812513bf |
1 | //----------------------------------------------------------------------------- |
2 | // Copyright (C) 2016 iceman |
3 | // |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
5 | // at your option, any later version. See the LICENSE.txt file for the text of |
6 | // the license. |
7 | //----------------------------------------------------------------------------- |
8 | // Analyse bytes commands |
9 | //----------------------------------------------------------------------------- |
10 | #include "cmdanalyse.h" |
b403c300 |
11 | #include "nonce2key/nonce2key.h" |
812513bf |
12 | |
13 | static int CmdHelp(const char *Cmd); |
14 | |
15 | int usage_analyse_lcr(void) { |
16 | PrintAndLog("Specifying the bytes of a UID with a known LRC will find the last byte value"); |
17 | PrintAndLog("needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX."); |
18 | PrintAndLog(""); |
19 | PrintAndLog("Usage: analyse lcr [h] <bytes>"); |
20 | PrintAndLog("Options:"); |
21 | PrintAndLog(" h This help"); |
22 | PrintAndLog(" <bytes> bytes to calc missing XOR in a LCR"); |
23 | PrintAndLog(""); |
24 | PrintAndLog("Samples:"); |
905c55de |
25 | PrintAndLog(" analyse lcr 04008064BA"); |
812513bf |
26 | PrintAndLog("expected output: Target (BA) requires final LRC XOR byte value: 5A"); |
27 | return 0; |
28 | } |
53b3c3e8 |
29 | int usage_analyse_checksum(void) { |
30 | PrintAndLog("The bytes will be added with eachother and than limited with the applied mask"); |
31 | PrintAndLog("Finally compute ones' complement of the least significant bytes"); |
32 | PrintAndLog(""); |
026ac759 |
33 | PrintAndLog("Usage: analyse chksum [h] [v] b <bytes> m <mask>"); |
53b3c3e8 |
34 | PrintAndLog("Options:"); |
35 | PrintAndLog(" h This help"); |
026ac759 |
36 | PrintAndLog(" v supress header"); |
53b3c3e8 |
37 | PrintAndLog(" b <bytes> bytes to calc missing XOR in a LCR"); |
38 | PrintAndLog(" m <mask> bit mask to limit the outpuyt"); |
39 | PrintAndLog(""); |
40 | PrintAndLog("Samples:"); |
905c55de |
41 | PrintAndLog(" analyse chksum b 137AF00A0A0D m FF"); |
53b3c3e8 |
42 | PrintAndLog("expected output: 0x61"); |
43 | return 0; |
44 | } |
53b3c3e8 |
45 | int usage_analyse_crc(void){ |
46 | PrintAndLog("A stub method to test different crc implementations inside the PM3 sourcecode. Just because you figured out the poly, doesn't mean you get the desired output"); |
47 | PrintAndLog(""); |
48 | PrintAndLog("Usage: analyse crc [h] <bytes>"); |
49 | PrintAndLog("Options:"); |
50 | PrintAndLog(" h This help"); |
51 | PrintAndLog(" <bytes> bytes to calc crc"); |
52 | PrintAndLog(""); |
53 | PrintAndLog("Samples:"); |
905c55de |
54 | PrintAndLog(" analyse crc 137AF00A0A0D"); |
53b3c3e8 |
55 | return 0; |
56 | } |
09bb01c7 |
57 | int usage_analyse_hid(void){ |
58 | PrintAndLog("Permute function from 'heart of darkness' paper."); |
59 | PrintAndLog(""); |
60 | PrintAndLog("Usage: analyse hid [h] <r|f> <bytes>"); |
61 | PrintAndLog("Options:"); |
