]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // Merlok - June 2011 | |
3 | // Roel - Dec 2009 | |
4 | // Unknown author | |
5 | // | |
6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
7 | // at your option, any later version. See the LICENSE.txt file for the text of | |
8 | // the license. | |
9 | //----------------------------------------------------------------------------- | |
10 | // MIFARE Darkside hack | |
11 | //----------------------------------------------------------------------------- | |
12 | ||
13 | #include "nonce2key.h" | |
14 | ||
15 | #include <inttypes.h> | |
16 | #include <stdio.h> | |
17 | #include <stdlib.h> | |
18 | #include "mifarehost.h" | |
19 | #include "util.h" | |
20 | #include "crapto1/crapto1.h" | |
21 | ||
22 | // recover key from 2 different reader responses on same tag challenge | |
23 | bool mfkey32(nonces_t data, uint64_t *outputkey) { | |
24 | struct Crypto1State *s,*t; | |
25 | uint64_t outkey = 0; | |
26 | uint64_t key = 0; // recovered key | |
27 | bool isSuccess = false; | |
28 | uint8_t counter = 0; | |
29 | ||
30 | uint64_t t1 = msclock(); | |
31 | ||
32 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); | |
33 | ||
34 | for(t = s; t->odd | t->even; ++t) { | |
35 | lfsr_rollback_word(t, 0, 0); | |
36 | lfsr_rollback_word(t, data.nr, 1); | |
37 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); | |
38 | crypto1_get_lfsr(t, &key); | |
39 | crypto1_word(t, data.cuid ^ data.nonce, 0); | |
40 | crypto1_word(t, data.nr2, 1); | |
41 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce, 64))) { | |
42 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); | |
43 | outkey = key; | |
44 | counter++; | |
45 | if (counter == 20) break; | |
46 | } | |
47 | } | |
48 | isSuccess = (counter == 1); | |
49 | t1 = msclock() - t1; | |
50 | //if ( t1 > 0 ) PrintAndLog("Time in mfkey32: %.1f seconds \nFound %d possible keys", (float)t1/1000.0, counter); | |
51 | *outputkey = ( isSuccess ) ? outkey : 0; | |
52 | crypto1_destroy(s); | |
53 | /* //un-comment to save all keys to a stats.txt file | |
54 | FILE *fout; | |
55 | if ((fout = fopen("stats.txt","ab")) == NULL) { | |
56 | PrintAndLog("Could not create file name stats.txt"); | |
57 | return 1; | |
58 | } | |
59 | fprintf(fout, "mfkey32,%d,%08x,%d,%s,%04x%08x,%.0Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t)(outkey>>32) & 0xFFFF,(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); | |
60 | fclose(fout); | |
61 | */ | |
62 | return isSuccess; | |
63 | } | |
64 | ||
65 | // recover key from 2 reader responses on 2 different tag challenges | |
66 | bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) { | |
67 | struct Crypto1State *s, *t; | |
68 | uint64_t outkey = 0; | |
69 | uint64_t key = 0; // recovered key | |
70 | bool isSuccess = false; | |
71 | int counter = 0; | |
72 | ||
73 | //PrintAndLog("Enter mfkey32_moebius"); | |
74 | uint64_t t1 = msclock(); | |
75 | ||
76 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); | |
77 | ||
78 | for(t = s; t->odd | t->even; ++t) { | |
79 | lfsr_rollback_word(t, 0, 0); | |
80 | lfsr_rollback_word(t, data.nr, 1); | |
81 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); | |
82 | crypto1_get_lfsr(t, &key); | |
83 | ||
84 | crypto1_word(t, data.cuid ^ data.nonce2, 0); | |
85 | crypto1_word(t, data.nr2, 1); | |
86 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce2, 64))) { | |
87 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); | |
88 | outkey=key; | |
89 | ++counter; | |
90 | if (counter==20) | |
91 | break; | |
92 | } | |
93 | } | |
94 | isSuccess = (counter == 1); | |
95 | t1 = msclock() - t1; | |
96 | // PrintAndLog("Time in mfkey32_moebius: %.1f seconds \nFound %d possible keys", (float)t1/1000.0, counter); | |
97 | *outputkey = ( isSuccess ) ? outkey : 0; | |
98 | crypto1_destroy(s); | |
99 | /* // un-comment to output all keys to stats.txt | |
100 | FILE *fout; | |
101 | if ((fout = fopen("stats.txt","ab")) == NULL) { | |
102 | PrintAndLog("Could not create file name stats.txt"); | |
103 | return 1; | |
104 | } | |
105 | fprintf(fout, "moebius,%d,%08x,%d,%s,%04x%08x,%0.Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t) (outkey>>32),(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); | |
106 | fclose(fout); | |
107 | */ | |
108 | return isSuccess; | |
109 | } | |
110 | ||
111 | // recover key from reader response and tag response of one authentication sequence | |
112 | int mfkey64(nonces_t data, uint64_t *outputkey){ | |
113 | uint64_t key = 0; // recovered key | |
114 | uint32_t ks2; // keystream used to encrypt reader response | |
115 | uint32_t ks3; // keystream used to encrypt tag response | |
116 | struct Crypto1State *revstate; | |
117 | ||
118 | // PrintAndLog("Enter mfkey64"); | |
119 | uint64_t t1 = msclock(); | |
120 | ||
121 | // Extract the keystream from the messages | |
122 | ks2 = data.ar ^ prng_successor(data.nonce, 64); | |
123 | ks3 = data.at ^ prng_successor(data.nonce, 96); | |
124 | revstate = lfsr_recovery64(ks2, ks3); | |
125 | lfsr_rollback_word(revstate, 0, 0); | |
126 | lfsr_rollback_word(revstate, 0, 0); | |
127 | lfsr_rollback_word(revstate, data.nr, 1); | |
128 | lfsr_rollback_word(revstate, data.cuid ^ data.nonce, 0); | |
129 | crypto1_get_lfsr(revstate, &key); | |
130 | // PrintAndLog("Found Key: [%012" PRIx64 "]", key); | |
131 | crypto1_destroy(revstate); | |
132 | *outputkey = key; | |
133 | ||
134 | t1 = msclock() - t1; | |
135 | // PrintAndLog("Time in mfkey64: %.1f seconds \n", (float)t1/1000.0); | |
136 | return 0; | |
137 | } |