diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 570f028cb..4bd55fb3b 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2145,29 +2145,24 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) { uint32_t nttmp1 = nt1; uint32_t nttmp2 = nt2; - for (uint16_t i = 1; i < 32768/8; ++i) { + // 0xFFFF -- Half up and half down to find distance between nonces + for (uint16_t i = 1; i < 32768/8; i += 8) { nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+1; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+2; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+3; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+4; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+5; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+6; - nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6); - nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+7; + + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i; + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5); + nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6); nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+7); } // either nt1 or nt2 are invalid nonces diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 49730af98..464787351 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1217,10 +1217,9 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card"); errormsg = MAGIC_UID; - // break; } - - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); + break; } // wipe tag, fill it with zeros @@ -1239,7 +1238,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ break; } - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); } // write block @@ -1276,7 +1275,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ } if (workFlags & MAGIC_OFF) - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); isOK = true; break; diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 3d6dce41d..9c6adcce7 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -474,7 +474,10 @@ int mifare_classic_halt_ex(struct Crypto1State *pcs) { uint8_t receivedAnswer[4] = {0x00, 0x00, 0x00, 0x00}; len = mifare_sendcmd_short(pcs, (pcs == NULL) ? CRYPT_NONE : CRYPT_ALL, 0x50, 0x00, receivedAnswer, NULL, NULL); if (len != 0) { - if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len); + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("halt error. response len: %x data:%02X %02X %02X %02X", len, receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3]); + if (len == 1 && receivedAnswer[0] == 0x04) + return 4; return 1; } return 0; diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index b404d4490..abb786f4d 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -143,6 +143,7 @@ int usage_hf_14a_sim(void) { // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); + PrintAndLog(" v : (Optional) show maths used for cracking reader. Useful for debugging."); PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); PrintAndLog(" : hf 14a sim t 1 u 11223344"); PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); @@ -447,6 +448,7 @@ int CmdHF14ASim(const char *Cmd) { uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; bool useUIDfromEML = TRUE; + bool verbose = false; while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { @@ -477,6 +479,11 @@ int CmdHF14ASim(const char *Cmd) { } cmdp += 2; break; + case 'v': + case 'V': + verbose = true; + cmdp++; + break; case 'x': case 'X': flags |= FLAG_NR_AR_ATTACK; @@ -513,7 +520,7 @@ int CmdHF14ASim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, TRUE); + readerAttack(data, TRUE, verbose); } return 0; } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 99a91ced7..a840969e2 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -32,6 +32,7 @@ int usage_hf14_mf1ksim(void){ PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted"); PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); PrintAndLog(" e (Optional) Fill simulator keys from what we crack"); + PrintAndLog(" v (Optional) Show maths used for cracking reader. Useful