]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
CHG: the "HF MFU" authentication changes.
authoriceman1001 <iceman@iuse.se>
Sat, 16 May 2015 13:34:01 +0000 (15:34 +0200)
committericeman1001 <iceman@iuse.se>
Sat, 16 May 2015 13:34:01 +0000 (15:34 +0200)
CHG: name change from "hf 14a snoop"  ->  "hf 14a sniff"..

armsrc/appmain.c
armsrc/apps.h
armsrc/mifarecmd.c
armsrc/mifareutil.c
armsrc/mifareutil.h

index 9490a8115894d53ffe17872798e69d3488106f6e..be4a5f47f55d1c7d6c00130d34ab0d9ad4693846 100644 (file)
@@ -802,7 +802,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 
 #ifdef WITH_ISO14443a
                case CMD_SNOOP_ISO_14443a:
-                       SnoopIso14443a(c->arg[0]);
+                       SniffIso14443a(c->arg[0]);
                        break;
                case CMD_READER_ISO_14443a:
                        ReaderIso14443a(c);
@@ -828,11 +828,8 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_MIFAREU_READBL:
                        MifareUReadBlock(c->arg[0],c->arg[1], c->d.asBytes);
                        break;
-               case CMD_MIFAREUC_AUTH1:
-                       MifareUC_Auth1(c->arg[0],c->d.asBytes);
-                       break;
-               case CMD_MIFAREUC_AUTH2:
-                       MifareUC_Auth2(c->arg[0],c->d.asBytes);
+               case CMD_MIFAREUC_AUTH:
+                       MifareUC_Auth(c->arg[0],c->d.asBytes);
                        break;
                case CMD_MIFAREU_READCARD:
                case CMD_MIFAREUC_READCARD:
index fba6fefacb2ce2af7554ab61802206a32fd5628c..27a6d2a58b863ebbdea7abdf5a2f9b630f5188d2 100644 (file)
@@ -157,7 +157,7 @@ void RAMFUNC SnoopIso14443(void);
 void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]);
 
 /// iso14443a.h
-void RAMFUNC SnoopIso14443a(uint8_t param);
+void RAMFUNC SniffIso14443a(uint8_t param);
 void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data);
 void ReaderIso14443a(UsbCommand * c);
 // Also used in iclass.c
@@ -175,8 +175,7 @@ void ReaderMifare(bool first_try);
 int32_t dist_nt(uint32_t nt1, uint32_t nt2);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
-void MifareUC_Auth1(uint8_t arg0, uint8_t *datain);
-void MifareUC_Auth2(uint32_t arg0, uint8_t *datain);
+void MifareUC_Auth(uint8_t arg0, uint8_t *datain);
 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain);
 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
index 6bb04caf26f13f9b649aa5d63575356d8fbd2b1a..fb71b17111c9a8f92490c26917be2614151a13aa 100644 (file)
@@ -16,8 +16,7 @@
 #include "mifarecmd.h"\r
 #include "apps.h"\r
 #include "util.h"\r
-//#include "../client/loclass/des.h"\r
-#include "des.h"\r
+\r
 #include "crc.h"\r
 \r
 //-----------------------------------------------------------------------------\r
@@ -88,54 +87,32 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 }\r
 \r
 \r
-void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){\r
+void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){\r
 \r
-       byte_t dataoutbuf[16] = {0x00};\r
-       uint8_t uid[10] = {0x00};\r
-       uint32_t cuid = 0x00;\r
+       bool turnOffField = (arg0 == 1);\r
 \r
        LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
-    \r
        clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+       if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
                OnError(0);\r
                return;\r
        };\r
        \r
-       if(mifare_ultra_auth1(dataoutbuf)){\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");\r
+       if(mifare_ultra_auth(keybytes) == 1){\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");\r
                OnError(1);\r
                return;\r
        }\r
-\r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
     \r
-    cmd_send(CMD_ACK,1,cuid,0,dataoutbuf,11);\r
-       LEDsoff();\r
-}\r
-void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
 \r
-       uint8_t key[16] = {0x00};\r
-       byte_t dataoutbuf[16] = {0x00};\r
-    \r
-       memcpy(key, datain, 16);\r
-    \r
-       LED_A_ON();     LED_B_OFF(); LED_C_OFF();\r
-       \r
-       if(mifare_ultra_auth2(key, dataoutbuf)){\r
-           if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part2: Fail...");\r
-               OnError(1);\r
-               return;                 \r
-       }\r
-       \r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");\r
-    \r
-       cmd_send(CMD_ACK,1,0,0,dataoutbuf,11);\r
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       LEDsoff();\r
+       if (turnOffField) {\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
+       }       \r
 }\r
 \r
 // Arg0 = BlockNo,\r
@@ -145,107 +122,41 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
 {\r
        uint8_t blockNo = arg0;\r
        byte_t dataout[16] = {0x00};\r
-       uint8_t uid[10] = {0x00};\r
-    bool usePwd = (arg1 == 1);\r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
 \r
        LEDsoff();      \r
        LED_A_ON();    \r
        clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
     \r
-       int len = iso14443a_select_card(uid, NULL, NULL);\r
+       int len = iso14443a_select_card(NULL, NULL, NULL);\r
        if(!len) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
                OnError(1);\r
                return;\r
        }\r
        \r
-        // authenticate here.\r
-       if ( usePwd ) {\r
-\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
                uint8_t key[16] = {0x00};       \r
-               memcpy(key, datain, 16);\r
-                \r
-               uint8_t random_a[8] = {1,1,1,1,1,1,1,1 };\r
-               uint8_t random_b[8] = {0x00};\r
-               uint8_t enc_random_b[8] = {0x00};\r
-               uint8_t rnd_ab[16] = {0x00};\r
