]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - client/mifarehost.c
2 // people from mifare@nethemba.com, 2010
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
9 //-----------------------------------------------------------------------------
15 #include "mifarehost.h"
16 #include "proxmark3.h"
17 //#include "radixsort.h"
20 int compar_int(const void * a
, const void * b
) {
21 // didn't work: (the result is truncated to 32 bits)
22 //return (*(uint64_t*)b - *(uint64_t*)a);
25 // if (*(uint64_t*)b > *(uint64_t*)a) return 1;
26 // if (*(uint64_t*)b < *(uint64_t*)a) return -1;
29 return (*(uint64_t*)b
> *(uint64_t*)a
) - (*(uint64_t*)b
< *(uint64_t*)a
);
30 //return (*(int64_t*)b > *(int64_t*)a) - (*(int64_t*)b < *(int64_t*)a);
33 // Compare 16 Bits out of cryptostate
34 int Compare16Bits(const void * a
, const void * b
) {
36 // if ((*(uint64_t*)b & 0x00ff000000ff0000) > (*(uint64_t*)a & 0x00ff000000ff0000)) return 1;
37 // if ((*(uint64_t*)b & 0x00ff000000ff0000) < (*(uint64_t*)a & 0x00ff000000ff0000)) return -1;
41 ((*(uint64_t*)b
& 0x00ff000000ff0000) > (*(uint64_t*)a
& 0x00ff000000ff0000))
43 ((*(uint64_t*)b
& 0x00ff000000ff0000) < (*(uint64_t*)a
& 0x00ff000000ff0000))
46 // ((*(int64_t*)b & 0x00ff000000ff0000) > (*(int64_t*)a & 0x00ff000000ff0000))
48 // ((*(int64_t*)b & 0x00ff000000ff0000) < (*(int64_t*)a & 0x00ff000000ff0000))
55 struct Crypto1State
*slhead
;
59 struct Crypto1State
*sltail
;
71 // wrapper function for multi-threaded lfsr_recovery32
72 void* nested_worker_thread(void *arg
)
74 struct Crypto1State
*p1
;
75 StateList_t
*statelist
= arg
;
77 statelist
->head
.slhead
= lfsr_recovery32(statelist
->ks1
, statelist
->nt
^ statelist
->uid
);
79 for (p1
= statelist
->head
.slhead
; *(uint64_t *)p1
!= 0; ++p1
);
81 statelist
->len
= p1
- statelist
->head
.slhead
;
82 statelist
->tail
.sltail
= --p1
;
83 qsort(statelist
->head
.slhead
, statelist
->len
, sizeof(uint64_t), Compare16Bits
);
85 return statelist
->head
.slhead
;
88 int mfnested(uint8_t blockNo
, uint8_t keyType
, uint8_t * key
, uint8_t trgBlockNo
, uint8_t trgKeyType
, uint8_t * resultKey
, bool calibrate
)
93 StateList_t statelists
[2];
94 struct Crypto1State
*p1
, *p2
, *p3
, *p4
;
96 UsbCommand c
= {CMD_MIFARE_NESTED
, {blockNo
+ keyType
* 0x100, trgBlockNo
+ trgKeyType
* 0x100, calibrate
}};
97 memcpy(c
.d
.asBytes
, key
, 6);
100 if (!WaitForResponseTimeout(CMD_ACK
, &resp
, 1500)) return -1;
102 // error during nested
103 if (resp
.arg
[0]) return resp
.arg
[0];
105 memcpy(&uid
, resp
.d
.asBytes
, 4);
107 for (i
= 0; i
< 2; ++i
) {
108 statelists
[i
].blockNo
= resp
.arg
[2] & 0xff;
109 statelists
[i
].keyType
= (resp
.arg
[2] >> 8) & 0xff;
110 statelists
[i
].uid
= uid
;
111 memcpy(&statelists
[i
].nt
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 0), 4);
112 memcpy(&statelists
[i
].ks1
, (void *)(resp
.d
.asBytes
+ 4 + i
* 8 + 4), 4);
116 pthread_t thread_id
[2];
118 // create and run worker threads
119 for (i
= 0; i
< 2; i
++)
120 pthread_create(thread_id
+ i
, NULL
, nested_worker_thread
, &statelists
[i
]);
122 // wait for threads to terminate:
123 for (i
= 0; i
< 2; i
++)
124 pthread_join(thread_id
[i
], (void*)&statelists
[i
].head
.slhead
);
127 // the first 16 Bits of the cryptostate already contain part of our key.
