projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
chg: cleaning out timing.
[proxmark3-svn] / client / cmdanalyse.c
CommitLineData
812513bf 1//-----------------------------------------------------------------------------
2// Copyright (C) 2016 iceman
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Analyse bytes commands
9//-----------------------------------------------------------------------------
10#include "cmdanalyse.h"
b403c300 11#include "nonce2key/nonce2key.h"
812513bf 12
13static int CmdHelp(const char *Cmd);
14
15int usage_analyse_lcr(void) {
16 PrintAndLog("Specifying the bytes of a UID with a known LRC will find the last byte value");
17 PrintAndLog("needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX.");
18 PrintAndLog("");
19 PrintAndLog("Usage: analyse lcr [h] <bytes>");
20 PrintAndLog("Options:");
21 PrintAndLog(" h This help");
22 PrintAndLog(" <bytes> bytes to calc missing XOR in a LCR");
23 PrintAndLog("");
24 PrintAndLog("Samples:");
905c55de 25 PrintAndLog(" analyse lcr 04008064BA");
812513bf 26 PrintAndLog("expected output: Target (BA) requires final LRC XOR byte value: 5A");
27 return 0;
28}
53b3c3e8 29int usage_analyse_checksum(void) {
30 PrintAndLog("The bytes will be added with eachother and than limited with the applied mask");
31 PrintAndLog("Finally compute ones' complement of the least significant bytes");
32 PrintAndLog("");
026ac759 33 PrintAndLog("Usage: analyse chksum [h] [v] b <bytes> m <mask>");
53b3c3e8 34 PrintAndLog("Options:");
35 PrintAndLog(" h This help");
026ac759 36 PrintAndLog(" v supress header");
53b3c3e8 37 PrintAndLog(" b <bytes> bytes to calc missing XOR in a LCR");
38 PrintAndLog(" m <mask> bit mask to limit the outpuyt");
39 PrintAndLog("");
40 PrintAndLog("Samples:");
905c55de 41 PrintAndLog(" analyse chksum b 137AF00A0A0D m FF");
53b3c3e8 42 PrintAndLog("expected output: 0x61");
43 return 0;
44}
53b3c3e8 45int usage_analyse_crc(void){
46 PrintAndLog("A stub method to test different crc implementations inside the PM3 sourcecode. Just because you figured out the poly, doesn't mean you get the desired output");
47 PrintAndLog("");
48 PrintAndLog("Usage: analyse crc [h] <bytes>");
49 PrintAndLog("Options:");
50 PrintAndLog(" h This help");
51 PrintAndLog(" <bytes> bytes to calc crc");
52 PrintAndLog("");
53 PrintAndLog("Samples:");
905c55de 54 PrintAndLog(" analyse crc 137AF00A0A0D");
53b3c3e8 55 return 0;
56}
09bb01c7 57int usage_analyse_hid(void){
58 PrintAndLog("Permute function from 'heart of darkness' paper.");
59 PrintAndLog("");
60 PrintAndLog("Usage: analyse hid [h] <r|f> <bytes>");
61 PrintAndLog("Options:");
62 PrintAndLog(" h This help");
63 PrintAndLog(" r reverse permuted key");
64 PrintAndLog(" f permute key");
65 PrintAndLog(" <bytes> input bytes");
66 PrintAndLog("");
67 PrintAndLog("Samples:");
905c55de 68 PrintAndLog(" analyse hid r 0123456789abcdef");
69 return 0;
70}
71int usage_analyse_nuid(void){
72 PrintAndLog("Generate 4byte NUID from 7byte UID");
73 PrintAndLog("");
74 PrintAndLog("Usage: analyse hid [h] <bytes>");
75 PrintAndLog("Options:");
76 PrintAndLog(" h This help");
77 PrintAndLog(" <bytes> input bytes (14 hexsymbols)");
78 PrintAndLog("");
79 PrintAndLog("Samples:");
80 PrintAndLog(" analyse nuid 11223344556677");
09bb01c7 81 return 0;
82}
53b3c3e8 83
812513bf 84static uint8_t calculateLRC( uint8_t* bytes, uint8_t len) {
85 uint8_t LRC = 0;
86 for (uint8_t i = 0; i < len; i++)
87 LRC ^= bytes[i];
88 return LRC;
89}
53b3c3e8 90
62dc7d4a 91static uint16_t calcSumCrumbAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
53b3c3e8 92 uint8_t sum = 0;
93 for (uint8_t i = 0; i < len; i++) {
94 sum += CRUMB(bytes[i], 0);
95 sum += CRUMB(bytes[i], 2);
96 sum += CRUMB(bytes[i], 4);
97 sum += CRUMB(bytes[i], 6);
98 }
6c283951 99 sum &= mask;
53b3c3e8 100 return sum;
101}
62dc7d4a 102static uint16_t calcSumCrumbAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
f054036a 103 return (~calcSumCrumbAdd(bytes, len, mask) & mask);
53b3c3e8 104}
62dc7d4a 105static uint16_t calcSumNibbleAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
53b3c3e8 106 uint8_t sum = 0;
107 for (uint8_t i = 0; i < len; i++) {
108 sum += NIBBLE_LOW(bytes[i]);
109 sum += NIBBLE_HIGH(bytes[i]);
110 }
6c283951 111 sum &= mask;
53b3c3e8 112 return sum;
113}
62dc7d4a 114static uint16_t calcSumNibbleAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask){
f054036a 115 return (~calcSumNibbleAdd(bytes, len, mask) & mask);
53b3c3e8 116}
62dc7d4a 117static uint16_t calcSumCrumbXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
2c601080 118 uint8_t sum = 0;
119 for (uint8_t i = 0; i < len; i++) {
120 sum ^= CRUMB(bytes[i], 0);
121 sum ^= CRUMB(bytes[i], 2);
122 sum ^= CRUMB(bytes[i], 4);
123 sum ^= CRUMB(bytes[i], 6);
124 }
125 sum &= mask;
126 return sum;
127}
62dc7d4a 128static uint16_t calcSumNibbleXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
32da0a46 129 uint8_t sum = 0;
130 for (uint8_t i = 0; i < len; i++) {
131 sum ^= NIBBLE_LOW(bytes[i]);
132 sum ^= NIBBLE_HIGH(bytes[i]);
133 }
2c601080 134 sum &= mask;
32da0a46 135 return sum;
136}
62dc7d4a 137static uint16_t calcSumByteXor( uint8_t* bytes, uint8_t len, uint32_t mask) {
32da0a46 138 uint8_t sum = 0;
139 for (uint8_t i = 0; i < len; i++)
140 sum ^= bytes[i];
141 sum &= mask;
142 return sum;
143}
62dc7d4a 144static uint16_t calcSumByteAdd( uint8_t* bytes, uint8_t len, uint32_t mask) {
53b3c3e8 145 uint8_t sum = 0;
146 for (uint8_t i = 0; i < len; i++)
147 sum += bytes[i];
6c283951 148 sum &= mask;
53b3c3e8 149 return sum;
150}
151// Ones complement
62dc7d4a 152static uint16_t calcSumByteAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
f054036a 153 return (~calcSumByteAdd(bytes, len, mask) & mask);
53b3c3e8 154}
155
62dc7d4a 156static uint16_t calcSumByteSub( uint8_t* bytes, uint8_t len, uint32_t mask) {
53b3c3e8 157 uint8_t sum = 0;
158 for (uint8_t i = 0; i < len; i++)
159 sum -= bytes[i];
6c283951 160 sum &= mask;
53b3c3e8 161 return sum;
162}
62dc7d4a 163static uint16_t calcSumByteSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask){
f054036a 164 return (~calcSumByteSub(bytes, len, mask) & mask);
53b3c3e8 165}
62dc7d4a 166static uint16_t calcSumNibbleSub( uint8_t* bytes, uint8_t len, uint32_t mask) {
53b3c3e8 167 uint8_t sum = 0;
168 for (uint8_t i = 0; i < len; i++) {
169 sum -= NIBBLE_LOW(bytes[i]);
170 sum -= NIBBLE_HIGH(bytes[i]);
171 }