-               uint8_t IV[8] = {0x00};\r
-               \r
-               uint16_t len;\r
-               uint8_t receivedAnswer[MAX_FRAME_SIZE];\r
-               uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r
-       \r
-               len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);\r
-               if (len != 11) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+               memcpy(key, datain, sizeof(key) );\r
+\r
+               if ( mifare_ultra_auth(key)  == 1 )     {\r
                        OnError(1);\r
-                       return;\r
+                       return;                 \r
                }\r
+       }\r
        \r
-               // tag nonce.\r
-               memcpy(enc_random_b,receivedAnswer+1,8);\r
-\r
-               // decrypt nonce.\r
-               tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r
-               rol(random_b,8);\r
-               memcpy(rnd_ab  ,random_a,8);\r
-               memcpy(rnd_ab+8,random_b,8);\r
-\r
-               if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
-                       Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                               enc_random_b[0],enc_random_b[1],enc_random_b[2],enc_random_b[3],\r
-                               enc_random_b[4],enc_random_b[5],enc_random_b[6],enc_random_b[7]);\r
-                               \r
-                       Dbprintf("    B: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                               random_b[0],random_b[1],random_b[2],random_b[3],\r
-                               random_b[4],random_b[5],random_b[6],random_b[7]);\r
-\r
-                       Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                                       rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],\r
-                                       rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r
-                                       \r
-                       Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                                       rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],\r
-                                       rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15] );\r
-               }\r
-               \r
-               // encrypt    out, in, length, key, iv\r
-               tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
 \r
-               \r
-               len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, receivedAnswer, receivedAnswerPar, NULL);\r
-               if (len != 11) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+               if (mifare_ul_ev1_auth(pwd, pack) == 1){\r
                        OnError(1);\r
-                       return;\r
-               }\r
-\r
-               uint8_t enc_resp[8] = { 0 };\r
-               uint8_t resp_random_a[8] = { 0 };\r
-               memcpy(enc_resp, receivedAnswer+1, 8);\r
-       \r
-               // decrypt    out, in, length, key, iv \r
-               tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r
-               if ( memcmp(resp_random_a, random_a, 8) != 0 )\r
-                       Dbprintf("failed authentication");\r
-\r
-               if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
-                       Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", \r
-                                       rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],\r
-                                       rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r
-\r
-                       Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                                       rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],\r
-                                       rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15]);\r
-\r
-                       Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                                       random_a[0],random_a[1],random_a[2],random_a[3],\r
-                                       random_a[4],random_a[5],random_a[6],random_a[7]);\r
-                                       \r
-                       Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x",\r
-                                       resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],\r
-                                       resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);\r
+                       return;                 \r
                }\r
        }\r
                \r
@@ -300,7 +211,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
                isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
        }\r
-\r
        \r
        if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
                isOK = 0;\r
@@ -342,9 +252,10 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
        // params\r
        uint8_t blockNo = arg0;\r
        uint16_t blocks = arg1;\r
-       bool useKey = (arg2 == 1);\r
-       int countpages = 0;\r
-       uint8_t dataout[176] = {0x00};;\r
+       bool useKey = (arg2 == 1); //UL_C\r
+       bool usePwd = (arg2 == 2); //UL_EV1/NTAG\r
+       int countblocks = 0;\r
+       uint8_t dataout[176] = {0x00};\r
 \r
        LEDsoff();\r
        LED_A_ON(); \r
@@ -358,59 +269,30 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
                return;\r
        }\r
        \r
-       // authenticate\r
+        // UL-C authentication\r
        if ( useKey ) {\r
-               \r
                uint8_t key[16] = {0x00};       \r
-               memcpy(key, datain, 16);\r
-                \r
-               uint8_t random_a[8] = {1,1,1,1,1,1,1,1 };\r
