]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/mifarehost.c
added: readed blocks (password mode) into tag.sectors[]. 'lf hitag sim' simulates...
[proxmark3-svn] / client / mifarehost.c
CommitLineData
b62a5a84 1// Merlok, 2011, 2012\r
f397b5cc
M
2// people from mifare@nethemba.com, 2010\r
3//\r
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
5// at your option, any later version. See the LICENSE.txt file for the text of\r
6// the license.\r
7//-----------------------------------------------------------------------------\r
55acbb2a 8// mifare commands\r
f397b5cc
M
9//-----------------------------------------------------------------------------\r
10\r
11#include <stdio.h>\r
873014de 12#include <stdlib.h> \r
31b6e9af 13#include <string.h>\r
f397b5cc
M
14#include "mifarehost.h"\r
15\r
55acbb2a 16// MIFARE\r
f397b5cc
M
17\r
18int compar_int(const void * a, const void * b) {\r
19 return (*(uint64_t*)b - *(uint64_t*)a);\r
20}\r
21\r
22// Compare countKeys structure\r
23int compar_special_int(const void * a, const void * b) {\r
24 return (((countKeys *)b)->count - ((countKeys *)a)->count);\r
25}\r
26\r
27countKeys * uniqsort(uint64_t * possibleKeys, uint32_t size) {\r
28 int i, j = 0;\r
29 int count = 0;\r
30 countKeys *our_counts;\r
31 \r
32 qsort(possibleKeys, size, sizeof (uint64_t), compar_int);\r
33 \r
34 our_counts = calloc(size, sizeof(countKeys));\r
35 if (our_counts == NULL) {\r
36 PrintAndLog("Memory allocation error for our_counts");\r
37 return NULL;\r
38 }\r
39 \r
40 for (i = 0; i < size; i++) {\r
41 if (possibleKeys[i+1] == possibleKeys[i]) { \r
42 count++;\r
43 } else {\r
44 our_counts[j].key = possibleKeys[i];\r
45 our_counts[j].count = count;\r
46 j++;\r
47 count=0;\r
48 }\r
49 }\r
50 qsort(our_counts, j, sizeof(countKeys), compar_special_int);\r
51 return (our_counts);\r
52}\r
53\r
54int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKeys) \r
55{\r
56 int i, m, len;\r
57 uint8_t isEOF;\r
58 uint32_t uid;\r
59 fnVector * vector = NULL;\r
60 countKeys *ck;\r
61 int lenVector = 0;\r
62 UsbCommand * resp = NULL;\r
63 \r
64 memset(resultKeys, 0x00, 16 * 6);\r
65\r
66 // flush queue\r
67 while (WaitForResponseTimeout(CMD_ACK, 500) != NULL) ;\r
68 \r
69 UsbCommand c = {CMD_MIFARE_NESTED, {blockNo, keyType, trgBlockNo + trgKeyType * 0x100}};\r
70 memcpy(c.d.asBytes, key, 6);\r
71 SendCommand(&c);\r
72\r
73 PrintAndLog("\n");\r
74\r
75 // wait cycle\r
76 while (true) {\r
77 printf(".");\r
78 if (ukbhit()) {\r
79 getchar();\r
80 printf("\naborted via keyboard!\n");\r
81 break;\r
82 }\r
83\r
84 resp = WaitForResponseTimeout(CMD_ACK, 1500);\r
85\r
86 if (resp != NULL) {\r
87 isEOF = resp->arg[0] & 0xff;\r
88\r
89 if (isEOF) break;\r
90 \r
91 len = resp->arg[1] & 0xff;\r
92 if (len == 0) continue;\r
93 \r
94 memcpy(&uid, resp->d.asBytes, 4); \r
95 PrintAndLog("uid:%08x len=%d trgbl=%d trgkey=%x", uid, len, resp->arg[2] & 0xff, (resp->arg[2] >> 8) & 0xff);\r
