X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/a1afa550ea5b602b6d8bc69bdc6f018696b21ff0..b01e7d206dcb98f1549df1ace52bfc8ce2719b1e:/tools/nonce2key/crapto1.c

diff --git a/tools/nonce2key/crapto1.c b/tools/nonce2key/crapto1.c
index 10dedcb5..1d854d96 100644
--- a/tools/nonce2key/crapto1.c
+++ b/tools/nonce2key/crapto1.c
@@ -31,49 +31,74 @@ static void __attribute__((constructor)) fill_lut()
 #define filter(x) (filterlut[(x) & 0xfffff])
 #endif
 
-static void quicksort(uint32_t* const start, uint32_t* const stop)
-{
-	uint32_t *it = start + 1, *rit = stop, t;
-
-	if(it > rit)
-		return;
-
-	while(it < rit)
-		if(*it <= *start)
-			++it;
-		else if(*rit > *start)
-			--rit;
-		else
-			t = *it,  *it = *rit, *rit = t;
-
-	if(*rit >= *start)
-		--rit;
-	if(rit != start)
-		t = *rit,  *rit = *start, *start = t;
-
-	quicksort(start, rit - 1);
-	quicksort(rit + 1, stop);
-}
-/** binsearch
- * Binary search for the first occurence of *stop's MSB in sorted [start,stop]
- */
-static inline uint32_t* binsearch(uint32_t *start, uint32_t *stop)
+
+
+typedef struct bucket {
+	uint32_t *head;
+	uint32_t *bp;
+} bucket_t;
+
+typedef bucket_t bucket_array_t[2][0x100];
+
+typedef struct bucket_info {
+	struct {
+		uint32_t *head, *tail;
+		} bucket_info[2][0x100];
+		uint32_t numbuckets;
+	} bucket_info_t;
+
+
+static void bucket_sort_intersect(uint32_t* const estart, uint32_t* const estop,
+								  uint32_t* const ostart, uint32_t* const ostop,
+								  bucket_info_t *bucket_info, bucket_array_t bucket)
 {
-	uint32_t mid, val = *stop & 0xff000000;
-	while(start != stop)
-		if(start[mid = (stop - start) >> 1] > val)
-			stop = &start[mid];
-		else
-			start += mid + 1;
-
-	return start;
+	uint32_t *p1, *p2;
+	uint32_t *start[2];
+	uint32_t *stop[2];
+
+	start[0] = estart;
+	stop[0] = estop;
+	start[1] = ostart;
+	stop[1] = ostop;
+
+	// init buckets to be empty
+	for (uint32_t i = 0; i < 2; i++) {
+		for (uint32_t j = 0x00; j <= 0xff; j++) {
+			bucket[i][j].bp = bucket[i][j].head;
+		}
+	}
+
+	// sort the lists into the buckets based on the MSB (contribution bits)
+	for (uint32_t i = 0; i < 2; i++) {
+		for (p1 = start[i]; p1 <= stop[i]; p1++) {
+			uint32_t bucket_index = (*p1 & 0xff000000) >> 24;
+			*(bucket[i][bucket_index].bp++) = *p1;
+		}
+	}
+
+
+	// write back intersecting buckets as sorted list.
+	// fill in bucket_info with head and tail of the bucket contents in the list and number of non-empty buckets.
+	uint32_t nonempty_bucket;
+	for (uint32_t i = 0; i < 2; i++) {
+		p1 = start[i];
+		nonempty_bucket = 0;
+		for (uint32_t j = 0x00; j <= 0xff; j++) {
+			if (bucket[0][j].bp != bucket[0][j].head && bucket[1][j].bp != bucket[1][j].head) { // non-empty intersecting buckets only
+				bucket_info->bucket_info[i][nonempty_bucket].head = p1;
+				for (p2 = bucket[i][j].head; p2 < bucket[i][j].bp; *p1++ = *p2++);
+				bucket_info->bucket_info[i][nonempty_bucket].tail = p1 - 1;
+				nonempty_bucket++;
+			}
+		}
+		bucket_info->numbuckets = nonempty_bucket;
+		}
 }
 
 /** update_contribution
  * helper, calculates the partial linear feedback contributions and puts in MSB
  */
-static inline void
-update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2)
+static inline void update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2)
 {
 	uint32_t p = *item >> 25;
 
