Remove unrelated file

[proxmark3-svn] / armsrc / mifaredesfire.c
diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c

index c56d8bc069d5920c02f1350e3e039e728bcdb3cc..132629912ab21e17efcf61d6f4a2040cf954a643 100644 (file)
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@@ -218,15 +218,24 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
         // des, nyckel 0, 
         switch (mode){
          case 1:{
+            if (algo == 1) {
+
              uint8_t keybytes[8];
+            uint8_t RndA[8] = {0x00};
+            uint8_t RndB[8] = {0x00};
+            
              if (datain[1] == 0xff){
                  memcpy(keybytes,null_key_data8,8);
              } else{
                  memcpy(keybytes, datain+1, datalen);
              }
              
+            struct desfire_key defaultkey = {0};
+            desfirekey_t key = &defaultkey;
+            Desfire_des_key_new(keybytes, key);
+            
              cmd[0] = AUTHENTICATE;
-            cmd[1] = 0x00;  //keynumber
+            cmd[1] = keyno;  //keynumber
              len = DesfireAPDU(cmd, 2, resp);
              if ( !len ) {
                  if (MF_DBGLEVEL >= 1) {
@@ -236,19 +245,25 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                  return;
              }
              
+            if ( resp[2] == 0xaf ){
+            } else {
+                DbpString("Authetication failed. Invalid key number.");
+                OnError();
+                return;
+            }
+            
              memcpy( encRndB, resp+3, 8);
              
-            des_dec(&decRndB, &encRndB, &keybytes);
-            Dbprintf("RndB: %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);
+            des_dec(&decRndB, &encRndB, key->data);
+            memcpy(RndB, decRndB, 8);
              rol(decRndB,8);
-            Dbprintf("RndB': %02x%02x%02x%02x%02x%02x%02x%02x",decRndB[0],decRndB[1],decRndB[2],decRndB[3],decRndB[4],decRndB[5],decRndB[6],decRndB[7]);
              
+            // This should be random
              uint8_t decRndA[8] = {0x00};
+            memcpy(RndA, decRndA, 8);
              uint8_t encRndA[8] = {0x00};
              
-            des_dec(&encRndA, &decRndA, &keybytes);
-            Dbprintf("RndA: %02x%02x%02x%02x%02x%02x%02x%02x",decRndA[0],decRndA[1],decRndA[2],decRndA[3],decRndA[4],decRndA[5],decRndA[6],decRndA[7]);
-            Dbprintf("ek0RandA: %02x%02x%02x%02x%02x%02x%02x%02x",encRndA[0],encRndA[1],encRndA[2],encRndA[3],encRndA[4],encRndA[5],encRndA[6],encRndA[7]);
+            des_dec(&encRndA, &decRndA, key->data);
              
              memcpy(both, encRndA, 8);
              
@@ -257,10 +272,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
  
              }
              
-            des_dec(&encRndB, &decRndB, &keybytes);
+            des_dec(&encRndB, &decRndB, key->data);
              
              memcpy(both + 8, encRndB, 8);
-            Dbprintf("both: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",both[0],both[1],both[2],both[3],both[4],both[5],both[6],both[7],both[8],both[9],both[10],both[11],both[12],both[13],both[14],both[15]);
              
              cmd[0] = ADDITIONAL_FRAME;
              memcpy(cmd+1, both, 16 );
@@ -274,8 +288,80 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                  return;
              }
              
-            // TODO: Check returned RandA'
+            if ( resp[2] == 0x00 ){
+                
+                struct desfire_key sessionKey = {0};
+                desfirekey_t skey = &sessionKey;
+                Desfire_session_key_new( RndA, RndB , key, skey );
+                //print_result("SESSION : ", skey->data, 8);
+                
+                memcpy(encRndA, resp+3, 8);
+                des_dec(&encRndA, &encRndA, key->data);
+                rol(decRndA,8);
+                for (int x = 0; x < 8; x++) {
+                    if (decRndA[x] != encRndA[x]) {
+                        DbpString("Authetication failed. Cannot varify PICC.");
+                        OnError();
+                        return;
+                    }
+                }
+                
+                /*
+                //Change the selected key to a new value.
+                
+                cmd[0] = 0xc4;
+                cmd[1] = keyno;
+                
+                uint8_t first,second;
+                
+                uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
+                
+                uint8_t buff1[8] = {0x00};
+                uint8_t buff2[8] = {0x00};
+                uint8_t buff3[8] = {0x00};
+                
+                memcpy(buff1,newKey, 8);
+                memcpy(buff2,newKey + 8, 8);
+                
+                ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
+                
+                memcpy(buff3, &first, 1);
+                memcpy(buff3 + 1, &second, 1);
+                
+                des_dec(&buff1, &buff1, skey->data);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff2[x] = buff2[x] ^ buff1[x];
+                }
+                des_dec(&buff2, &buff2, skey->data);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff3[x] = buff3[x] ^ buff2[x];
+                }
+                des_dec(&buff3, &buff3, skey->data);
+                
+                memcpy(cmd+2,buff1,8);
+                memcpy(cmd+10,buff2,8);
+                memcpy(cmd+18,buff3,8);
+                
+                // The command always times out on the first attempt, this will retry until a response
+                // is recieved.
+                len = 0;
+                while(!len) {
+                    len = DesfireAPDU(cmd,26,resp);
+                }
+                */
+                
+                OnSuccess();
+                cmd_send(CMD_ACK,1,0,0,skey->data,8);
+                
+            } else {
+                DbpString("Authetication failed.");
+                OnError();
+                return;
+            }
              
+            }
              }
                         break;
                 case 2: