uint32_t nttmp1 = nt1;
uint32_t nttmp2 = nt2;
- for (uint16_t i = 1; i < 32768/8; ++i) {
+ // 0xFFFF -- Half up and half down to find distance between nonces
+ for (uint16_t i = 1; i < 32768/8; i += 8) {
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i;
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+1;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+2;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+3;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+4;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+5;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+6;
- nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6);
-
nttmp1 = prng_successor(nttmp1, 1); if (nttmp1 == nt2) return i+7;
+
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -i;
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+1);
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+2);
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+3);
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+4);
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+5);
+ nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+6);
nttmp2 = prng_successor(nttmp2, 1); if (nttmp2 == nt1) return -(i+7);
}
// either nt1 or nt2 are invalid nonces
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
errormsg = MAGIC_UID;\r
- // break;\r
}\r
- \r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
+ break;\r
}\r
\r
// wipe tag, fill it with zeros\r
break;\r
}\r
\r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
} \r
\r
// write block\r
} \r
\r
if (workFlags & MAGIC_OFF) \r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
\r
isOK = true;\r
break;\r
uint8_t receivedAnswer[4] = {0x00, 0x00, 0x00, 0x00};\r
len = mifare_sendcmd_short(pcs, (pcs == NULL) ? CRYPT_NONE : CRYPT_ALL, 0x50, 0x00, receivedAnswer, NULL, NULL);\r
if (len != 0) {\r
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len); \r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
+ Dbprintf("halt error. response len: %x data:%02X %02X %02X %02X", len, receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3]); \r
+ if (len == 1 && receivedAnswer[0] == 0x04)\r
+ return 4;\r
return 1;\r
}\r
return 0;\r
// PrintAndLog(" u : 4, 7 or 10 byte UID");
PrintAndLog(" u : 4, 7 byte UID");
PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
+ PrintAndLog(" v : (Optional) show maths used for cracking reader. Useful for debugging.");
PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x");
PrintAndLog(" : hf 14a sim t 1 u 11223344");
PrintAndLog(" : hf 14a sim t 1 u 11223344556677");
uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
int uidlen = 0;
bool useUIDfromEML = TRUE;
+ bool verbose = false;
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) {
}
cmdp += 2;
break;
+ case 'v':
+ case 'V':
+ verbose = true;
+ cmdp++;
+ break;
case 'x':
case 'X':
flags |= FLAG_NR_AR_ATTACK;
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
memcpy( data, resp.d.asBytes, sizeof(data) );
- readerAttack(data, TRUE);
+ readerAttack(data, TRUE, verbose);
}
return 0;
}
PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
PrintAndLog(" e (Optional) Fill simulator keys from what we crack");\r
+ PrintAndLog(" v (Optional) Show maths used for cracking reader. Useful for debugging.");\r
PrintAndLog("samples:");\r
PrintAndLog(" hf mf sim u 0a0a0a0a");\r