96 vector = (fnVector *) realloc((void *)vector, (lenVector + len) * sizeof(fnVector) + 200);\r
97 if (vector == NULL) {\r
98 PrintAndLog("Memory allocation error for fnVector. len: %d bytes: %d", lenVector + len, (lenVector + len) * sizeof(fnVector)); \r
99 break;\r
100 }\r
101 \r
102 for (i = 0; i < len; i++) {\r
103 vector[lenVector + i].blockNo = resp->arg[2] & 0xff;\r
104 vector[lenVector + i].keyType = (resp->arg[2] >> 8) & 0xff;\r
105 vector[lenVector + i].uid = uid;\r
106\r
107 memcpy(&vector[lenVector + i].nt, (void *)(resp->d.asBytes + 8 + i * 8 + 0), 4);\r
108 memcpy(&vector[lenVector + i].ks1, (void *)(resp->d.asBytes + 8 + i * 8 + 4), 4);\r
109 }\r
110\r
111 lenVector += len;\r
112 }\r
113 }\r
114 \r
115 if (!lenVector) {\r
116 PrintAndLog("Got 0 keys from proxmark."); \r
117 return 1;\r
118 }\r
119 printf("------------------------------------------------------------------\n");\r
120 \r
121 // calc keys\r
122 struct Crypto1State* revstate = NULL;\r
123 struct Crypto1State* revstate_start = NULL;\r
124 uint64_t lfsr;\r
125 int kcount = 0;\r
126 pKeys *pk;\r
127 \r
128 if ((pk = (void *) malloc(sizeof(pKeys))) == NULL) return 1;\r
129 memset(pk, 0x00, sizeof(pKeys));\r
130 \r
131 for (m = 0; m < lenVector; m++) {\r
132 // And finally recover the first 32 bits of the key\r
133 revstate = lfsr_recovery32(vector[m].ks1, vector[m].nt ^ vector[m].uid);\r
134 if (revstate_start == NULL) revstate_start = revstate;\r
135 \r
136 while ((revstate->odd != 0x0) || (revstate->even != 0x0)) {\r
137 lfsr_rollback_word(revstate, vector[m].nt ^ vector[m].uid, 0);\r
138 crypto1_get_lfsr(revstate, &lfsr);\r
139\r
140 // Allocate a new space for keys\r
141 if (((kcount % MEM_CHUNK) == 0) || (kcount >= pk->size)) {\r
142 pk->size += MEM_CHUNK;\r
143//fprintf(stdout, "New chunk by %d, sizeof %d\n", kcount, pk->size * sizeof(uint64_t));\r
144 pk->possibleKeys = (uint64_t *) realloc((void *)pk->possibleKeys, pk->size * sizeof(uint64_t));\r
145 if (pk->possibleKeys == NULL) {\r
146 PrintAndLog("Memory allocation error for pk->possibleKeys"); \r
147 return 1;\r
148 }\r
149 }\r
150 pk->possibleKeys[kcount] = lfsr;\r
151 kcount++;\r
152 revstate++;\r
153 }\r
154 free(revstate_start);\r
155 revstate_start = NULL;\r
156\r
157 }\r
158 \r
159 // Truncate\r
160 if (kcount != 0) {\r
161 pk->size = --kcount;\r
162 if ((pk->possibleKeys = (uint64_t *) realloc((void *)pk->possibleKeys, pk->size * sizeof(uint64_t))) == NULL) {\r
163 PrintAndLog("Memory allocation error for pk->possibleKeys"); \r
164 return 1;\r
165 } \r
166 }\r
167\r
168 PrintAndLog("Total keys count:%d", kcount);\r
169 ck = uniqsort(pk->possibleKeys, pk->size);\r
170\r
171 // fill key array\r
172 for (i = 0; i < 16 ; i++) {\r
173 num_to_bytes(ck[i].key, 6, (uint8_t*)(resultKeys + i * 6));\r
174 }\r
175\r
176 // finalize\r
177 free(pk->possibleKeys);\r
178 free(pk);\r
179 free(ck);\r
180 free(vector);\r
181\r
182 return 0;\r
183}\r
184\r
185int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){\r
186 *key = 0;\r
187\r
