cda056bb |
1 | #define __STDC_FORMAT_MACROS |
7847961b |
2 | #include <stdio.h> |
77dee16f |
3 | #include <string.h> |
838c15a6 |
4 | #include <time.h> |
77dee16f |
5 | #include <inttypes.h> |
6 | #include "crapto1.h" |
838c15a6 |
7 | |
8 | #define llx PRIx64 |
9 | #define lli PRIi64 |
7847961b |
10 | |
11 | int main (int argc, char *argv[]) { |
838c15a6 |
12 | struct Crypto1State *revstate; |
13 | uint64_t key; // recovered key |
14 | uint32_t uid; // serial number |
15 | uint32_t nt; // tag challenge |
16 | uint32_t nr_enc; // encrypted reader challenge |
17 | uint32_t ar_enc; // encrypted reader response |
18 | uint32_t at_enc; // encrypted tag response |
19 | uint32_t ks2; // keystream used to encrypt reader response |
20 | uint32_t ks3; // keystream used to encrypt tag response |
7847961b |
21 | |
838c15a6 |
22 | printf("MIFARE Classic key recovery - based 64 bits of keystream\n"); |
23 | printf("Recover key from only one complete authentication!\n\n"); |
7847961b |
24 | |
838c15a6 |
25 | if (argc < 6) { |
a81b99b9 |
26 | printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc...]\n\n", argv[0]); |
838c15a6 |
27 | return 1; |
28 | } |
7847961b |
29 | |
a81b99b9 |
30 | int encc = argc - 6; |
31 | int enclen[encc]; |
32 | uint8_t enc[encc][120]; |
33 | |
838c15a6 |
34 | sscanf(argv[1],"%x",&uid); |
35 | sscanf(argv[2],"%x",&nt); |
36 | sscanf(argv[3],"%x",&nr_enc); |
37 | sscanf(argv[4],"%x",&ar_enc); |
38 | sscanf(argv[5],"%x",&at_enc); |
a81b99b9 |
39 | for (int i = 0; i < encc; i++) { |
40 | enclen[i] = strlen(argv[i + 6]) / 2; |
41 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
77dee16f |
42 | sscanf(argv[i+6] + i2*2, "%2x", (unsigned int *)&enc[i][i2]); |
a81b99b9 |
43 | } |
44 | } |
45 | |
838c15a6 |
46 | printf("Recovering key for:\n"); |
a81b99b9 |
47 | |
838c15a6 |
48 | printf(" uid: %08x\n",uid); |
49 | printf(" nt: %08x\n",nt); |
50 | printf(" {nr}: %08x\n",nr_enc); |
51 | printf(" {ar}: %08x\n",ar_enc); |
52 | printf(" {at}: %08x\n",at_enc); |
7847961b |
53 | |
a81b99b9 |
54 | for (int i = 0; i < encc; i++) { |
55 | printf("{enc%d}: ", i); |
56 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
57 | printf("%02x", enc[i][i2]); |
58 | } |
59 | printf("\n"); |
60 | } |
61 | |
7847961b |
62 | // Generate lfsr succesors of the tag challenge |
838c15a6 |
63 | printf("\nLFSR succesors of the tag challenge:\n"); |
64 | printf(" nt': %08x\n",prng_successor(nt, 64)); |
65 | printf(" nt'': %08x\n",prng_successor(nt, 96)); |
66 | |
67 | clock_t t1 = clock(); |
68 | |
69 | // Extract the keystream from the messages |
70 | printf("\nKeystream used to generate {ar} and {at}:\n"); |
71 | ks2 = ar_enc ^ prng_successor(nt, 64); |
72 | ks3 = at_enc ^ prng_successor(nt, 96); |
73 | printf(" ks2: %08x\n",ks2); |
74 | printf(" ks3: %08x\n",ks3); |
7847961b |
75 | |
838c15a6 |
76 | revstate = lfsr_recovery64(ks2, ks3); |
a81b99b9 |
77 | |
78 | // Decrypting communication using keystream if presented |
79 | if (argc > 6 ) { |
80 | printf("\nDecrypted communication:\n"); |
81 | uint8_t ks4; |
82 | int rollb = 0; |
83 | for (int i = 0; i < encc; i++) { |
84 | printf("{dec%d}: ", i); |
85 | for (int i2 = 0; i2 < enclen[i]; i2++) { |
86 | ks4 = crypto1_byte(revstate, 0, 0); |
87 | printf("%02x", ks4 ^ enc[i][i2]); |
88 | rollb += 1; |
89 | } |
90 | printf("\n"); |
91 | } |
92 | for (int i = 0; i < rollb; i++) |
93 | lfsr_rollback_byte(revstate, 0, 0); |
94 | } |
95 | |
838c15a6 |
96 | lfsr_rollback_word(revstate, 0, 0); |
97 | lfsr_rollback_word(revstate, 0, 0); |
98 | lfsr_rollback_word(revstate, nr_enc, 1); |
99 | lfsr_rollback_word(revstate, uid ^ nt, 0); |
100 | crypto1_get_lfsr(revstate, &key); |
77dee16f |
101 | printf("\nFound Key: [%012"llx"]\n\n", key); |
838c15a6 |
102 | crypto1_destroy(revstate); |
103 | |
104 | t1 = clock() - t1; |
105 | if ( t1 > 0 ) printf("Time : %.0f ticks \n", (float)t1); |
106 | return 0; |
7847961b |
107 | } |