From: Merlokbr@gmail.com Date: Thu, 26 May 2011 12:55:15 +0000 (+0000) Subject: 1. Mifare read block command X-Git-Tag: v1.0.0~262 X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/20f9a2a1d54952ed15066c93490f0e8fb0d43b67?hp=cee5a30d53c7aff4c4830eae53eaf58414ecf806 1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26 --- diff --git a/armsrc/Makefile b/armsrc/Makefile index 087ddcf8..565de2fe 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -16,8 +16,9 @@ APP_CFLAGS = -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b #SRC_LCD = fonts.c LCD.c SRC_LF = lfops.c hitag2.c SRC_ISO15693 = iso15693.c iso15693tools.c -SRC_ISO14443a = iso14443a.c +SRC_ISO14443a = iso14443a.c mifareutil.c SRC_ISO14443b = iso14443.c +SRC_CRAPTO1 = crapto1.c crypto1.c THUMBSRC = start.c \ $(SRC_LCD) \ @@ -35,6 +36,7 @@ ARMSRC = fpgaloader.c \ crc16.c \ $(SRC_ISO14443a) \ $(SRC_ISO14443b) \ + $(SRC_CRAPTO1) \ legic_prng.c \ iclass.c \ crc.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 47fa2f99..8be02778 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -694,6 +694,25 @@ void UsbPacketReceived(uint8_t *packet, int len) break; #endif +#ifdef WITH_ISO14443a + case CMD_MIFARE_READBL: + MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_MIFARE_READSC: + MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_MIFARE_WRITEBL: + MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_MIFARE_NESTED: + MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_SIMULATE_MIFARE_CARD: + Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + +#endif + #ifdef WITH_ISO14443b case CMD_SNOOP_ISO_14443: SnoopIso14443(); diff --git a/armsrc/apps.h b/armsrc/apps.h index 2d15a907..e60fc924 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -106,6 +106,11 @@ void RAMFUNC SnoopIso14443a(void); void SimulateIso14443aTag(int tagType, int TagUid); // ## simulate iso14443a tag void ReaderIso14443a(UsbCommand * c, UsbCommand * ack); void ReaderMifare(uint32_t parameter); +void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); +void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); +void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); +void MifareNested(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); +void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); /// iso15693.h void RecordRawAdcSamplesIso15693(void); diff --git a/armsrc/crapto1.c b/armsrc/crapto1.c new file mode 100644 index 00000000..9d491d12 --- /dev/null +++ b/armsrc/crapto1.c @@ -0,0 +1,478 @@ +/* crapto1.c + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, US$ + + Copyright (C) 2008-2008 bla +*/ +#include "crapto1.h" +#include + +#if !defined LOWMEM && defined __GNUC__ +static uint8_t filterlut[1 << 20]; +static void __attribute__((constructor)) fill_lut() +{ + uint32_t i; + for(i = 0; i < 1 << 20; ++i) + filterlut[i] = filter(i); +} +#define filter(x) (filterlut[(x) & 0xfffff]) +#endif + +static void quicksort(uint32_t* const start, uint32_t* const stop) +{ + uint32_t *it = start + 1, *rit = stop; + + if(it > rit) + return; + + while(it < rit) + if(*it <= *start) + ++it; + else if(*rit > *start) + --rit; + else + *it ^= (*it ^= *rit, *rit ^= *it); + + if(*rit >= *start) + --rit; + if(rit != start) + *rit ^= (*rit ^= *start, *start ^= *rit); + + quicksort(start, rit - 1); + quicksort(rit + 1, stop); +} +/** binsearch + * Binary search for the first occurence of *stop's MSB in sorted [start,stop] + */ +static inline uint32_t* binsearch(uint32_t *start, uint32_t *stop) +{ + uint32_t mid, val = *stop & 0xff000000; + while(start != stop) + if(start[mid = (stop - start) >> 1] > val) + stop = &start[mid]; + else + start += mid + 1; + + return start; +} + +/** update_contribution + * helper, calculates the partial linear feedback contributions and puts in MSB + */ +static inline void +update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2) +{ + uint32_t p = *item >> 25; + + p = p << 1 | parity(*item & mask1); + p = p << 1 | parity(*item & mask2); + *item = p << 24 | (*item & 0xffffff); +} + +/** extend_table + * using a bit of the keystream extend the table of possible lfsr states + */ +static inline void +extend_table(uint32_t *tbl, uint32_t **end, int bit, int m1, int m2, uint32_t in) +{ + in <<= 24; + for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1) + if(filter(*tbl) ^ filter(*tbl | 1)) { + *tbl |= filter(*tbl) ^ bit; + update_contribution(tbl, m1, m2); + *tbl ^= in; + } else if(filter(*tbl) == bit) { + *++*end = tbl[1]; + tbl[1] = tbl[0] | 1; + update_contribution(tbl, m1, m2); + *tbl++ ^= in; + update_contribution(tbl, m1, m2); + *tbl ^= in; + } else + *tbl-- = *(*end)--; +} +/** extend_table_simple + * using a bit of the keystream extend the table of possible lfsr states + */ +static inline void extend_table_simple(uint32_t *tbl, uint32_t **end, int bit) +{ + for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1) + if(filter(*tbl) ^ filter(*tbl | 1)) + *tbl |= filter(*tbl) ^ bit; + else if(filter(*tbl) == bit) { + *++*end = *++tbl; + *tbl = tbl[-1] | 1; + } else + *tbl-- = *(*end)--; +} +/** recover + * recursively narrow down the search space, 4 bits of keystream at a time + */ +static struct Crypto1State* +recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks, + uint32_t *e_head, uint32_t *e_tail, uint32_t eks, int rem, + struct Crypto1State *sl, uint32_t in) +{ + uint32_t *o, *e, i; + + if(rem == -1) { + for(e = e_head; e <= e_tail; ++e) { + *e = *e << 1 ^ parity(*e & LF_POLY_EVEN) ^ !!