128 // Create the intersection of the two lists based on these 16 Bits and
129 // roll back the cryptostate
130 p1
= p3
= statelists
[0].head
.slhead
;
131 p2
= p4
= statelists
[1].head
.slhead
;
132 while (p1
<= statelists
[0].tail
.sltail
&& p2
<= statelists
[1].tail
.sltail
) {
133 if (Compare16Bits(p1
, p2
) == 0) {
134 struct Crypto1State savestate
, *savep
= &savestate
;
136 while(Compare16Bits(p1
, savep
) == 0 && p1
<= statelists
[0].tail
.sltail
) {
138 lfsr_rollback_word(p3
, statelists
[0].nt
^ statelists
[0].uid
, 0);
143 while(Compare16Bits(p2
, savep
) == 0 && p2
<= statelists
[1].tail
.sltail
) {
145 lfsr_rollback_word(p4
, statelists
[1].nt
^ statelists
[1].uid
, 0);
151 while (Compare16Bits(p1
, p2
) == -1) p1
++;
152 while (Compare16Bits(p1
, p2
) == 1) p2
++;
156 p3
->even
= 0; p3
->odd
= 0;
157 p4
->even
= 0; p4
->odd
= 0;
158 statelists
[0].len
= p3
- statelists
[0].head
.slhead
;
159 statelists
[1].len
= p4
- statelists
[1].head
.slhead
;
160 statelists
[0].tail
.sltail
=--p3
;
161 statelists
[1].tail
.sltail
=--p4
;
163 // the statelists now contain possible keys. The key we are searching for must be in the
164 // intersection of both lists. Create the intersection:
165 qsort(statelists
[0].head
.keyhead
, statelists
[0].len
, sizeof(uint64_t), compar_int
);
166 qsort(statelists
[1].head
.keyhead
, statelists
[1].len
, sizeof(uint64_t), compar_int
);
168 // clock_t t1 = clock();
169 //radixSort(statelists[0].head.keyhead, statelists[0].len);
170 //radixSort(statelists[1].head.keyhead, statelists[1].len);
171 // t1 = clock() - t1;
172 // PrintAndLog("radixsort, ticks %.0f", (float)t1);
174 uint64_t *p5
, *p6
, *p7
;
175 p5
= p7
= statelists
[0].head
.keyhead
;
176 p6
= statelists
[1].head
.keyhead
;
177 while (p5
<= statelists
[0].tail
.keytail
&& p6
<= statelists
[1].tail
.keytail
) {
178 if (compar_int(p5
, p6
) == 0) {
183 while (compar_int(p5
, p6
) == -1) p5
++;
184 while (compar_int(p5
, p6
) == 1) p6
++;
187 statelists
[0].len
= p7
- statelists
[0].head
.keyhead
;
188 statelists
[0].tail
.keytail
= --p7
;
190 memset(resultKey
, 0, 6);
193 // The list may still contain several key candidates. Test each of them with mfCheckKeys
194 for (i
= 0; i
< statelists
[0].len
; i
++) {
196 crypto1_get_lfsr(statelists
[0].head
.slhead
+ i
, &key64
);
197 num_to_bytes(key64
, 6, resultKey
);
199 if (!mfCheckKeys(statelists
[0].blockNo
, statelists
[0].keyType
, false, 1, resultKey
, &key64
)) {
200 free(statelists
[0].head
.slhead
);
201 free(statelists
[1].head
.slhead
);
202 PrintAndLog("UID: %08x target block:%3u key type: %c -- Found key [%012"llx
"]", uid
, (uint16_t)resp
.arg
[2] & 0xff, (resp
.arg
[2] >> 8)?'B':'A', key64
);
206 PrintAndLog("UID: %08x target block:%3u key type: %c", uid
, (uint16_t)resp
.arg
[2] & 0xff, (resp
.arg
[2] >> 8)?'B':'A');
207 free(statelists
[0].head
.slhead
);
208 free(statelists
[1].head
.slhead
);
212 int mfCheckKeys (uint8_t blockNo
, uint8_t keyType
