proxmark3/client/cmdhfmfdesfire.c

//-----------------------------------------------------------------------------
// Copyright (C) 2014 Andy Davies
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency MIFARE commands
//-----------------------------------------------------------------------------

#include "cmdhfmf.h"
#include "util.h"
#include <openssl/des.h>
#include <openssl/aes.h>

static int CmdHelp(const char *Cmd);

//DESFIRE
// Reader 2 Card : 020A, key (1 byte), CRC1 CRC2 ; auth (020a00)
// Card 2 Reader : 02AF, 8 Bytes(b0), CRC1 CRC2
// Reader 2 Card : 03AF, 8 Bytes(b1),8 bytes(b2), CRC1 CRC2
// Card 2 Reader : 0300, 8 bytes(b3), CRC1 CRC2 ; success

//send 020A00, receive enc(nc)

//02AE = error
//receive b3=enc(r4)
//r5=dec(b3)
//n'r=rol(r5)
//verify n'r=nr

int CmdHF14AMfDESAuth(const char *Cmd){
        
    uint8_t blockNo = 0;
    //keyNo=0;
    uint32_t cuid=0;
    uint8_t reply[16];
    //DES_cblock r1_b1;
    uint8_t b1[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t b2[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    DES_cblock nr,  b0, r1, r0;
    
    
    uint8_t key[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    //DES_cblock iv={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    DES_key_schedule ks1;
    DES_cblock key1;

    if (strlen(Cmd)<1) {
        PrintAndLog("Usage:  hf desfire des-auth k <key number>");
        PrintAndLog("        sample: hf desfire des-auth k 0");
        return 0;
    } 
    
    //Change key to user defined one
    
    memcpy(key1,key,8);
    //memcpy(key2,key+8,8);
    DES_set_key((DES_cblock *)key1,&ks1);
    //DES_set_key((DES_cblock *)key2,&ks2);
        
    //Auth1
    UsbCommand c = {CMD_MIFARE_DES_AUTH1, {blockNo}};
    SendCommand(&c);
    UsbCommand resp;
    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
        uint8_t isOK  = resp.arg[0] & 0xff;
	        cuid  = resp.arg[1];
        uint8_t * data= resp.d.asBytes;

         if (isOK){
             PrintAndLog("enc(nc)/b0:%s", sprint_hex(data+2,8));
             memcpy(b0,data+2,8);
	}
    } else {
        PrintAndLog("Command execute timeout");
    }
       
    //Do crypto magic
    DES_random_key(&nr);
    //b1=dec(nr)
    //r0=dec(b0)
    DES_ecb_encrypt(&nr,&b1,&ks1,0);
    DES_ecb_encrypt(&b0,&r0,&ks1,0);
    //PrintAndLog("b1:%s",sprint_hex(b1, 8));
    PrintAndLog("r0:%s",sprint_hex(r0, 8));
    //r1=rol(r0)
    memcpy(r1,r0,8);
    rol(r1,8);
    PrintAndLog("r1:%s",sprint_hex(r1, 8));
    for(int i=0;i<8;i++){   
      b2[i]=(r1[i] ^ b1[i]);
    }
    DES_ecb_encrypt(&b2,&b2,&ks1,0);
    //PrintAndLog("b1:%s",sprint_hex(b1, 8));
    PrintAndLog("b2:%s",sprint_hex(b2, 8));

    //Auth2
    UsbCommand d = {CMD_MIFARE_DES_AUTH2, {cuid}};
    memcpy(reply,b1,8);
    memcpy(reply+8,b2,8);
    memcpy(d.d.asBytes,reply, 16);
    SendCommand(&d);

    UsbCommand respb;
    if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
        uint8_t  isOK  = respb.arg[0] & 0xff;
        uint8_t * data2= respb.d.asBytes;

        if (isOK){
            PrintAndLog("b3:%s", sprint_hex(data2+2, 8));
	}
                 
    } else {
        PrintAndLog("Command execute timeout");
    } 
    return 1;
}

//EV1
// Reader 2 Card : 02AA, key (1 byte), CRC1 CRC2 ; auth
// Card 2 Reader : 02AF, 16 Bytes(b0), CRC1 CRC2
// Reader 2 Card : 03AF, 16 Bytes(b1),16Bytes(b2) CRC1 CRC2
// Card 2 Reader : 0300, 16 bytes(b3), CRC1 CRC2 ; success
int CmdHF14AMfAESAuth(const char *Cmd){
        