(in & 4); + for(o = o_head; o <= o_tail; ++o, ++sl) { + sl->even = *o; + sl->odd = *e ^ parity(*o & LF_POLY_ODD); + sl[1].odd = sl[1].even = 0; + } + } + return sl; + } + + for(i = 0; i < 4 && rem--; i++) { + oks >>= 1; + eks >>= 1; + in >>= 2; + extend_table(o_head, &o_tail, oks & 1, LF_POLY_EVEN << 1 | 1, + LF_POLY_ODD << 1, 0); + if(o_head > o_tail) + return sl; + + extend_table(e_head, &e_tail, eks & 1, LF_POLY_ODD, + LF_POLY_EVEN << 1 | 1, in & 3); + if(e_head > e_tail) + return sl; + } + + quicksort(o_head, o_tail); + quicksort(e_head, e_tail); + + while(o_tail >= o_head && e_tail >= e_head) + if(((*o_tail ^ *e_tail) >> 24) == 0) { + o_tail = binsearch(o_head, o = o_tail); + e_tail = binsearch(e_head, e = e_tail); + sl = recover(o_tail--, o, oks, + e_tail--, e, eks, rem, sl, in); + } + else if(*o_tail > *e_tail) + o_tail = binsearch(o_head, o_tail) - 1; + else + e_tail = binsearch(e_head, e_tail) - 1; + + return sl; +} +/** lfsr_recovery + * recover the state of the lfsr given 32 bits of the keystream + * additionally you can use the in parameter to specify the value + * that was fed into the lfsr at the time the keystream was generated + */ +struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in) +{ + struct Crypto1State *statelist; + uint32_t *odd_head = 0, *odd_tail = 0, oks = 0; + uint32_t *even_head = 0, *even_tail = 0, eks = 0; + int i; + + for(i = 31; i >= 0; i -= 2) + oks = oks << 1 | BEBIT(ks2, i); + for(i = 30; i >= 0; i -= 2) + eks = eks << 1 | BEBIT(ks2, i); + + odd_head = odd_tail = malloc(sizeof(uint32_t) << 21); + even_head = even_tail = malloc(sizeof(uint32_t) << 21); + statelist = malloc(sizeof(struct Crypto1State) << 18); + if(!odd_tail-- || !even_tail-- || !statelist) { + free(statelist); + statelist = 0; + goto out; + } + + statelist->odd = statelist->even = 0; + + for(i = 1 << 20; i >= 0; --i) { + if(filter(i) == (oks & 1)) + *++odd_tail = i; + if(filter(i) == (eks & 1)) + *++even_tail = i; + } + + for(i = 0; i < 4; i++) { + extend_table_simple(odd_head, &odd_tail, (oks >>= 1) & 1); + extend_table_simple(even_head, &even_tail, (eks >>= 1) & 1); + } + + in = (in >> 16 & 0xff) | (in << 16) | (in & 0xff00); + recover(odd_head, odd_tail, oks, + even_head, even_tail, eks, 11, statelist, in << 1); + +out: + free(odd_head); + free(even_head); + return statelist; +} + +static const uint32_t S1[] = { 0x62141, 0x310A0, 0x18850, 0x0C428, 0x06214, + 0x0310A, 0x85E30, 0xC69AD, 0x634D6, 0xB5CDE, 0xDE8DA, 0x6F46D, 0xB3C83, + 0x59E41, 0xA8995, 0xD027F, 0x6813F, 0x3409F, 0x9E6FA}; +static const uint32_t S2[] = { 0x3A557B00, 0x5D2ABD80, 0x2E955EC0, 0x174AAF60, + 0x0BA557B0, 0x05D2ABD8, 0x0449DE68, 0x048464B0, 0x42423258, 0x278192A8, + 0x156042D0, 0x0AB02168, 0x43F89B30, 0x61FC4D98, 0x765EAD48, 0x7D8FDD20, + 0x7EC7EE90, 0x7F63F748, 0x79117020}; +static const uint32_t T1[] = { + 0x4F37D, 0x279BE, 0x97A6A, 0x4BD35, 0x25E9A, 0x12F4D, 0x097A6, 0x80D66, + 0xC4006, 0x62003, 0xB56B4, 0x5AB5A, 0xA9318, 0xD0F39, 0x6879C, 0xB057B, + 0x582BD, 0x2C15E, 0x160AF, 0x8F6E2, 0xC3DC4, 0xE5857, 0x72C2B, 0x39615, + 0x98DBF, 0xC806A, 0xE0680, 0x70340, 0x381A0, 0x98665, 0x4C332, 0xA272C}; +static const uint32_t T2[] = { 0x3C88B810, 0x5E445C08, 0x2982A580, 0x14C152C0, + 0x4A60A960, 0x253054B0, 0x52982A58, 0x2FEC9EA8, 0x1156C4D0, 0x08AB6268, + 0x42F53AB0, 0x217A9D58, 0x161DC528, 0x0DAE6910, 0x46D73488, 0x25CB11C0, + 0x52E588E0, 0x6972C470, 0x34B96238, 0x5CFC3A98, 0x28DE96C8, 0x12CFC0E0, + 0x4967E070, 0x64B3F038, 0x74F97398, 0x7CDC3248, 0x38CE92A0, 0x1C674950, + 0x0E33A4A8, 0x01B959D0, 0x40DCACE8, 0x26CEDDF0}; +static const uint32_t C1[] = { 0x846B5, 0x4235A, 0x211AD}; +static const uint32_t C2[] = { 0x1A822E0, 0x21A822E0, 0x21A822E0}; +/** Reverse 64 bits of keystream into possible cipher states + * Variation mentioned in the paper. Somewhat optimized version + */ +struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3) +{ + struct Crypto1State *statelist, *sl; + uint8_t oks[32], eks[32], hi[32]; + uint32_t low = 0, win = 0; + uint32_t *tail, table[1 << 16]; + int i, j; + + sl = statelist = malloc(sizeof(struct Crypto1State) << 4); + if(!sl) + return 0; + sl->odd = sl->even = 0; + + for(i = 30; i >= 0; i -= 2) { + oks[i >> 1] = BEBIT(ks2, i); + oks[16 + (i >> 1)] = BEBIT(ks3, i); + } + for(i = 31; i >= 0; i -= 2) { + eks[i >> 1] = BEBIT(ks2, i); + eks[16 + (i >> 1)] = BEBIT(ks3, i); + } + + for(i = 0xfffff; i >= 0; --i) { + if (filter(i) != oks[0]) + continue; + + *(tail = table) = i; + for(j = 1; tail >= table && j < 29; ++j) + extend_table_simple(table, &tail, oks[j]); + + if(tail < table) + continue; + + for(j = 0; j < 19; ++j) + low = low << 1 | parity(i & S1[j]); + for(j = 0; j < 32; ++j) + hi[j] = parity(i & T1[j]); + + for(; tail >= table; --tail) { + for(j = 0; j < 3; ++j) { + *tail = *tail << 1; + *tail |= parity((i & C1[j]) ^ (*tail & C2[j])); + if(filter(*tail) != oks[29 + j]) + goto continue2; + } + + for(j = 0; j < 19; ++j) + win = win << 1 | parity(*tail & S2[j]); + + win ^= low; + for(j = 0; j < 32; ++j) { + win = win << 1 ^ hi[j] ^ parity(*tail & T2[j]); + if(filter(win) != eks[j]) + goto continue2; + } + + *tail = *tail << 1 | parity(LF_POLY_EVEN & *tail); + sl->odd = *tail ^ parity(LF_POLY_ODD & win); + sl->even = win; + ++sl; + sl->odd = sl->even = 0; + continue2:; + } + } + return statelist; +} + +/** lfsr_rollback_bit + * Rollback the shift register in order to get previous states + */ +uint8_t lfsr_rollback_bit(struct Crypto1State *s, uint32_t in, int fb) +{ + int out; + uint8_t ret; + + s->odd &= 0xffffff; + s->odd ^= (s->odd ^= s->even, s->even ^= s->odd); + + out = s->even & 1; + out ^= LF_POLY_EVEN & (s->even >>= 1); + out ^= LF_POLY_ODD & s->odd; + out ^= !!in; + out ^= (ret = filter(s->odd)) & !!fb; + + s->even |= parity(out) << 23; + return ret; +} +/** lfsr_rollback_byte + * Rollback the shift register in order to get previous states + */ +uint8_t lfsr_rollback_byte(struct Crypto1State *s, uint32_t in, int fb) +{ + int i, ret = 0; + for (i = 7; i >= 0; --i) + ret |= lfsr_rollback_bit(s, BIT(in, i), fb) << i; + return ret; +} +/** lfsr_rollback_word + * Rollback the shift register in order to get previous states + */ +uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb) +{ + int i; + uint32_t ret = 0; + for (i = 31; i >= 0; --i) + ret |= lfsr_rollback_bit(s, BEBIT(in, i), fb) << (i ^ 24); + return ret; +} + +/** nonce_distance + * x,y valid tag nonces, then prng_successor(x, nonce_distance(x, y)) = y + */ +static uint16_t *dist = 0; +int nonce_distance(uint32_t from, uint32_t to) +{ + uint16_t x, i; + if(!dist) { + dist = malloc(2 << 16); + if(!dist) + return -1; + for (x = i = 1; i; ++i) { + dist[(x & 0xff) << 8 | x >> 8] = i; + x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15; + } + } + return (65535 + dist[to >> 16] - dist[from >> 16]) % 65535; +} + + +static uint32_t fastfwd[2][8] = { + { 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB}, + { 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}}; +/** lfsr_prefix_ks + * + * Is an exported helper function from the common prefix attack + * Described in the "dark side" paper. It returns an -1 terminated array + * of possible partial(21 bit) secret state. + * The required keystream(ks) needs to contain the keystream that was used to + * encrypt the NACK which is observed when varying only the 3 last bits of Nr + * only correct iff [NR_3] ^ NR_3 does not depend on Nr_3 + */ +uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd) +{ + uint32_t c, entry, *candidates = malloc(4 << 10); + int i, size = 0, good; + + if(!candidates) + return 0; + + for(i = 0; i < 1 << 21; ++i) { + for(c = 0, good = 1; good && c < 8; ++c) { + entry = i ^ fastfwd[isodd][c]; + good &= (BIT(ks[c], isodd) == filter(entry >> 1)); + good &= (BIT(ks[c], isodd + 2) == filter(entry)); + } + if(good) + candidates[size++] = i; + } + + candidates[size] = -1; + + return candidates; +} + +/** check_pfx_parity + * helper function which eliminates possible secret states using parity bits + */ +static struct Crypto1State* +check_pfx_parity(uint32_t prefix, uint32_t rresp, uint8_t parities[8][8], + uint32_t odd, uint32_t even, struct Crypto1State* sl) +{ + uint32_t ks1, nr, ks2, rr, ks3, c, good = 1; + + for(c = 0; good && c < 8; ++c) { + sl->odd = odd ^ fastfwd[1][c]; + sl->even = even ^ fastfwd[0][c]; + + lfsr_rollback_bit(sl, 0, 0); + lfsr_rollback_bit(sl, 0, 0); + + ks3 = lfsr_rollback_bit(sl, 0, 0); + ks2 = lfsr_rollback_word(sl, 0, 0); + ks1 = lfsr_rollback_word(sl, prefix | c << 5, 1); + + nr = ks1 ^ (prefix | c << 5); + rr = ks2 ^ rresp; + + good &= parity(nr & 0x000000ff) ^ parities[c][3] ^ BIT(ks2, 24); + good &= parity(rr & 0xff000000) ^ parities[c][4] ^ BIT(ks2, 16); + good &= parity(rr & 0x00ff0000) ^ parities[c][5] ^ BIT(ks2, 8); + good &= parity(rr & 0x0000ff00) ^ parities[c][6] ^ BIT(ks2, 0); + good &= parity(rr & 0x000000ff) ^ parities[c][7] ^ ks3; + } + + return sl + good; +} + + +/** lfsr_common_prefix + * Implentation of the common prefix attack. + */ +struct Crypto1State* +lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8]) +{ + struct Crypto1State *statelist, *s; + uint32_t *odd, *even, *o, *e, top; + + odd = lfsr_prefix_ks(ks, 1); + even = lfsr_prefix_ks(ks, 0); + + s = statelist = malloc((sizeof *statelist) << 20); + if(!s || !odd || !even) { + free(statelist); + statelist = 0; + goto out; + } + + for(o = odd; *o + 1; ++o) + for(e = even; *e + 1; ++e) + for(top = 0; top < 64; ++top) { + *o += 1 << 21; + *e += (!(top & 7) + 1) << 21; + s = check_pfx_parity(pfx, rr, par, *o, *e, s); + } + + s->odd = s->even = 0; +out: + free(odd); + free(even); + return statelist; +} diff --git a/armsrc/crapto1.h b/armsrc/crapto1.h new file mode 100644 index 00000000..b144853c --- /dev/null +++ b/armsrc/crapto1.h @@ -0,0 +1,93 @@ +/* crapto1.h + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + MA 02110-1301, US$ + + Copyright (C) 2008-2008 bla +*/ +#ifndef CRAPTO1_INCLUDED +#define CRAPTO1_INCLUDED +#include +#ifdef __cplusplus +extern "C" { +#endif + +struct Crypto1State {uint32_t odd, even;}; +void crypto1_create(struct Crypto1State *s, uint64_t key); +void crypto1_destroy(struct Crypto1State*); +void crypto1_get_lfsr(struct Crypto1State*, uint64_t*); +uint8_t crypto1_bit(struct Crypto1State*, uint8_t, int); +uint8_t crypto1_byte(struct Crypto1State*, uint8_t, int); +uint32_t crypto1_word(struct Crypto1State*, uint32_t, int); +uint32_t prng_successor(uint32_t x, uint32_t n); + +struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in); +struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3); +uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd); +struct Crypto1State* +lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8]); + +uint8_t lfsr_rollback_bit(struct Crypto1State* s, uint32_t in, int fb); +uint8_t lfsr_rollback_byte(struct Crypto1State* s, uint32_t in, int fb); +uint32_t lfsr_rollback_word(struct Crypto1State* s, uint32_t in, int fb); +int nonce_distance(uint32_t from, uint32_t to); +#define FOREACH_VALID_NONCE(N, FILTER, FSIZE)\ + uint32_t __n = 0,__M = 0, N = 0;\ + int __i;\ + for(; __n < 1 << 16; N = prng_successor(__M = ++__n, 16))\ + for(__i = FSIZE - 1; __i >= 0; __i--)\ + if(BIT(FILTER, __i) ^ parity(__M & 0xFF01))\ + break;\ + else if(__i)\ + __M = prng_successor(__M, (__i == 7) ? 