RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-19 19:38:52 +08:00
Code Issues Projects Releases Packages Wiki Activity

style

Browse source
This commit is contained in:
iceman1001 2020-03-09 16:43:14 +01:00
parent 111af2bacb
commit b485461fba
10 changed files with 121 additions and 167 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
tools/hitag2crack/crack2/HardwareProfile.h
View file

@ -142,11 +142,11 @@ typedef int rtccDate;
#ifndef __PIC32MX__
#define __PIC32MX__
#define __PIC32MX__
#endif
#define GetSystemClock() (80000000ul)
#define GetPeripheralClock() (GetSystemClock())
#define GetPeripheralClock() (GetSystemClock())
#define GetInstructionClock() (GetSystemClock())
//#define USE_SELF_POWER_SENSE_IO
@ -322,7 +322,7 @@ typedef int rtccDate;
// spi for SD card
#define SD_CARD_DET LATFbits.LATF0
#define SD_CARD_WE LATFbits.LATF1 // write enable - unused for microsd but allocated anyway as library checks it
// (held LOW by default - cut solder bridge to GND to free pin if required)
// (held LOW by default - cut solder bridge to GND to free pin if required)
#define SPI_SD SPI_CHANNEL1
#define SPI_SD_BUFF SPI1BUF
#define SPI_SD_STAT SPI1STATbits

32
tools/hitag2crack/crack2/hitagcrypto.c
View file

@ -229,17 +229,16 @@ static uint32_t hitag2_crypt(uint64_t x);
((S >> (C - 3)) & 8) )
static uint32_t hitag2_crypt(uint64_t s)
{
static uint32_t hitag2_crypt(uint64_t s) {
const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001
const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001
const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011
uint32_t bitindex;
bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1;
bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02;
bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04;
bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08;
bitindex = (ht2_function4a >> pickbits2_2(s, 1, 4)) & 1;
bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(s, 7, 11, 13)) & 0x02;
bitindex |= ((ht2_function4b << 2) >> pickbits1x4(s, 16, 20, 22, 25)) & 0x04;
bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(s, 27, 30, 32)) & 0x08;
bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10;
DEBUG_PRINTF("hitag2_crypt bitindex = %02x\n", bitindex);
@ -253,13 +252,12 @@ static uint32_t hitag2_crypt(uint64_t s)
* uint32_t serialnum - 32 bit tag serial number
* uint32_t initvector - 32 bit random IV from reader, part of tag authentication
*/
void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector)
{
void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) {
// init state, from serial number and lowest 16 bits of shared key
uint64_t state = ((sharedkey & 0xFFFF) << 32) | serialnum;
// mix the initialisation vector and highest 32 bits of the shared key
initvector ^= (uint32_t) (sharedkey >> 16);
initvector ^= (uint32_t)(sharedkey >> 16);
// move 16 bits from (IV xor Shared Key) to top of uint64_t state
// these will be XORed in turn with output of the crypto function
@ -320,9 +318,9 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui
// optimise with one 64-bit intermediate
uint64_t temp = state ^ (state >> 1);
pstate->lfsr = state ^ (state >> 6) ^ (state >> 16)
^ (state >> 26) ^ (state >> 30) ^ (state >> 41)
^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22)
^ (temp >> 42) ^ (temp >> 46);
^ (state >> 26) ^ (state >> 30) ^ (state >> 41)
^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22)
^ (temp >> 42) ^ (temp >> 46);
}
}
@ -338,8 +336,7 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui
* Hitag_State* pstate - in/out, internal cipher state after initialisation
* uint32_t steps - number of bits requested, (capped at 32)
*/
uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps)
{
uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps) {
uint64_t state = pstate->shiftreg;
uint32_t result = 0;
uint64_t lfsr = pstate->lfsr;
@ -448,7 +445,7 @@ unsigned hitag2_verifytest()
const uint64_t key = rev64 (0x524B494D4E4FUL);
const uint32_t serial = rev32 (0x69574349);
const uint32_t initvec = rev32 (0x72456E65);
uint32_t i;
Hitag_State state;
@ -471,11 +468,10 @@ unsigned hitag2_verifytest()
#ifdef UNIT_TEST
int main(int argc, char* argv[])
{
int main(int argc, char *argv[]) {
unsigned pass = hitag2_verifytest();
printf ("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL");
printf("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL");
if (pass) {
hitag2_benchtest(10000);

