| | 1 | //----------------------------------------------------------------------------- |
| | 2 | // Merlok - June 2011 |
| | 3 | // Roel - Dec 2009 |
| | 4 | // Unknown author |
| | 5 | // |
| | 6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
| | 7 | // at your option, any later version. See the LICENSE.txt file for the text of |
| | 8 | // the license. |
| | 9 | //----------------------------------------------------------------------------- |
| | 10 | // MIFARE Darkside hack |
| | 11 | //----------------------------------------------------------------------------- |
| | 12 | |
| | 13 | #include "mfkey.h" |
| | 14 | |
| | 15 | #include "crapto1/crapto1.h" |
| | 16 | |
| | 17 | |
| | 18 | // recover key from 2 different reader responses on same tag challenge |
| | 19 | bool mfkey32(nonces_t data, uint64_t *outputkey) { |
| | 20 | struct Crypto1State *s,*t; |
| | 21 | uint64_t outkey = 0; |
| | 22 | uint64_t key = 0; // recovered key |
| | 23 | bool isSuccess = false; |
| | 24 | uint8_t counter = 0; |
| | 25 | |
| | 26 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); |
| | 27 | |
| | 28 | for(t = s; t->odd | t->even; ++t) { |
| | 29 | lfsr_rollback_word(t, 0, 0); |
| | 30 | lfsr_rollback_word(t, data.nr, 1); |
| | 31 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); |
| | 32 | crypto1_get_lfsr(t, &key); |
| | 33 | crypto1_word(t, data.cuid ^ data.nonce, 0); |
| | 34 | crypto1_word(t, data.nr2, 1); |
| | 35 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce, 64))) { |
| | 36 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); |
| | 37 | outkey = key; |
| | 38 | counter++; |
| | 39 | if (counter == 20) break; |
| | 40 | } |
| | 41 | } |
| | 42 | isSuccess = (counter == 1); |
| | 43 | *outputkey = ( isSuccess ) ? outkey : 0; |
| | 44 | crypto1_destroy(s); |
| | 45 | /* //un-comment to save all keys to a stats.txt file |
| | 46 | FILE *fout; |
| | 47 | if ((fout = fopen("stats.txt","ab")) == NULL) { |
| | 48 | PrintAndLog("Could not create file name stats.txt"); |
| | 49 | return 1; |
| | 50 | } |
| | 51 | fprintf(fout, "mfkey32,%d,%08x,%d,%s,%04x%08x,%.0Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t)(outkey>>32) & 0xFFFF,(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); |
| | 52 | fclose(fout); |
| | 53 | */ |
| | 54 | return isSuccess; |
| | 55 | } |
| | 56 | |
| | 57 | // recover key from 2 reader responses on 2 different tag challenges |
| | 58 | bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) { |
| | 59 | struct Crypto1State *s, *t; |
| | 60 | uint64_t outkey = 0; |
| | 61 | uint64_t key = 0; // recovered key |
| | 62 | bool isSuccess = false; |
| | 63 | int counter = 0; |
| | 64 | |
| | 65 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); |
| | 66 | |
| | 67 | for(t = s; t->odd | t->even; ++t) { |
| | 68 | lfsr_rollback_word(t, 0, 0); |
| | 69 | lfsr_rollback_word(t, data.nr, 1); |
| | 70 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); |
| | 71 | crypto1_get_lfsr(t, &key); |
| | 72 | |
| | 73 | crypto1_word(t, data.cuid ^ data.nonce2, 0); |
| | 74 | crypto1_word(t, data.nr2, 1); |
| | 75 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce2, 64))) { |
| | 76 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); |
| | 77 | outkey=key; |
| | 78 | ++counter; |
| | 79 | if (counter==20) |
| | 80 | break; |
| | 81 | } |
| | 82 | } |
| | 83 | isSuccess = (counter == 1); |
| | 84 | *outputkey = ( isSuccess ) ? outkey : 0; |
| | 85 | crypto1_destroy(s); |
| | 86 | /* // un-comment to output all keys to stats.txt |
| | 87 | FILE *fout; |
| | 88 | if ((fout = fopen("stats.txt","ab")) == NULL) { |
| | 89 | PrintAndLog("Could not create file name stats.txt"); |
| | 90 | return 1; |
| | 91 | } |
| | 92 | fprintf(fout, "moebius,%d,%08x,%d,%s,%04x%08x,%0.Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t) (outkey>>32),(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); |
| | 93 | fclose(fout); |
| | 94 | */ |
| | 95 | return isSuccess; |
| | 96 | } |
| | 97 | |
| | 98 | // recover key from reader response and tag response of one authentication sequence |
| | 99 | int mfkey64(nonces_t data, uint64_t *outputkey){ |
| | 100 | uint64_t key = 0; // recovered key |
| | 101 | uint32_t ks2; // keystream used to encrypt reader response |
| | 102 | uint32_t ks3; // keystream used to encrypt tag response |
| | 103 | struct Crypto1State *revstate; |
| | 104 | |
| | 105 | // Extract the keystream from the messages |
| | 106 | ks2 = data.ar ^ prng_successor(data.nonce, 64); |
| | 107 | ks3 = data.at ^ prng_successor(data.nonce, 96); |
| | 108 | revstate = lfsr_recovery64(ks2, ks3); |
| | 109 | lfsr_rollback_word(revstate, 0, 0); |
| | 110 | lfsr_rollback_word(revstate, 0, 0); |
| | 111 | lfsr_rollback_word(revstate, data.nr, 1); |
| | 112 | lfsr_rollback_word(revstate, data.cuid ^ data.nonce, 0); |
| | 113 | crypto1_get_lfsr(revstate, &key); |
| | 114 | // PrintAndLog("Found Key: [%012" PRIx64 "]", key); |
| | 115 | crypto1_destroy(revstate); |
| | 116 | *outputkey = key; |
| | 117 | |
| | 118 | return 0; |
| | 119 | } |
| | 120 | |
| | 121 | |
projects / proxmark3-svn / blame_incremental