48 : 8);\ + else + +#define LF_POLY_ODD (0x29CE5C) +#define LF_POLY_EVEN (0x870804) +#define BIT(x, n) ((x) >> (n) & 1) +#define BEBIT(x, n) BIT(x, (n) ^ 24) +static inline int parity(uint32_t x) +{ +#if !defined __i386__ || !defined __GNUC__ + x ^= x >> 16; + x ^= x >> 8; + x ^= x >> 4; + return BIT(0x6996, x & 0xf); +#else + asm( "movl %1, %%eax\n" + "mov %%ax, %%cx\n" + "shrl $0x10, %%eax\n" + "xor %%ax, %%cx\n" + "xor %%ch, %%cl\n" + "setpo %%al\n" + "movzx %%al, %0\n": "=r"(x) : "r"(x): "eax","ecx"); + return x; +#endif +} +static inline int filter(uint32_t const x) +{ + uint32_t f; + + f = 0xf22c0 >> (x & 0xf) & 16; + f |= 0x6c9c0 >> (x >> 4 & 0xf) & 8; + f |= 0x3c8b0 >> (x >> 8 & 0xf) & 4; + f |= 0x1e458 >> (x >> 12 & 0xf) & 2; + f |= 0x0d938 >> (x >> 16 & 0xf) & 1; + return BIT(0xEC57E80A, f); +} +#ifdef __cplusplus +} +#endif +#endif diff --git a/armsrc/crypto1.c b/armsrc/crypto1.c new file mode 100644 index 00000000..9d103c7f --- /dev/null +++ b/armsrc/crypto1.c @@ -0,0 +1,95 @@ +/* crypto1.c + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + MA 02110-1301, US + + Copyright (C) 2008-2008 bla +*/ +#include "crapto1.h" +#include + +#define SWAPENDIAN(x)\ + (x = (x >> 8 & 0xff00ff) | (x & 0xff00ff) << 8, x = x >> 16 | x << 16) + +void crypto1_create(struct Crypto1State *s, uint64_t key) +{ +// struct Crypto1State *s = malloc(sizeof(*s)); + int i; + + for(i = 47;s && i > 0; i -= 2) { + s->odd = s->odd << 1 | BIT(key, (i - 1) ^ 7); + s->even = s->even << 1 | BIT(key, i ^ 7); + } + return; +} +void crypto1_destroy(struct Crypto1State *state) +{ +// free(state); + state->odd = 0; + state->even = 0; +} +void crypto1_get_lfsr(struct Crypto1State *state, uint64_t *lfsr) +{ + int i; + for(*lfsr = 0, i = 23; i >= 0; --i) { + *lfsr = *lfsr << 1 | BIT(state->odd, i ^ 3); + *lfsr = *lfsr << 1 | BIT(state->even, i ^ 3); + } +} +uint8_t crypto1_bit(struct Crypto1State *s, uint8_t in, int is_encrypted) +{ + uint32_t feedin; + uint8_t ret = filter(s->odd); + + feedin = ret & !!is_encrypted; + feedin ^= !!in; + feedin ^= LF_POLY_ODD & s->odd; + feedin ^= LF_POLY_EVEN & s->even; + s->even = s->even << 1 | parity(feedin); + + s->odd ^= (s->odd ^= s->even, s->even ^= s->odd); + + return ret; +} +uint8_t crypto1_byte(struct Crypto1State *s, uint8_t in, int is_encrypted) +{ + uint8_t i, ret = 0; + + for (i = 0; i < 8; ++i) + ret |= crypto1_bit(s, BIT(in, i), is_encrypted) << i; + + return ret; +} +uint32_t crypto1_word(struct Crypto1State *s, uint32_t in, int is_encrypted) +{ + uint32_t i, ret = 0; + + for (i = 0; i < 32; ++i) + ret |= crypto1_bit(s, BEBIT(in, i), is_encrypted) << (i ^ 24); + + return ret; +} + +/* prng_successor + * helper used to obscure the keystream during authentication + */ +uint32_t prng_successor(uint32_t x, uint32_t n) +{ + SWAPENDIAN(x); + while(n--) + x = x >> 1 | (x >> 16 ^ x >> 18 ^ x >> 19 ^ x >> 21) << 31; + + return SWAPENDIAN(x); +} diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 1c5e9265..bb280807 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -16,6 +16,8 @@ #include "iso14443crc.h" #include "iso14443a.h" +#include "crapto1.h" +#include "mifareutil.h" static uint8_t *trace = (uint8_t *) BigBuf; static int traceLen = 0; @@ -73,6 +75,11 @@ void iso14a_set_trigger(int enable) { // Generate the parity value for a byte sequence // //----------------------------------------------------------------------------- +byte_t oddparity (const byte_t bt) +{ + return OddByteParity[bt]; +} + uint32_t GetParity(const uint8_t * pbtCmd, int iLen) { int i; @@ -1140,10 +1147,11 @@ ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); receivedCmd[0], receivedCmd[1], receivedCmd[2]); } else { // Never seen this command before - Dbprintf("Unknown command received from reader: %x %x %x %x %x %x %x %x %x", + Dbprintf("Unknown command received from reader (len=%d): %x %x %x %x %x %x %x %x %x", + len, receivedCmd[0], receivedCmd[1], receivedCmd[2], - receivedCmd[3], receivedCmd[3], receivedCmd[4], - receivedCmd[5], receivedCmd[6], receivedCmd[7]); + receivedCmd[3], receivedCmd[4], receivedCmd[5], + receivedCmd[6], receivedCmd[7], receivedCmd[8]); // Do not respond resp = resp1; respLen = 0; order = 0; } @@ -1478,7 +1486,7 @@ void ReaderTransmit(uint8_t* frame, int len) int ReaderReceive(uint8_t* receivedAnswer) { int samples = 0; - if (!GetIso14443aAnswerFromTag(receivedAnswer,100,&samples,0)) return FALSE; + if (!GetIso14443aAnswerFromTag(receivedAnswer,160,&samples,0)) return FALSE; if (tracing) LogTrace(receivedAnswer,Demod.len,samples,Demod.parityBits,FALSE); if(samples == 0) return FALSE; return Demod.len; @@ -1487,19 +1495,22 @@ int ReaderReceive(uint8_t* receivedAnswer) /* performs iso14443a anticolision procedure * fills the uid pointer unless NULL * fills resp_data unless NULL */ -int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data) { - uint8_t wupa[] = { 0x52 }; +int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, uint32_t * cuid_ptr) { + uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP uint8_t sel_all[] = { 0x93,0x20 }; uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes - uint8_t* uid = resp + 7; + //uint8_t* uid = resp + 7; uint8_t sak = 0x04; // cascade uid int cascade_level = 0; int len; + + // clear uid + memset(uid_ptr, 0, 8); // Broadcast for a card, WUPA (0x52) will force response from all cards in the field ReaderTransmitShort(wupa); @@ -1509,8 +1520,8 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data) { if(resp_data) memcpy(resp_data->atqa, resp, 2); - ReaderTransmit(sel_all,sizeof(sel_all)); - if(!ReaderReceive(uid)) return 0; + //ReaderTransmit(sel_all,sizeof(sel_all)); --- avoid duplicate SELECT request + //if(!ReaderReceive(uid)) return 0; // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in // which case we need to make a cascade 2 request and select - this is a long UID @@ -1524,6 +1535,9 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data) { ReaderTransmit(sel_all,sizeof(sel_all)); if (!ReaderReceive(resp)) return 0; if(uid_ptr) memcpy(uid_ptr + cascade_level*4, resp, 4); + + // calculate crypto UID + if(cuid_ptr) *cuid_ptr = bytes_to_num(resp, 4); // Construct SELECT UID command memcpy(sel_uid+2,resp,5); @@ -1538,19 +1552,26 @@ int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data) { resp_data->sak = sak; resp_data->ats_len = 0; } + //-- this byte not UID, it CT. http://www.nxp.com/documents/application_note/AN10927.pdf page 3 + if (uid_ptr[0] == 0x88) { + memcpy(uid_ptr, uid_ptr + 1, 7); + uid_ptr[7] = 0; + } if( (sak & 0x20) == 0) return 2; // non iso14443a compliant tag // Request for answer to select - AppendCrc14443a(rats, 2); - ReaderTransmit(rats, sizeof(rats)); - if (!