, bool clear_trace
, uint8_t keycnt
, uint8_t * keyBlock
, uint64_t * key
){
215 UsbCommand c
= {CMD_MIFARE_CHKKEYS
, { (blockNo
| (keyType
<<8)), clear_trace
, keycnt
}};
216 memcpy(c
.d
.asBytes
, keyBlock
, 6 * keycnt
);
217 clearCommandBuffer();
220 if (!WaitForResponseTimeout(CMD_ACK
,&resp
, 3000)) return 1;
221 if ((resp
.arg
[0] & 0xff) != 0x01) return 2;
222 *key
= bytes_to_num(resp
.d
.asBytes
, 6);
228 int mfEmlGetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
229 UsbCommand c
= {CMD_MIFARE_EML_MEMGET
, {blockNum
, blocksCount
, 0}};
230 clearCommandBuffer();
233 if (!WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) return 1;
234 memcpy(data
, resp
.d
.asBytes
, blocksCount
* 16);
238 int mfEmlSetMem(uint8_t *data
, int blockNum
, int blocksCount
) {
239 return mfEmlSetMem_xt(data
, blockNum
, blocksCount
, 16);
242 int mfEmlSetMem_xt(uint8_t *data
, int blockNum
, int blocksCount
, int blockBtWidth
) {
243 UsbCommand c
= {CMD_MIFARE_EML_MEMSET
, {blockNum
, blocksCount
, blockBtWidth
}};
244 memcpy(c
.d
.asBytes
, data
, blocksCount
* blockBtWidth
);
246 clearCommandBuffer();
253 int mfCSetUID(uint8_t *uid
, uint8_t *atqa
, uint8_t *sak
, uint8_t *oldUID
, uint8_t wipecard
) {
255 uint8_t params
= MAGIC_SINGLE
;
257 memset(block0
, 0x00, sizeof(block0
));
259 int old
= mfCGetBlock(0, block0
, params
);
261 PrintAndLog("old block 0: %s", sprint_hex(block0
, sizeof(block0
)));
263 PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
265 // fill in the new values
267 memcpy(block0
, uid
, 4);
269 block0
[4] = block0
[0]^block0
[1]^block0
[2]^block0
[3];
270 // mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
274 if ( atqa
!= NULL
) {
278 PrintAndLog("new block 0: %s", sprint_hex(block0
,16));
280 if ( wipecard
) params
|= MAGIC_WIPE
;
281 if ( oldUID
== NULL
) params
|= MAGIC_UID
;
283 return mfCSetBlock(0, block0
, oldUID
, params
);
286 int mfCSetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t *uid
, uint8_t params
) {
289 UsbCommand c
= {CMD_MIFARE_CSETBLOCK
, {params
, blockNo
, 0}};
290 memcpy(c
.d
.asBytes
, data
, 16);
291 clearCommandBuffer();
294 if (WaitForResponseTimeout(CMD_ACK
, &resp
, 1500)) {
295 isOK
= resp
.arg
[0] & 0xff;
297 memcpy(uid
, resp
.d
.asBytes
, 4);
301 PrintAndLog("Command execute timeout");
307 int mfCGetBlock(uint8_t blockNo
, uint8_t *data
, uint8_t params
) {
309 UsbCommand c
= {CMD_MIFARE_CGETBLOCK
, {params
, blockNo
, 0}};
310 clearCommandBuffer();
313 if (WaitForResponseTimeout(CMD_ACK
,&resp
,1500)) {
314 isOK
= resp
.arg
[0] & 0xff;
315 memcpy(data
, resp
.d
.asBytes
, 16);
318 PrintAndLog("Command execute timeout");
327 static uint8_t trailerAccessBytes
[4] = {0x08, 0x77, 0x8F, 0x00};
330 char logHexFileName
[FILE_PATH_SIZE
] = {0x00};
331 static uint8_t traceCard
[4096] = {0x00};
332 static char traceFileName
[FILE_PATH_SIZE
] = {0x00};
333 static int traceState
= TRACE_IDLE
;
334 static uint8_t traceCurBlock
= 0;
