X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/aa41c6058a4c5768d524a711af846f43ca7a236c..3783c45af1ec1f478c3f17e8d75522a3043ad955:/client/loclass/elite_crack.c diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index 1a464b6c..0cd00830 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -1,14 +1,52 @@ +/***************************************************************************** + * WARNING + * + * THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY. + * + * USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL + * PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL, + * AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES. + * + * THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS. + * + ***************************************************************************** + * + * This file is part of loclass. It is a reconstructon of the cipher engine + * used in iClass, and RFID techology. + * + * The implementation is based on the work performed by + * Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and + * Milosch Meriac in the paper "Dismantling IClass". + * + * Copyright (C) 2014 Martin Holst Swende + * + * This is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation, or, at your option, any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with loclass. If not, see . + * + * + ****************************************************************************/ + #include #include #include #include -#include +#include "util.h" +#include "util_posix.h" #include "cipherutils.h" #include "cipher.h" #include "ikeys.h" #include "elite_crack.h" #include "fileutils.h" -#include "des.h" +#include "mbedtls/des.h" /** * @brief Permutes a key from standard NIST format to Iclass specific format @@ -113,9 +151,9 @@ void hash1(uint8_t csn[] , uint8_t k[]) k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7]; k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7]; k[2] = rr(swap( csn[2]+k[1] )); - k[3] = rr(swap( csn[3]+k[0] )); - k[4] = ~rr(swap( csn[4]+k[2] ))+1; - k[5] = ~rr(swap( csn[5]+k[3] ))+1; + k[3] = rl(swap( csn[3]+k[0] )); + k[4] = ~rr( csn[4]+k[2] )+1; + k[5] = ~rl( csn[5]+k[3] )+1; k[6] = rr( csn[6]+(k[4]^0x3c) ); k[7] = rl( csn[7]+(k[5]^0xc3) ); int i; @@ -141,22 +179,22 @@ void rk(uint8_t *key, uint8_t n, uint8_t *outp_key) return; } -static des_context ctx_enc = {DES_ENCRYPT,{0}}; -static des_context ctx_dec = {DES_DECRYPT,{0}}; +static mbedtls_des_context ctx_enc = { {0} }; +static mbedtls_des_context ctx_dec = { {0} }; void desdecrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) { uint8_t key_std_format[8] = {0}; permutekey_rev(iclass_key, key_std_format); - des_setkey_dec( &ctx_dec, key_std_format); - des_crypt_ecb(&ctx_dec,input,output); + mbedtls_des_setkey_dec( &ctx_dec, key_std_format); + mbedtls_des_crypt_ecb(&ctx_dec,input,output); } void desencrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) { uint8_t key_std_format[8] = {0}; permutekey_rev(iclass_key, key_std_format); - des_setkey_enc( &ctx_enc, key_std_format); - des_crypt_ecb(&ctx_enc,input,output); + mbedtls_des_setkey_enc( &ctx_enc, key_std_format); + mbedtls_des_crypt_ecb(&ctx_enc,input,output); } /** @@ -356,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) //Diversify diversifyKey(item.csn, key_sel_p, div_key); //Calc mac - doMAC(item.cc_nr,12, div_key,calculated_MAC); + doMAC(item.cc_nr, div_key,calculated_MAC); if(memcmp(calculated_MAC, item.mac, 4) == 0) { @@ -411,7 +449,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) */ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) { - des_context ctx_e = {DES_ENCRYPT,{0}}; + mbedtls_des_context ctx_e = { {0} }; uint8_t z_0[8] = {0}; uint8_t y_0[8] = {0}; @@ -430,8 +468,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) permutekey_rev(z_0, z_0_rev); // ~K_cus = DESenc(z[0], y[0]) - des_setkey_enc( &ctx_e, z_0_rev ); - des_crypt_ecb(&ctx_e, y_0, key64_negated); + mbedtls_des_setkey_enc( &ctx_e, z_0_rev ); + mbedtls_des_crypt_ecb(&ctx_e, y_0, key64_negated); int i; for(i = 0; i < 8 ; i++) @@ -444,8 +482,8 @@ int calculateMasterKey(uint8_t first16bytes[], uint64_t master_key[] ) uint8_t key64_stdformat[8] = {0}; permutekey_rev(key64, key64_stdformat); - des_setkey_enc( &ctx_e, key64_stdformat ); - des_crypt_ecb(&ctx_e, key64_negated, result); + mbedtls_des_setkey_enc( &ctx_e, key64_stdformat ); + mbedtls_des_crypt_ecb(&ctx_e, key64_negated, result); prnlog("\nHigh security custom key (Kcus):"); printvar("Std format ", key64_stdformat,8); printvar("Iclass format", key64,8); @@ -474,7 +512,7 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]) uint8_t i; int errors = 0; size_t itemsize = sizeof(dumpdata); - clock_t t1 = clock(); + uint64_t t1 = msclock(); dumpdata* attack = (dumpdata* ) malloc(itemsize); @@ -484,9 +522,9 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]) errors += bruteforceItem(*attack, keytable); } free(attack); - clock_t t2 = clock(); - float diff = (((float)t2 - (float)t1) / CLOCKS_PER_SEC ); - prnlog("\nPerformed full crack in %f seconds",diff); + t1 = msclock() - t1; + float diff = (float)t1 / 1000.0; + prnlog("\nPerformed full crack in %f seconds", diff); // Pick out the first 16 bytes of the keytable. // The keytable is now in 16-bit ints, where the upper 8 bits @@ -525,15 +563,23 @@ int bruteforceFile(const char *filename, uint16_t keytable[]) long fsize = ftell(f); fseek(f, 0, SEEK_SET); + if (fsize < 0) { + prnlog("Error, when getting fsize"); + fclose(f); + return 1; + } + uint8_t *dump = malloc(fsize); - size_t bytes_read = fread(dump, fsize, 1, f); + size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); - if (bytes_read < fsize) - { - prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize ); - } - return bruteforceDump(dump,fsize,keytable); + if (bytes_read < fsize) { + prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize ); + } + + uint8_t res = bruteforceDump(dump,fsize,keytable); + free(dump); + return res; } /** * @@ -577,9 +623,18 @@ int _testBruteforce() **** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 **** **/ uint16_t keytable[128] = {0}; - //save some time... - startvalue = 0x7B0000; - errors |= bruteforceFile("iclass_dump.bin",keytable); + + //Test a few variants + if(fileExists("iclass_dump.bin")) + { + errors |= bruteforceFile("iclass_dump.bin",keytable); + }else if(fileExists("loclass/iclass_dump.bin")){ + errors |= bruteforceFile("loclass/iclass_dump.bin",keytable); + }else if(fileExists("client/loclass/iclass_dump.bin")){ + errors |= bruteforceFile("client/loclass/iclass_dump.bin",keytable); + }else{ + prnlog("Error: The file iclass_dump.bin was not found!"); + } } return errors; } @@ -613,6 +668,21 @@ int _test_iclass_key_permutation() prnlog("[+] Iclass key permutation OK!"); return 0; } +int _testHash1() +{ + uint8_t csn[8]= {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0}; + uint8_t k[8] = {0}; + hash1(csn, k); + uint8_t expected[8] = {0x7E,0x72,0x2F,0x40,0x2D,0x02,0x51,0x42}; + if(memcmp(k,expected,8) != 0) + { + prnlog("Error with hash1!"); + printarr("calculated", k, 8); + printarr("expected", expected, 8); + return 1; + } + return 0; +} int testElite() { @@ -645,11 +715,13 @@ int testElite() prnlog("[+] Hash2 looks fine..."); } - prnlog("[+] Testing key diversification ..."); - int errors = 0 ; - errors +=_test_iclass_key_permutation(); + prnlog("[+] Testing hash1..."); + errors += _testHash1(); + prnlog("[+] Testing key diversification ..."); + errors +=_test_iclass_key_permutation(); errors += _testBruteforce(); + return errors; }