]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - client/mifare4.c
3489c85761e690d9cc7ccb61d182018b82d6402b
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2018 Merlok
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // iso14443-4 mifare commands
9 //-----------------------------------------------------------------------------
17 #include "polarssl/libpcrypto.h"
19 int MifareAuth4(mf4Session
*session
, uint8_t *keyn
, uint8_t *key
, bool activateField
, bool leaveSignalON
, bool verbose
) {
20 uint8_t data
[257] = {0};
23 uint8_t Rnd1
[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
24 uint8_t Rnd2
[17] = {0};
27 session
->Authenticated
= false;
29 uint8_t cmd1
[] = {0x70, keyn
[1], keyn
[0], 0x00};
30 int res
= ExchangeRAW14a(cmd1
, sizeof(cmd1
), activateField
, true, data
, sizeof(data
), &datalen
);
32 PrintAndLog("ERROR exchande raw error: %d", res
);
38 PrintAndLog("<phase1: %s", sprint_hex(data
, datalen
));
41 PrintAndLog("ERROR: card response length: %d", datalen
);
46 if (data
[0] != 0x90) {
47 PrintAndLog("ERROR: card response error: %02x", data
[2]);
52 if (datalen
!= 19) { // code 1b + 16b + crc 2b
53 PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen
);
58 aes_decode(NULL
, key
, &data
[1], Rnd2
, 16);
61 PrintAndLog("Rnd2: %s", sprint_hex(Rnd2
, 16));
63 uint8_t cmd2
[33] = {0};
66 uint8_t raw
[32] = {0};
67 memmove(raw
, Rnd1
, 16);
68 memmove(&raw
[16], &Rnd2
[1], 16);
70 aes_encode(NULL
, key
, raw
, &cmd2
[1], 32);
72 PrintAndLog(">phase2: %s", sprint_hex(cmd2
, 33));
74 res
= ExchangeRAW14a(cmd2
, sizeof(cmd2
), false, false, data
, sizeof(data
), &datalen
);
76 PrintAndLog("ERROR exchande raw error: %d", res
);
82 PrintAndLog("<phase2: %s", sprint_hex(data
, datalen
));
84 aes_decode(NULL
, key
, &data
[1], raw
, 32);
87 PrintAndLog("res: %s", sprint_hex(raw
, 32));
88 PrintAndLog("Rnd1`: %s", sprint_hex(&raw
[4], 16));
91 if (memcmp(&raw
[4], &Rnd1
[1], 16)) {
92 PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
94 PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1
[1], 16));
95 PrintAndLog("rnd1 card: %s", sprint_hex(&raw
[4], 16));
108 session
->Authenticated
= true;
109 session
->KeyNum
= keyn
[1] + (keyn
[0] << 8);
110 memmove(session
->Rnd1
, Rnd1
, 16);
111 memmove(session
->Rnd2
, Rnd2
, 16);
114 PrintAndLog("Authentication OK");