62 | PrintAndLog(" h This help"); |
63 | PrintAndLog(" r reverse permuted key"); |
64 | PrintAndLog(" f permute key"); |
65 | PrintAndLog(" <bytes> input bytes"); |
66 | PrintAndLog(""); |
67 | PrintAndLog("Samples:"); |
905c55de |
68 | PrintAndLog(" analyse hid r 0123456789abcdef"); |
69 | return 0; |
70 | } |
71 | int usage_analyse_nuid(void){ |
72 | PrintAndLog("Generate 4byte NUID from 7byte UID"); |
73 | PrintAndLog(""); |
74 | PrintAndLog("Usage: analyse hid [h] <bytes>"); |
75 | PrintAndLog("Options:"); |
76 | PrintAndLog(" h This help"); |
77 | PrintAndLog(" <bytes> input bytes (14 hexsymbols)"); |
78 | PrintAndLog(""); |
79 | PrintAndLog("Samples:"); |
80 | PrintAndLog(" analyse nuid 11223344556677"); |
09bb01c7 |
81 | return 0; |
82 | } |
53b3c3e8 |
83 | |
812513bf |
84 | static uint8_t calculateLRC( uint8_t* bytes, uint8_t len) { |
85 | uint8_t LRC = 0; |
86 | for (uint8_t i = 0; i < len; i++) |
87 | LRC ^= bytes[i]; |
88 | return LRC; |
89 | } |
53b3c3e8 |
90 | |
62dc7d4a |
91 | static uint16_t calcSumCrumbAdd( uint8_t* bytes, uint8_t len, uint32_t mask) { |
53b3c3e8 |
92 | uint8_t sum = 0; |
93 | for (uint8_t i = 0; i < len; i++) { |
94 | sum += CRUMB(bytes[i], 0); |
95 | sum += CRUMB(bytes[i], 2); |
96 | sum += CRUMB(bytes[i], 4); |
97 | sum += CRUMB(bytes[i], 6); |
98 | } |
6c283951 |
99 | sum &= mask; |
53b3c3e8 |
100 | return sum; |
101 | } |
62dc7d4a |
102 | static uint16_t calcSumCrumbAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) { |
f054036a |
103 | return (~calcSumCrumbAdd(bytes, len, mask) & mask); |
53b3c3e8 |
104 | } |
62dc7d4a |
105 | static uint16_t calcSumNibbleAdd( uint8_t* bytes, uint8_t len, uint32_t mask) { |
53b3c3e8 |
106 | uint8_t sum = 0; |
107 | for (uint8_t i = 0; i < len; i++) { |
108 | sum += NIBBLE_LOW(bytes[i]); |
109 | sum += NIBBLE_HIGH(bytes[i]); |
110 | } |
6c283951 |
111 | sum &= mask; |
53b3c3e8 |
112 | return sum; |
113 | } |
62dc7d4a |
114 | static uint16_t calcSumNibbleAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask){ |
f054036a |
115 | return (~calcSumNibbleAdd(bytes, len, mask) & mask); |
53b3c3e8 |
116 | } |
62dc7d4a |
117 | static uint16_t calcSumCrumbXor( uint8_t* bytes, uint8_t len, uint32_t mask) { |
2c601080 |
118 | uint8_t sum = 0; |
119 | for (uint8_t i = 0; i < len; i++) { |
120 | sum ^= CRUMB(bytes[i], 0); |
121 | sum ^= CRUMB(bytes[i], 2); |
122 | sum ^= CRUMB(bytes[i], 4); |
123 | sum ^= CRUMB(bytes[i], 6); |
124 | } |
125 | sum &= mask; |
126 | return sum; |
127 | } |
62dc7d4a |
128 | static uint16_t calcSumNibbleXor( uint8_t* bytes, uint8_t len, uint32_t mask) { |
32da0a46 |
129 | uint8_t sum = 0; |
130 | for (uint8_t i = 0; i < len; i++) { |
131 | sum ^= NIBBLE_LOW(bytes[i]); |
132 | sum ^= NIBBLE_HIGH(bytes[i]); |
133 | } |
2c601080 |
134 | sum &= mask; |
32da0a46 |
135 | return sum; |
136 | } |
62dc7d4a |
137 | static uint16_t calcSumByteXor( uint8_t* bytes, uint8_t len, uint32_t mask) { |
32da0a46 |
138 | uint8_t sum = 0; |
139 | for (uint8_t i = 0; i < len; i++) |
140 | sum ^= bytes[i]; |
141 | sum &= mask; |
142 | return sum; |
143 | } |
62dc7d4a |
144 | static uint16_t calcSumByteAdd( uint8_t* bytes, uint8_t len, uint32_t mask) { |
53b3c3e8 |
145 | uint8_t sum = 0; |
146 | for (uint8_t i = 0; i < len; i++) |
147 | sum += bytes[i]; |
6c283951 |
148 | sum &= mask; |
53b3c3e8 |
149 | return sum; |
150 | } |
151 | // Ones complement |
62dc7d4a |
152 | static uint16_t calcSumByteAddOnes( uint8_t* bytes, uint8_t len, uint32_t mask) { |
f054036a |
153 | return (~calcSumByteAdd(bytes, len, mask) & mask); |
53b3c3e8 |
154 | } |
155 | |
62dc7d4a |
156 | static uint16_t calcSumByteSub( uint8_t* bytes, uint8_t len, uint32_t mask) { |
53b3c3e8 |
157 | uint8_t sum = 0; |
158 | for (uint8_t i = 0; i < len; i++) |
159 | sum -= bytes[i]; |
6c283951 |
160 | sum &= mask; |
53b3c3e8 |
161 | return sum; |
162 | } |
62dc7d4a |
163 | static uint16_t calcSumByteSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask){ |
f054036a |
164 | return (~calcSumByteSub(bytes, len, mask) & mask); |
53b3c3e8 |
165 | } |
62dc7d4a |
166 | static uint16_t calcSumNibbleSub( uint8_t* bytes, uint8_t len, uint32_t mask) { |
53b3c3e8 |
167 | uint8_t sum = 0; |
168 | for (uint8_t i = 0; i < len; i++) { |
169 | sum -= NIBBLE_LOW(bytes[i]); |
170 | sum -= NIBBLE_HIGH(bytes[i]); |
171 | } |
6c283951 |
172 | sum &= mask; |
53b3c3e8 |
173 | return sum; |
174 | } |
62dc7d4a |
175 | static uint16_t calcSumNibbleSubOnes( uint8_t* bytes, uint8_t len, uint32_t mask) { |
f054036a |
176 | return (~calcSumNibbleSub(bytes, len, mask) & mask); |
53b3c3e8 |
177 | } |
178 | |
62dc7d4a |
179 | // BSD shift checksum 8bit version |
180 | static uint16_t calcBSDchecksum8( uint8_t* bytes, uint8_t len, uint32_t mask){ |
181 | uint16_t sum = 0; |
182 | for(uint8_t i = 0; i < len; i++){ |
183 | sum = ((sum & 0xFF) >> 1) | ((sum & 0x1) << 7); // rotate accumulator |
184 | sum += bytes[i]; // add next byte |
185 | sum &= 0xFF; // |
186 | } |
187 | sum &= mask; |
188 | return sum; |
189 | } |
190 | // BSD shift checksum 4bit version |
191 | static uint16_t calcBSDchecksum4( uint8_t* bytes, uint8_t len, uint32_t mask){ |
192 | uint16_t sum = 0; |
193 | for(uint8_t i = 0; i < len; i++){ |
194 | sum = ((sum & 0xF) >> 1) | ((sum & 0x1) << 3); // rotate accumulator |
195 | sum += NIBBLE_HIGH(bytes[i]); // add high nibble |
196 | sum &= 0xF; // |
197 | sum = ((sum & 0xF) >> 1) | ((sum & 0x1) << 3); // rotate accumulator |
198 | sum += NIBBLE_LOW(bytes[i]); // add low nibble |
199 | sum &= 0xF; // |
200 | } |
201 | sum &= mask; |
202 | return sum; |
203 | } |
204 | |
b403c300 |
205 | // measuring LFSR maximum length |
206 | int CmdAnalyseLfsr(const char *Cmd){ |
207 | |
208 | uint16_t start_state = 0; /* Any nonzero start state will work. */ |
209 | uint16_t lfsr = start_state; |
210 | //uint32_t period = 0; |
211 | |
212 | uint8_t iv = param_get8ex(Cmd, 0, 0, 16); |
213 | uint8_t find = param_get8ex(Cmd, 1, 0, 16); |
214 | |