188 UsbCommand c = {CMD_MIFARE_CHKKEYS, {blockNo, keyType, keycnt}};\r
189 memcpy(c.d.asBytes, keyBlock, 6 * keycnt);\r
190\r
191 SendCommand(&c);\r
192\r
193 UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 3000);\r
194\r
195 if (resp == NULL) return 1;\r
196 if ((resp->arg[0] & 0xff) != 0x01) return 2;\r
197 *key = bytes_to_num(resp->d.asBytes, 6);\r
198 return 0;\r
199}\r
8556b852 200\r
55acbb2a
M
201// EMULATOR\r
202\r
8556b852 203int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount) {\r
545a1f38 204 UsbCommand c = {CMD_MIFARE_EML_MEMGET, {blockNum, blocksCount, 0}};\r
8556b852 205 \r
545a1f38 206 SendCommand(&c);\r
8556b852
M
207\r
208 UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r
209\r
210 if (resp == NULL) return 1;\r
211 memcpy(data, resp->d.asBytes, blocksCount * 16); \r
212 return 0;\r
213}\r
214\r
215int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {\r
545a1f38 216 UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, 0}};\r
8556b852 217 memcpy(c.d.asBytes, data, blocksCount * 16); \r
545a1f38 218 SendCommand(&c);\r
8556b852
M
219 return 0;\r
220}\r
221\r
55acbb2a
M
222// "MAGIC" CARD\r
223\r
0675f200 224int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) {\r
0675f200
M
225 uint8_t block0[16];\r
226 memset(block0, 0, 16);\r
227 memcpy(block0, uid, 4); \r
228 block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC\r
8784cd1a
M
229 // mifare classic SAK(byte 5) and ATQA(byte 6 and 7)\r
230 block0[5] = 0x88;\r
231 block0[6] = 0x04;\r
232 block0[7] = 0x00;\r
f774db95 233 \r
208a0166 234 return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);\r
f774db95
M
235}\r
236\r
208a0166 237int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe, uint8_t params) {\r
f774db95 238 uint8_t isOK = 0;\r
0675f200 239\r
545a1f38 240 UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};\r
f774db95 241 memcpy(c.d.asBytes, data, 16); \r
545a1f38 242 SendCommand(&c);\r
0675f200
M
243\r
244 UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r
245\r
246 if (resp != NULL) {\r
247 isOK = resp->arg[0] & 0xff;\r
208a0166 248 if (uid != NULL) memcpy(uid, resp->d.asBytes, 4); \r
0675f200
M
249 if (!isOK) return 2;\r
250 } else {\r
251 PrintAndLog("Command execute timeout");\r
252 return 1;\r
253 }\r
254 return 0;\r
255}\r
545a1f38
M
256\r
257int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {\r
258 uint8_t isOK = 0;\r
259\r
260 UsbCommand c = {CMD_MIFARE_EML_CGETBLOCK, {params, 0, blockNo}};\r
261 SendCommand(&c);\r
262\r
263 UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r
264\r
265 if (resp != NULL) {\r
266 isOK = resp->arg[0] & 0xff;\r
267 memcpy(data, resp->d.asBytes, 16); \r
268 if (!isOK) return 2;\r
269 } else {\r
270 PrintAndLog("Command execute timeout");\r
271 return 1;\r
272 }\r
273 return 0;\r
274}\r
55acbb2a
M
275\r
276// SNIFFER\r
277\r
e0c635d1
M
278// constants\r
279static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};\r
280\r
55acbb2a
M
281// variables\r