for debugging."); PrintAndLog("samples:"); PrintAndLog(" hf mf sim u 0a0a0a0a"); PrintAndLog(" hf mf sim u 11223344556677"); @@ -1364,7 +1365,7 @@ int CmdHF14AMfChk(const char *Cmd) { #define ATTACK_KEY_COUNT 8 sector *k_sector = NULL; uint8_t k_sectorsCount = 16; -void readerAttack(nonces_t data[], bool setEmulatorMem) { +void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) { // initialize storage for found keys if (k_sector == NULL) @@ -1388,7 +1389,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) { // We can probably skip this, mfkey32v2 is more reliable. #ifdef HFMF_TRYMFK32 - if (tryMfk32(data[i], &key)) { + if (tryMfk32(data[i], &key, verbose)) { PrintAndLog("Found Key%s for sector %02d: [%012"llx"]" , (data[i].keytype) ? "B" : "A" , data[i].sector @@ -1413,7 +1414,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem) { } #endif //moebius attack - if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) { + if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, verbose)) { uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector; uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype; @@ -1449,11 +1450,14 @@ int CmdHF14AMf1kSim(const char *Cmd) { uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; uint8_t exitAfterNReads = 0; uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA); - int uidlen = 0; + int uidlen = 0; bool setEmulatorMem = false; uint8_t cmdp = 0; bool errors = false; + // If set to true, we should show our workings when doing NR_AR_ATTACK. + bool verbose = false; + while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'e': @@ -1485,6 +1489,11 @@ int CmdHF14AMf1kSim(const char *Cmd) { } cmdp +=2; break; + case 'v': + case 'V': + verbose = true; + cmdp++; + break; case 'x': case 'X': flags |= FLAG_NR_AR_ATTACK; @@ -1524,7 +1533,7 @@ int CmdHF14AMf1kSim(const char *Cmd) { if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, setEmulatorMem); + readerAttack(data, setEmulatorMem, verbose); } if (k_sector != NULL) { diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h index 738b34325..d9964261a 100644 --- a/client/cmdhfmf.h +++ b/client/cmdhfmf.h @@ -28,19 +28,19 @@ #include "nonce2key/nonce2key.h" int CmdHFMF(const char *Cmd); - -int CmdHF14AMfDbg(const char* cmd); -int CmdHF14AMfRdBl(const char* cmd); -int CmdHF14AMfURdBl(const char* cmd); -int CmdHF14AMfRdSc(const char* cmd); -int CmdHF14SMfURdCard(const char* cmd); -int CmdHF14AMfDump(const char* cmd); -int CmdHF14AMfRestore(const char* cmd); -int CmdHF14AMfWrBl(const char* cmd); -int CmdHF14AMfUWrBl(const char* cmd); -int CmdHF14AMfChk(const char* cmd); -int CmdHF14AMifare(const char* cmd); -int CmdHF14AMfNested(const char* cmd); + +int CmdHF14AMfDbg(const char* cmd); +int CmdHF14AMfRdBl(const char* cmd); +int CmdHF14AMfURdBl(const char* cmd); +int CmdHF14AMfRdSc(const char* cmd); +int CmdHF14SMfURdCard(const char* cmd); +int CmdHF14AMfDump(const char* cmd); +int CmdHF14AMfRestore(const char* cmd); +int CmdHF14AMfWrBl(const char* cmd); +int CmdHF14AMfUWrBl(const char* cmd); +int CmdHF14AMfChk(const char* cmd); +int CmdHF14AMifare(const char* cmd); +int CmdHF14AMfNested(const char* cmd); int CmdHF14AMfNestedHard(const char *Cmd); int CmdHF14AMfSniff(const char* cmd); int CmdHF14AMf1kSim(const char* cmd); @@ -60,6 +60,6 @@ int CmdHF14AMfCLoad(const char* cmd); int CmdHF14AMfCSave(const char* cmd); int CmdHf14MfDecryptBytes(const char *Cmd); -void readerAttack(nonces_t data[], bool setEmulatorMem); +void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose); void printKeyTable( uint8_t sectorscnt, sector *e_sector ); #endif diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index ea46469f9..fb576441b 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -261,7 +261,10 @@ static double p_hypergeometric(uint16_t N, uint16_t K, uint16_t n, uint16_t k) for (int16_t i = N; i >= N-n+1; i--) { log_result -= log(i); } - return exp(log_result); + if ( log_result > 0 ) + return exp(log_result); + else + return 