215 | printf("LEGIC LFSR IV 0x%02X: \n", iv); |
216 | printf(" bit# | lfsr | ^0x40 | 0x%02X ^ lfsr \n",find); |
217 | |
218 | for (uint8_t i = 0x01; i < 0x30; i += 1) { |
219 | //period = 0; |
220 | legic_prng_init(iv); |
221 | legic_prng_forward(i); |
222 | lfsr = legic_prng_get_bits(12); |
223 | |
224 | printf(" %02X | %03X | %03X | %03X \n",i, lfsr, 0x40 ^ lfsr, find ^ lfsr); |
225 | } |
226 | return 0; |
227 | } |
812513bf |
228 | int CmdAnalyseLCR(const char *Cmd) { |
229 | uint8_t data[50]; |
230 | char cmdp = param_getchar(Cmd, 0); |
231 | if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_lcr(); |
232 | |
233 | int len = 0; |
234 | param_gethex_ex(Cmd, 0, data, &len); |
235 | if ( len%2 ) return usage_analyse_lcr(); |
236 | len >>= 1; |
237 | uint8_t finalXor = calculateLRC(data, len); |
238 | PrintAndLog("Target [%02X] requires final LRC XOR byte value: 0x%02X",data[len-1] ,finalXor); |
239 | return 0; |
240 | } |
53b3c3e8 |
241 | int CmdAnalyseCRC(const char *Cmd) { |
242 | |
243 | char cmdp = param_getchar(Cmd, 0); |
244 | if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_analyse_crc(); |
245 | |
246 | int len = strlen(Cmd); |
247 | if ( len & 1 ) return usage_analyse_crc(); |
248 | |
249 | // add 1 for null terminator. |
250 | uint8_t *data = malloc(len+1); |
251 | if ( data == NULL ) return 1; |
252 | |
253 | if ( param_gethex(Cmd, 0, data, len)) { |
254 | free(data); |
255 | return usage_analyse_crc(); |
256 | } |
257 | len >>= 1; |
258 | |
6c283951 |
259 | //PrintAndLog("\nTests with '%s' hex bytes", sprint_hex(data, len)); |
53b3c3e8 |
260 | |
261 | PrintAndLog("\nTests of reflection. Two current methods in source code"); |
262 | PrintAndLog(" reflect(0x3e23L,3) is %04X == 0x3e26", reflect(0x3e23L,3) ); |
263 | PrintAndLog(" SwapBits(0x3e23L,3) is %04X == 0x3e26", SwapBits(0x3e23L,3) ); |
264 | PrintAndLog(" 0xB400 == %04X", reflect( (1 << 16 | 0xb400),16) ); |
265 | |
266 | // |
267 | // Test of CRC16, '123456789' string. |
268 | // |
269 | PrintAndLog("\nTests with '123456789' string"); |
270 | uint8_t dataStr[] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39 }; |
271 | uint8_t legic8 = CRC8Legic(dataStr, sizeof(dataStr)); |
272 | |
53b3c3e8 |
273 | PrintAndLog("LEGIC: CRC16: %X", CRC16Legic(dataStr, sizeof(dataStr), legic8)); |
274 | |
275 | //these below has been tested OK. |
276 | PrintAndLog("Confirmed CRC Implementations"); |
277 | PrintAndLog("LEGIC: CRC8 : %X (0xC6 expected)", legic8); |
278 | PrintAndLog("MAXIM: CRC8 : %X (0xA1 expected)", CRC8Maxim(dataStr, sizeof(dataStr))); |
279 | PrintAndLog("DNP : CRC16: %X (0x82EA expected)", CRC16_DNP(dataStr, sizeof(dataStr))); |
df007486 |
280 | PrintAndLog("CCITT: CRC16: %X (0xE5CC expected)", CRC16_CCITT(dataStr, sizeof(dataStr))); |
281 | |
282 | PrintAndLog("ICLASS org: CRC16: %X (0x expected)",iclass_crc16( (char*)dataStr, sizeof(dataStr))); |
283 | PrintAndLog("ICLASS ice: CRC16: %X (0x expected)",CRC16_ICLASS(dataStr, sizeof(dataStr))); |
284 | |
285 | |
