cda056bb |
1 | #define __STDC_FORMAT_MACROS |
2 | #include <inttypes.h> |
7847961b |
3 | #include "crapto1.h" |
4 | #include <stdio.h> |
838c15a6 |
5 | #include <time.h> |
6 | |
7 | #define llx PRIx64 |
8 | #define lli PRIi64 |
7847961b |
9 | |
10 | int main (int argc, char *argv[]) { |
838c15a6 |
11 | struct Crypto1State *revstate; |
12 | uint64_t key; // recovered key |
13 | uint32_t uid; // serial number |
14 | uint32_t nt; // tag challenge |
15 | uint32_t nr_enc; // encrypted reader challenge |
16 | uint32_t ar_enc; // encrypted reader response |
17 | uint32_t at_enc; // encrypted tag response |
18 | uint32_t ks2; // keystream used to encrypt reader response |
19 | uint32_t ks3; // keystream used to encrypt tag response |
7847961b |
20 | |
838c15a6 |
21 | printf("MIFARE Classic key recovery - based 64 bits of keystream\n"); |
22 | printf("Recover key from only one complete authentication!\n\n"); |
7847961b |
23 | |
838c15a6 |
24 | if (argc < 6) { |
a81b99b9 |
25 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc...]\n\n", argv[0]); |
838c15a6 |
26 | return 1; |
27 | } |
7847961b |
28 | |
a81b99b9 |
29 | int encc = argc - 6; |
30 | int enclen[encc]; |
31 | uint8_t enc[encc][120]; |
32 | |
838c15a6 |
33 | sscanf(argv[1],"%x",&uid); |
34 | sscanf(argv[2],"%x",&nt); |
35 | sscanf(argv[3],"%x",&nr_enc); |
36 | sscanf(argv[4],"%x",&ar_enc); |
37 | sscanf(argv[5],"%x",&at_enc); |
a81b99b9 |
38 | for (int i = 0; i < encc; i++) { |
39 | enclen[i] = strlen(argv[i + 6]) / 2; |
40 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
41 | sscanf(argv[i+6] + i2*2,"%2x", (uint8_t*)&enc[i][i2]); |
42 | } |
43 | } |
44 | |
838c15a6 |
45 | printf("Recovering key for:\n"); |
a81b99b9 |
46 | |
838c15a6 |
47 | printf(" uid: %08x\n",uid); |
48 | printf(" nt: %08x\n",nt); |
49 | printf(" {nr}: %08x\n",nr_enc); |
50 | printf(" {ar}: %08x\n",ar_enc); |
51 | printf(" {at}: %08x\n",at_enc); |
7847961b |
52 | |
a81b99b9 |
53 | for (int i = 0; i < encc; i++) { |
54 | printf("{enc%d}: ", i); |
55 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
56 | printf("%02x", enc[i][i2]); |
57 | } |
58 | printf("\n"); |
59 | } |
60 | |
7847961b |
61 | // Generate lfsr succesors of the tag challenge |
838c15a6 |
62 | printf("\nLFSR succesors of the tag challenge:\n"); |
63 | printf(" nt': %08x\n",prng_successor(nt, 64)); |
64 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
65 | |
66 | clock_t t1 = clock(); |
67 | |
68 | // Extract the keystream from the messages |
69 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
70 | ks2 = ar_enc ^ prng_successor(nt, 64); |
71 | ks3 = at_enc ^ prng_successor(nt, 96); |
72 | printf(" ks2: %08x\n",ks2); |
73 | printf(" ks3: %08x\n",ks3); |
7847961b |
74 | |
838c15a6 |
75 | revstate = lfsr_recovery64(ks2, ks3); |
a81b99b9 |
76 | |
77 | // Decrypting communication using keystream if presented |
78 | if (argc > 6 ) { |
79 | printf("\nDecrypted communication:\n"); |
80 | uint8_t ks4; |
81 | int rollb = 0; |
82 | for (int i = 0; i < encc; i++) { |
83 | printf("{dec%d}: ", i); |
84 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
85 | ks4 = crypto1_byte(revstate, 0, 0); |
86 | printf("%02x", ks4 ^ enc[i][i2]); |
87 | rollb += 1; |
88 | } |
89 | printf("\n"); |
90 | } |
91 | for (int i = 0; i < rollb; i++) |
92 | lfsr_rollback_byte(revstate, 0, 0); |
93 | } |
94 | |
838c15a6 |
95 | lfsr_rollback_word(revstate, 0, 0); |
96 | lfsr_rollback_word(revstate, 0, 0); |
97 | lfsr_rollback_word(revstate, nr_enc, 1); |
98 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
99 | crypto1_get_lfsr(revstate, &key); |
100 | printf("\nFound Key: [%012"llx"]\n\n",key); |
101 | crypto1_destroy(revstate); |
102 | |
103 | t1 = clock() - t1; |
104 | if ( t1 > 0 ) printf("Time : %.0f ticks \n", (float)t1); |
105 | return 0; |
7847961b |
106 | } |