diff --git a/armsrc/optimized_cipher.c b/armsrc/optimized_cipher.c index b03facf93..a54aebc61 100644 --- a/armsrc/optimized_cipher.c +++ b/armsrc/optimized_cipher.c @@ -71,7 +71,7 @@ * Removing many unnecessary bit maskings (& 0x1) * updating state in place instead of alternating use of a second state structure * remove the necessity to reverse bits of input and output bytes - + opt_doTagMAC_2() now completes in 270 microseconds. -- piwi 2019 @@ -80,22 +80,22 @@ #include "optimized_cipher.h" static const uint8_t opt_select_LUT[256] = { - 00, 03, 02, 01, 02, 03, 00, 01, 04, 07, 07, 04, 06, 07, 05, 04, - 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, - 06, 05, 04, 07, 04, 05, 06, 07, 06, 05, 05, 06, 04, 05, 07, 06, - 07, 04, 05, 06, 04, 05, 06, 07, 07, 04, 04, 07, 04, 05, 07, 06, - 06, 05, 04, 07, 04, 05, 06, 07, 02, 01, 01, 02, 00, 01, 03, 02, - 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, - 00, 03, 02, 01, 02, 03, 00, 01, 00, 03, 03, 00, 02, 03, 01, 00, - 05, 06, 07, 04, 06, 07, 04, 05, 05, 06, 06, 05, 06, 07, 05, 04, - 02, 01, 00, 03, 00, 01, 02, 03, 06, 05, 05, 06, 04, 05, 07, 06, - 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, - 02, 01, 00, 03, 00, 01, 02, 03, 02, 01, 01, 02, 00, 01, 03, 02, - 03, 00, 01, 02, 00, 01, 02, 03, 03, 00, 00, 03, 00, 01, 03, 02, - 04, 07, 06, 05, 06, 07, 04, 05, 00, 03, 03, 00, 02, 03, 01, 00, - 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, - 04, 07, 06, 05, 06, 07, 04, 05, 04, 07, 07, 04, 06, 07, 05, 04, - 01, 02, 03, 00, 02, 03, 00, 01, 01, 02, 02, 01, 02, 03, 01, 00 + 00, 03, 02, 01, 02, 03, 00, 01, 04, 07, 07, 04, 06, 07, 05, 04, + 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, + 06, 05, 04, 07, 04, 05, 06, 07, 06, 05, 05, 06, 04, 05, 07, 06, + 07, 04, 05, 06, 04, 05, 06, 07, 07, 04, 04, 07, 04, 05, 07, 06, + 06, 05, 04, 07, 04, 05, 06, 07, 02, 01, 01, 02, 00, 01, 03, 02, + 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, + 00, 03, 02, 01, 02, 03, 00, 01, 00, 03, 03, 00, 02, 03, 01, 00, + 05, 06, 07, 04, 06, 07, 04, 05, 05, 06, 06, 05, 06, 07, 05, 04, + 02, 01, 00, 03, 00, 01, 02, 03, 06, 05, 05, 06, 04, 05, 07, 06, + 03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06, + 02, 01, 00, 03, 00, 01, 02, 03, 02, 01, 01, 02, 00, 01, 03, 02, + 03, 00, 01, 02, 00, 01, 02, 03, 03, 00, 00, 03, 00, 01, 03, 02, + 04, 07, 06, 05, 06, 07, 04, 05, 00, 03, 03, 00, 02, 03, 01, 00, + 01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04, + 04, 07, 06, 05, 06, 07, 04, 05, 04, 07, 07, 04, 06, 07, 05, 04, + 01, 02, 03, 00, 02, 03, 00, 01, 01, 02, 02, 01, 02, 03, 01, 00 }; /********************** the table above has been generated with this code: ******** @@ -143,65 +143,65 @@ uint8_t xopt__select(bool x, bool y, uint8_t r) static void opt_successor(const uint8_t *k, State *s, uint8_t y) { // #define opt_T(s) (0x1 & ((s->t >> 15) ^ (s->t >> 14) ^ (s->t >> 10) ^ (s->t >> 8) ^ (s->t >> 5) ^ (s->t >> 4)^ (s->t >> 1) ^ s->t)) - // uint8_t Tt = opt_T(s); - uint16_t Tt = s->t & 0xc533; - Tt = Tt ^ (Tt >> 1); - Tt = Tt ^ (Tt >> 4); - Tt = Tt ^ (Tt >> 10); - Tt = Tt ^ (Tt >> 8); + // uint8_t Tt = opt_T(s); + uint16_t Tt = s->t & 0xc533; + Tt = Tt ^ (Tt >> 1); + Tt = Tt ^ (Tt >> 4); + Tt = Tt ^ (Tt >> 10); + Tt = Tt ^ (Tt >> 8); - s->t = (s->t >> 1); - s->t |= (Tt ^ (s->r >> 7) ^ (s->r >> 3)) << 15; + s->t = (s->t >> 1); + s->t |= (Tt ^ (s->r >> 7) ^ (s->r >> 3)) << 15; - uint8_t opt_B = s->b; - opt_B ^= s->b >> 6; - opt_B ^= s->b >> 5; - opt_B ^= s->b >> 4; + uint8_t opt_B = s->b; + opt_B ^= s->b >> 6; + opt_B ^= s->b >> 5; + opt_B ^= s->b >> 4; - s->b = s->b >> 1; - s->b |= (opt_B ^ s->r) << 7; + s->b = s->b >> 1; + s->b |= (opt_B ^ s->r) << 7; - uint8_t opt_select = opt_select_LUT[s->r] & 0x04; - opt_select |= (opt_select_LUT[s->r] ^ ((Tt ^ y) << 1)) & 0x02; - opt_select |= (opt_select_LUT[s->r] ^ Tt) & 0x01; + uint8_t opt_select = opt_select_LUT[s->r] & 0x04; + opt_select |= (opt_select_LUT[s->r] ^ ((Tt ^ y) << 1)) & 0x02; + opt_select |= (opt_select_LUT[s->r] ^ Tt) & 0x01; - uint8_t r = s->r; - s->r = (k[opt_select] ^ s->b) + s->l ; - s->l = s->r + r; + uint8_t r = s->r; + s->r = (k[opt_select] ^ s->b) + s->l ; + s->l = s->r + r; } static void opt_suc(const uint8_t *k, State *s, uint8_t *in, uint8_t length, bool add32Zeroes) { for (int i = 0; i < length; i++) { uint8_t head; - head = in[i]; - opt_successor(k, s, head); + head = in[i]; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); - head >>= 1; - opt_successor(k, s, head); + head >>= 1; + opt_successor(k, s, head); } //For tag MAC, an additional 32 zeroes if (add32Zeroes) { for (int i = 0; i < 16; i++) { - opt_successor(k, s, 0); - opt_successor(k, s, 0); + opt_successor(k, s, 0); + opt_successor(k, s, 0); } } } @@ -209,22 +209,22 @@ static void opt_suc(const uint8_t *k, State *s, uint8_t *in, uint8_t length, boo static void opt_output(const uint8_t *k, State *s, uint8_t *buffer) { for (uint8_t times = 0; times < 4; times++) { uint8_t bout = 0; - bout |= (s->r & 0x4) >> 2; - opt_successor(k, s, 0); + bout |= (s->r & 0x4) >> 2; + opt_successor(k, s, 0); bout |= (s->r & 0x4) >> 1; - opt_successor(k, s, 0); - bout |= (s->r & 0x4); - opt_successor(k, s, 0); - bout |= (s->r & 0x4) << 1; - opt_successor(k, s, 0); - bout |= (s->r & 0x4) << 2; - opt_successor(k, s, 0); - bout |= (s->r & 0x4) << 3; - opt_successor(k, s, 0); - bout |= (s->r & 0x4) << 4; - opt_successor(k, s, 0); - bout |= (s->r & 0x4) << 5; - opt_successor(k, s, 0); + opt_successor(k, s, 0); + bout |= (s->r & 0x4); + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 1; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 2; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 3; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 4; + opt_successor(k, s, 0); + bout |= (s->r & 0x4) << 5; + opt_successor(k, s, 0); buffer[times] = bout; } } @@ -243,8 +243,8 @@ static void opt_MAC(uint8_t *k, uint8_t *input, uint8_t *out) { void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]) { uint8_t dest [] = {0, 0, 0, 0, 0, 0, 0, 0}; - opt_MAC(div_key_p, cc_nr_p, dest); - memcpy(mac, dest, 4); + opt_MAC(div_key_p, cc_nr_p, dest); + memcpy(mac, dest, 4); return; } @@ -255,8 +255,8 @@ void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]) { 0x4c, // b 0xE012 // t }; - opt_suc(div_key_p, &_init, cc_p, 12, true); - opt_output(div_key_p, &_init, mac); + opt_suc(div_key_p, &_init, cc_p, 12, true); + opt_output(div_key_p, &_init, mac); return; } @@ -275,7 +275,7 @@ State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) { 0x4c, // b 0xE012 // t }; - opt_suc(div_key_p, &_init, cc_p, 8, false); + opt_suc(div_key_p, &_init, cc_p, 8, false); return _init; } @@ -289,7 +289,7 @@ State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) { * @param div_key_p - the key to use */ void opt_doTagMAC_2(State _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p) { - opt_suc(div_key_p, &_init, nr, 