286 | |
287 | uint8_t dataStr1234[] = { 0x1,0x2,0x3,0x4}; |
288 | PrintAndLog("ISO15693 org: : CRC16: %X (0xF0B8 expected)", Iso15693Crc(dataStr1234, sizeof(dataStr1234))); |
289 | PrintAndLog("ISO15693 ice: : CRC16: %X (0xF0B8 expected)", CRC16_Iso15693(dataStr1234, sizeof(dataStr1234))); |
53b3c3e8 |
290 | |
291 | free(data); |
292 | return 0; |
293 | } |
294 | int CmdAnalyseCHKSUM(const char *Cmd){ |
295 | |
296 | uint8_t data[50]; |
297 | uint8_t cmdp = 0; |
2c601080 |
298 | uint32_t mask = 0xFFFF; |
53b3c3e8 |
299 | bool errors = false; |
62dc7d4a |
300 | bool useHeader = false; |
53b3c3e8 |
301 | int len = 0; |
5f7e30f8 |
302 | memset(data, 0x0, sizeof(data)); |
53b3c3e8 |
303 | |
304 | while(param_getchar(Cmd, cmdp) != 0x00) { |
305 | switch(param_getchar(Cmd, cmdp)) { |
306 | case 'b': |
307 | case 'B': |
308 | param_gethex_ex(Cmd, cmdp+1, data, &len); |
309 | if ( len%2 ) errors = true; |
310 | len >>= 1; |
311 | cmdp += 2; |
312 | break; |
313 | case 'm': |
314 | case 'M': |
315 | mask = param_get32ex(Cmd, cmdp+1, 0, 16); |
316 | cmdp += 2; |
317 | break; |
62dc7d4a |
318 | case 'v': |
319 | case 'V': |
320 | useHeader = true; |
321 | cmdp++; |
322 | break; |
53b3c3e8 |
323 | case 'h': |
324 | case 'H': |
325 | return usage_analyse_checksum(); |
326 | default: |
327 | PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); |
328 | errors = true; |
329 | break; |
330 | } |
331 | if(errors) break; |
332 | } |
333 | //Validations |
334 | if(errors) return usage_analyse_checksum(); |
335 | |
62dc7d4a |
336 | if (useHeader) { |
337 | PrintAndLog(" add | sub | add 1's compl | sub 1's compl | xor"); |
f054036a |
338 | PrintAndLog("byte nibble crumb | byte nibble | byte nibble cumb | byte nibble | byte nibble cumb | BSD |"); |
62dc7d4a |
339 | PrintAndLog("------------------+-------------+------------------+-----------------+--------------------"); |
340 | } |
f054036a |
341 | PrintAndLog("0x%X 0x%X 0x%X | 0x%X 0x%X | 0x%X 0x%X 0x%X | 0x%X 0x%X | 0x%X 0x%X 0x%X | 0x%X 0x%X |\n", |
2c601080 |
342 | calcSumByteAdd(data, len, mask) |
343 | , calcSumNibbleAdd(data, len, mask) |
344 | , calcSumCrumbAdd(data, len, mask) |
345 | , calcSumByteSub(data, len, mask) |
346 | , calcSumNibbleSub(data, len, mask) |
347 | , calcSumByteAddOnes(data, len, mask) |
348 | , calcSumNibbleAddOnes(data, len, mask) |
349 | , calcSumCrumbAddOnes(data, len, mask) |
350 | , calcSumByteSubOnes(data, len, mask) |
351 | , calcSumNibbleSubOnes(data, len, mask) |
352 | , calcSumByteXor(data, len, mask) |
353 | , calcSumNibbleXor(data, len, mask) |
354 | , calcSumCrumbXor(data, len, mask) |
62dc7d4a |
355 | , calcBSDchecksum8(data, len, mask) |
f054036a |
356 | , calcBSDchecksum4(data, len, mask) |
2c601080 |
357 | ); |
53b3c3e8 |
358 | return 0; |
359 | } |
812513bf |
360 | |
5558d935 |
361 | int CmdAnalyseDates(const char *Cmd){ |
362 | // look for datestamps in a given array of bytes |
53b3c3e8 |
363 | PrintAndLog("To be implemented. Feel free to contribute!"); |
