]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // Merlok - June 2011 | |
3 | // Roel - Dec 2009 | |
4 | // Unknown author | |
5 | // | |
6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
7 | // at your option, any later version. See the LICENSE.txt file for the text of | |
8 | // the license. | |
9 | //----------------------------------------------------------------------------- | |
10 | // MIFARE Darkside hack | |
11 | //----------------------------------------------------------------------------- | |
12 | ||
13 | #include "mfkey.h" | |
14 | ||
15 | #include "crapto1/crapto1.h" | |
16 | ||
17 | ||
18 | // recover key from 2 different reader responses on same tag challenge | |
19 | bool mfkey32(nonces_t data, uint64_t *outputkey) { | |
20 | struct Crypto1State *s,*t; | |
21 | uint64_t outkey = 0; | |
22 | uint64_t key = 0; // recovered key | |
23 | bool isSuccess = false; | |
24 | uint8_t counter = 0; | |
25 | ||
26 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); | |
27 | ||
28 | for(t = s; t->odd | t->even; ++t) { | |
29 | lfsr_rollback_word(t, 0, 0); | |
30 | lfsr_rollback_word(t, data.nr, 1); | |
31 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); | |
32 | crypto1_get_lfsr(t, &key); | |
33 | crypto1_word(t, data.cuid ^ data.nonce, 0); | |
34 | crypto1_word(t, data.nr2, 1); | |
35 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce, 64))) { | |
36 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); | |
37 | outkey = key; | |
38 | counter++; | |
39 | if (counter == 20) break; | |
40 | } | |
41 | } | |
42 | isSuccess = (counter == 1); | |
43 | *outputkey = ( isSuccess ) ? outkey : 0; | |
44 | crypto1_destroy(s); | |
45 | /* //un-comment to save all keys to a stats.txt file | |
46 | FILE *fout; | |
47 | if ((fout = fopen("stats.txt","ab")) == NULL) { | |
48 | PrintAndLog("Could not create file name stats.txt"); | |
49 | return 1; | |
50 | } | |
51 | fprintf(fout, "mfkey32,%d,%08x,%d,%s,%04x%08x,%.0Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t)(outkey>>32) & 0xFFFF,(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); | |
52 | fclose(fout); | |
53 | */ | |
54 | return isSuccess; | |
55 | } | |
56 | ||
57 | // recover key from 2 reader responses on 2 different tag challenges | |
58 | bool mfkey32_moebius(nonces_t data, uint64_t *outputkey) { | |
59 | struct Crypto1State *s, *t; | |
60 | uint64_t outkey = 0; | |
61 | uint64_t key = 0; // recovered key | |
62 | bool isSuccess = false; | |
63 | int counter = 0; | |
64 | ||
65 | s = lfsr_recovery32(data.ar ^ prng_successor(data.nonce, 64), 0); | |
66 | ||
67 | for(t = s; t->odd | t->even; ++t) { | |
68 | lfsr_rollback_word(t, 0, 0); | |
69 | lfsr_rollback_word(t, data.nr, 1); | |
70 | lfsr_rollback_word(t, data.cuid ^ data.nonce, 0); | |
71 | crypto1_get_lfsr(t, &key); | |
72 | ||
73 | crypto1_word(t, data.cuid ^ data.nonce2, 0); | |
74 | crypto1_word(t, data.nr2, 1); | |
75 | if (data.ar2 == (crypto1_word(t, 0, 0) ^ prng_successor(data.nonce2, 64))) { | |
76 | //PrintAndLog("Found Key: [%012" PRIx64 "]",key); | |
77 | outkey=key; | |
78 | ++counter; | |
79 | if (counter==20) | |
80 | break; | |
81 | } | |
82 | } | |
83 | isSuccess = (counter == 1); | |
84 | *outputkey = ( isSuccess ) ? outkey : 0; | |
85 | crypto1_destroy(s); | |
86 | /* // un-comment to output all keys to stats.txt | |
87 | FILE *fout; | |
88 | if ((fout = fopen("stats.txt","ab")) == NULL) { | |
89 | PrintAndLog("Could not create file name stats.txt"); | |
90 | return 1; | |
91 | } | |
92 | fprintf(fout, "moebius,%d,%08x,%d,%s,%04x%08x,%0.Lf\r\n", counter, data.cuid, data.sector, (data.keytype) ? "B" : "A", (uint32_t) (outkey>>32),(uint32_t)(outkey&0xFFFFFFFF),(long double)t1); | |
93 | fclose(fout); | |
94 | */ | |
95 | return isSuccess; | |
96 | } | |
97 | ||
98 | // recover key from reader response and tag response of one authentication sequence | |
99 | int mfkey64(nonces_t data, uint64_t *outputkey){ | |
100 | uint64_t key = 0; // recovered key | |
101 | uint32_t ks2; // keystream used to encrypt reader response | |
102 | uint32_t ks3; // keystream used to encrypt tag response | |
103 | struct Crypto1State *revstate; | |
104 | ||
105 | // Extract the keystream from the messages | |
106 | ks2 = data.ar ^ prng_successor(data.nonce, 64); | |
107 | ks3 = data.at ^ prng_successor(data.nonce, 96); | |
108 | revstate = lfsr_recovery64(ks2, ks3); | |
109 | lfsr_rollback_word(revstate, 0, 0); | |
110 | lfsr_rollback_word(revstate, 0, 0); | |
111 | lfsr_rollback_word(revstate, data.nr, 1); | |
112 | lfsr_rollback_word(revstate, data.cuid ^ data.nonce, 0); | |
113 | crypto1_get_lfsr(revstate, &key); | |
114 | // PrintAndLog("Found Key: [%012" PRIx64 "]", key); | |
115 | crypto1_destroy(revstate); | |
116 | *outputkey = key; | |
117 | ||
118 | return 0; | |
119 | } | |
120 | ||
121 |