4
tools/hitag2crack/crack2/hitagcrypto.h
View file

@ -159,9 +159,9 @@ typedef struct {
uint64_t lfsr; // fast lfsr, used to make software faster
} Hitag_State;
void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector);
void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector);
uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps);
uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps);
unsigned int hitag2_benchtest_gen32();
unsigned int hitag2_benchtest(uint32_t count);

79
tools/hitag2crack/crack2/ht2crack2buildtable.c
View file

@ -18,7 +18,7 @@
//
// If sorting fails with a 'bus error' then that is likely because your disk I/O can't keep up with
// the read/write demands of the multi-threaded sorting. In this case, reduce the number of sorting
// threads. This will most likely only be a problem with network disks; SATA should be okay;
// threads. This will most likely only be a problem with network disks; SATA should be okay;
// USB2/3 should keep up.
//
// These MUST be a power of 2 for the maths to work - you have been warned!
@ -53,8 +53,7 @@ uint64_t d2[48];
int nsteps2;
// create table entry
void create_table(struct table *t, int d1, int d2)
{
void create_table(struct table *t, int d1, int d2) {
if (!t) {
printf("create_table: t is NULL\n");
exit(1);
@ -83,8 +82,7 @@ void create_table(struct table *t, int d1, int d2)
// create all table entries
void create_tables(struct table *t)
{
void create_tables(struct table *t) {
int i, j;
if (!t) {
@ -92,8 +90,8 @@ void create_tables(struct table *t)
exit(1);
}
for (i=0; i<0x100; i++) {
for (j=0; j<0x100; j++) {
for (i = 0; i < 0x100; i++) {
for (j = 0; j < 0x100; j++) {
create_table(t + ((i * 0x100) + j), i, j);
}
}
@ -101,8 +99,7 @@ void create_tables(struct table *t)
// free the table memory
void free_tables(struct table *t)
{
void free_tables(struct table *t) {
int i;
struct table *ttmp;
@ -111,7 +108,7 @@ void free_tables(struct table *t)
exit(1);
}
for (i=0; i<0x10000; i++) {
for (i = 0; i < 0x10000; i++) {
ttmp = t + i;
free(ttmp->data);
}
@ -120,8 +117,7 @@ void free_tables(struct table *t)
// write (partial) table to file
void writetable(struct table *t1)
{
void writetable(struct table *t1) {
int fd;
if (debug) printf("writetable %s\n", t1->path);
@ -146,8 +142,7 @@ void writetable(struct table *t1)
// store value in table
void store(unsigned char *data)
{
void store(unsigned char *data) {
unsigned char d1, d2;
int offset;
struct table *t1;
@ -171,7 +166,7 @@ void store(unsigned char *data)
if (debug) printf("store, offset = %d, got lock\n", offset);
// store the entry
memcpy(t1->ptr, data+2, 10);
memcpy(t1->ptr, data + 2, 10);
if (debug) printf("store, offset = %d, copied data\n", offset);
@ -199,14 +194,13 @@ void store(unsigned char *data)
}
// writes the ks (keystream) and s (state)
void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg)
{
void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg) {
unsigned char buf[16];
// create buffer
writebuf(buf, ks1, 3);
writebuf(buf+3, ks2, 3);
writebuf(buf+6, shiftreg, 6);
writebuf(buf + 3, ks2, 3);
writebuf(buf + 6, shiftreg, 6);
// store buffer
store(buf);
@ -215,8 +209,7 @@ void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg)
// builds the di table for jumping
void builddi(int steps, int table)
{
void builddi(int steps, int table) {
uint64_t statemask;
int i;
Hitag_State mystate;
@ -237,7 +230,7 @@ void builddi(int steps, int table)
}
// build di states
for (i=0; i<48; i++) {
for (i = 0; i < 48; i++) {
mystate.shiftreg = statemask;
buildlfsr(&mystate);
hitag2_nstep(&mystate, steps);
@ -248,8 +241,7 @@ void builddi(int steps, int table)
}
// jump function - quickly jumps a load of steps
void jumpnsteps(Hitag_State *hstate, int table)
{
void jumpnsteps(Hitag_State *hstate, int table) {
uint64_t output = 0;
uint64_t bitmask;
int i;
@ -271,7 +263,7 @@ void jumpnsteps(Hitag_State *hstate, int table)
// if si is 1, di.si = di; if si is 0, di.si = 0
bitmask = 1;
for (i=0; i<48; i++) {
for (i = 0; i < 48; i++) {
if (hstate->shiftreg & bitmask) {
output = output ^ thisd[i];
}
@ -281,12 +273,11 @@ void jumpnsteps(Hitag_State *hstate, int table)
hstate->shiftreg = output;
buildlfsr(hstate);
}
}
// thread to build a part of the table
void *buildtable(void *d)
{
void *buildtable(void *d) {
Hitag_State hstate;
Hitag_State hstate2;
unsigned long i;
@ -301,7 +292,7 @@ void *buildtable(void *d)
buildlfsr(&hstate);
/* jump to offset using jump table 2 (2048) */
for (i=0; i<index; i++) {
for (i = 0; i < index; i++) {
jumpnsteps(&hstate, 2);
}
@ -319,7 +310,7 @@ void *buildtable(void *d)
}
/* make the entries */
for (i=0; i<maxentries; i++) {
for (i = 0; i < maxentries; i++) {
// copy the current state
hstate2.shiftreg = hstate.shiftreg;
@ -343,8 +334,7 @@ void *buildtable(void *d)
// make 'table/' (unsorted) and 'sorted/' dir structures
void makedirs()
{
void makedirs() {
char path[32];
int i;
@ -357,7 +347,7 @@ void makedirs()
exit(1);
}
for (i=0; i<0x100; i++) {
for (i = 0; i < 0x100; i++) {
sprintf(path, "table/%02x", i);
if (mkdir(path, 0755)) {
printf("cannot make dir %s\n", path);
@ -371,16 +361,14 @@ void makedirs()
}
}
static int datacmp(const void *p1, const void *p2, void *dummy)
{
static int datacmp(const void *p1, const void *p2, void *dummy) {
unsigned char *d1 = (unsigned char *)p1;
unsigned char *d2 = (unsigned char *)p2;
return memcmp(d1, d2, DATASIZE);
}
void *sorttable(void *d)
{
void *sorttable(void *d) {
int i, j;
int fdin;
int fdout;
@ -401,9 +389,9 @@ void *sorttable(void *d)
}
// loop over our first byte values
for (i=(index * space); i<((index + 1) * space); i++) {
for (i = (index * space); i < ((index + 1) * space); i++) {
// loop over all second byte values
for (j=0; j<0x100; j++) {
for (j = 0; j < 0x100; j++) {
printf("sorttable: processing bytes 0x%02x/0x%02x\n", i, j);
@ -464,8 +452,7 @@ void *sorttable(void *d)
return NULL;
}
int main(int argc, char *argv[])
{
int main(int argc, char *argv[]) {
pthread_t threads[NUM_BUILD_THREADS];
void *status;
long i;
@ -493,7 +480,7 @@ int main(int argc, char *argv[])
builddi(2048, 2);
// start the threads
for (i=0; i<NUM_BUILD_THREADS; i++) {
for (i = 0; i < NUM_BUILD_THREADS; i++) {
ret = pthread_create(&(threads[i]), NULL, buildtable, (void *)(i));
if (ret) {
printf("cannot start buildtable thread %ld\n", i);
@ -504,7 +491,7 @@ int main(int argc, char *argv[])
if (debug) printf("main, started buildtable threads\n");
// wait for threads to finish
for (i=0; i<NUM_BUILD_THREADS; i++) {
for (i = 0; i < NUM_BUILD_THREADS; i++) {
ret = pthread_join(threads[i], &status);
if (ret) {
printf("cannot join buildtable thread %ld\n", i);
@ -514,7 +501,7 @@ int main(int argc, char *argv[])
}
// write all remaining files
for (i=0; i<0x10000; i++) {
for (i = 0; i < 0x10000; i++) {
t1 = t + i;
if (t1->ptr > t1->data) {
writetable(t1);
@ -531,7 +518,7 @@ int main(int argc, char *argv[])
// start the threads
for (i=0; i<NUM_SORT_THREADS; i++) {
for (i = 0; i < NUM_SORT_THREADS; i++) {
ret = pthread_create(&(threads[i]), NULL, sorttable, (void *)(i));
if (ret) {
printf("cannot start sorttable thread %ld\n", i);
@ -542,7 +529,7 @@ int main(int argc, char *argv[])
if (debug) printf("main, started sorttable threads\n");
// wait for threads to finish
for (i=0; i<NUM_SORT_THREADS; i++) {
for (i = 0; i < NUM_SORT_THREADS; i++) {
ret = pthread_join(threads[i], &status);
if (ret) {
printf("cannot join sorttable thread %ld\n", i);