    uint8_t blockNo = 0;
    //keyNo=0;
    uint32_t cuid=0;
    uint8_t reply[32];
    //DES_cblock r1_b1;
    //unsigned char * b1, b2, nr, b0, r0, r1;
    
    uint8_t b1[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t b2[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t nr[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t b0[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t r0[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t r1[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    //
    uint8_t key[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    uint8_t iv[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
    AES_KEY key_e;
    AES_KEY key_d;

    if (strlen(Cmd)<1) {
        PrintAndLog("Usage:  hf desfire aes-auth k <key number>");
        PrintAndLog("        sample: hf desfire aes-auth k 0");
        return 0;
    } 
    
    //Change key to user defined one
    //
    // int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key);
     //int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key);
	//
    //memcpy(key1,key,16);
    //memcpy(key2,key+8,8);
    AES_set_encrypt_key(key,128,&key_e);
    AES_set_decrypt_key(key,128,&key_d);
        
    //Auth1
    UsbCommand c = {CMD_MIFARE_DES_AUTH1, {blockNo}};
    SendCommand(&c);
    UsbCommand resp;
    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
        uint8_t isOK  = resp.arg[0] & 0xff;
	        cuid  = resp.arg[1];
        uint8_t * data= resp.d.asBytes;

         if (isOK){
             PrintAndLog("enc(nc)/b0:%s", sprint_hex(data+2,16));
             memcpy(b0,data+2,16);
	}
    } else {
        PrintAndLog("Command execute timeout");
    }
    //
    // void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
	//size_t length, const AES_KEY *key,
	//unsigned char *ivec, const int enc);
    
   //Do crypto magic
    //DES_random_key(&nr);
    //b1=dec(nr)
    //r0=dec(b0)
    //AES_cbc_encrypt(&nr,&b1,16,&key,0);
    AES_cbc_encrypt(&b0,&r0,16,&key_d,iv,0);
    //PrintAndLog("b1:%s",sprint_hex(b1, 8));
    PrintAndLog("r0:%s",sprint_hex(r0, 16));
    //r1=rol(r0)
    memcpy(r1,r0,16);
    rol(r1,8);
    PrintAndLog("r1:%s",sprint_hex(r1, 16));
    for(int i=0;i<16;i++){
      b1[i]=(nr[i] ^ b0[i]);
      b2[i]=(r1[i] ^ b1[i]);
    }
    PrintAndLog("nr:%s",sprint_hex(nr, 16));
    AES_cbc_encrypt(&b1,&b1,16,&key_e,iv,1);
    AES_cbc_encrypt(&b2,&b2,16,&key_e,iv,1);
    PrintAndLog("b1:%s",sprint_hex(b1, 16));
    PrintAndLog("b2:%s",sprint_hex(b2, 16));

    //Auth2
    UsbCommand d = {CMD_MIFARE_DES_AUTH2, {cuid}};
    memcpy(reply,b1,16);
    memcpy(reply+16,b2,16);
    memcpy(d.d.asBytes,reply, 32);
    SendCommand(&d);

    UsbCommand respb;
    if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
        uint8_t  isOK  = respb.arg[0] & 0xff;
        uint8_t * data2= respb.d.asBytes;

        if (isOK){
            PrintAndLog("b3:%s", sprint_hex(data2+2, 16));
	}
                 
    } else {
        PrintAndLog("Command execute timeout");
    } 
    return 1;
}


//------------------------------------
// Menu Stuff
//------------------------------------
static command_t CommandTable[] =
{
    {"help",    CmdHelp,		1,"This help"},
    {"dbg",     CmdHF14AMfDbg,		0,"Set default debug mode"},
    {"des-auth",CmdHF14AMfDESAuth,	0,"Desfire Authentication"},
    {"ev1-auth",CmdHF14AMfAESAuth,	0,"EV1 Authentication"},
    {NULL, NULL, 0, NULL}
};

int CmdHFMFDesfire(const char *Cmd){
    // flush
    WaitForResponseTimeout(CMD_ACK,NULL,100);
    CmdsParse(CommandTable, Cmd);
    return 0;
}

int CmdHelp(const char *Cmd){
    CmdsHelp(CommandTable);
    return 0;
}