]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/mifare4.c
Mfp read plain (#704)
[proxmark3-svn] / client / mifare4.c
CommitLineData
ae3340a0
OM
1//-----------------------------------------------------------------------------
2// Copyright (C) 2018 Merlok
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// iso14443-4 mifare commands
9//-----------------------------------------------------------------------------
10
11#include "mifare4.h"
12#include <ctype.h>
13#include <string.h>
14#include "cmdhf14a.h"
15#include "util.h"
16#include "ui.h"
17#include "polarssl/libpcrypto.h"
18
c8a0f550
OM
19int CalculateMAC(mf4Session *session, uint8_t *data, int datalen, uint8_t *mac, bool verbose) {
20 if (!session || !session->Authenticated || !mac || !data || !datalen)
21 return 1;
22
23 memset(mac, 0x00, 8);
24
25 if (verbose)
26 PrintAndLog("MAC data[%d]: %s", datalen, sprint_hex(data, datalen));
27
28 return aes_cmac8(NULL, session->Key, data, mac, datalen);
29}
30
ae3340a0
OM
31int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
32 uint8_t data[257] = {0};
33 int datalen = 0;
34
35 uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
36 uint8_t Rnd2[17] = {0};
37
38 if (session)
39 session->Authenticated = false;
40
41 uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
42 int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
43 if (res) {
44 PrintAndLog("ERROR exchande raw error: %d", res);
45 DropField();
46 return 2;
47 }
48
49 if (verbose)
50 PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
51
52 if (datalen < 1) {
53 PrintAndLog("ERROR: card response length: %d", datalen);
54 DropField();
55 return 3;
56 }
57
58 if (data[0] != 0x90) {
59 PrintAndLog("ERROR: card response error: %02x", data[2]);
60 DropField();
61 return 3;
62 }
63
64 if (datalen != 19) { // code 1b + 16b + crc 2b
65 PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
66 DropField();
67 return 3;
68 }
69
70 aes_decode(NULL, key, &data[1], Rnd2, 16);
71 Rnd2[16] = Rnd2[0];
72 if (verbose)
73 PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
74
75 uint8_t cmd2[33] = {0};
76 cmd2[0] = 0x72;
77
78 uint8_t raw[32] = {0};
79 memmove(raw, Rnd1, 16);
80 memmove(&raw[16], &Rnd2[1], 16);
81
82 aes_encode(NULL, key, raw, &cmd2[1], 32);
83 if (verbose)
84 PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
85
c8a0f550 86 res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, true, data, sizeof(data), &datalen);
ae3340a0
OM
87 if (res) {
88 PrintAndLog("ERROR exchande raw error: %d", res);
89 DropField();
90 return 4;
91 }
92
93 if (verbose)
94 PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
95
96 aes_decode(NULL, key, &data[1], raw, 32);
97
98 if (verbose) {
99 PrintAndLog("res: %s", sprint_hex(raw, 32));
100 PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
101 }
102
103 if (memcmp(&raw[4], &Rnd1[1], 16)) {
104 PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
105 if (verbose) {
106 PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
107 PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
108 }
109 DropField();
110 return 5;
111 }
112
113 if (!leaveSignalON)
114 DropField();
115
116 if (verbose)
117 PrintAndLog("");
118
119 if (session) {
120 session->Authenticated = true;
121 session->KeyNum = keyn[1] + (keyn[0] << 8);
122 memmove(session->Rnd1, Rnd1, 16);
123 memmove(session->Rnd2, Rnd2, 16);
c8a0f550 124 memmove(session->Key, key, 16);
ae3340a0
OM
125 }
126
127 PrintAndLog("Authentication OK");
128
129 return 0;
130}
131
c8a0f550
OM
132// Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards),
133// plus evtl. 8 sectors with 16 blocks each (4k cards)
134uint8_t mfNumBlocksPerSector(uint8_t sectorNo) {
135 if (sectorNo < 32)
136 return 4;
137 else
138 return 16;
139}
140
141uint8_t mfFirstBlockOfSector(uint8_t sectorNo) {
142 if (sectorNo < 32)
143 return sectorNo * 4;
144 else
145 return 32 * 4 + (sectorNo - 32) * 16;
146}
147
148uint8_t mfSectorTrailer(uint8_t blockNo) {
149 if (blockNo < 32*4) {
150 return (blockNo | 0x03);
151 } else {
152 return (blockNo | 0x0f);
153 }
154}
155
156bool mfIsSectorTrailer(uint8_t blockNo) {
157 return (blockNo == mfSectorTrailer(blockNo));
158}
159
160uint8_t mfSectorNum(uint8_t blockNo) {
161 if (blockNo < 32 * 4)
162 return blockNo / 4;
163 else
164 return 32 + (blockNo - 32 * 4) / 16;
165
166}
Impressum, Datenschutz