12
tools/hitag2crack/crack2/ht2crack2gentest.c
View file

@ -6,8 +6,7 @@
#include "ht2crack2utils.h"
int makerandom(char *hex, unsigned int len, int fd)
{
int makerandom(char *hex, unsigned int len, int fd) {
unsigned char raw[32];
int i;
@ -26,7 +25,7 @@ int makerandom(char *hex, unsigned int len, int fd)
exit(1);
}
for (i=0; i<len; i++) {
for (i = 0; i < len; i++) {
sprintf(hex + (2 * i), "%02X", raw[i]);
}
@ -34,8 +33,7 @@ int makerandom(char *hex, unsigned int len, int fd)
}
int main(int argc, char *argv[])
{
int main(int argc, char *argv[]) {
Hitag_State hstate;
char key[32];
char uid[32];
@ -64,7 +62,7 @@ int main(int argc, char *argv[])
}
for (i=0; i<numtests; i++) {
for (i = 0; i < numtests; i++) {
makerandom(key, 6, urandomfd);
makerandom(uid, 4, urandomfd);
@ -84,7 +82,7 @@ int main(int argc, char *argv[])
hitag2_nstep(&hstate, 64);
for (j=0; j<64; j++) {
for (j = 0; j < 64; j++) {
fprintf(fp, "%08X\n", hitag2_nstep(&hstate, 32));
}