0.0; } else { if (n-k == N-K) { // special case. The published recursion below would fail with a divide by zero exception double log_result = 0.0; @@ -1312,7 +1315,7 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8) if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf) - printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2.0)); + printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2)); init_statelist_cache(); @@ -1329,9 +1332,9 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8) // and eliminate the need to calculate the other part if (MIN(partial_statelist[p].len[ODD_STATE], partial_statelist[r].len[ODD_STATE]) < MIN(partial_statelist[q].len[EVEN_STATE], partial_statelist[s].len[EVEN_STATE])) { - add_matching_states(current_candidates, p, r, ODD_STATE); + add_matching_states(current_candidates, p, r, ODD_STATE); if(current_candidates->len[ODD_STATE]) { - add_matching_states(current_candidates, q, s, EVEN_STATE); + add_matching_states(current_candidates, q, s, EVEN_STATE); } else { current_candidates->len[EVEN_STATE] = 0; uint32_t *p = current_candidates->states[EVEN_STATE] = malloc(sizeof(uint32_t)); @@ -1363,7 +1366,7 @@ static bool generate_candidates(uint16_t sum_a0, uint16_t sum_a8) if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf) - float kcalc = log(maximum_states)/log(2.0); + float kcalc = log(maximum_states)/log(2); printf("Number of remaining possible keys: %"PRIu64" (2^%1.1f)\n", maximum_states, kcalc); if (write_stats) { if (maximum_states != 0) { @@ -1703,7 +1706,7 @@ static bool brute_force(void) crypto1_bs_init(); PrintAndLog("Using %u-bit bitslices", MAX_BITSLICES); - PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02x...", best_first_bytes[0]^(cuid>>24)); + PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02X ...", best_first_bytes[0]^(cuid>>24)); // convert to 32 bit little-endian crypto1_bs_bitslice_value32((best_first_bytes[0]<<24)^cuid, bitsliced_rollback_byte, 8); @@ -1744,14 +1747,14 @@ static bool brute_force(void) } time(&end); - double elapsed_time = difftime(end, start); + unsigned long elapsed_time = difftime(end, start); if (keys_found && TestIfKeyExists(foundkey)) { - PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %.f seconds", total_states_tested, keys_found, elapsed_time); + PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time); PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey); ret = true; } else { - PrintAndLog("Fail! Tested %"PRIu32" states, in %.f seconds", total_states_tested, elapsed_time); + PrintAndLog("Fail! Tested %"PRIu32" states, in %u seconds", total_states_tested, elapsed_time); } // reset this counter for the next call diff --git a/client/cmdlf.c b/client/cmdlf.c index dde05cb3d..d64a15c5a 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -1019,10 +1019,17 @@ int CmdLFfind(const char *Cmd) { } if (cmdp == 'u' || cmdp == 'U') testRaw = 'u'; + // if ( justNoise(GraphBuffer, GraphTraceLen) ) { + // PrintAndLog("Signal looks just like noise. Quitting."); + // return 0; + // } + PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag"); PrintAndLog("False Positives ARE possible\n"); PrintAndLog("\nChecking for known tags:\n"); + + ans=CmdFSKdemodIO(""); if (ans>0) { PrintAndLog("\nValid IO Prox ID Found!"); diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index 14b03bcbb..95c4cf5f1 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -156,7 +156,7 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui } // 32 bit recover key from 2 nonces -bool tryMfk32(nonces_t data, uint64_t *outputkey) { +bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose) { struct Crypto1State *s,*t; uint64_t outkey = 0; uint64_t key=0; // recovered key @@ -166,22 +166,24 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) { uint32_t ar0_enc = data.ar; // first encrypted reader response uint32_t nr1_enc = data.nr2; // second encrypted reader challenge uint32_t ar1_enc = data.ar2; // second encrypted reader response - clock_t t1 = clock(); bool isSuccess = FALSE; uint8_t counter = 0; - - printf("Recovering key for:\n"); - printf(" uid: %08x\n",uid); - printf(" nt: %08x\n",nt); - printf(" {nr_0}: %08x\n",nr0_enc); - printf(" {ar_0}: %08x\n",ar0_enc); - printf(" {nr_1}: %08x\n",nr1_enc); - printf(" {ar_1}: %08x\n",ar1_enc); - - printf("\nLFSR succesors of the tag challenge:\n"); + + clock_t t1 = clock(); uint32_t p64 = prng_successor(nt, 64); - printf(" nt': %08x\n", p64); - printf(" nt'': %08x\n", prng_successor(p64, 32)); + + if ( verbose ) { + printf("Recovering key for:\n"); + printf(" uid: %08x\n",uid); + printf(" nt: %08x\n",nt); + printf(" {nr_0}: %08x\n",nr0_enc); + printf(" {ar_0}: %08x\n",ar0_enc); + printf(" {nr_1}: %08x\n",nr1_enc); + printf(" {ar_1}: %08x\n",ar1_enc); + printf("\nLFSR succesors of the tag challenge:\n"); + printf(" nt': %08x\n", p64); + printf(" nt'': %08x\n", prng_successor(p64, 32)); + } s = lfsr_recovery32(ar0_enc ^ p64, 0); @@ -193,7 +195,6 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) { crypto1_word(t, uid ^ nt, 0); crypto1_word(t, nr1_enc, 1); if (ar1_enc == (crypto1_word(t, 0, 0) ^ p64)) { - //PrintAndLog("Found Key: [%012"llx"]", key); outkey = key; ++counter; if (counter==20) break; @@ -208,7 +209,7 @@ bool tryMfk32(nonces_t data, uint64_t *outputkey) { return isSuccess; } -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose) { struct Crypto1State *s, *t; uint64_t outkey = 0; uint64_t key = 0; // recovered key @@ -222,25 +223,25 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { uint32_t ar1_enc = data.ar2; // second encrypted reader response bool isSuccess = FALSE; int counter = 0; - - printf("Recovering key for:\n"); - printf(" uid: %08x\n",uid); - printf(" nt_0: %08x\n",nt0); - printf(" {nr_0}: %08x\n",nr0_enc); - printf(" {ar_0}: %08x\n",ar0_enc); - printf(" nt_1: %08x\n",nt1); - printf(" {nr_1}: %08x\n",nr1_enc); - printf(" {ar_1}: %08x\n",ar1_enc); - //PrintAndLog("Enter mfkey32_moebius"); clock_t t1 = clock(); - printf("\nLFSR succesors of the tag challenge:\n"); uint32_t p640 = prng_successor(nt0, 64); uint32_t p641 = prng_successor(nt1, 64); - printf(" nt': %08x\n", p640); - printf(" nt'': %08x\n", prng_successor(p640, 32)); + if (verbose) { + printf("Recovering key for:\n"); + printf(" uid: %08x\n", uid); + printf(" nt_0: %08x\n", nt0); + printf(" {nr_0}: %08x\n", nr0_enc); + printf(" {ar_0}: %08x\n", ar0_enc); + printf(" nt_1: %08x\n", nt1); + printf(" {nr_1}: %08x\n", nr1_enc); + printf(" {ar_1}: %08x\n", ar1_enc); + printf("\nLFSR succesors of the tag challenge:\n"); + printf(" nt': %08x\n", p640); + printf(" nt'': %08x\n", prng_successor(p640, 32)); + } s = lfsr_recovery32(ar0_enc ^ p640, 0); @@ -253,7 +254,6 @@ bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) { crypto1_word(t, uid ^ nt1, 0); crypto1_word(t, nr1_enc, 1); if (ar1_enc == (crypto1_word(t, 0, 0) ^ p641)) { - //PrintAndLog("Found Key: [%012"llx"]",key); outkey=key; ++counter; if (counter==20) break; diff --git a/client/nonce2key/nonce2key.h b/client/nonce2key/nonce2key.h index e8e2a01b8..026b8cfc4 100644 --- a/client/nonce2key/nonce2key.h +++ b/client/nonce2key/nonce2key.h @@ -27,8 +27,8 @@ extern int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, uint32_t nr, uint64_t ks_info, uint64_t * key); //iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim" -bool tryMfk32(nonces_t data, uint64_t *outputkey ); -bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey ); // <<-- this one has best success +bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose ); +bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose); // <<-- this one has best success int tryMfk64_ex(uint8_t *data, uint64_t *outputkey ); int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey); #endif diff --git a/tools/mfkey/.gitignore b/tools/mfkey/.gitignore new file mode 100644 index 000000000..ec7f413e5 --- /dev/null +++ b/tools/mfkey/.gitignore @@ -0,0 +1,7 @@ +mfkey32 +mfkey32v2 +mfkey64 + +mfkey32.exe +mfkey32v2.exe +mfkey64.exe