4, true); - opt_output(div_key_p, &_init, mac); + opt_suc(div_key_p, &_init, nr, 4, true); + opt_output(div_key_p, &_init, mac); return; } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 030da5a8d..82aba722e 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -752,10 +752,10 @@ static uint8_t NumBlocksPerSector(uint8_t sectorNo) { } } static uint8_t GetSectorFromBlockNo(uint8_t blockNo) { - if ( blockNo < 128 ) - return blockNo / 4; - else - return 32 + ((128 - blockNo) / 16); + if (blockNo < 128) + return blockNo / 4; + else + return 32 + ((128 - blockNo) / 16); } static int CmdHF14AMfDump(const char *Cmd) { @@ -963,11 +963,11 @@ static int CmdHF14AMfDump(const char *Cmd) { PrintAndLogEx(SUCCESS, "\nSucceded in dumping all blocks"); if (strlen(dataFilename) < 1) { - fptr = GenerateFilename("hf-mf-", "-data"); - if (fptr == NULL) - return PM3_ESOFT; + fptr = GenerateFilename("hf-mf-", "-data"); + if (fptr == NULL) + return PM3_ESOFT; - strcpy(dataFilename, fptr); + strcpy(dataFilename, fptr); } uint16_t bytes = 16 * (FirstBlockOfSector(numSectors - 1) + NumBlocksPerSector(numSectors - 1)); @@ -1229,9 +1229,9 @@ static int CmdHF14AMfNested(const char *Cmd) { e_sector = calloc(SectorsCnt, sizeof(sector_t)); if (e_sector == NULL) return PM3_EMALLOC; - // add our known key - e_sector[GetSectorFromBlockNo(blockNo)].foundKey[keyType] = 1; - e_sector[GetSectorFromBlockNo(blockNo)].Key[keyType] = key64; + // add our known key + e_sector[GetSectorFromBlockNo(blockNo)].foundKey[keyType] = 1; + e_sector[GetSectorFromBlockNo(blockNo)].Key[keyType] = key64; //test current key and additional standard keys first // add parameter key @@ -1703,7 +1703,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // Create the key storage stucture e_sector = calloc(sectors_cnt, sizeof(sector_t)); if (e_sector == NULL) return PM3_EMALLOC; - + // clear the key storage for (int i = 0; i < sectors_cnt; i++) { for (int j = 0; j < 2; j++) { @@ -1740,7 +1740,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { blockNo, keyType ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); // Store the key for the nested / hardnested attack (if supplied by the user) e_sector[blockNo].Key[keyType] = bytes_to_num(key, 6); @@ -1751,7 +1751,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { blockNo, keyType ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); PrintAndLogEx(WARNING, "Falling back to dictionary"); } // Check if the user supplied key is used by other sectors @@ -1765,7 +1765,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { i, j ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); // If the user supplied secctor / keytype was wrong --> just be nice and correct it ;) if (know_target_key == false) { @@ -1778,7 +1778,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { blockNo, keyType ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); } } } @@ -1792,7 +1792,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { loadFileDICTIONARY(filename, keyBlock, &data_length, 6, &key_cnt); if ((data_length / 6) > max_dictionary_size) { // This is not a good solution (loadFileDICTIONARY needs a maxdatalen)! - // loadfiledictionary will reallocate to correct size. + // loadfiledictionary will reallocate to correct size. PrintAndLogEx(FAILED, "Dictionary is too large: %d (allowed: %d)", data_length, max_dictionary_size); free(keyBlock); free(e_sector); @@ -1813,7 +1813,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // Use the dictionary to find sector keys on the card PrintAndLogEx(INFO, "Enter dictionary run..."); - + if (legacy_mfchk) { // Check all the sectors for (int i = 0; i < sectors_cnt; i++) { @@ -1877,7 +1877,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { i, j ? 