(len = ReaderReceive(resp))) return 0; - if(resp_data) { + if(resp_data) { // JCOP cards - if reader sent RATS then there is no MIFARE session at all!!! + AppendCrc14443a(rats, 2); + ReaderTransmit(rats, sizeof(rats)); + + if (!(len = ReaderReceive(resp))) return 0; + memcpy(resp_data->ats, resp, sizeof(resp_data->ats)); resp_data->ats_len = len; } - + return 1; } @@ -1604,7 +1625,7 @@ void ReaderIso14443a(UsbCommand * c, UsbCommand * ack) if(param & ISO14A_CONNECT) { iso14443a_setup(); - ack->arg[0] = iso14443a_select_card(ack->d.asBytes, (iso14a_card_select_t *) (ack->d.asBytes+12)); + ack->arg[0] = iso14443a_select_card(ack->d.asBytes, (iso14a_card_select_t *) (ack->d.asBytes+12), NULL); UsbSendPacket((void *)ack, sizeof(UsbCommand)); } @@ -1684,7 +1705,7 @@ void ReaderMifare(uint32_t parameter) break; } - if(!iso14443a_select_card(NULL, NULL)) continue; + if(!iso14443a_select_card(NULL, NULL, NULL)) continue; // Transmit MIFARE_CLASSIC_AUTH ReaderTransmit(mf_auth,sizeof(mf_auth)); @@ -1738,4 +1759,371 @@ void ReaderMifare(uint32_t parameter) FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); tracing = TRUE; + + DbpString("COMMAND FINISHED"); + + Dbprintf("nt=%x", (int)nt[0]); +} + +//----------------------------------------------------------------------------- +// Select, Authenticaate, Read an MIFARE tag. +// read block +//----------------------------------------------------------------------------- +void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) +{ + // params + uint8_t blockNo = arg0; + uint8_t keyType = arg1; + uint64_t ui64Key = 0; + ui64Key = bytes_to_num(datain, 6); + + // variables + byte_t isOK = 0; + byte_t dataoutbuf[16]; + uint8_t uid[7]; + uint32_t cuid; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + // clear trace + traceLen = 0; +// tracing = false; + + iso14443a_setup(); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while (true) { + if(!iso14443a_select_card(uid, NULL, &cuid)) { + Dbprintf("Can't select card"); + break; + }; + + if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, 0)) { + Dbprintf("Auth error"); + break; + }; + + if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) { + Dbprintf("Read block error"); + break; + }; + + if(mifare_classic_halt(pcs, cuid)) { + Dbprintf("Halt error"); + break; + }; + + isOK = 1; + break; + } + + // ----------------------------- crypto1 destroy + crypto1_destroy(pcs); + +// DbpString("READ BLOCK FINISHED"); + + // add trace trailer + uid[0] = 0xff; + uid[1] = 0xff; + uid[2] = 0xff; + uid[3] = 0xff; + LogTrace(uid, 4, 0, 0, TRUE); + + UsbCommand ack = {CMD_ACK, {isOK, 0, 0}}; + memcpy(ack.d.asBytes, dataoutbuf, 16); + + LED_B_ON(); + UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + LED_B_OFF(); + + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +// tracing = TRUE; + +} + +//----------------------------------------------------------------------------- +// Select, Authenticaate, Read an MIFARE tag. +// read sector (data = 4 x 16 bytes = 64 bytes) +//----------------------------------------------------------------------------- +void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) +{ + // params + uint8_t sectorNo = arg0; + uint8_t keyType = arg1; + uint64_t ui64Key = 0; + ui64Key = bytes_to_num(datain, 6); + + // variables + byte_t isOK = 0; + byte_t dataoutbuf[16 * 4]; + uint8_t uid[8]; + uint32_t cuid; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + // clear trace + traceLen = 0; +// tracing = false; + + iso14443a_setup(); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while (true) { + if(!iso14443a_select_card(uid, NULL, &cuid)) { + Dbprintf("Can't select card"); + break; + }; + + if(mifare_classic_auth(pcs, cuid, sectorNo * 4, keyType, ui64Key, 0)) { + Dbprintf("Auth error"); + break; + }; + + if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 0, dataoutbuf + 16 * 0)) { + Dbprintf("Read block 0 error"); + break; + }; + if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 1, dataoutbuf + 16 * 1)) { + Dbprintf("Read block 1 error"); + break; + }; + if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 2, dataoutbuf + 16 * 2)) { + Dbprintf("Read block 2 error"); + break; + }; + if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 3, dataoutbuf + 16 * 3)) { + Dbprintf("Read block 3 error"); + break; + }; + + if(mifare_classic_halt(pcs, cuid)) { + Dbprintf("Halt error"); + break; + }; + + isOK = 1; + break; + } + + // ----------------------------- crypto1 destroy + crypto1_destroy(pcs); + +// DbpString("READ BLOCK FINISHED"); + + // add trace trailer + uid[0] = 0xff; + uid[1] = 0xff; + uid[2] = 0xff; + uid[3] = 0xff; + LogTrace(uid, 4, 0, 0, TRUE); + + UsbCommand ack = {CMD_ACK, {isOK, 0, 0}}; + memcpy(ack.d.asBytes, dataoutbuf, 16 * 2); + + LED_B_ON(); + UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + + SpinDelay(100); + + memcpy(ack.d.asBytes, dataoutbuf + 16 * 2, 16 * 2); + UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + LED_B_OFF(); + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +// tracing = TRUE; + +} + +//----------------------------------------------------------------------------- +// Select, Authenticaate, Read an MIFARE tag. +// read block +//----------------------------------------------------------------------------- +void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) +{ + // params + uint8_t blockNo = arg0; + uint8_t keyType = arg1; + uint64_t ui64Key = 0; + byte_t blockdata[16]; + + ui64Key = bytes_to_num(datain, 6); + memcpy(blockdata, datain + 10, 16); + + // variables + byte_t isOK = 0; + uint8_t uid[8]; + uint32_t cuid; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + // clear trace + traceLen = 0; +// tracing = false; + + iso14443a_setup(); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while (true) { + if(!iso14443a_select_card(uid, NULL, &cuid)) { + Dbprintf("Can't select card"); + break; + }; + + if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, 0)) { + Dbprintf("Auth error"); + break; + }; + + if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) { + Dbprintf("Write block error"); + break; + }; + + if(mifare_classic_halt(pcs, cuid)) { + Dbprintf("Halt error"); + break; + }; + + isOK = 1; + break; + } + + // ----------------------------- crypto1 destroy + crypto1_destroy(pcs); + +// DbpString("WRITE BLOCK FINISHED"); + + // add trace trailer + uid[0] = 0xff; + uid[1] = 0xff; + uid[2] = 0xff; + uid[3] = 0xff; + LogTrace(uid, 4, 0, 0, TRUE); + + UsbCommand ack = {CMD_ACK, {isOK, 0, 0}}; + + LED_B_ON(); + UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + LED_B_OFF(); + + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +// tracing = TRUE; + +} + +//----------------------------------------------------------------------------- +// MIFARE nested authentication. +// +//----------------------------------------------------------------------------- +void MifareNested(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) +{ + // params + uint8_t blockNo = arg0; + uint8_t keyType = arg1; + uint64_t ui64Key = 0; + + ui64Key = bytes_to_num(datain, 6); + + // variables + byte_t isOK = 0; + uint8_t uid[8]; + uint32_t cuid; + uint8_t dataoutbuf[16]; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + // clear trace + traceLen = 0; +// tracing = false; + + iso14443a_setup(); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while (true) { + if(!iso14443a_select_card(uid, NULL, &cuid)) { + Dbprintf("Can't select card"); + break; + }; + + if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, 0)) { + Dbprintf("Auth error"); + break; + }; + + // nested authenticate block = (blockNo + 1) + if(mifare_classic_auth(pcs, (uint32_t)bytes_to_num(uid, 4), blockNo + 1, keyType, ui64Key, 1)) { + Dbprintf("Auth error"); + break; + }; + + if(mifare_classic_readblock(pcs, (uint32_t)bytes_to_num(uid, 4), blockNo + 1, dataoutbuf)) { + Dbprintf("Read block error"); + break; + }; + + if(mifare_classic_halt(pcs, (uint32_t)bytes_to_num(uid, 4))) { + Dbprintf("Halt error"); + break; + }; + + isOK = 1; + break; + } + + // ----------------------------- crypto1 destroy + crypto1_destroy(pcs); + + DbpString("NESTED FINISHED"); + + // add trace trailer + uid[0] = 0xff; + uid[1] = 0xff; + uid[2] = 0xff; + uid[3] = 0xff; + LogTrace(uid, 4, 0, 0, TRUE); + + UsbCommand ack = {CMD_ACK, {isOK, 0, 0}}; + memcpy(ack.d.asBytes, dataoutbuf, 16); + + LED_B_ON(); + UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + LED_B_OFF(); + + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +// tracing = TRUE; + +} + +//----------------------------------------------------------------------------- +// MIFARE 1K simulate. +// +//----------------------------------------------------------------------------- +void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) +{ } diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index c7e023d4..f848c6e9 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -2,12 +2,17 @@ #define __ISO14443A_H #include "common.h" +extern byte_t oddparity (const byte_t bt); +extern uint32_t GetParity(const uint8_t * pbtCmd, int iLen); extern void AppendCrc14443a(uint8_t* data, int len); + extern void ReaderTransmitShort(const uint8_t* bt); extern void ReaderTransmit(uint8_t* frame, int len); +extern void ReaderTransmitPar(uint8_t* frame, int len, uint32_t par); extern int ReaderReceive(uint8_t* receivedAnswer); + extern void iso14443a_setup(); -extern int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * card_info); +extern int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data, uint32_t * cuid_ptr); extern void iso14a_set_trigger(int enable); #endif /* __ISO14443A_H */ diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c new file mode 100644 index 00000000..ede1cbc9 --- /dev/null +++ b/armsrc/mifareutil.c @@ -0,0 +1,239 @@ +//----------------------------------------------------------------------------- +// Merlok, May 2011 +// Many authors, that makes it possible +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// code for work with mifare cards. +//----------------------------------------------------------------------------- + +#include "proxmark3.h" +#include "apps.h" +#include "util.h" +#include "string.h" + +#include "iso14443crc.h" +#include "iso14443a.h" +#include "crapto1.h" +#include "mifareutil.h" + +uint8_t* mifare_get_bigbufptr(void) { + return (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes +} + +int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer) +{ + uint8_t dcmd[4], ecmd[4]; + uint32_t pos, par, res; + + dcmd[0] = cmd; + dcmd[1] = data; + AppendCrc14443a(dcmd, 2); + + memcpy(ecmd, dcmd, sizeof(dcmd)); + + if (crypted) { + par = 0; + for (pos = 0; pos < 4; pos++) + { + ecmd[pos] = crypto1_byte(pcs, 0x00, 0) ^ dcmd[pos]; + par = (par >> 1) | ( ((filter(pcs->odd) ^ oddparity(dcmd[pos])) & 0x01) * 0x08 ); + } + + ReaderTransmitPar(ecmd, sizeof(ecmd), par); + + } else { + ReaderTransmit(dcmd, sizeof(dcmd)); + } + + int len = ReaderReceive(answer); + + if (crypted) { + if (len == 1) { + res = 0; + for (pos = 0; pos < 4; pos++) + res |= (crypto1_bit(pcs, 0, 0) ^ BIT(answer[0], pos)) << pos; + + answer[0] = res; + + } else { + for (pos = 0; pos < len; pos++) + { + answer[pos] = crypto1_byte(pcs, 0x00, 0) ^ answer[pos]; + } + } + } + + return len; +} + +int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint64_t isNested) +{ + // variables + int len; + uint32_t pos; + uint8_t tmp4[4]; + byte_t par = 0; + byte_t ar[4]; + uint32_t nt, ntpp; // Supplied tag nonce + + uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + uint8_t* receivedAnswer = mifare_get_bigbufptr(); + + // Transmit MIFARE_CLASSIC_AUTH + len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer); +// Dbprintf("rand nonce len: %x", len); + if (len != 4) return 1; + + ar[0] = 0x55; + ar[1] = 0x41; + ar[2] = 0x49; + ar[3] = 0x92; + + // Save the tag nonce (nt) + nt = bytes_to_num(receivedAnswer, 4); + Dbprintf("uid: %x nt: %x", uid, nt); + + // ----------------------------- crypto1 create + // Init cipher with key + crypto1_create(pcs, ui64Key); + + // Load (plain) uid^nt into the cipher + crypto1_word(pcs, nt ^ uid, 0); + + par = 0; + // Generate (encrypted) nr+parity by loading it into the cipher (Nr) + for (pos = 0; pos < 4; pos++) + { + mf_nr_ar[pos] = crypto1_byte(pcs, ar[pos], 0) ^ ar[pos]; + par = (par >> 1) | ( ((filter(pcs->odd) ^ oddparity(ar[pos])) & 0x01) * 0x80 ); + } + + // Skip 32 bits in pseudo random generator + nt = prng_successor(nt,32); + + // ar+parity + for (pos = 4; pos < 8; pos++) + { + nt = prng_successor(nt,8); + mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff); + par = (par >> 1)| ( ((filter(pcs->odd) ^ oddparity(nt & 0xff)) & 0x01) * 0x80 ); + } + + // Transmit reader nonce and reader answer + ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par); + + // Receive 4 bit answer + len = ReaderReceive(receivedAnswer); + if (!len) + { + Dbprintf("Authentication failed. Card timeout."); + return 2; + } + + memcpy(tmp4, receivedAnswer, 4); + ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0); + + if (ntpp != bytes_to_num(tmp4, 4)) { + Dbprintf("Authentication failed. Error card response."); + return 3; + } + + return 0; +} + +int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) +{ + // variables + int len; + uint8_t bt[2]; + + uint8_t* receivedAnswer = mifare_get_bigbufptr(); + + // command MIFARE_CLASSIC_READBLOCK + len = mifare_sendcmd_short(pcs, 1, 0x30, blockNo, receivedAnswer); + if (len == 1) { + Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + return 1; + } + if (len != 18) { + Dbprintf("Cmd Error: card timeout. len: %x", len); + return 2; + } + + memcpy(bt, receivedAnswer + 16, 2); + AppendCrc14443a(receivedAnswer, 16); + if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) { + Dbprintf("Cmd CRC response error."); + return 3; + } + + memcpy(blockData, receivedAnswer, 16); + return 0; +} + +int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) +{ + // variables + int len, i; + uint32_t pos; + uint32_t par = 0; + byte_t res; + + uint8_t d_block[18], d_block_enc[18]; + uint8_t* receivedAnswer = mifare_get_bigbufptr(); + + // command MIFARE_CLASSIC_WRITEBLOCK + len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer); + + if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK + Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + return 1; + } + + memcpy(d_block, blockData, 16); + AppendCrc14443a(d_block, 16); + + // crypto + par = 0; + for (pos = 0; pos < 18; pos++) + { + d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos]; + par = (par >> 1) | ( ((filter(pcs->odd) ^ oddparity(d_block[pos])) & 0x01) * 0x20000 ); + } + + ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par); + + // Receive the response + len = ReaderReceive(receivedAnswer); + + res = 0; + for (i = 0; i < 4; i++) + res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i; + + if ((len != 1) || (res != 0x0A)) { + Dbprintf("Cmd send data2 Error: %02x", res); + return 2; + } + + return 0; +} + +int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) +{ + // variables + int len; + + // Mifare HALT + uint8_t* receivedAnswer = mifare_get_bigbufptr(); + + len = mifare_sendcmd_short(pcs, 1, 0x50, 0x00, receivedAnswer); + if (len != 0) { + Dbprintf("halt error. response len: %x", len); + return 1; + } + + return 0; +} diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h new file mode 100644 index 00000000..ed2779fc --- /dev/null +++ b/armsrc/mifareutil.h @@ -0,0 +1,17 @@ +//----------------------------------------------------------------------------- +// Merlok, May 2011 +// Many authors, that makes it possible +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// code for work with mifare cards. +//----------------------------------------------------------------------------- + +int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, \ + uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint64_t isNested); +int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); +int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); +int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); + diff --git a/armsrc/util.h b/armsrc/util.h index 6f69fba8..34760ab1 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -14,6 +14,8 @@ #include #include +#define BYTEx(x, n) (((x) >> (n * 8)) & 0xff ) + #define LED_RED 1 #define LED_ORANGE 2 #define LED_GREEN 4 diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 145f6a67..922d1b7f 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -11,6 +11,7 @@ #include #include #include +#include "util.h" #include "iso14443crc.h" #include "data.h" #include "proxusb.h" @@ -18,6 +19,7 @@ #include "cmdparser.h" #include "cmdhf14a.h" #include "common.h" +#include "cmdmain.h" static int CmdHelp(const char *Cmd); @@ -160,6 +162,231 @@ int CmdHF14AMifare(const char *Cmd) return 0; } +int CmdHF14AMfWrBl(const char *Cmd) +{ + int i, temp; + uint8_t blockNo = 0; + uint8_t keyType = 0; + uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + + const char *cmdp = Cmd; + const char *cmdpe = Cmd; + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf 14 mfwrbl "); + PrintAndLog(" sample: hf 14a mfwrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F"); + return 0; + } + PrintAndLog("l: %s", Cmd); + + // skip spaces + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + blockNo = strtol(cmdp, NULL, 0) & 0xff; + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + if (*cmdp != 'A' && *cmdp != 'a') { + keyType = 1; + } + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + + // next value here:cmdpe + cmdpe = cmdp; + while (*cmdpe!