PrintAndLog(" hf mf sim u 11223344556677");\r
#define ATTACK_KEY_COUNT 8\r
sector *k_sector = NULL;\r
uint8_t k_sectorsCount = 16;\r
-void readerAttack(nonces_t data[], bool setEmulatorMem) {\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {\r
\r
// initialize storage for found keys\r
if (k_sector == NULL)\r
\r
// We can probably skip this, mfkey32v2 is more reliable.\r
#ifdef HFMF_TRYMFK32\r
- if (tryMfk32(data[i], &key)) {\r
+ if (tryMfk32(data[i], &key, verbose)) {\r
PrintAndLog("Found Key%s for sector %02d: [%012"llx"]"\r
, (data[i].keytype) ? "B" : "A"\r
, data[i].sector\r
}\r
#endif\r
//moebius attack \r
- if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key)) {\r
+ if (tryMfk32_moebius(data[i+ATTACK_KEY_COUNT], &key, verbose)) {\r
uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;\r
uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;\r
\r
uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
uint8_t exitAfterNReads = 0;\r
uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);\r
- int uidlen = 0; \r
+ int uidlen = 0;\r
bool setEmulatorMem = false;\r
uint8_t cmdp = 0;\r
bool errors = false;\r
\r
+ // If set to true, we should show our workings when doing NR_AR_ATTACK.\r
+ bool verbose = false;\r
+\r
while(param_getchar(Cmd, cmdp) != 0x00) {\r
switch(param_getchar(Cmd, cmdp)) {\r
case 'e':\r
}\r
cmdp +=2;\r
break;\r
+ case 'v':\r
+ case 'V':\r
+ verbose = true;\r
+ cmdp++;\r
+ break;\r
case 'x':\r
case 'X':\r
flags |= FLAG_NR_AR_ATTACK;\r
if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;\r
\r
memcpy( data, resp.d.asBytes, sizeof(data) ); \r
- readerAttack(data, setEmulatorMem);\r
+ readerAttack(data, setEmulatorMem, verbose);\r
}\r
\r
if (k_sector != NULL) {\r
#include "nonce2key/nonce2key.h"\r
\r
int CmdHFMF(const char *Cmd);\r
-
-int CmdHF14AMfDbg(const char* cmd);
-int CmdHF14AMfRdBl(const char* cmd);
-int CmdHF14AMfURdBl(const char* cmd);
-int CmdHF14AMfRdSc(const char* cmd);
-int CmdHF14SMfURdCard(const char* cmd);
-int CmdHF14AMfDump(const char* cmd);
-int CmdHF14AMfRestore(const char* cmd);
-int CmdHF14AMfWrBl(const char* cmd);
-int CmdHF14AMfUWrBl(const char* cmd);
-int CmdHF14AMfChk(const char* cmd);
-int CmdHF14AMifare(const char* cmd);
-int CmdHF14AMfNested(const char* cmd);
+\r
+int CmdHF14AMfDbg(const char* cmd);\r
+int CmdHF14AMfRdBl(const char* cmd);\r
+int CmdHF14AMfURdBl(const char* cmd);\r
+int CmdHF14AMfRdSc(const char* cmd);\r
+int CmdHF14SMfURdCard(const char* cmd);\r
+int CmdHF14AMfDump(const char* cmd);\r
+int CmdHF14AMfRestore(const char* cmd);\r
+int CmdHF14AMfWrBl(const char* cmd);\r
+int CmdHF14AMfUWrBl(const char* cmd);\r
+int CmdHF14AMfChk(const char* cmd);\r
+int CmdHF14AMifare(const char* cmd);\r
+int CmdHF14AMfNested(const char* cmd);\r
int CmdHF14AMfNestedHard(const char *Cmd);\r
int CmdHF14AMfSniff(const char* cmd);\r
int CmdHF14AMf1kSim(const char* cmd);\r
int CmdHF14AMfCSave(const char* cmd);\r
int CmdHf14MfDecryptBytes(const char *Cmd);\r
\r
-void readerAttack(nonces_t data[], bool setEmulatorMem);\r
+void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose);\r
void printKeyTable( uint8_t sectorscnt, sector *e_sector );\r
#endif\r
for (int16_t i = N; i >= N-n+1; i--) {
log_result -= log(i);
}
- return exp(log_result);
+ if ( log_result > 0 )
+ return exp(log_result);
+ else
+ return 0.0;
} else {
if (n-k == N-K) { // special case. The published recursion below would fail with a divide by zero exception
double log_result = 0.0;
if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
- printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2.0));
+ printf("Number of possible keys with Sum(a0) = %d: %"PRIu64" (2^%1.1f)\n", sum_a0, maximum_states, log(maximum_states)/log(2));
init_statelist_cache();
// and eliminate the need to calculate the other part
if (MIN(partial_statelist[p].len[ODD_STATE], partial_statelist[r].len[ODD_STATE])
< MIN(partial_statelist[q].len[EVEN_STATE], partial_statelist[s].len[EVEN_STATE])) {
- add_matching_states(current_candidates, p, r, ODD_STATE);
+ add_matching_states(current_candidates, p, r, ODD_STATE);
if(current_candidates->len[ODD_STATE]) {
- add_matching_states(current_candidates, q, s, EVEN_STATE);
+ add_matching_states(current_candidates, q, s, EVEN_STATE);
} else {
current_candidates->len[EVEN_STATE] = 0;
uint32_t *p = current_candidates->states[EVEN_STATE] = malloc(sizeof(uint32_t));
if (maximum_states == 0) return false; // prevent keyspace reduction error (2^-inf)
- float kcalc = log(maximum_states)/log(2.0);
+ float kcalc = log(maximum_states)/log(2);
printf("Number of remaining possible keys: %"PRIu64" (2^%1.1f)\n", maximum_states, kcalc);
if (write_stats) {
if (maximum_states != 0) {
crypto1_bs_init();
PrintAndLog("Using %u-bit bitslices", MAX_BITSLICES);
- PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02x...", best_first_bytes[0]^(cuid>>24));
+ PrintAndLog("Bitslicing best_first_byte^uid[3] (rollback byte): %02X ...", best_first_bytes[0]^(cuid>>24));
// convert to 32 bit little-endian
crypto1_bs_bitslice_value32((best_first_bytes[0]<<24)^cuid, bitsliced_rollback_byte, 8);
}
time(&end);
- double elapsed_time = difftime(end, start);
+ unsigned long elapsed_time = difftime(end, start);
if (keys_found && TestIfKeyExists(foundkey)) {
- PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %.f seconds", total_states_tested, keys_found, elapsed_time);
+ PrintAndLog("Success! Tested %"PRIu32" states, found %u keys after %u seconds", total_states_tested, keys_found, elapsed_time);
PrintAndLog("\nFound key: %012"PRIx64"\n", foundkey);
ret = true;
} else {
- PrintAndLog("Fail! Tested %"PRIu32" states, in %.f seconds", total_states_tested, elapsed_time);
+ PrintAndLog("Fail! Tested %"PRIu32" states, in %u seconds", total_states_tested, elapsed_time);
}
// reset this counter for the next call
}
if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
+ // if ( justNoise(GraphBuffer, GraphTraceLen) ) {
+ // PrintAndLog("Signal looks just like noise. Quitting.");
+ // return 0;
+ // }
+
PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
PrintAndLog("False Positives ARE possible\n");
PrintAndLog("\nChecking for known tags:\n");
+
+
ans=CmdFSKdemodIO("");
if (ans>0) {
PrintAndLog("\nValid IO Prox ID Found!");
}
// 32 bit recover key from 2 nonces
-bool tryMfk32(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose) {
struct Crypto1State *s,*t;
uint64_t outkey = 0;
uint64_t key=0; // recovered key
uint32_t ar0_enc = data.ar; // first encrypted reader response
uint32_t nr1_enc = data.nr2; // second encrypted reader challenge
uint32_t ar1_enc = data.ar2; // second encrypted reader response
- clock_t t1 = clock();
bool isSuccess = FALSE;
uint8_t counter = 0;
-
- printf("Recovering key for:\n");
