]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/loclass/elite_crack.h
chg: LF t55xx trace
[proxmark3-svn] / client / loclass / elite_crack.h
1 #ifndef ELITE_CRACK_H
2 #define ELITE_CRACK_H
3 void permutekey(uint8_t key[8], uint8_t dest[8]);
4 /**
5 * Permutes a key from iclass specific format to NIST format
6 * @brief permutekey_rev
7 * @param key
8 * @param dest
9 */
10 void permutekey_rev(uint8_t key[8], uint8_t dest[8]);
11 //Crack status, see below
12 #define CRACKED 0x0100
13 #define BEING_CRACKED 0x0200
14 #define CRACK_FAILED 0x0400
15
16 /**
17 * Perform a bruteforce against a file which has been saved by pm3
18 *
19 * @brief bruteforceFile
20 * @param filename
21 * @param keytable an arrah (128 x 16 bit ints). This is where the keydata is stored.
22 * OBS! the upper part of the 16 bits store crack-status,
23 * @return
24 */
25 int bruteforceFile(const char *filename, uint16_t keytable[]);
26 /**
27 *
28 * @brief Same as above, if you don't care about the returned keytable (results only printed on screen)
29 * @param filename
30 * @return
31 */
32 int bruteforceFileNoKeys(const char *filename);
33 /**
34 * @brief Same as bruteforcefile, but uses a an array of dumpdata instead
35 * @param dump
36 * @param dumpsize
37 * @param keytable
38 * @return
39 */
40 int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]);
41
42 /**
43 This is how we expect each 'entry' in a dumpfile to look
44 **/
45 typedef struct {
46 uint8_t csn[8];
47 uint8_t cc_nr[12];
48 uint8_t mac[4];
49
50 }dumpdata;
51
52 /**
53 * @brief Performs brute force attack against a dump-data item, containing csn, cc_nr and mac.
54 *This method calculates the hash1 for the CSN, and determines what bytes need to be bruteforced
55 *on the fly. If it finds that more than three bytes need to be bruteforced, it aborts.
56 *It updates the keytable with the findings, also using the upper half of the 16-bit ints
57 *to signal if the particular byte has been cracked or not.
58 *
59 * @param dump The dumpdata from iclass reader attack.
60 * @param keytable where to write found values.
61 * @return
62 */
63 int bruteforceItem(dumpdata item, uint16_t keytable[]);
64 /**
65 * Hash1 takes CSN as input, and determines what bytes in the keytable will be used
66 * when constructing the K_sel.
67 * @param csn the CSN used
68 * @param k output
69 */
70 void hash1(uint8_t csn[] , uint8_t k[]);
71 void hash2(uint8_t *key64, uint8_t *outp_keytable);
72 /**
73 * From dismantling iclass-paper:
74 * Assume that an adversary somehow learns the first 16 bytes of hash2(K_cus ), i.e., y [0] and z [0] .
75 * Then he can simply recover the master custom key K_cus by computing
76 * K_cus = ~DES(z[0] , y[0] ) .
77 *
78 * Furthermore, the adversary is able to verify that he has the correct K cus by
79 * checking whether z [0] = DES enc (K_cus , ~K_cus ).
80 * @param keytable an array (128 bytes) of hash2(kcus)
81 * @param master_key where to put the master key
82 * @return 0 for ok, 1 for failz
83 */
84 int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] );
85
86 /**
87 * @brief Test function
88 * @return
89 */
90 int testElite();
91
92 /**
93 Here are some pretty optimal values that can be used to recover necessary data in only
94 eight auth attempts.
95 // CSN HASH1 Bytes recovered //
96 { {0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0} , {0x01,0x01,0x00,0x00,0x45,0x01,0x45,0x45 } ,{0,1 }},
97 { {0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0} , {0x02,0x0c,0x01,0x00,0x45,0x01,0x45,0x45} , {2,12}},
98 { {0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0} , {0x07,0x45,0x0b,0x00,0x45,0x01,0x45,0x45} , {7,11}},
99 { {0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0} , {0x03,0x0f,0x00,0x00,0x45,0x01,0x45,0x45} , {3,15}},
100 { {0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0} , {0x04,0x00,0x08,0x00,0x45,0x01,0x45,0x45} , {4,8}},
101 { {0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0} , {0x0e,0x06,0x08,0x00,0x45,0x01,0x45,0x45} , {6,14}},
102 { {0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0} , {0x0b,0x09,0x0f,0x00,0x45,0x01,0x05,0x45} , {9,5}},
103 { {0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0} , {0x0d,0x0f,0x0a,0x00,0x45,0x01,0x05,0x45} , {10,13}},
104
105 **/
106
107
108 #endif
Impressum, Datenschutz