_enc);
// PrintAndLog(" {nr_1}: %08x",nr1_enc);
// PrintAndLog(" {ar_1}: %08x",ar1_enc);
s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0);
for(t = s; t->odd | t->even; ++t) {
lfsr_rollback_word(t, 0, 0);
lfsr_rollback_word(t, nr0_enc, 1);
lfsr_rollback_word(t, uid ^ nt, 0);
crypto1_get_lfsr(t, &key);
crypto1_word(t, uid ^ nt, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) {
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
PrintAndLog("Found Key: [%012"llx"]", key);
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
isSuccess = TRUE;
++counter;
CHG: print up to 20 possible keys.
2015-05-26 17:05:57 +08:00
if (counter==20)
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
break;
}
}
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
num_to_bytes(key, 6, outputkey);
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
crypto1_destroy(t);
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
return isSuccess;
}
TEST: Moebius two noce mfkey32...
2015-07-14 05:06:49 +08:00
int tryMfk32_moebius(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
struct Crypto1State *s, *t;
TEST: Moebius two noce mfkey32...
2015-07-14 05:06:49 +08:00
uint64_t key; // recovered key
uint32_t uid; // serial number
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
uint32_t nt0; // tag challenge first
uint32_t nt1; // tag challenge second
TEST: Moebius two noce mfkey32...
2015-07-14 05:06:49 +08:00
uint32_t nr0_enc; // first encrypted reader challenge
uint32_t ar0_enc; // first encrypted reader response
uint32_t nr1_enc; // second encrypted reader challenge
uint32_t ar1_enc; // second encrypted reader response
bool isSuccess = FALSE;
int counter = 0;
uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
nt0 = *(uint32_t*)(data+8);
nr0_enc = *(uint32_t*)(data+12);
ar0_enc = *(uint32_t*)(data+16);
nt1 = *(uint32_t*)(data+8);
nr1_enc = *(uint32_t*)(data+32);
ar1_enc = *(uint32_t*)(data+36);
s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0);
for(t = s; t->odd | t->even; ++t) {
lfsr_rollback_word(t, 0, 0);
lfsr_rollback_word(t, nr0_enc, 1);
lfsr_rollback_word(t, uid ^ nt0, 0);
crypto1_get_lfsr(t, &key);
crypto1_word(t, uid ^ nt1, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) {
PrintAndLog("Found Key: [%012"llx"]",key);
isSuccess = TRUE;
++counter;
if (counter==20)
break;
}
}
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
num_to_bytes(key, 6, outputkey);
CHG: Tested to unfold some loops inside the crypto1 implementation to see if it generates some speed ups. Feels ok.
2016-01-14 04:51:06 +08:00
crypto1_destroy(t);
TEST: Moebius two noce mfkey32...
2015-07-14 05:06:49 +08:00
return isSuccess;
}
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
int tryMfk64(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){
struct Crypto1State *revstate;
uint64_t key; // recovered key
uint32_t uid; // serial number
uint32_t nt; // tag challenge
uint32_t nr_enc; // encrypted reader challenge
uint32_t ar_enc; // encrypted reader response
uint32_t at_enc; // encrypted tag response
uint32_t ks2; // keystream used to encrypt reader response
uint32_t ks3; // keystream used to encrypt tag response
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4);
CHG: some timing
2016-02-15 09:49:04 +08:00
nt = *(uint32_t*)(data+8);
nr_enc = *(uint32_t*)(data+12);
ar_enc = *(uint32_t*)(data+16);
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
crypto1_word(pcs, nr_enc , 1);
at_enc = prng_successor(nt, 96) ^ crypto1_word(pcs, 0, 0);
// printf("Recovering key for:\n");
// printf(" uid: %08x\n",uid);
// printf(" nt: %08x\n",nt);
// printf(" {nr}: %08x\n",nr_enc);
// printf(" {ar}: %08x\n",ar_enc);
// printf(" {at}: %08x\n",at_enc);
// Extract the keystream from the messages
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
crypto1_get_lfsr(revstate, &key);
PrintAndLog("Found Key: [%012"llx"]",key);
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-20 00:22:18 +08:00
num_to_bytes(key, 6, outputkey);
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file CHG: added @marshmellow42 changes to hf mfu dump layout. ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory. ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 19:10:55 +08:00
crypto1_destroy(revstate);
return 0;
CHG: some timing
2016-02-15 09:49:04 +08:00
}
Reference in a new issue Copy permalink