282char logHexFileName[200] = {0x00};\r
e0c635d1
M
283static uint8_t traceCard[4096] = {0x00};\r
284static char traceFileName[20];\r
55acbb2a
M
285static int traceState = TRACE_IDLE;\r
286static uint8_t traceCurBlock = 0;\r
287static uint8_t traceCurKey = 0;\r
288\r
289struct Crypto1State *traceCrypto1 = NULL;\r
290\r
291struct Crypto1State *revstate;\r
292uint64_t lfsr;\r
293uint32_t ks2;\r
294uint32_t ks3;\r
295\r
296uint32_t uid; // serial number\r
297uint32_t nt; // tag challenge\r
71d90e54 298uint32_t nt_par; \r
55acbb2a
M
299uint32_t nr_enc; // encrypted reader challenge\r
300uint32_t ar_enc; // encrypted reader response\r
71d90e54 301uint32_t nr_ar_par; \r
55acbb2a 302uint32_t at_enc; // encrypted tag response\r
71d90e54 303uint32_t at_par; \r
55acbb2a 304\r
e0c635d1
M
305int isTraceCardEmpty(void) {\r
306 return ((traceCard[0] == 0) && (traceCard[1] == 0) && (traceCard[2] == 0) && (traceCard[3] == 0));\r
307}\r
55acbb2a 308\r
e0c635d1
M
309int isBlockEmpty(int blockN) {\r
310 for (int i = 0; i < 16; i++) \r
311 if (traceCard[blockN * 16 + i] != 0) return 0;\r
55acbb2a 312\r
e0c635d1
M
313 return 1;\r
314}\r
315\r
316int isBlockTrailer(int blockN) {\r
317 return ((blockN & 0x03) == 0x03);\r
318}\r
319\r
320int loadTraceCard(uint8_t *tuid) {\r
321 FILE * f;\r
322 char buf[64];\r
323 uint8_t buf8[64];\r
324 int i, blockNum;\r
325 \r
326 if (!isTraceCardEmpty()) saveTraceCard();\r
55acbb2a
M
327 memset(traceCard, 0x00, 4096);\r
328 memcpy(traceCard, tuid + 3, 4);\r
e0c635d1
M
329 FillFileNameByUID(traceFileName, tuid, ".eml", 7);\r
330\r
331 f = fopen(traceFileName, "r");\r
332 if (!f) return 1;\r
333 \r
334 blockNum = 0;\r
335 while(!feof(f)){\r
336 memset(buf, 0, sizeof(buf));\r
337 fgets(buf, sizeof(buf), f);\r
338\r
339 if (strlen(buf) < 32){\r
340 if (feof(f)) break;\r
341 PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
342 return 2;\r
343 }\r
344 for (i = 0; i < 32; i += 2)\r
345 sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
346\r
347 memcpy(traceCard + blockNum * 16, buf8, 16);\r
348\r
349 blockNum++;\r
350 }\r
351 fclose(f);\r
352\r
353 return 0;\r
354}\r
355\r
356int saveTraceCard(void) {\r
357 FILE * f;\r
358 \r
359 if ((!strlen(traceFileName)) || (isTraceCardEmpty())) return 0;\r
360 \r
361 f = fopen(traceFileName, "w+");\r
362 for (int i = 0; i < 64; i++) { // blocks\r
363 for (int j = 0; j < 16; j++) // bytes\r
364 fprintf(f, "%02x", *(traceCard + i * 16 + j)); \r
365 fprintf(f,"\n");\r
366 }\r
367 fclose(f);\r
368\r
369 return 0;\r
370}\r
371\r
372int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {\r
373\r
374 if (traceCrypto1) crypto1_destroy(traceCrypto1);\r
375 traceCrypto1 = NULL;\r
376\r
377 if (wantSaveToEmlFile) loadTraceCard(tuid);\r
55acbb2a
M
378 traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];\r
379 traceCard[5] = sak;\r
380 memcpy(&traceCard[6], atqa, 2);\r
381 traceCurBlock = 0;\r
382 uid = bytes_to_num(tuid + 3, 4);\r
383 \r
384 traceState = TRACE_IDLE;\r