@@ -85,8 +110,7 @@ update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2)
 /** extend_table
  * using a bit of the keystream extend the table of possible lfsr states
  */
-static inline void
-extend_table(uint32_t *tbl, uint32_t **end, int bit, int m1, int m2, uint32_t in)
+static inline void extend_table(uint32_t *tbl, uint32_t **end, int bit, int m1, int m2, uint32_t in)
 {
 	in <<= 24;
 	for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1)
@@ -109,14 +133,16 @@ extend_table(uint32_t *tbl, uint32_t **end, int bit, int m1, int m2, uint32_t in
  */
 static inline void extend_table_simple(uint32_t *tbl, uint32_t **end, int bit)
 {
-	for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1)
-		if(filter(*tbl) ^ filter(*tbl | 1)) {
+	for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1) {
+		if(filter(*tbl) ^ filter(*tbl | 1)) {	// replace
 			*tbl |= filter(*tbl) ^ bit;
-		} else if(filter(*tbl) == bit) {
+		} else if(filter(*tbl) == bit) {		// insert
 			*++*end = *++tbl;
 			*tbl = tbl[-1] | 1;
-		} else
+		} else	{								// drop
 			*tbl-- = *(*end)--;
+		}
+	}
 }
 /** recover
  * recursively narrow down the search space, 4 bits of keystream at a time
@@ -124,9 +150,10 @@ static inline void extend_table_simple(uint32_t *tbl, uint32_t **end, int bit)
 static struct Crypto1State*
 recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks,
 	uint32_t *e_head, uint32_t *e_tail, uint32_t eks, int rem,
-	struct Crypto1State *sl, uint32_t in)
+	struct Crypto1State *sl, uint32_t in, bucket_array_t bucket)
 {
-	uint32_t *o, *e, i;
+	uint32_t *o, *e;
+	bucket_info_t bucket_info;
 
 	if(rem == -1) {
 		for(e = e_head; e <= e_tail; ++e) {
@@ -140,35 +167,26 @@ recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks,
 		return sl;
 	}
 
-	for(i = 0; i < 4 && rem--; i++) {
+	for(uint32_t i = 0; i < 4 && rem--; i++) {
 		oks >>= 1;
 		eks >>= 1;
 		in >>= 2;
-		extend_table(o_head, &o_tail, oks & 1, LF_POLY_EVEN << 1 | 1,
-			     LF_POLY_ODD << 1, 0);
+		extend_table(o_head, &o_tail, oks & 1, LF_POLY_EVEN << 1 | 1, LF_POLY_ODD << 1, 0);
 		if(o_head > o_tail)
 			return sl;
 
-		extend_table(e_head, &e_tail, eks & 1, LF_POLY_ODD,
-			     LF_POLY_EVEN << 1 | 1, in & 3);
+		extend_table(e_head, &e_tail, eks & 1, LF_POLY_ODD, LF_POLY_EVEN << 1 | 1, in & 3);
 		if(e_head > e_tail)
 			return sl;
 	}
 
-	quicksort(o_head, o_tail);
-	quicksort(e_head, e_tail);
+	bucket_sort_intersect(e_head, e_tail, o_head, o_tail, &bucket_info, bucket);
 
-	while(o_tail >= o_head && e_tail >= e_head)
-		if(((*o_tail ^ *e_tail) >> 24) == 0) {
-			o_tail = binsearch(o_head, o = o_tail);
-			e_tail = binsearch(e_head, e = e_tail);
-			sl = recover(o_tail--, o, oks,
-				     e_tail--, e, eks, rem, sl, in);
+	for (int i = bucket_info.numbuckets - 1; i >= 0; i--) {
+		sl = recover(bucket_info.bucket_info[1][i].head, bucket_info.bucket_info[1][i].tail, oks,
+					 bucket_info.bucket_info[0][i].head, bucket_info.bucket_info[0][i].tail, eks,
+					 rem, sl, in, bucket);
 		}
-		else if(*o_tail > *e_tail)
-			o_tail = binsearch(o_head, o_tail) - 1;
-		else
-			e_tail = binsearch(e_head, e_tail) - 1;
 
 	return sl;
 }
@@ -201,6 +219,18 @@ struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in)
 
 	statelist->odd = statelist->even = 0;
 