6c283951 172 sum &= mask;
53b3c3e8 173 return sum;
174}
62dc7d4a 175static uint16_t calcSumNibbleSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask) {
f054036a 176 return (~calcSumNibbleSub(bytes, len, mask) & mask);
53b3c3e8 177}
178
62dc7d4a 179// BSD shift checksum 8bit version
180static uint16_t calcBSDchecksum8( uint8_t* bytes, uint8_t len, uint32_t mask){
181 uint16_t sum = 0;
182 for(uint8_t i = 0; i < len; i++){
183 sum = ((sum & 0xFF) >> 1) | ((sum & 0x1) << 7); // rotate accumulator
184 sum += bytes[i]; // add next byte
185 sum &= 0xFF; //
186 }
187 sum &= mask;
188 return sum;
189}
190// BSD shift checksum 4bit version
191static uint16_t calcBSDchecksum4( uint8_t* bytes, uint8_t len, uint32_t mask){
192 uint16_t sum = 0;
193 for(uint8_t i = 0; i < len; i++){
194 sum = ((sum & 0xF) >> 1) | ((sum & 0x1) << 3); // rotate accumulator
195 sum += NIBBLE_HIGH(bytes[i]); // add high nibble
196 sum &= 0xF; //
197 sum = ((sum & 0xF) >> 1) | ((sum & 0x1) << 3); // rotate accumulator
198 sum += NIBBLE_LOW(bytes[i]); // add low nibble
199 sum &= 0xF; //
200 }
201 sum &= mask;
202 return sum;
203}
204
b403c300 205// measuring LFSR maximum length
206int CmdAnalyseLfsr(const char *Cmd){
207
208 uint16_t start_state = 0; /* Any nonzero start state will work. */
209 uint16_t lfsr = start_state;
210 //uint32_t period = 0;
211
212 uint8_t iv = param_get8ex(Cmd, 0, 0, 16);
213 uint8_t find = param_get8ex(Cmd, 1, 0, 16);
214
215 printf("LEGIC LFSR IV 0x%02X: \n", iv);
216 printf(" bit# | lfsr | ^0x40 | 0x%02X ^ lfsr \n",find);
217
218 for (uint8_t i = 0x01; i < 0x30; i += 1) {
219 //period = 0;
220 legic_prng_init(iv);
221 legic_prng_forward(i);
222 lfsr = legic_prng_get_bits(12);
223
224 printf(" %02X | %03X | %03X | %03X \n",i, lfsr, 0x40 ^ lfsr, find ^ lfsr);
225 }
226 return 0;
227}
812513bf 228int CmdAnalyseLCR(const char *Cmd) {
229 uint8_t data[50];
230 char cmdp = param_getchar(Cmd, 0);
231 if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_lcr();
232
233 int len = 0;
234 param_gethex_ex(Cmd, 0, data, &len);
235 if ( len%2 ) return usage_analyse_lcr();
236 len >>= 1;
237 uint8_t finalXor = calculateLRC(data, len);
238 PrintAndLog("Target [%02X] requires final LRC XOR byte value: 0x%02X",data[len-1] ,finalXor);
239 return 0;
240}
53b3c3e8 241int CmdAnalyseCRC(const char *Cmd) {
242
243 char cmdp = param_getchar(Cmd, 0);
244 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_analyse_crc();
245
246 int len = strlen(Cmd);
247 if ( len & 1 ) return usage_analyse_crc();
248
249 // add 1 for null terminator.
250 uint8_t *data = malloc(len+1);
251 if ( data == NULL ) return 1;
252
253 if ( param_gethex(Cmd, 0, data, len)) {
254 free(data);
255 return usage_analyse_crc();
256 }
257 len >>= 1;
258
6c283951 259 //PrintAndLog("\nTests with '%s' hex bytes", sprint_hex(data, len));
53b3c3e8 260
261 PrintAndLog("\nTests of reflection. Two current methods in source code");
262 PrintAndLog(" reflect(0x3e23L,3) is %04X == 0x3e26", reflect(0x3e23L,3) );
263 PrintAndLog(" SwapBits(0x3e23L,3) is %04X == 0x3e26", SwapBits(0x3e23L,3) );
264 PrintAndLog(" 0xB400 == %04X", reflect( (1 << 16 | 0xb400),16) );
265
266 //
267 // Test of CRC16, '123456789' string.