5558d935 |
364 | return 0; |
365 | } |
16658b1f |
366 | int CmdAnalyseTEASelfTest(const char *Cmd){ |
367 | |
368 | uint8_t v[8], v_le[8]; |
369 | memset(v, 0x00, sizeof(v)); |
370 | memset(v_le, 0x00, sizeof(v_le)); |
371 | uint8_t* v_ptr = v_le; |
372 | |
373 | uint8_t cmdlen = strlen(Cmd); |
374 | cmdlen = ( sizeof(v)<<2 < cmdlen ) ? sizeof(v)<<2 : cmdlen; |
375 | |
376 | if ( param_gethex(Cmd, 0, v, cmdlen) > 0 ){ |
377 | PrintAndLog("can't read hex chars, uneven? :: %u", cmdlen); |
378 | return 1; |
379 | } |
380 | |
381 | SwapEndian64ex(v , 8, 4, v_ptr); |
382 | |
383 | // ENCRYPTION KEY: |
384 | uint8_t key[16] = {0x55,0xFE,0xF6,0x30,0x62,0xBF,0x0B,0xC1,0xC9,0xB3,0x7C,0x34,0x97,0x3E,0x29,0xFB }; |
385 | uint8_t keyle[16]; |
386 | uint8_t* key_ptr = keyle; |
387 | SwapEndian64ex(key , sizeof(key), 4, key_ptr); |
388 | |
389 | PrintAndLog("TEST LE enc| %s", sprint_hex(v_ptr, 8)); |
390 | |
391 | tea_decrypt(v_ptr, key_ptr); |
392 | PrintAndLog("TEST LE dec | %s", sprint_hex_ascii(v_ptr, 8)); |
393 | |
394 | tea_encrypt(v_ptr, key_ptr); |
395 | tea_encrypt(v_ptr, key_ptr); |
396 | PrintAndLog("TEST enc2 | %s", sprint_hex_ascii(v_ptr, 8)); |
397 | |
398 | return 0; |
399 | } |
5558d935 |
400 | |
b403c300 |
401 | int CmdAnalyseA(const char *Cmd){ |
09bb01c7 |
402 | /* |
403 | piwi |
404 | // uid(2e086b1a) nt(230736f6) ks(0b0008000804000e) nr(000000000) |
405 | // uid(2e086b1a) nt(230736f6) ks(0e0b0e0b090c0d02) nr(000000001) |
406 | // uid(2e086b1a) nt(230736f6) ks(0e05060e01080b08) nr(000000002) |
407 | uint64_t d1[] = {0x2e086b1a, 0x230736f6, 0x0000001, 0x0e0b0e0b090c0d02}; |
408 | uint64_t d2[] = {0x2e086b1a, 0x230736f6, 0x0000002, 0x0e05060e01080b08}; |
b403c300 |
409 | |
09bb01c7 |
410 | // uid(17758822) nt(c0c69e59) ks(080105020705040e) nr(00000001) |
411 | // uid(17758822) nt(c0c69e59) ks(01070a05050c0705) nr(00000002) |
412 | uint64_t d1[] = {0x17758822, 0xc0c69e59, 0x0000001, 0x080105020705040e}; |
413 | uint64_t d2[] = {0x17758822, 0xc0c69e59, 0x0000002, 0x01070a05050c0705}; |
414 | |
415 | // uid(6e442129) nt(8f699195) ks(090d0b0305020f02) nr(00000001) |
416 | // uid(6e442129) nt(8f699195) ks(03030508030b0c0e) nr(00000002) |
417 | // uid(6e442129) nt(8f699195) ks(02010f030c0d050d) nr(00000003) |
418 | // uid(6e442129) nt(8f699195) ks(00040f0f0305030e) nr(00000004) |
419 | uint64_t d1[] = {0x6e442129, 0x8f699195, 0x0000001, 0x090d0b0305020f02}; |
420 | uint64_t d2[] = {0x6e442129, 0x8f699195, 0x0000004, 0x00040f0f0305030e}; |
421 | |
422 | uid(3e172b29) nt(039b7bd2) ks(0c0e0f0505080800) nr(00000001) |
423 | uid(3e172b29) nt(039b7bd2) ks(0e06090d03000b0f) nr(00000002) |
424 | */ |
425 | uint64_t key = 0; |
426 | uint64_t d1[] = {0x3e172b29, 0x039b7bd2, 0x0000001, 0x0c0e0f0505080800}; |
427 | uint64_t d2[] = {0x3e172b29, 0x039b7bd2, 0x0000002, 0x0e06090d03000b0f}; |
428 | |
429 | nonce2key_ex(0, 0 , d1[0], d1[1], d1[2], d1[3], &key); |
430 | nonce2key_ex(0, 0 , d2[0], d2[1], d2[2], d2[3], &key); |
431 | return 0; |