+	// allocate memory for out of place bucket_sort
+	bucket_array_t bucket;
+	
+	for (uint32_t i = 0; i < 2; i++) {
+		for (uint32_t j = 0; j <= 0xff; j++) {
+			bucket[i][j].head = malloc(sizeof(uint32_t)<<14);
+			if (!bucket[i][j].head) {
+				goto out;
+			}
+		}
+	}
+
 	// initialize statelists: add all possible states which would result into the rightmost 2 bits of the keystream
 	for(i = 1 << 20; i >= 0; --i) {
 		if(filter(i) == (oks & 1))
@@ -218,11 +248,13 @@ struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in)
 	// the statelists now contain all states which could have generated the last 10 Bits of the keystream.
 	// 22 bits to go to recover 32 bits in total. From now on, we need to take the "in"
 	// parameter into account.
-	in = (in >> 16 & 0xff) | (in << 16) | (in & 0xff00);
-	recover(odd_head, odd_tail, oks,
-		even_head, even_tail, eks, 11, statelist, in << 1);
+	in = (in >> 16 & 0xff) | (in << 16) | (in & 0xff00);		// Byte swapping
+	recover(odd_head, odd_tail, oks, even_head, even_tail, eks, 11, statelist, in << 1, bucket);
 
 out:
+	for (uint32_t i = 0; i < 2; i++)
+		for (uint32_t j = 0; j <= 0xff; j++)
+			free(bucket[i][j].head);
 	free(odd_head);
 	free(even_head);
 	return statelist;
@@ -349,7 +381,7 @@ uint8_t lfsr_rollback_byte(struct Crypto1State *s, uint32_t in, int fb)
 	for (i = 7; i >= 0; --i)
 		ret |= lfsr_rollback_bit(s, BIT(in, i), fb) << i;
 */
-
+// unfold loop 20160112
 	uint8_t ret = 0;
 	ret |= lfsr_rollback_bit(s, BIT(in, 7), fb) << 7;
 	ret |= lfsr_rollback_bit(s, BIT(in, 6), fb) << 6;
@@ -372,7 +404,7 @@ uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb)
 	for (i = 31; i >= 0; --i)
 		ret |= lfsr_rollback_bit(s, BEBIT(in, i), fb) << (i ^ 24);
 */
-	
+// unfold loop 20160112
 	uint32_t ret = 0;
 	ret |= lfsr_rollback_bit(s, BEBIT(in, 31), fb) << (31 ^ 24);
 	ret |= lfsr_rollback_bit(s, BEBIT(in, 30), fb) << (30 ^ 24);
@@ -409,7 +441,6 @@ uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb)
 	ret |= lfsr_rollback_bit(s, BEBIT(in, 2), fb) << (2 ^ 24);
 	ret |= lfsr_rollback_bit(s, BEBIT(in, 1), fb) << (1 ^ 24);
 	ret |= lfsr_rollback_bit(s, BEBIT(in, 0), fb) << (0 ^ 24);
-	
 	return ret;
 }
 
@@ -450,12 +481,11 @@ static uint32_t fastfwd[2][8] = {
 uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd)
 {
 	uint32_t *candidates = malloc(4 << 10);
+	if(!candidates) return 0;
+	
 	uint32_t c,  entry;
 	int size = 0, i, good;
 
-	if(!candidates)
-		return 0;
-
 	for(i = 0; i < 1 << 21; ++i) {
 		for(c = 0, good = 1; good && c < 8; ++c) {
 			entry = i ^ fastfwd[isodd][c];
@@ -502,7 +532,6 @@ static struct Crypto1State* check_pfx_parity(uint32_t prefix, uint32_t rresp, ui
 	return sl + good;
 } 
 
-
 /** lfsr_common_prefix
  * Implentation of the common prefix attack.
  * Requires the 28 bit constant prefix used as reader nonce (pfx)
@@ -512,6 +541,7 @@ static struct Crypto1State* check_pfx_parity(uint32_t prefix, uint32_t rresp, ui
  * It returns a zero terminated list of possible cipher states after the
  * tag nonce was fed in
  */
+
 struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8])
 {
 	struct Crypto1State *statelist, *s;
@@ -523,9 +553,8 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
 	s = statelist = malloc((sizeof *statelist) << 20);
 	if(!s || !odd || !even) {
 		free(statelist);
-		free(odd);
-		free(even);
-		return 0;
+		statelist = 0;
+                goto out;
 	}
 
 	for(o = odd; *o + 1; ++o)
@@ -537,9 +566,8 @@ struct Crypto1State* lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8]
 			}
 
 	s->odd = s->even = 0;
-
+out:
 	free(odd);
 	free(even);
-
 	return statelist;
 }