335 static uint8_t traceCurKey
= 0;
337 struct Crypto1State
*traceCrypto1
= NULL
;
339 struct Crypto1State
*revstate
= NULL
;
345 uint32_t uid
= 0; // serial number
346 uint32_t nt
=0; // tag challenge
347 uint32_t nr_enc
=0; // encrypted reader challenge
348 uint32_t ar_enc
=0; // encrypted reader response
349 uint32_t at_enc
=0; // encrypted tag response
351 int isTraceCardEmpty(void) {
352 return ((traceCard
[0] == 0) && (traceCard
[1] == 0) && (traceCard
[2] == 0) && (traceCard
[3] == 0));
355 int isBlockEmpty(int blockN
) {
356 for (int i
= 0; i
< 16; i
++)
357 if (traceCard
[blockN
* 16 + i
] != 0) return 0;
362 int isBlockTrailer(int blockN
) {
363 return ((blockN
& 0x03) == 0x03);
366 int loadTraceCard(uint8_t *tuid
) {
368 char buf
[64] = {0x00};
369 uint8_t buf8
[64] = {0x00};
372 if (!isTraceCardEmpty())
375 memset(traceCard
, 0x00, 4096);
376 memcpy(traceCard
, tuid
+ 3, 4);
378 FillFileNameByUID(traceFileName
, tuid
, ".eml", 7);
380 f
= fopen(traceFileName
, "r");
387 memset(buf
, 0, sizeof(buf
));
388 if (fgets(buf
, sizeof(buf
), f
) == NULL
) {
389 PrintAndLog("File reading error.");
394 if (strlen(buf
) < 32){
396 PrintAndLog("File content error. Block data must include 32 HEX symbols");
400 for (i
= 0; i
< 32; i
+= 2)
401 sscanf(&buf
[i
], "%02x", (unsigned int *)&buf8
[i
/ 2]);
403 memcpy(traceCard
+ blockNum
* 16, buf8
, 16);
412 int saveTraceCard(void) {
415 if ((!strlen(traceFileName
)) || (isTraceCardEmpty())) return 0;
417 f
= fopen(traceFileName
, "w+");
420 for (int i
= 0; i
< 64; i
++) { // blocks
421 for (int j
= 0; j
< 16; j
++) // bytes
422 fprintf(f
, "%02x", *(traceCard
+ i
* 16 + j
));
429 int mfTraceInit(uint8_t *tuid
, uint8_t *atqa
, uint8_t sak
, bool wantSaveToEmlFile
) {
432 crypto1_destroy(traceCrypto1
);
436 if (wantSaveToEmlFile
)
439 traceCard
[4] = traceCard
[0] ^ traceCard
[1] ^ traceCard
[2] ^ traceCard
[3];
441 memcpy(&traceCard
[6], atqa
, 2);
443 uid
= bytes_to_num(tuid
+ 3, 4);
445 traceState
= TRACE_IDLE
;
450 void mf_crypto1_decrypt(struct Crypto1State
*pcs
, uint8_t *data
, int len
, bool isEncrypted
){
455 for (i
= 0; i
< len
; i
++)
456 data
[i
] = crypto1_byte(pcs
, 0x00, isEncrypted
) ^ data
[i
];
459 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], 0)) << 0;
460 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], 1)) << 1;
461 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], 2)) << 2;
462 bt
|= (crypto1_bit(pcs
, 0, isEncrypted
) ^ BIT(data
[0], 3)) << 3;
468 int mfTraceDecode(uint8_t *data_src
, int len
, bool wantSaveToEmlFile
) {
472 if (traceState
== TRACE_ERROR
) return 1;
475 traceState
= TRACE_ERROR
;
479 memcpy(data
, data_src
, len
);
480 if ((traceCrypto1
) && ((traceState
== TRACE_IDLE
) || (traceState
> TRACE_AUTH_OK
))) {
481 mf_crypto1_decrypt(traceCrypto1
, data
, len
, 0);
482 PrintAndLog("dec> %s", sprint_hex(data
, len
));
483 AddLogHex(logHexFileName
, "dec> ", data
, len
);
486 switch (traceState
) {
488 // check packet crc16!
