crypto1_get_lfsr(statelists[0].head.slhead + i, &key64);\r
num_to_bytes(key64, 6, keyBlock);\r
key64 = 0;\r
- if (!mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, 1, keyBlock, &key64)) {\r
+ if (!mfCheckKeys(statelists[0].blockNo, statelists[0].keyType, false, 1, keyBlock, &key64)) {\r
num_to_bytes(key64, 6, resultKey);\r
break;\r
}\r
return 0;\r
}\r
\r
-int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){\r
+int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key){\r
\r
*key = 0;\r
\r
- UsbCommand c = {CMD_MIFARE_CHKKEYS, {blockNo, keyType, keycnt}};\r
+ UsbCommand c = {CMD_MIFARE_CHKKEYS, {((blockNo & 0xff) | ((keyType&0xff)<<8)), clear_trace, keycnt}};\r
memcpy(c.d.asBytes, keyBlock, 6 * keycnt);\r
SendCommand(&c);\r
\r
\r
return 0;\r
}\r
+\r
+int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len){\r
+ /*\r
+ uint32_t nt; // tag challenge\r
+ uint32_t ar_enc; // encrypted reader response\r
+ uint32_t at_enc; // encrypted tag response\r
+ */\r
+ if (traceCrypto1) {\r
+ crypto1_destroy(traceCrypto1);\r
+ }\r
+ ks2 = ar_enc ^ prng_successor(nt, 64);\r
+ ks3 = at_enc ^ prng_successor(nt, 96);\r
+ traceCrypto1 = lfsr_recovery64(ks2, ks3);\r
+\r
+ mf_crypto1_decrypt(traceCrypto1, data, len, 0);\r
+\r
+ PrintAndLog("Decrypted data: [%s]", sprint_hex(data,len) );\r
+ crypto1_destroy(traceCrypto1);\r
+ return 0;\r
+}\r
projects / proxmark3-svn / blobdiff