268 //
269 PrintAndLog("\nTests with '123456789' string");
270 uint8_t dataStr[] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39 };
271 uint8_t legic8 = CRC8Legic(dataStr, sizeof(dataStr));
272
53b3c3e8 273 PrintAndLog("LEGIC: CRC16: %X", CRC16Legic(dataStr, sizeof(dataStr), legic8));
274
275 //these below has been tested OK.
276 PrintAndLog("Confirmed CRC Implementations");
277 PrintAndLog("LEGIC: CRC8 : %X (0xC6 expected)", legic8);
278 PrintAndLog("MAXIM: CRC8 : %X (0xA1 expected)", CRC8Maxim(dataStr, sizeof(dataStr)));
279 PrintAndLog("DNP : CRC16: %X (0x82EA expected)", CRC16_DNP(dataStr, sizeof(dataStr)));
df007486 280 PrintAndLog("CCITT: CRC16: %X (0xE5CC expected)", CRC16_CCITT(dataStr, sizeof(dataStr)));
281
282 PrintAndLog("ICLASS org: CRC16: %X (0x expected)",iclass_crc16( (char*)dataStr, sizeof(dataStr)));
283 PrintAndLog("ICLASS ice: CRC16: %X (0x expected)",CRC16_ICLASS(dataStr, sizeof(dataStr)));
284
285
286
287 uint8_t dataStr1234[] = { 0x1,0x2,0x3,0x4};
288 PrintAndLog("ISO15693 org: : CRC16: %X (0xF0B8 expected)", Iso15693Crc(dataStr1234, sizeof(dataStr1234)));
289 PrintAndLog("ISO15693 ice: : CRC16: %X (0xF0B8 expected)", CRC16_Iso15693(dataStr1234, sizeof(dataStr1234)));
53b3c3e8 290
291 free(data);
292 return 0;
293}
294int CmdAnalyseCHKSUM(const char *Cmd){
295
296 uint8_t data[50];
297 uint8_t cmdp = 0;
2c601080 298 uint32_t mask = 0xFFFF;
53b3c3e8 299 bool errors = false;
62dc7d4a 300 bool useHeader = false;
53b3c3e8 301 int len = 0;
5f7e30f8 302 memset(data, 0x0, sizeof(data));
53b3c3e8 303
304 while(param_getchar(Cmd, cmdp) != 0x00) {
305 switch(param_getchar(Cmd, cmdp)) {
306 case 'b':
307 case 'B':
308 param_gethex_ex(Cmd, cmdp+1, data, &len);
309 if ( len%2 ) errors = true;
310 len >>= 1;
311 cmdp += 2;
312 break;
313 case 'm':
314 case 'M':
315 mask = param_get32ex(Cmd, cmdp+1, 0, 16);
316 cmdp += 2;
317 break;
62dc7d4a 318 case 'v':
319 case 'V':
320 useHeader = true;
321 cmdp++;
322 break;
53b3c3e8 323 case 'h':
324 case 'H':
325 return usage_analyse_checksum();
326 default:
327 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
328 errors = true;
329 break;
330 }
331 if(errors) break;
332 }
333 //Validations
334 if(errors) return usage_analyse_checksum();
335
62dc7d4a 336 if (useHeader) {
337 PrintAndLog(" add | sub | add 1's compl | sub 1's compl | xor");
f054036a 338 PrintAndLog("byte nibble crumb | byte nibble | byte nibble cumb | byte nibble | byte nibble cumb | BSD |");
62dc7d4a 339 PrintAndLog("------------------+-------------+------------------+-----------------+--------------------");
340 }
f054036a 341 PrintAndLog("0x%X 0x%X 0x%X | 0x%X 0x%X | 0x%X 0x%X 0x%X | 0x%X 0x%X | 0x%X 0x%X 0x%X | 0x%X 0x%X |\n",
2c601080 342 calcSumByteAdd(data, len, mask)
343 , calcSumNibbleAdd(data, len, mask)
344 , calcSumCrumbAdd(data, len, mask)
345 , calcSumByteSub(data, len, mask)
