projects / proxmark3-svn / blame
| Commit | Line | Data |
|---|---|---|
| de9b66bc BF |
1 | #include <stdio.h> |
| 2 | #include <stdlib.h> | |
| 3 | #include "des.h" | |
| 4 | ||
| 5 | int main(int argc, const char* argv[]) { | |
| 6 | des_context ctx; | |
| 7 | ||
| 8 | unsigned char key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; | |
| 9 | printf("Key: "); | |
| 10 | for (int i = 0; i < 8; i++) { | |
| 11 | printf("%02x ", key[i]); | |
| 12 | } | |
| 13 | printf("\n\n"); | |
| 14 | ||
| 15 | // This is the challange sent from PICC | |
| 16 | unsigned char ek0RandB[8] = {0x4f, 0xb1, 0xed, 0x2e, 0x11, 0x37, 0xd5, 0x1a}; | |
| 17 | ||
| 18 | if (argc == 8 + 1) { | |
| 19 | for (int i = 0 + 1; i < 8 + 1; i++) { | |
| 20 | ek0RandB[i - 1] = strtol(argv[i], NULL, 16); | |
| 21 | } | |
| 22 | } | |
| 23 | ||
| 24 | printf("ek0RandB (Challange): "); | |
| 25 | for (int i = 0; i < 8; i++) { | |
| 26 | printf("%02x ", ek0RandB[i]); | |
| 27 | } | |
| 28 | printf("\n\n"); | |
| 29 | ||
| 30 | unsigned char RandB[8]; | |
| 31 | unsigned char RandBP[8]; | |
| 32 | unsigned char ek0RandBP[8]; | |
| 33 | ||
| 34 | // TODO: Make this randomly generated | |
| 35 | unsigned char RandA[8] = {0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; | |
| 36 | unsigned char ek0RandA[8]; | |
| 37 | ||
| 38 | unsigned char sessionKey[8]; | |
| 39 | ||
| 40 | des_setkey_dec(&ctx, key); | |
| 41 | ||
| 42 | //Decrypt RandB from PICC | |
| 43 | des_crypt_ecb(&ctx, ek0RandB, RandB); | |
| 44 | ||
| 45 | printf("RandB: "); | |
| 46 | for (int i = 0; i < 8; i++) { | |
| 47 | printf("%02x ", RandB[i]); | |
| 48 | } | |
| 49 | printf("\n"); | |
| 50 | ||
| 51 | //Shift RandB left by 8 bits to produce RandB’ | |
| 52 | for (int x = 0; x < 7; x++) { | |
| 53 | RandBP[x] = RandB[x + 1]; | |
| 54 | } | |
| 55 | RandBP[7] = RandB[0]; | |
| 56 | ||
| 57 | printf("RandB’: "); | |
| 58 | for (int i = 0; i < 8; i++) { | |
| 59 | printf("%02x ", RandBP[i]); | |
| 60 | } | |
| 61 | printf("\n"); | |
| 62 | ||
| 63 | //Print RandA | |
| 64 | printf("RandA: "); | |
| 65 | for (int i = 0; i < 8; i++) { | |
| 66 | printf("%02x ", RandA[i]); | |
| 67 | } | |
| 68 | printf("\n\n"); | |
| 69 | ||
| 70 | //Encrypt RandA into ek0RandA | |
| 71 | des_crypt_ecb(&ctx, RandA, ek0RandA); | |
| 72 | ||
| 73 | printf("ek0RandA: "); | |
| 74 | for (int i = 0; i < 8; i++) { | |
| 75 | printf("%02x ", ek0RandA[i]); | |
| 76 | } | |
| 77 | printf("\n"); | |
| 78 | ||
| 79 | //Encrypt ( ek0RandA XOR RandB' ) for CBC Mode chaining | |
| 80 | for (int i = 0; i < 8; i++) { | |
| 81 | ek0RandBP[i] = RandBP[i] ^ ek0RandA[i]; | |
| 82 | } | |
| 83 | ||
| 84 | des_crypt_ecb(&ctx, ek0RandBP, ek0RandBP); | |
| 85 | ||
| 86 | printf("ek0(RandB' XOR ek0RandA): "); | |
| 87 | for (int i = 0; i < 8; i++) { | |
| 88 | printf("%02x ", ek0RandBP[i]); | |