385\r
386 return 0;\r
387}\r
388\r
389void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted){\r
390 uint8_t bt = 0;\r
391 int i;\r
392 \r
393 if (len != 1) {\r
394 for (i = 0; i < len; i++)\r
395 data[i] = crypto1_byte(pcs, 0x00, isEncrypted) ^ data[i];\r
396 } else {\r
397 bt = 0;\r
398 for (i = 0; i < 4; i++)\r
399 bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], i)) << i;\r
400 \r
401 data[0] = bt;\r
402 }\r
403 return;\r
404}\r
405\r
406\r
71d90e54 407int mfTraceDecode(uint8_t *data_src, int len, uint32_t parity, bool wantSaveToEmlFile) {\r
55acbb2a
M
408 uint8_t data[64];\r
409\r
410 if (traceState == TRACE_ERROR) return 1;\r
411 if (len > 64) {\r
412 traceState = TRACE_ERROR;\r
413 return 1;\r
414 }\r
415 \r
416 memcpy(data, data_src, len);\r
417 if ((traceCrypto1) && ((traceState == TRACE_IDLE) || (traceState > TRACE_AUTH_OK))) {\r
418 mf_crypto1_decrypt(traceCrypto1, data, len, 0);\r
419 PrintAndLog("dec> %s", sprint_hex(data, len));\r
420 AddLogHex(logHexFileName, "dec> ", data, len); \r
421 }\r
422 \r
423 switch (traceState) {\r
424 case TRACE_IDLE: \r
8b6a93df
M
425 // check packet crc16!\r
426 if ((len >= 4) && (!CheckCrc14443(CRC_14443_A, data, len))) {\r
427 PrintAndLog("dec> CRC ERROR!!!");\r
428 AddLogLine(logHexFileName, "dec> ", "CRC ERROR!!!"); \r
429 traceState = TRACE_ERROR; // do not decrypt the next commands\r
430 return 1;\r
431 }\r
55acbb2a
M
432 \r
433 // AUTHENTICATION\r
434 if ((len ==4) && ((data[0] == 0x60) || (data[0] == 0x61))) {\r
435 traceState = TRACE_AUTH1;\r
436 traceCurBlock = data[1];\r
437 traceCurKey = data[0] == 60 ? 1:0;\r
438 return 0;\r
439 }\r
440\r
441 // READ\r
442 if ((len ==4) && ((data[0] == 0x30))) {\r
443 traceState = TRACE_READ_DATA;\r
444 traceCurBlock = data[1];\r
445 return 0;\r
446 }\r
447\r
448 // WRITE\r
449 if ((len ==4) && ((data[0] == 0xA0))) {\r
450 traceState = TRACE_WRITE_OK;\r
451 traceCurBlock = data[1];\r
452 return 0;\r
453 }\r
454\r
455 // HALT\r
456 if ((len ==4) && ((data[0] == 0x50) && (data[1] == 0x00))) {\r
457 traceState = TRACE_ERROR; // do not decrypt the next commands\r
458 return 0;\r
459 }\r
460 \r
461 return 0;\r
462 break;\r
463 \r
464 case TRACE_READ_DATA: \r
465 if (len == 18) {\r
466 traceState = TRACE_IDLE;\r
467\r
e0c635d1
M
468 if (isBlockTrailer(traceCurBlock)) {\r
469 memcpy(traceCard + traceCurBlock * 16 + 6, data + 6, 4);\r
470 } else {\r
471 memcpy(traceCard + traceCurBlock * 16, data, 16);\r
472 }\r
473 if (wantSaveToEmlFile) saveTraceCard();\r
55acbb2a
M
474 return 0;\r
475 } else {\r
476 traceState = TRACE_ERROR;\r
477 return 1;\r
478 }\r
479 break;\r
480\r
481 case TRACE_WRITE_OK: \r
482 if ((len == 1) && (data[0] = 0x0a)) {\r
483 traceState = TRACE_WRITE_DATA;\r
484\r
485 return 0;\r
486 } else {\r
487 traceState = TRACE_ERROR;\r
488 return 1;\r
489 }\r
490 break;\r
491\r
492 case TRACE_WRITE_DATA: \r
493 if (len == 18) {\r
494 traceState = TRACE_IDLE;\r
495\r
496 memcpy(traceCard + traceCurBlock * 16, data, 16);\r