489 if ((len
>= 4) && (!CheckCrc14443(CRC_14443_A
, data
, len
))) {
490 PrintAndLog("dec> CRC ERROR!!!");
491 AddLogLine(logHexFileName
, "dec> ", "CRC ERROR!!!");
492 traceState
= TRACE_ERROR
; // do not decrypt the next commands
497 if ((len
== 4) && ((data
[0] == 0x60) || (data
[0] == 0x61))) {
498 traceState
= TRACE_AUTH1
;
499 traceCurBlock
= data
[1];
500 traceCurKey
= data
[0] == 60 ? 1:0;
505 if ((len
==4) && ((data
[0] == 0x30))) {
506 traceState
= TRACE_READ_DATA
;
507 traceCurBlock
= data
[1];
512 if ((len
==4) && ((data
[0] == 0xA0))) {
513 traceState
= TRACE_WRITE_OK
;
514 traceCurBlock
= data
[1];
519 if ((len
==4) && ((data
[0] == 0x50) && (data
[1] == 0x00))) {
520 traceState
= TRACE_ERROR
; // do not decrypt the next commands
527 case TRACE_READ_DATA
:
529 traceState
= TRACE_IDLE
;
531 if (isBlockTrailer(traceCurBlock
)) {
532 memcpy(traceCard
+ traceCurBlock
* 16 + 6, data
+ 6, 4);
534 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
536 if (wantSaveToEmlFile
) saveTraceCard();
539 traceState
= TRACE_ERROR
;
545 if ((len
== 1) && (data
[0] == 0x0a)) {
546 traceState
= TRACE_WRITE_DATA
;
550 traceState
= TRACE_ERROR
;
555 case TRACE_WRITE_DATA
:
557 traceState
= TRACE_IDLE
;
559 memcpy(traceCard
+ traceCurBlock
* 16, data
, 16);
560 if (wantSaveToEmlFile
) saveTraceCard();
563 traceState
= TRACE_ERROR
;
570 traceState
= TRACE_AUTH2
;
571 nt
= bytes_to_num(data
, 4);
574 traceState
= TRACE_ERROR
;
581 traceState
= TRACE_AUTH_OK
;
583 nr_enc
= bytes_to_num(data
, 4);
584 ar_enc
= bytes_to_num(data
+ 4, 4);
587 traceState
= TRACE_ERROR
;
594 traceState
= TRACE_IDLE
;
596 at_enc
= bytes_to_num(data
, 4);
599 ks2
= ar_enc
^ prng_successor(nt
, 64);
600 ks3
= at_enc
^ prng_successor(nt
, 96);
601 revstate
= lfsr_recovery64(ks2
, ks3
);
602 lfsr_rollback_word(revstate
, 0, 0);
603 lfsr_rollback_word(revstate
, 0, 0);
604 lfsr_rollback_word(revstate
, nr_enc
, 1);
605 lfsr_rollback_word(revstate
, uid
^ nt
, 0);
607 crypto1_get_lfsr(revstate
, &key
);
608 printf("Key: %012"llx
"\n",key
);
609 AddLogUint64(logHexFileName
, "key: ", key
);
611 int blockShift
= ((traceCurBlock
& 0xFC) + 3) * 16;
612 if (isBlockEmpty((traceCurBlock
& 0xFC) + 3)) memcpy(traceCard
+ blockShift
+ 6, trailerAccessBytes
, 4);
615 num_to_bytes(key
, 6, traceCard
+ blockShift
+ 10);
617 num_to_bytes(key
, 6, traceCard
+ blockShift
);
619 if (wantSaveToEmlFile
) saveTraceCard();
622 crypto1_destroy(traceCrypto1
);
625 // set cryptosystem state
626 traceCrypto1
= lfsr_recovery64(ks2
, ks3
);
628 // nt = crypto1_word(traceCrypto1, nt ^ uid, 1) ^ nt;
630 /* traceCrypto1 = crypto1_create(key); // key in lfsr
631 crypto1_word(traceCrypto1, nt ^ uid, 0);
632 crypto1_word(traceCrypto1, ar, 1);
633 crypto1_word(traceCrypto1, 0, 0);
634 crypto1_word(traceCrypto1, 0, 0);*/
638 traceState
= TRACE_ERROR
;
644 traceState
= TRACE_ERROR
;
651 int tryDecryptWord(uint32_t nt
, uint32_t ar_enc
, uint32_t at_enc
, uint8_t *data
, int len
){
653 uint32_t nt; // tag challenge
654 uint32_t nr_enc; // encrypted reader challenge
655 uint32_t ar_enc; // encrypted reader response
656 uint32_t at_enc; // encrypted tag response
658 struct Crypto1State
*pcs
= NULL
;
660 ks2
= ar_enc
^ prng_successor(nt
, 64);
661 ks3
= at_enc
^ prng_successor(nt
, 96);
663 PrintAndLog("Decrypting data with:");
664 PrintAndLog(" nt: %08x",nt
);
665 PrintAndLog(" ar_enc: %08x",ar_enc
);
666 PrintAndLog(" at_enc: %08x",at_enc
);
667 PrintAndLog("\nEncrypted data: [%s]", sprint_hex(data
,len
) );
669 pcs
= lfsr_recovery64(ks2
, ks3
);
670 mf_crypto1_decrypt(pcs
, data
, len
, FALSE
);
671 PrintAndLog("Decrypted data: [%s]", sprint_hex(data
,len
) );
672 crypto1_destroy(pcs
);