53
tools/hitag2crack/crack2/ht2crack2search.c
View file

@ -17,16 +17,14 @@ struct rngdata {
static int datacmp(const void *p1, const void *p2)
{
static int datacmp(const void *p1, const void *p2) {
unsigned char *d1 = (unsigned char *)p1;
unsigned char *d2 = (unsigned char *)p2;
return memcmp(d1, d2, DATASIZE - 6);
}
int loadrngdata(struct rngdata *r, char *file)
{
int loadrngdata(struct rngdata *r, char *file) {
int fd;
int i, j;
int nibble;
@ -72,7 +70,7 @@ int loadrngdata(struct rngdata *r, char *file)
j = 0;
nibble = 0;
for (i=0; (i<filestat.st_size) && (j < r->len); i++) {
for (i = 0; (i < filestat.st_size) && (j < r->len); i++) {
if ((data[i] != 0x0a) && (data[i] != 0x0d) && (data[i] != 0x20)) {
if (!nibble) {
r->data[j] = hex2bin(data[i]) << 4;
@ -93,8 +91,7 @@ int loadrngdata(struct rngdata *r, char *file)
return 1;
}
int makecand(unsigned char *c, struct rngdata *r, int bitoffset)
{
int makecand(unsigned char *c, struct rngdata *r, int bitoffset) {
int bytenum;
int bitnum;
int i;
@ -107,7 +104,7 @@ int makecand(unsigned char *c, struct rngdata *r, int bitoffset)
bytenum = bitoffset / 8;
bitnum = bitoffset % 8;
for (i=0; i<6; i++) {
for (i = 0; i < 6; i++) {
if (!bitnum) {
c[i] = r->data[bytenum + i];
} else {
@ -120,8 +117,7 @@ int makecand(unsigned char *c, struct rngdata *r, int bitoffset)
// test the candidate against the next or previous rng data
int testcand(unsigned char *f, unsigned char *rt, int fwd)
{
int testcand(unsigned char *f, unsigned char *rt, int fwd) {
Hitag_State hstate;
int i;
uint32_t ks1;
@ -130,8 +126,8 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd)
// build the prng state at the candidate
hstate.shiftreg = 0;
for (i=0; i<6; i++) {
hstate.shiftreg = (hstate.shiftreg << 8) | f[i+4];
for (i = 0; i < 6; i++) {
hstate.shiftreg = (hstate.shiftreg << 8) | f[i + 4];
}
buildlfsr(&hstate);
@ -149,7 +145,7 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd)
ks2 = hitag2_nstep(&hstate, 24);
writebuf(buf, ks1, 3);
writebuf(buf+3, ks2, 3);
writebuf(buf + 3, ks2, 3);
// compare them
if (!memcmp(buf, rt, 6)) {
@ -159,8 +155,7 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd)
}
}
int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, unsigned char *s)
{
int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, unsigned char *s) {
int fd;
struct stat filestat;
char file[64];
@ -193,7 +188,7 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u
exit(1);
}
memcpy(item, c+2, 4);
memcpy(item, c + 2, 4);
found = (unsigned char *)bsearch(item, data, filestat.st_size / DATASIZE, DATASIZE, datacmp);
@ -209,13 +204,13 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u
while (((found - data) <= (filestat.st_size - DATASIZE)) && (!memcmp(found, item, 4))) {
if (testcand(found, rt, fwd)) {
memcpy(m, c, 2);
memcpy(m+2, found, 4);
memcpy(s, found+4, 6);
memcpy(m + 2, found, 4);
memcpy(s, found + 4, 6);
munmap(data, filestat.st_size);
close(fd);
return 1;
}
}
found = found + DATASIZE;
}
@ -228,8 +223,7 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u
}
int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstate, int *bitoffset)
{
int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstate, int *bitoffset) {
int i;
int bitlen;
unsigned char cand[6];
@ -243,7 +237,7 @@ int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstat
bitlen = r->len * 8;
for (i=0; i<=bitlen - 48; i++) {
for (i = 0; i <= bitlen - 48; i++) {
// print progress
if ((i % 100) == 0) {
printf("searching on bit %d\n", i);
@ -283,8 +277,7 @@ int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstat
void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset)
{
void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset) {
int i;
if (!s) {
@ -294,7 +287,7 @@ void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset)
// build prng at recovered offset
hstate->shiftreg = 0;
for (i=0; i<6; i++) {
for (i = 0; i < 6; i++) {
hstate->shiftreg = (hstate->shiftreg << 8) | s[i];
}
@ -313,8 +306,7 @@ void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset)
}
uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr)
{
uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr) {
uint64_t key;
uint64_t keyupper;
uint32_t uid;
@ -333,7 +325,7 @@ uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr)
uidtmp = uid;
// rollback and extract bits b
for (i=0; i<32; i++) {
for (i = 0; i < 32; i++) {
hstate->shiftreg = ((hstate->shiftreg) << 1) | ((uidtmp >> 31) & 0x1);
uidtmp = uidtmp << 1;
b = (b << 1) | fnf(hstate->shiftreg);
@ -364,8 +356,7 @@ uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr)
}
int main(int argc, char *argv[])
{
int main(int argc, char *argv[]) {
Hitag_State hstate;
struct rngdata rng;
int bitoffset = 0;
@ -420,7 +411,7 @@ int main(int argc, char *argv[])
printf("\n");
printf("KEY:\t\t");
for (i=0; i<6; i++) {
for (i = 0; i < 6; i++) {
printf("%02X", (int)(key & 0xff));
key = key >> 8;
}