e0c635d1 497 if (wantSaveToEmlFile) saveTraceCard();\r
55acbb2a
M
498 return 0;\r
499 } else {\r
500 traceState = TRACE_ERROR;\r
501 return 1;\r
502 }\r
503 break;\r
504\r
505 case TRACE_AUTH1: \r
506 if (len == 4) {\r
507 traceState = TRACE_AUTH2;\r
508\r
509 nt = bytes_to_num(data, 4);\r
71d90e54 510 nt_par = parity;\r
55acbb2a
M
511 return 0;\r
512 } else {\r
513 traceState = TRACE_ERROR;\r
514 return 1;\r
515 }\r
516 break;\r
517\r
518 case TRACE_AUTH2: \r
519 if (len == 8) {\r
520 traceState = TRACE_AUTH_OK;\r
521\r
522 nr_enc = bytes_to_num(data, 4);\r
523 ar_enc = bytes_to_num(data + 4, 4);\r
71d90e54 524 nr_ar_par = parity;\r
55acbb2a
M
525 return 0;\r
526 } else {\r
527 traceState = TRACE_ERROR;\r
528 return 1;\r
529 }\r
530 break;\r
531\r
532 case TRACE_AUTH_OK: \r
533 if (len ==4) {\r
534 traceState = TRACE_IDLE;\r
535\r
536 at_enc = bytes_to_num(data, 4);\r
71d90e54 537 at_par = parity;\r
55acbb2a
M
538 \r
539 // decode key here)\r
540 if (!traceCrypto1) {\r
541 ks2 = ar_enc ^ prng_successor(nt, 64);\r
542 ks3 = at_enc ^ prng_successor(nt, 96);\r
543 revstate = lfsr_recovery64(ks2, ks3);\r
544 lfsr_rollback_word(revstate, 0, 0);\r
545 lfsr_rollback_word(revstate, 0, 0);\r
546 lfsr_rollback_word(revstate, nr_enc, 1);\r
547 lfsr_rollback_word(revstate, uid ^ nt, 0);\r
548 }else{\r
549 ks2 = ar_enc ^ prng_successor(nt, 64);\r
550 ks3 = at_enc ^ prng_successor(nt, 96);\r
551 revstate = lfsr_recovery64(ks2, ks3);\r
552 lfsr_rollback_word(revstate, 0, 0);\r
553 lfsr_rollback_word(revstate, 0, 0);\r
554 lfsr_rollback_word(revstate, nr_enc, 1);\r
555 lfsr_rollback_word(revstate, uid ^ nt, 0);\r
556 }\r
557 crypto1_get_lfsr(revstate, &lfsr);\r
558 printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));\r
559 AddLogUint64(logHexFileName, "key> ", lfsr); \r
560 \r
e0c635d1
M
561 int blockShift = ((traceCurBlock & 0xFC) + 3) * 16;\r
562 if (isBlockEmpty((traceCurBlock & 0xFC) + 3)) memcpy(traceCard + blockShift + 6, trailerAccessBytes, 4);\r
563 \r
55acbb2a 564 if (traceCurKey) {\r
e0c635d1 565 num_to_bytes(lfsr, 6, traceCard + blockShift + 10);\r
55acbb2a 566 } else {\r
e0c635d1 567 num_to_bytes(lfsr, 6, traceCard + blockShift);\r
55acbb2a 568 }\r
e0c635d1 569 if (wantSaveToEmlFile) saveTraceCard();\r
55acbb2a
M
570\r
571 if (traceCrypto1) {\r
572 crypto1_destroy(traceCrypto1);\r
573 }\r
574 \r
575 // set cryptosystem state\r
576 traceCrypto1 = lfsr_recovery64(ks2, ks3);\r
577 \r
578// nt = crypto1_word(traceCrypto1, nt ^ uid, 1) ^ nt;\r
579\r
580 /* traceCrypto1 = crypto1_create(lfsr); // key in lfsr\r
581 crypto1_word(traceCrypto1, nt ^ uid, 0);\r
582 crypto1_word(traceCrypto1, ar, 1);\r
583 crypto1_word(traceCrypto1, 0, 0);\r
584 crypto1_word(traceCrypto1, 0, 0);*/\r
585 \r
586 return 0;\r
587 } else {\r
588 traceState = TRACE_ERROR;\r
589 return 1;\r
590 }\r
591 break;\r
592\r
593 default: \r
594 traceState = TRACE_ERROR;\r
595 return 1;\r
596 }\r
597\r
598 return 0;\r
599}\r
Impressum, Datenschutz