]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifaredesfire.c
Tested by changing the master key from the default to a custom value
[proxmark3-svn] / armsrc / mifaredesfire.c
index 42ae48cac7561e8a300d8c0b756a745466ed4ffb..132629912ab21e17efcf61d6f4a2040cf954a643 100644 (file)
@@ -294,6 +294,65 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                 desfirekey_t skey = &sessionKey;
                 Desfire_session_key_new( RndA, RndB , key, skey );
                 //print_result("SESSION : ", skey->data, 8);
+                
+                memcpy(encRndA, resp+3, 8);
+                des_dec(&encRndA, &encRndA, key->data);
+                rol(decRndA,8);
+                for (int x = 0; x < 8; x++) {
+                    if (decRndA[x] != encRndA[x]) {
+                        DbpString("Authetication failed. Cannot varify PICC.");
+                        OnError();
+                        return;
+                    }
+                }
+                
+                /*
+                //Change the selected key to a new value.
+                
+                cmd[0] = 0xc4;
+                cmd[1] = keyno;
+                
+                uint8_t first,second;
+                
+                uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
+                
+                uint8_t buff1[8] = {0x00};
+                uint8_t buff2[8] = {0x00};
+                uint8_t buff3[8] = {0x00};
+                
+                memcpy(buff1,newKey, 8);
+                memcpy(buff2,newKey + 8, 8);
+                
+                ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
+                
+                memcpy(buff3, &first, 1);
+                memcpy(buff3 + 1, &second, 1);
+                
+                des_dec(&buff1, &buff1, skey->data);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff2[x] = buff2[x] ^ buff1[x];
+                }
+                des_dec(&buff2, &buff2, skey->data);
+                
+                for (int x = 0; x < 8; x++) {
+                    buff3[x] = buff3[x] ^ buff2[x];
+                }
+                des_dec(&buff3, &buff3, skey->data);
+                
+                memcpy(cmd+2,buff1,8);
+                memcpy(cmd+10,buff2,8);
+                memcpy(cmd+18,buff3,8);
+                
+                // The command always times out on the first attempt, this will retry until a response
+                // is recieved.
+                len = 0;
+                while(!len) {
+                    len = DesfireAPDU(cmd,26,resp);
+                }
+                */
+                
+                OnSuccess();
                 cmd_send(CMD_ACK,1,0,0,skey->data,8);
                 
             } else {
@@ -302,18 +361,6 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                 return;
             }
             
-            memcpy(encRndA, resp+3, 8);
-            des_dec(&encRndA, &encRndA, key->data);
-            rol(decRndA,8);
-            for (int x = 0; x < 8; x++) {
-                if (decRndA[x] != encRndA[x]) {
-                    DbpString("Authetication failed. Cannot varify PICC.");
-                    OnError();
-                    return;
-                }
-            }
-            
-            
             }
             }
                        break;
Impressum, Datenschutz