67
tools/hitag2crack/crack2/ht2crack2utils.c
View file

@ -1,13 +1,11 @@
#include "ht2crack2utils.h"
// writes a value into a buffer as a series of bytes
void writebuf(unsigned char *buf, uint64_t val, unsigned int len)
{
void writebuf(unsigned char *buf, uint64_t val, unsigned int len) {
int i;
char c;
for (i=len-1; i>=0; i--)
{
for (i = len - 1; i >= 0; i--) {
c = val & 0xff;
buf[i] = c;
val = val >> 8;
@ -17,18 +15,17 @@ void writebuf(unsigned char *buf, uint64_t val, unsigned int len)
/* simple hexdump for testing purposes */
void shexdump(unsigned char *data, int data_len)
{
void shexdump(unsigned char *data, int data_len) {
int i;
if (!data || (data_len <= 0)) {
printf("shexdump: invalid parameters\n");
return;
}
printf("Hexdump from %p:\n", data);
for (i=0; i<data_len; i++) {
for (i = 0; i < data_len; i++) {
if ((i % HEX_PER_ROW) == 0) {
printf("\n0x%04x: ", i);
}
@ -39,8 +36,7 @@ void shexdump(unsigned char *data, int data_len)
void printbin(unsigned char *c)
{
void printbin(unsigned char *c) {
int i, j;
unsigned char x;
@ -49,9 +45,9 @@ void printbin(unsigned char *c)
return;
}
for (i=0; i<6; i++) {
for (i = 0; i < 6; i++) {
x = c[i];
for (j=0; j<8; j++) {
for (j = 0; j < 8; j++) {
printf("%d", (x & 0x80) >> 7);
x = x << 1;
}
@ -60,14 +56,13 @@ void printbin(unsigned char *c)
}
void printbin2(uint64_t val, unsigned int size)
{
void printbin2(uint64_t val, unsigned int size) {
int i;
uint64_t mask = 1;
mask = mask << (size - 1);
for (i=0; i<size; i++) {
for (i = 0; i < size; i++) {
if (val & mask) {
printf("1");
} else {
@ -78,8 +73,7 @@ void printbin2(uint64_t val, unsigned int size)
}
void printstate(Hitag_State *hstate)
{
void printstate(Hitag_State *hstate) {
printf("shiftreg =\t");
printbin2(hstate->shiftreg, 48);
printf("\n");
@ -89,8 +83,7 @@ void printstate(Hitag_State *hstate)
// convert hex char to binary
unsigned char hex2bin(unsigned char c)
{
unsigned char hex2bin(unsigned char c) {
if ((c >= '0') && (c <= '9')) {
return (c - '0');
} else if ((c >= 'a') && (c <= 'f')) {
@ -103,8 +96,7 @@ unsigned char hex2bin(unsigned char c)
}
// return a single bit from a value
int bitn(uint64_t x, int bit)
{
int bitn(uint64_t x, int bit) {
uint64_t bitmask = 1;
bitmask = bitmask << bit;
@ -118,20 +110,18 @@ int bitn(uint64_t x, int bit)
// the sub-function R that rollback depends upon
int fnR(uint64_t x)
{
int fnR(uint64_t x) {
// renumbered bits because my state is 0-47, not 1-48
return (bitn(x, 1) ^ bitn(x, 2) ^ bitn(x, 5) ^ bitn(x, 6) ^ bitn(x, 7) ^
bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^
bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47));
bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^
bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47));
}
// the rollback function that lets us go backwards in time
void rollback(Hitag_State *hstate, unsigned int steps)
{
void rollback(Hitag_State *hstate, unsigned int steps) {
int i;
for (i=0; i<steps; i++) {
for (i = 0; i < steps; i++) {
hstate->shiftreg = ((hstate->shiftreg << 1) & 0xffffffffffff) | fnR(hstate->shiftreg);
}
@ -139,24 +129,20 @@ void rollback(Hitag_State *hstate, unsigned int steps)
// the three filter sub-functions that feed fnf
int fa(unsigned int i)
{
int fa(unsigned int i) {
return bitn(0x2C79, i);
}
int fb(unsigned int i)
{
int fb(unsigned int i) {
return bitn(0x6671, i);
}
int fc(unsigned int i)
{
int fc(unsigned int i) {
return bitn(0x7907287B, i);
}
// the filter function that generates a bit of output from the prng state
int fnf(uint64_t s)
{
int fnf(uint64_t s) {
unsigned int x1, x2, x3, x4, x5, x6;
x1 = (bitn(s, 2) << 0) | (bitn(s, 3) << 1) | (bitn(s, 5) << 2) | (bitn(s, 6) << 3);
@ -171,16 +157,15 @@ int fnf(uint64_t s)
}
// builds the lfsr for the prng (quick calcs for hitag2_nstep())
void buildlfsr(Hitag_State *hstate)
{
void buildlfsr(Hitag_State *hstate) {
uint64_t state = hstate->shiftreg;
uint64_t temp;
temp = state ^ (state >> 1);
hstate->lfsr = state ^ (state >> 6) ^ (state >> 16)
^ (state >> 26) ^ (state >> 30) ^ (state >> 41)
^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22)
^ (temp >> 42) ^ (temp >> 46);
^ (state >> 26) ^ (state >> 30) ^ (state >> 41)
^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22)
^ (temp >> 42) ^ (temp >> 46);
}