346 , calcSumNibbleSub(data, len, mask)
347 , calcSumByteAddOnes(data, len, mask)
348 , calcSumNibbleAddOnes(data, len, mask)
349 , calcSumCrumbAddOnes(data, len, mask)
350 , calcSumByteSubOnes(data, len, mask)
351 , calcSumNibbleSubOnes(data, len, mask)
352 , calcSumByteXor(data, len, mask)
353 , calcSumNibbleXor(data, len, mask)
354 , calcSumCrumbXor(data, len, mask)
62dc7d4a 355 , calcBSDchecksum8(data, len, mask)
f054036a 356 , calcBSDchecksum4(data, len, mask)
2c601080 357 );
53b3c3e8 358 return 0;
359}
812513bf 360
5558d935 361int CmdAnalyseDates(const char *Cmd){
362 // look for datestamps in a given array of bytes
53b3c3e8 363 PrintAndLog("To be implemented. Feel free to contribute!");
5558d935 364 return 0;
365}
16658b1f 366int CmdAnalyseTEASelfTest(const char *Cmd){
367
368 uint8_t v[8], v_le[8];
369 memset(v, 0x00, sizeof(v));
370 memset(v_le, 0x00, sizeof(v_le));
371 uint8_t* v_ptr = v_le;
372
373 uint8_t cmdlen = strlen(Cmd);
374 cmdlen = ( sizeof(v)<<2 < cmdlen ) ? sizeof(v)<<2 : cmdlen;
375
376 if ( param_gethex(Cmd, 0, v, cmdlen) > 0 ){
377 PrintAndLog("can't read hex chars, uneven? :: %u", cmdlen);
378 return 1;
379 }
380
381 SwapEndian64ex(v , 8, 4, v_ptr);
382
383 // ENCRYPTION KEY:
384 uint8_t key[16] = {0x55,0xFE,0xF6,0x30,0x62,0xBF,0x0B,0xC1,0xC9,0xB3,0x7C,0x34,0x97,0x3E,0x29,0xFB };
385 uint8_t keyle[16];
386 uint8_t* key_ptr = keyle;
387 SwapEndian64ex(key , sizeof(key), 4, key_ptr);
388
389 PrintAndLog("TEST LE enc| %s", sprint_hex(v_ptr, 8));
390
391 tea_decrypt(v_ptr, key_ptr);
392 PrintAndLog("TEST LE dec | %s", sprint_hex_ascii(v_ptr, 8));
393
394 tea_encrypt(v_ptr, key_ptr);
395 tea_encrypt(v_ptr, key_ptr);
396 PrintAndLog("TEST enc2 | %s", sprint_hex_ascii(v_ptr, 8));
397
398 return 0;
399}
5558d935 400
b403c300 401int CmdAnalyseA(const char *Cmd){
09bb01c7 402/*
403piwi
404// uid(2e086b1a) nt(230736f6) ks(0b0008000804000e) nr(000000000)
405// uid(2e086b1a) nt(230736f6) ks(0e0b0e0b090c0d02) nr(000000001)
406// uid(2e086b1a) nt(230736f6) ks(0e05060e01080b08) nr(000000002)
407uint64_t d1[] = {0x2e086b1a, 0x230736f6, 0x0000001, 0x0e0b0e0b090c0d02};
408uint64_t d2[] = {0x2e086b1a, 0x230736f6, 0x0000002, 0x0e05060e01080b08};
b403c300 409
09bb01c7 410// uid(17758822) nt(c0c69e59) ks(080105020705040e) nr(00000001)
411// uid(17758822) nt(c0c69e59) ks(01070a05050c0705) nr(00000002)
412uint64_t d1[] = {0x17758822, 0xc0c69e59, 0x0000001, 0x080105020705040e};
413uint64_t d2[] = {0x17758822, 0xc0c69e59, 0x0000002, 0x01070a05050c0705};
414
415// uid(6e442129) nt(8f699195) ks(090d0b0305020f02) nr(00000001)
416// uid(6e442129) nt(8f699195) ks(03030508030b0c0e) nr(00000002)
417// uid(6e442129) nt(8f699195) ks(02010f030c0d050d) nr(00000003)
418// uid(6e442129) nt(8f699195) ks(00040f0f0305030e) nr(00000004)
419uint64_t d1[] = {0x6e442129, 0x8f699195, 0x0000001, 0x090d0b0305020f02};
420uint64_t d2[] = {0x6e442129, 0x8f699195, 0x0000004, 0x00040f0f0305030e};
421
422uid(3e172b29) nt(039b7bd2) ks(0c0e0f0505080800) nr(00000001)
423uid(3e172b29) nt(039b7bd2) ks(0e06090d03000b0f) nr(00000002)
424*/
425 uint64_t key = 0;
426 uint64_t d1[] = {0x3e172b29, 0x039b7bd2, 0x0000001, 0x0c0e0f0505080800};
427 uint64_t d2[] = {0x3e172b29, 0x039b7bd2, 0x0000002, 0x0e06090d03000b0f};
428
429 nonce2key_ex(0, 0 , d1[0], d1[1], d1[2], d1[3], &key);
430 nonce2key_ex(0, 0 , d2[0], d2[1], d2[2], d2[3], &key);
431 return 0;
432}
b403c300 433
09bb01c7 434static void permute(uint8_t *data, uint8_t len, uint8_t *output){
435#define KEY_SIZE 8
b403c300 436
09bb01c7 437 if ( len > KEY_SIZE ) {
438 for(uint8_t m = 0; m < len; m += KEY_SIZE){
439 permute(data+m, KEY_SIZE, output+m);
440 }
441 return;
442 }
443 if ( len != KEY_SIZE ) {
444 printf("wrong key size\n");
445 return;
446 }
447 uint8_t i,j,p, mask;
448 for( i=0; i < KEY_SIZE; ++i){
449 p = 0;
450 mask = 0x80 >> i;
451 for( j=0; j < KEY_SIZE; ++j){
452 p >>= 1;
453 if (data[j] & mask)
454 p |= 0x80;
455 }
456 output[i] = p;
457 }
458}
459static void permute_rev(uint8_t *data, uint8_t len, uint8_t *output){
460 permute(data, len, output);
461 permute(output, len, data);
462 permute(data, len, output);
463}
464static void simple_crc(uint8_t *data, uint8_t len, uint8_t *output){
465 uint8_t crc = 0;
466 for( uint8_t i=0; i < len; ++i){
467 // seventh byte contains the crc.
468 if ( (i & 0x7) == 0x7 ) {
469 output[i] = crc ^ 0xFF;
470 crc = 0;
471 } else {
472 output[i] = data[i];
473 crc ^= data[i];
474 }
475 }
476}
477// DES doesn't use the MSB.
478static void shave(uint8_t *data, uint8_t len){
479 for (uint8_t i=0; i<len; ++i)
480 data[i] &= 0xFE;
481}
482static void generate_rev(uint8_t *data, uint8_t len) {
483 uint8_t *key = calloc(len,1);
484 printf("input permuted key | %s \n", sprint_hex(data, len));
485 permute_rev(data, len, key);
486 printf(" unpermuted key | %s \n", sprint_hex(key, len));
487 shave(key, len);
488 printf(" key | %s \n", sprint_hex(key, len));
489 free(key);
490}
491static void generate(uint8_t *data, uint8_t len) {
492 uint8_t *key = calloc(len,1);
493 uint8_t *pkey = calloc(len,1);
494 printf(" input key | %s \n", sprint_hex(data, len));
495 permute(data, len, pkey);
496 printf(" permuted key | %s \n", sprint_hex(pkey, len));
497 simple_crc(pkey, len, key );
498 printf(" CRC'ed key | %s \n", sprint_hex(key, len));
499 free(key);
500 free(pkey);
501}
502int CmdAnalyseHid(const char *Cmd){
b403c300 503
ea1c1ca6 504 uint8_t key[8] = {0};
505 uint8_t key_std_format[8] = {0};
506 uint8_t key_iclass_format[8] = {0};
09bb01c7 507 uint8_t data[16] = {0};
508 bool isReverse = FALSE;
509 int len = 0;
510 char cmdp = param_getchar(Cmd, 0);
511 if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_hid();
512
513 if ( cmdp == 'r' || cmdp == 'R' )
514 isReverse = TRUE;
515
516 param_gethex_ex(Cmd, 1, data, &len);
517 if ( len%2 ) return usage_analyse_hid();
518
ea1c1ca6 519 len >>= 1;
520
521 memcpy(key, data, 8);
522
523 if ( isReverse ) {
09bb01c7 524 generate_rev(data, len);
ea1c1ca6 525 permutekey_rev(key, key_std_format);
526 printf(" holiman iclass key | %s \n", sprint_hex(key_std_format, 8));
527 }
528 else {
09bb01c7 529 generate(data, len);
ea1c1ca6 530 permutekey(key, key_iclass_format);
531 printf(" holiman std key | %s \n", sprint_hex(key_iclass_format, 8));
532 }
b403c300 533 return 0;
534}
535
905c55de 536void generate4bNUID(uint8_t *uid, uint8_t *nuid){
537 uint16_t crc;
538 uint8_t first, second;
539
540 ComputeCrc14443(CRC_14443_A, uid, 3, &first, &second);
541 nuid[0] |= (second & 0xE0) | 0xF;
542 nuid[1] = first;
543
544 crc = first;
545 crc |= second << 8;
546
547 UpdateCrc14443(uid[3], &crc);
548 UpdateCrc14443(uid[4], &crc);
549 UpdateCrc14443(uid[5], &crc);
550 UpdateCrc14443(uid[6], &crc);
551
552 nuid[2] = (crc >> 8) & 0xFF ;
553 nuid[3] = crc & 0xFF;
554}
555
556int CmdAnalyseNuid(const char *Cmd){
557 uint8_t nuid[4] = {0};
558 uint8_t uid[7] = {0};
559 int len = 0;
560 char cmdp = param_getchar(Cmd, 0);
561 if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_nuid();
562
563 /* selftest UID 040D681AB52281 -> NUID 8F430FEF */
564 if (cmdp == 't' || cmdp == 'T') {
565 memcpy(uid, "\x04\x0d\x68\x1a\xb5\x22\x81", 7);
566 generate4bNUID(uid, nuid);
567 if ( 0 == memcmp(nuid, "\x8f\x43\x0f\xef", 4))
568 printf("Selftest OK\n");
569 else
570 printf("Selftest Failed\n");
571 return 0;
572 }
573
574 param_gethex_ex(Cmd, 0, uid, &len);
575 if ( len%2 || len != 14) return usage_analyse_nuid();
576
577 generate4bNUID(uid, nuid);
578
579 printf("UID | %s \n", sprint_hex(uid, 7));
580 printf("NUID | %s \n", sprint_hex(nuid, 4));
581 return 0;
582}
812513bf 583static command_t CommandTable[] = {
5558d935 584 {"help", CmdHelp, 1, "This help"},
53b3c3e8 585 {"lcr", CmdAnalyseLCR, 1, "Generate final byte for XOR LRC"},
586 {"crc", CmdAnalyseCRC, 1, "Stub method for CRC evaluations"},
587 {"chksum", CmdAnalyseCHKSUM, 1, "Checksum with adding, masking and one's complement"},
588 {"dates", CmdAnalyseDates, 1, "Look for datestamps in a given array of bytes"},
16658b1f 589 {"tea", CmdAnalyseTEASelfTest, 1, "Crypto TEA test"},
b403c300 590 {"lfsr", CmdAnalyseLfsr, 1, "LFSR tests"},
591 {"a", CmdAnalyseA, 1, "num bits test"},
09bb01c7 592 {"hid", CmdAnalyseHid, 1, "Permute function from 'heart of darkness' paper"},
905c55de 593 {"nuid", CmdAnalyseNuid, 1, "create NUID from 7byte UID"},
812513bf 594 {NULL, NULL, 0, NULL}
595};
596
597int CmdAnalyse(const char *Cmd) {
598 clearCommandBuffer();
599 CmdsParse(CommandTable, Cmd);
600 return 0;
601}
602
603int CmdHelp(const char *Cmd) {
604 CmdsHelp(CommandTable);
605 return 0;
606}
Proxmark3 GIT tracking
Impressum, Datenschutz