432 | } |
b403c300 |
433 | |
09bb01c7 |
434 | static void permute(uint8_t *data, uint8_t len, uint8_t *output){ |
435 | #define KEY_SIZE 8 |
b403c300 |
436 | |
09bb01c7 |
437 | if ( len > KEY_SIZE ) { |
438 | for(uint8_t m = 0; m < len; m += KEY_SIZE){ |
439 | permute(data+m, KEY_SIZE, output+m); |
440 | } |
441 | return; |
442 | } |
443 | if ( len != KEY_SIZE ) { |
444 | printf("wrong key size\n"); |
445 | return; |
446 | } |
447 | uint8_t i,j,p, mask; |
448 | for( i=0; i < KEY_SIZE; ++i){ |
449 | p = 0; |
450 | mask = 0x80 >> i; |
451 | for( j=0; j < KEY_SIZE; ++j){ |
452 | p >>= 1; |
453 | if (data[j] & mask) |
454 | p |= 0x80; |
455 | } |
456 | output[i] = p; |
457 | } |
458 | } |
459 | static void permute_rev(uint8_t *data, uint8_t len, uint8_t *output){ |
460 | permute(data, len, output); |
461 | permute(output, len, data); |
462 | permute(data, len, output); |
463 | } |
464 | static void simple_crc(uint8_t *data, uint8_t len, uint8_t *output){ |
465 | uint8_t crc = 0; |
466 | for( uint8_t i=0; i < len; ++i){ |
467 | // seventh byte contains the crc. |
468 | if ( (i & 0x7) == 0x7 ) { |
469 | output[i] = crc ^ 0xFF; |
470 | crc = 0; |
471 | } else { |
472 | output[i] = data[i]; |
473 | crc ^= data[i]; |
474 | } |
475 | } |
476 | } |
477 | // DES doesn't use the MSB. |
478 | static void shave(uint8_t *data, uint8_t len){ |
479 | for (uint8_t i=0; i<len; ++i) |
480 | data[i] &= 0xFE; |
481 | } |
482 | static void generate_rev(uint8_t *data, uint8_t len) { |
483 | uint8_t *key = calloc(len,1); |
484 | printf("input permuted key | %s \n", sprint_hex(data, len)); |
485 | permute_rev(data, len, key); |
486 | printf(" unpermuted key | %s \n", sprint_hex(key, len)); |
487 | shave(key, len); |
488 | printf(" key | %s \n", sprint_hex(key, len)); |
489 | free(key); |
490 | } |
491 | static void generate(uint8_t *data, uint8_t len) { |
492 | uint8_t *key = calloc(len,1); |
493 | uint8_t *pkey = calloc(len,1); |
494 | printf(" input key | %s \n", sprint_hex(data, len)); |
495 | permute(data, len, pkey); |
496 | printf(" permuted key | %s \n", sprint_hex(pkey, len)); |
497 | simple_crc(pkey, len, key ); |
498 | printf(" CRC'ed key | %s \n", sprint_hex(key, len)); |
499 | free(key); |
500 | free(pkey); |
501 | } |
502 | int CmdAnalyseHid(const char *Cmd){ |
b403c300 |
503 | |
ea1c1ca6 |
504 | uint8_t key[8] = {0}; |
505 | uint8_t key_std_format[8] = {0}; |
506 | uint8_t key_iclass_format[8] = {0}; |
09bb01c7 |
507 | uint8_t data[16] = {0}; |
508 | bool isReverse = FALSE; |
509 | int len = 0; |
510 | char cmdp = param_getchar(Cmd, 0); |
511 | if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_hid(); |
512 | |
513 | if ( cmdp == 'r' || cmdp == 'R' ) |
514 | isReverse = TRUE; |
515 | |
516 | param_gethex_ex(Cmd, 1, data, &len); |
517 | if ( len%2 ) return usage_analyse_hid(); |
518 | |
ea1c1ca6 |
519 | len >>= 1; |
520 | |
521 | memcpy(key, data, 8); |
522 | |
523 | if ( isReverse ) { |
09bb01c7 |
524 | generate_rev(data, len); |