'B' : 'A', sprint_hex(tmp_key, sizeof(tmp_key)) - ); + ); // Store valid credentials for the nested / hardnested attack if none exist if (know_target_key == false) { @@ -1890,7 +1890,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { blockNo, keyType ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); } } } @@ -1931,7 +1931,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { blockNo, keyType ? 'B' : 'A', sprint_hex(key, sizeof(key)) - ); + ); goto noValidKeyFound; } // Store the keys @@ -1965,17 +1965,17 @@ noValidKeyFound: for (int j = 0; j < 2; j++) { // Check if the sector key is already broken if (e_sector[i].foundKey[j]) - continue; - - // Check if the key works - if (mfCheckKeys(FirstBlockOfSector(i), j, true, 1, tmp_key, &key64) == PM3_SUCCESS) { - e_sector[i].Key[j] = bytes_to_num(tmp_key, 6); - e_sector[i].foundKey[j] = 4; - PrintAndLogEx(SUCCESS, "Found valid key: sector: %3d key type: %c key: " _YELLOW_("%s"), - i, - j ? 'B' : 'A', - sprint_hex(tmp_key, sizeof(tmp_key)) - ); + continue; + + // Check if the key works + if (mfCheckKeys(FirstBlockOfSector(i), j, true, 1, tmp_key, &key64) == PM3_SUCCESS) { + e_sector[i].Key[j] = bytes_to_num(tmp_key, 6); + e_sector[i].foundKey[j] = 4; + PrintAndLogEx(SUCCESS, "Found valid key: sector: %3d key type: %c key: " _YELLOW_("%s"), + i, + j ? 'B' : 'A', + sprint_hex(tmp_key, sizeof(tmp_key)) + ); } } } @@ -2063,7 +2063,7 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack current_sector_i, current_key_type_i ? 'B' : 'A', sprint_hex(tmp_key, sizeof(tmp_key)) - ); + ); } } } @@ -2089,7 +2089,7 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack createMfcKeyDump(sectors_cnt, e_sector, GenerateFilename("hf-mf-", "-key.bin")); PrintAndLogEx(SUCCESS, "Transferring keys to simulator memory (Cmd Error: 04 can occur)"); - + for (current_sector_i = 0; current_sector_i < sectors_cnt; current_sector_i++) { mfEmlGetMem(block, current_sector_i, 1); if (e_sector[current_sector_i].foundKey[0]) @@ -2100,11 +2100,11 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack mfEmlSetMem(block, FirstBlockOfSector(current_sector_i) + NumBlocksPerSector(current_sector_i) - 1, 1); } - // using ecfill trick, keys already in emulator mem, load data using Key A + // using ecfill trick, keys already in emulator mem, load data using Key A clearCommandBuffer(); SendCommandMIX(CMD_HF_MIFARE_EML_LOAD, sectors_cnt, 0, 0, NULL, 0); - // using ecfill trick, keys already in emulator mem, load data using Key B + // using ecfill trick, keys already in emulator mem, load data using Key B clearCommandBuffer(); SendCommandMIX(CMD_HF_MIFARE_EML_LOAD, sectors_cnt, 1, 0, NULL, 0); @@ -2126,13 +2126,13 @@ tryHardnested: // If the nested attack fails then we try the hardnested attack } fnameptr = GenerateFilename("hf-mf-", "-data"); - if (fnameptr == NULL) { - free(dump); - free(e_sector); - return PM3_ESOFT; + if (fnameptr == NULL) { + free(dump); + free(e_sector); + return PM3_ESOFT; } - strcpy(filename, fnameptr); - + strcpy(filename, fnameptr); + saveFile(filename, ".bin", dump, bytes); saveFileEML(filename, dump, bytes, MFBLOCK_SIZE); saveFileJSON(filename, jsfCardMemory, dump, bytes);