- printf(" uid: %08x\n",uid);
- printf(" nt: %08x\n",nt);
- printf(" {nr_0}: %08x\n",nr0_enc);
- printf(" {ar_0}: %08x\n",ar0_enc);
- printf(" {nr_1}: %08x\n",nr1_enc);
- printf(" {ar_1}: %08x\n",ar1_enc);
-
- printf("\nLFSR succesors of the tag challenge:\n");
+
+ clock_t t1 = clock();
uint32_t p64 = prng_successor(nt, 64);
- printf(" nt': %08x\n", p64);
- printf(" nt'': %08x\n", prng_successor(p64, 32));
+
+ if ( verbose ) {
+ printf("Recovering key for:\n");
+ printf(" uid: %08x\n",uid);
+ printf(" nt: %08x\n",nt);
+ printf(" {nr_0}: %08x\n",nr0_enc);
+ printf(" {ar_0}: %08x\n",ar0_enc);
+ printf(" {nr_1}: %08x\n",nr1_enc);
+ printf(" {ar_1}: %08x\n",ar1_enc);
+ printf("\nLFSR succesors of the tag challenge:\n");
+ printf(" nt': %08x\n", p64);
+ printf(" nt'': %08x\n", prng_successor(p64, 32));
+ }
s = lfsr_recovery32(ar0_enc ^ p64, 0);
crypto1_word(t, uid ^ nt, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ p64)) {
- //PrintAndLog("Found Key: [%012"llx"]", key);
outkey = key;
++counter;
if (counter==20) break;
return isSuccess;
}
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey) {
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose) {
struct Crypto1State *s, *t;
uint64_t outkey = 0;
uint64_t key = 0; // recovered key
uint32_t ar1_enc = data.ar2; // second encrypted reader response
bool isSuccess = FALSE;
int counter = 0;
-
- printf("Recovering key for:\n");
- printf(" uid: %08x\n",uid);
- printf(" nt_0: %08x\n",nt0);
- printf(" {nr_0}: %08x\n",nr0_enc);
- printf(" {ar_0}: %08x\n",ar0_enc);
- printf(" nt_1: %08x\n",nt1);
- printf(" {nr_1}: %08x\n",nr1_enc);
- printf(" {ar_1}: %08x\n",ar1_enc);
- //PrintAndLog("Enter mfkey32_moebius");
clock_t t1 = clock();
- printf("\nLFSR succesors of the tag challenge:\n");
uint32_t p640 = prng_successor(nt0, 64);
uint32_t p641 = prng_successor(nt1, 64);
- printf(" nt': %08x\n", p640);
- printf(" nt'': %08x\n", prng_successor(p640, 32));
+ if (verbose) {
+ printf("Recovering key for:\n");
+ printf(" uid: %08x\n", uid);
+ printf(" nt_0: %08x\n", nt0);
+ printf(" {nr_0}: %08x\n", nr0_enc);
+ printf(" {ar_0}: %08x\n", ar0_enc);
+ printf(" nt_1: %08x\n", nt1);
+ printf(" {nr_1}: %08x\n", nr1_enc);
+ printf(" {ar_1}: %08x\n", ar1_enc);
+ printf("\nLFSR succesors of the tag challenge:\n");
+ printf(" nt': %08x\n", p640);
+ printf(" nt'': %08x\n", prng_successor(p640, 32));
+ }
s = lfsr_recovery32(ar0_enc ^ p640, 0);
crypto1_word(t, uid ^ nt1, 0);
crypto1_word(t, nr1_enc, 1);
if (ar1_enc == (crypto1_word(t, 0, 0) ^ p641)) {
- //PrintAndLog("Found Key: [%012"llx"]",key);
outkey=key;
++counter;
if (counter==20) break;
extern int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, uint32_t nr, uint64_t ks_info, uint64_t * key);
//iceman, added these to be able to crack key direct from "hf 14 sim" && "hf mf sim"
-bool tryMfk32(nonces_t data, uint64_t *outputkey );
-bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey ); // <<-- this one has best success
+bool tryMfk32(nonces_t data, uint64_t *outputkey, bool verbose );
+bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey, bool verbose); // <<-- this one has best success
int tryMfk64_ex(uint8_t *data, uint64_t *outputkey );
int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey);
#endif
--- /dev/null
+mfkey32
+mfkey32v2
+mfkey64
+
+mfkey32.exe
+mfkey32v2.exe
+mfkey64.exe
projects / proxmark3-svn / commitdiff