-               uint8_t random_b[8] = {0x00};\r
-               uint8_t enc_random_b[8] = {0x00};\r
-               uint8_t rnd_ab[16] = {0x00};\r
-               uint8_t IV[8] = {0x00};\r
-               \r
-               uint16_t len;\r
-               uint8_t receivedAnswer[MAX_FRAME_SIZE];\r
-               uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r
-       \r
-               len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);\r
-               if (len != 11) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+               memcpy(key, datain, sizeof(key) );\r
+\r
+               if ( mifare_ultra_auth(key)  == 1 )     {\r
                        OnError(1);\r
-                       return;\r
+                       return;                 \r
                }\r
-       \r
-               // tag nonce.\r
-               memcpy(enc_random_b,receivedAnswer+1,8);\r
-\r
-               // decrypt nonce.\r
-               tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r
-               rol(random_b,8);\r
-               memcpy(rnd_ab  ,random_a,8);\r
-               memcpy(rnd_ab+8,random_b,8);\r
-       \r
-               // encrypt    out, in, length, key, iv\r
-               tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r
+       }\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, sizeof(pwd));\r
+               uint8_t pack[4] = {0,0,0,0};\r
 \r
-               len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, receivedAnswer, receivedAnswerPar, NULL);\r
-               if (len != 11) {\r
+               if (mifare_ul_ev1_auth(pwd, pack) == 1){\r
                        OnError(1);\r
-                       return;\r
+                       return;                 \r
                }\r
-\r
-               uint8_t enc_resp[8] = { 0 };\r
-               uint8_t resp_random_a[8] = { 0 };\r
-               memcpy(enc_resp, receivedAnswer+1, 8);\r
-       \r
-               // decrypt    out, in, length, key, iv \r
-               tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r
-               if ( memcmp(resp_random_a, random_a, 8) != 0 )\r
-                       Dbprintf("failed authentication");\r
        }\r
        \r
        for (int i = 0; i < blocks; i++){\r
-       \r
                len = mifare_ultra_readblock(blockNo * 4 + i, dataout + 4 * i);\r
                \r
                if (len) {\r
@@ -418,17 +300,18 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
                        OnError(2);\r
                        return;\r
                } else {\r
-                       countpages++;\r
+                       countblocks++;\r
                }\r
        }\r
                \r
-       if (mifare_ultra_halt()) {\r
+       len = mifare_ultra_halt();\r
+       if (len) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
                OnError(3);\r
                return;\r
        }\r
        \r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("blocks read %d", countpages);\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);\r
 \r
        len = blocks*4;\r
 \r
@@ -509,6 +392,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
+\r
 void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
 {\r
     uint8_t blockNo = arg0;\r
index d0c07b16e60ca3ffdeba48e0489b91a1a4542cb6..4a360170ff283894b423e792f90c0e3715e5a22f 100644 (file)
@@ -18,6 +18,7 @@
 #include "iso14443a.h"\r
 #include "crapto1.h"\r
 #include "mifareutil.h"\r
+#include "des.h"\r
 \r
 int MF_DBGLEVEL = MF_DBG_ALL;\r
 \r
@@ -110,6 +111,27 @@ int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uin
        return len;\r
 }\r
 \r
+int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)\r
+{\r
+    uint8_t dcmd[7];\r
+       int len; \r
+    dcmd[0] = cmd;\r
+    memcpy(dcmd+1,data,4);\r
+       AppendCrc14443a(dcmd, 5);\r
+       \r
+       ReaderTransmit(dcmd, sizeof(dcmd), timing);\r
+       len = ReaderReceive(answer, answer_parity);\r
+       if(!len) {\r
+        if (MF_DBGLEVEL >= MF_DBG_ERROR)   Dbprintf("Authentication failed. Card timeout.");\r
+        len = ReaderReceive(answer,answer_parity);\r
+    }\r
+    if(len==1) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR)   Dbprintf("NAK - Authentication failed.");\r
+               return 1;\r
+        }\r
+       return len;\r
+}\r
+\r
 int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)\r
 {\r
        uint8_t dcmd[4], ecmd[4];\r
@@ -288,47 +310,113 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo
 }\r
 \r
 // mifare ultralight commands\r
-int mifare_ultra_auth1(uint8_t *blockData){\r
+int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){\r
 \r
        uint16_t len;\r
-       uint8_t receivedAnswer[MAX_FRAME_SIZE];\r
-       uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r
-       \r
-       len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);\r
-       if (len != 11) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+       uint8_t resp[4];\r
+       uint8_t respPar[1];\r
+       uint8_t key[4] = {0x00};        \r
+       memcpy(key, keybytes, 4);\r
+       \r
+       Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]);\r
+       len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);\r
+       if (len != 4) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);\r
+               OnError(1);\r
                return 1;\r
        }\r
-\r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
-               Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
-                       receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
-                       receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
-                       receivedAnswer[10]);\r
-               }\r