| 89 | } | |
| 90 | printf("\n\n"); | |
| 91 | ||
| 92 | //Varibles used in checking for proper reply from PICC | |
| 93 | unsigned char RandAP[8]; | |
| 94 | unsigned char ek0RandAP[8]; | |
| 95 | ||
| 96 | //Shift RandA left by 8 bits to produce RandA’ | |
| 97 | for (int x = 0; x < 7; x++) { | |
| 98 | RandAP[x] = RandA[x + 1]; | |
| 99 | } | |
| 100 | RandAP[7] = RandA[0]; | |
| 101 | ||
| 102 | //Encrypt RandA' to check PICC's response. | |
| 103 | des_crypt_ecb(&ctx, RandAP, ek0RandAP); | |
| 104 | ||
| 105 | printf("ek0RandA' (Expected reply): "); | |
| 106 | for (int i = 0; i < 8; i++) { | |
| 107 | printf("%02x ", ek0RandAP[i]); | |
| 108 | } | |
| 109 | printf("\n"); | |
| 110 | ||
| 111 | //Create session key | |
| 112 | sessionKey[0] = RandA[0]; | |
| 113 | sessionKey[1] = RandA[1]; | |
| 114 | sessionKey[2] = RandA[2]; | |
| 115 | sessionKey[3] = RandA[3]; | |
| 116 | sessionKey[4] = RandB[0]; | |
| 117 | sessionKey[5] = RandB[1]; | |
| 118 | sessionKey[6] = RandB[2]; | |
| 119 | sessionKey[7] = RandB[3]; | |
| 120 | ||
| 121 | printf("Session Key: "); | |
| 122 | for (int i = 0; i < 8; i++) { | |
| 123 | printf("%02x ", sessionKey[i]); | |
| 124 | } | |
| 125 | printf("\n"); | |
| 126 | ||
| 127 | return 1; | |
| 128 | } | |
| 129 | ||
| 130 | /* | |
| 131 | Recorded Activity | |
| 132 | ||
| 133 | Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer | |
| 134 | All times are in carrier periods (1/13.56Mhz) | |
| 135 | ||
| 136 | Start | End | Src | Data | |
| 137 | -----------|-----------|-----|-------- | |
| 138 | 0 | 992 | Rdr | 52 | |
| 139 | 2228 | 4596 | Tag | 44 03 | |
| 140 | 1836032 | 1838496 | Rdr | 93 20 | |
| 141 | 1839668 | 1845492 | Tag | 88 04 6e 22 c0 | |
| 142 | 3806976 | 3817440 | Rdr | 93 70 88 04 6e 22 c0 dc b8 | |
| 143 | 3818676 | 3822196 | Tag | 24 d8 36 | |
| 144 | 5815808 | 5818272 | Rdr | 95 20 | |
| 145 | 5819444 | 5825268 | Tag | 72 63 34 80 a5 | |
| 146 | 7757824 | 7768288 | Rdr | 95 70 72 63 34 80 a5 a7 a5 | |
| 147 | 7769524 | 7773108 | Tag | 20 fc 70 | |
| 148 | 9715072 | 9719840 | Rdr | e0 80 31 73 | |
| 149 | 9721012 | 9730292 | Tag | 06 75 77 81 02 80 02 f0 | |
| 150 | 12074624 | 12080480 | Rdr | 02 0a 00 dc ed | |
| 151 | 12111924 | 12125812 | Tag | 02 af 4f b1 ed 2e 11 37 d5 1a bf 55 | |
| 152 | 229214720 | 229237856 | Rdr | 03 af f3 56 83 43 79 d1 65 cd 6c 6d 17 e8 14 6e 52 eb 6d 2b | |
| 153 | 229268916 | 229282804 | Tag | 03 00 0d 9f 27 9b a5 d8 72 60 f3 6f | |
| 154 | */ | |
| 155 | ||
| 156 | /* | |
| 157 | hf 14a raw -p -a -b 7 52 | |
| 158 | hf 14a raw -p 93 20 | |
| 159 | hf 14a raw -p -c 93 70 88 04 6e 22 c0 | |
| 160 | hf 14a raw -p 95 20 | |
| 161 | hf 14a raw -p -c 95 70 72 63 34 80 a5 | |
| 162 | hf 14a raw -p e0 80 31 73 | |
| 163 | hf 14a raw -p -c 02 0a 00 | |
| 164 | hf 14a raw -p -c 03 af ... | |
| 165 | */ |