2
tools/hitag2crack/crack2/rfidler.h
View file

@ -336,7 +336,7 @@ extern rtccDate RTC_date; // date structure
#define TAG_TYPE_AWID_26 17
#define TAG_TYPE_EM4X05 18
#define TAG_TYPE_TAMAGOTCHI 19
#define TAG_TYPE_HDX 20 // same underlying data as FDX-B, but different modulation & telegram
#define TAG_TYPE_HDX 20 // same underlying data as FDX-B, but different modulation & telegram
// various

2
tools/hitag2crack/crack2/util.h
View file

@ -182,7 +182,7 @@ unsigned char getbit(unsigned char byte, unsigned char bit);
void bytestohex(unsigned char *target, unsigned char *source, unsigned int length);
unsigned int manchester_encode(unsigned char *target, unsigned char *source, unsigned int length);
unsigned int manchester_decode(unsigned char *target, unsigned char *source, unsigned int length);
char * strip_newline(char *buff);
char *strip_newline(char *buff);
BOOL command_ack(BOOL data);
BOOL command_nack(BYTE *reason);
BOOL command_unknown(void);

29
tools/hitag2crack/crack2/utilpart.c
View file

@ -142,19 +142,17 @@ rtccTime RTC_time; // time structure
rtccDate RTC_date; // date structure
// convert byte-reversed 8 digit hex to unsigned long
unsigned long hexreversetoulong(BYTE *hex)
{
unsigned long ret= 0L;
unsigned long hexreversetoulong(BYTE *hex) {
unsigned long ret = 0L;
unsigned int x;
BYTE i;
if(strlen(hex) != 8)
if (strlen(hex) != 8)
return 0L;
for(i= 0 ; i < 4 ; ++i)
{
if(sscanf(hex, "%2X", &x) != 1)
return 0L;
for (i = 0 ; i < 4 ; ++i) {
if (sscanf(hex, "%2X", &x) != 1)
return 0L;
ret += ((unsigned long) x) << i * 8;
hex += 2;
}
@ -162,18 +160,17 @@ unsigned long hexreversetoulong(BYTE *hex)
}
// convert byte-reversed 12 digit hex to unsigned long
unsigned long long hexreversetoulonglong(BYTE *hex)
{
unsigned long long ret= 0LL;
unsigned long long hexreversetoulonglong(BYTE *hex) {
unsigned long long ret = 0LL;
BYTE tmp[9];
// this may seem an odd way to do it, but weird compiler issues were
// this may seem an odd way to do it, but weird compiler issues were
// breaking direct conversion!
tmp[8]= '\0';
tmp[8] = '\0';
memset(tmp + 4, '0', 4);
memcpy(tmp, hex + 8, 4);
ret= hexreversetoulong(tmp);
ret = hexreversetoulong(tmp);
ret <<= 32;
memcpy(tmp, hex, 8);
ret += hexreversetoulong(tmp);