ea1c1ca6 |
525 | permutekey_rev(key, key_std_format); |
526 | printf(" holiman iclass key | %s \n", sprint_hex(key_std_format, 8)); |
527 | } |
528 | else { |
09bb01c7 |
529 | generate(data, len); |
ea1c1ca6 |
530 | permutekey(key, key_iclass_format); |
531 | printf(" holiman std key | %s \n", sprint_hex(key_iclass_format, 8)); |
532 | } |
b403c300 |
533 | return 0; |
534 | } |
535 | |
905c55de |
536 | void generate4bNUID(uint8_t *uid, uint8_t *nuid){ |
537 | uint16_t crc; |
538 | uint8_t first, second; |
539 | |
540 | ComputeCrc14443(CRC_14443_A, uid, 3, &first, &second); |
541 | nuid[0] |= (second & 0xE0) | 0xF; |
542 | nuid[1] = first; |
543 | |
544 | crc = first; |
545 | crc |= second << 8; |
546 | |
547 | UpdateCrc14443(uid[3], &crc); |
548 | UpdateCrc14443(uid[4], &crc); |
549 | UpdateCrc14443(uid[5], &crc); |
550 | UpdateCrc14443(uid[6], &crc); |
551 | |
552 | nuid[2] = (crc >> 8) & 0xFF ; |
553 | nuid[3] = crc & 0xFF; |
554 | } |
555 | |
556 | int CmdAnalyseNuid(const char *Cmd){ |
557 | uint8_t nuid[4] = {0}; |
558 | uint8_t uid[7] = {0}; |
559 | int len = 0; |
560 | char cmdp = param_getchar(Cmd, 0); |
561 | if (strlen(Cmd) == 0|| cmdp == 'h' || cmdp == 'H') return usage_analyse_nuid(); |
562 | |
563 | /* selftest UID 040D681AB52281 -> NUID 8F430FEF */ |
564 | if (cmdp == 't' || cmdp == 'T') { |
565 | memcpy(uid, "\x04\x0d\x68\x1a\xb5\x22\x81", 7); |
566 | generate4bNUID(uid, nuid); |
567 | if ( 0 == memcmp(nuid, "\x8f\x43\x0f\xef", 4)) |
568 | printf("Selftest OK\n"); |
569 | else |
570 | printf("Selftest Failed\n"); |
571 | return 0; |
572 | } |
573 | |
574 | param_gethex_ex(Cmd, 0, uid, &len); |
575 | if ( len%2 || len != 14) return usage_analyse_nuid(); |
576 | |
577 | generate4bNUID(uid, nuid); |
578 | |
579 | printf("UID | %s \n", sprint_hex(uid, 7)); |
580 | printf("NUID | %s \n", sprint_hex(nuid, 4)); |
581 | return 0; |
582 | } |
812513bf |
583 | static command_t CommandTable[] = { |
5558d935 |
584 | {"help", CmdHelp, 1, "This help"}, |
53b3c3e8 |
585 | {"lcr", CmdAnalyseLCR, 1, "Generate final byte for XOR LRC"}, |
586 | {"crc", CmdAnalyseCRC, 1, "Stub method for CRC evaluations"}, |
587 | {"chksum", CmdAnalyseCHKSUM, 1, "Checksum with adding, masking and one's complement"}, |
588 | {"dates", CmdAnalyseDates, 1, "Look for datestamps in a given array of bytes"}, |
16658b1f |
589 | {"tea", CmdAnalyseTEASelfTest, 1, "Crypto TEA test"}, |
b403c300 |
590 | {"lfsr", CmdAnalyseLfsr, 1, "LFSR tests"}, |
591 | {"a", CmdAnalyseA, 1, "num bits test"}, |
09bb01c7 |
592 | {"hid", CmdAnalyseHid, 1, "Permute function from 'heart of darkness' paper"}, |
905c55de |
593 | {"nuid", CmdAnalyseNuid, 1, "create NUID from 7byte UID"}, |
812513bf |
594 | {NULL, NULL, 0, NULL} |
595 | }; |
596 | |
597 | int CmdAnalyse(const char *Cmd) { |
598 | clearCommandBuffer(); |
599 | CmdsParse(CommandTable, Cmd); |
600 | return 0; |
601 | } |
602 | |
603 | int CmdHelp(const char *Cmd) { |
604 | CmdsHelp(CommandTable); |
605 | return 0; |
606 | } |