-       memcpy(blockData, receivedAnswer, 11);\r
+       \r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED)\r
+               Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]);\r
+       \r
+       memcpy(pack, resp, 4);\r
        return 0;\r
 }\r
 \r
-int mifare_ultra_auth2(uint8_t *key, uint8_t *blockData){\r
+int mifare_ultra_auth(uint8_t *keybytes){\r
 \r
+       // 3des2k\r
+       uint8_t random_a[8] = {1,1,1,1,1,1,1,1};\r
+       uint8_t random_b[8] = {0x00};\r
+       uint8_t enc_random_b[8] = {0x00};\r
+       uint8_t rnd_ab[16] = {0x00};\r
+       uint8_t IV[8] = {0x00};\r
+       uint8_t key[16] = {0x00};       \r
+       memcpy(key, keybytes, 16);\r
+       \r
        uint16_t len;\r
-       uint8_t receivedAnswer[MAX_FRAME_SIZE];\r
-       uint8_t receivedAnswerPar[MAX_PARITY_SIZE];\r
+       uint8_t resp[19] = {0x00};\r
+       uint8_t respPar[3] = {0,0,0};\r
+\r
+       // REQUEST AUTHENTICATION\r
+       len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL);\r
+       if (len != 11) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);\r
+               OnError(1);\r
+               return 1;\r
+       }\r
+\r
+       // tag nonce.\r
+       memcpy(enc_random_b,resp+1,8);\r
+\r
+       // decrypt nonce.\r
+       tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );\r
+       rol(random_b,8);\r
+       memcpy(rnd_ab  ,random_a,8);\r
+       memcpy(rnd_ab+8,random_b,8);\r
        \r
-       len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer, receivedAnswerPar, NULL);\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
+               Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                       enc_random_b[0],enc_random_b[1],enc_random_b[2],enc_random_b[3],enc_random_b[4],enc_random_b[5],enc_random_b[6],enc_random_b[7]);\r
+                       \r
+               Dbprintf("    B: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                       random_b[0],random_b[1],random_b[2],random_b[3],random_b[4],random_b[5],random_b[6],random_b[7]);\r
+\r
+               Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                               rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r
+                               \r
+               Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                               rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15] );\r
+       }\r
+       \r
+       // encrypt    out, in, length, key, iv\r
+       tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);\r
+\r
+       len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);\r
        if (len != 11) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);\r
+               OnError(1);\r
                return 1;\r
        }\r
+\r
+       uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 };\r
+       uint8_t resp_random_a[8] = { 0,0,0,0,0,0,0,0 };\r
+       memcpy(enc_resp, resp+1, 8);\r
        \r
+       // decrypt    out, in, length, key, iv \r
+       tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);\r
+       if ( memcmp(resp_random_a, random_a, 8) != 0 ) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");\r
+               return 1;\r
+       }       \r
+\r
        if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
-               Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
-                       receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
-                       receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
-                       receivedAnswer[10]);\r
+               Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", \r
+                               rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],\r
+                               rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);\r
+\r
+               Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                               rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],\r
+                               rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15]);\r
+\r
+               Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                               random_a[0],random_a[1],random_a[2],random_a[3],\r
+                               random_a[4],random_a[5],random_a[6],random_a[7]);\r
+                               \r
+               Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x",\r
+                               resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],\r
+                               resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);\r
        }\r
-       memcpy(blockData, receivedAnswer, 11);\r
        return 0;\r
 }\r
 \r
index 1e2f8cc83e737c6a7e9729e5583e3ec73e61f4eb..f73814be51458bdafaeadc83a7b9a06c44b5524d 100644 (file)
@@ -57,13 +57,14 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd,
 int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
 \r
 int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);\r
+int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);\r
 int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
 
 int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested);\r
 int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing);
 int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); 
-int mifare_ultra_auth1(uint8_t *blockData);\r
-int mifare_ultra_auth2(uint8_t *key, uint8_t *blockData);\r
+int mifare_ul_ev1_auth(uint8_t *key, uint8_t *pack);\r
+int mifare_ultra_auth(uint8_t *key);\r
 int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData);
 int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
 int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData);
Impressum, Datenschutz