=' ' && *cmdpe!='\t') cmdpe++; + while (*cmdpe==' ' || *cmdpe=='\t') cmdpe++; + + if ((int)cmdpe - (int)cmdp != 13) { + PrintAndLog("Length of key must be 12 hex symbols"); + return 0; + } + + for(i = 0; i < 6; i++) { + sscanf((char[]){cmdp[0],cmdp[1],0},"%X",&temp); + key[i] = temp & 0xff; + cmdp++; + cmdp++; + } + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + + if (strlen(cmdp) != 32) { + PrintAndLog("Length of block data must be 32 hex symbols"); + return 0; + } + + for(i = 0; i < 16; i++) { + sscanf((char[]){cmdp[0],cmdp[1],0},"%X",&temp); + bldata[i] = temp & 0xff; + cmdp++; + cmdp++; + } + PrintAndLog(" block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6)); + PrintAndLog(" data: %s", sprint_hex(bldata, 16)); + + UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}}; + memcpy(c.d.asBytes, key, 6); + memcpy(c.d.asBytes + 10, bldata, 16); + SendCommand(&c); + UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500); + + if (resp != NULL) { + uint8_t isOK = resp->arg[0] & 0xff; + + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + + return 0; +} + +int CmdHF14AMfRdBl(const char *Cmd) +{ + int i, temp; + uint8_t blockNo = 0; + uint8_t keyType = 0; + uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + + const char *cmdp = Cmd; + + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf 14 mfrdbl "); + PrintAndLog(" sample: hf 14a mfrdbl 0 A FFFFFFFFFFFF "); + return 0; + } + + // skip spaces + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + blockNo = strtol(cmdp, NULL, 0) & 0xff; + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + if (*cmdp != 'A' && *cmdp != 'a') { + keyType = 1; + } + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + + if (strlen(cmdp) != 12) { + PrintAndLog("Length of key must be 12 hex symbols"); + return 0; + } + + for(i = 0; i < 6; i++) { + sscanf((char[]){cmdp[0],cmdp[1],0},"%X",&temp); + key[i] = temp & 0xff; + cmdp++; + cmdp++; + } + PrintAndLog(" block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6)); + + UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}}; + memcpy(c.d.asBytes, key, 6); + SendCommand(&c); + UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500); + + if (resp != NULL) { + uint8_t isOK = resp->arg[0] & 0xff; + uint8_t * data = resp->d.asBytes; + + PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16)); + } else { + PrintAndLog("Command execute timeout"); + } + + return 0; +} + +int CmdHF14AMfRdSc(const char *Cmd) +{ + int i, temp; + uint8_t sectorNo = 0; + uint8_t keyType = 0; + uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + + const char *cmdp = Cmd; + + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf 14 mfrdsc "); + PrintAndLog(" sample: hf 14a mfrdsc 0 A FFFFFFFFFFFF "); + return 0; + } + + // skip spaces + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + sectorNo = strtol(cmdp, NULL, 0) & 0xff; + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + if (*cmdp != 'A' && *cmdp != 'a') { + keyType = 1; + } + + // next value + while (*cmdp!=' ' && *cmdp!='\t') cmdp++; + while (*cmdp==' ' || *cmdp=='\t') cmdp++; + + if (strlen(cmdp) != 12) { + PrintAndLog("Length of key must be 12 hex symbols"); + return 0; + } + + for(i = 0; i < 6; i++) { + sscanf((char[]){cmdp[0],cmdp[1],0},"%X",&temp); + key[i] = temp & 0xff; + cmdp++; + cmdp++; + } + PrintAndLog(" sector no:%02x key type:%02x key:%s ", sectorNo, keyType, sprint_hex(key, 6)); + + UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}}; + memcpy(c.d.asBytes, key, 6); + SendCommand(&c); + UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500); + PrintAndLog(" "); + + if (resp != NULL) { + uint8_t isOK = resp->arg[0] & 0xff; + uint8_t * data = resp->d.asBytes; + + PrintAndLog("isOk:%02x", isOK); + for (i = 0; i < 2; i++) { + PrintAndLog("data:%s", sprint_hex(data + i * 16, 16)); + } + } else { + PrintAndLog("Command1 execute timeout"); + } + + // response2 + resp = WaitForResponseTimeout(CMD_ACK, 500); + PrintAndLog(" "); + + if (resp != NULL) { + uint8_t * data = resp->d.asBytes; + + for (i = 0; i < 2; i++) { + PrintAndLog("data:%s", sprint_hex(data + i * 16, 16)); + } + } else { + PrintAndLog("Command2 execute timeout"); + } + + return 0; +} + int CmdHF14AReader(const char *Cmd) { UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}}; @@ -215,6 +442,9 @@ static command_t CommandTable[] = {"help", CmdHelp, 1, "This help"}, {"list", CmdHF14AList, 0, "List ISO 14443a history"}, {"mifare", CmdHF14AMifare, 0, "Read out sector 0 parity error messages"}, + {"mfrdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"}, + {"mfrdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"}, + {"mfwrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, {"sim", CmdHF14ASim, 0, " -- Fake ISO 14443a tag"}, {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"}, diff --git a/client/util.c b/client/util.c index 2c02d119..fe89626f 100644 --- a/client/util.c +++ b/client/util.c @@ -1,5 +1,14 @@ -#include -#include +//----------------------------------------------------------------------------- +// Copyright (C) 2010 iZsh +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// utilities +//----------------------------------------------------------------------------- + +#include "util.h" void print_hex(const uint8_t * data, const size_t len) { diff --git a/client/util.h b/client/util.h index 48330799..8b65bc65 100644 --- a/client/util.h +++ b/client/util.h @@ -1 +1,15 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2010 iZsh +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// utilities +//----------------------------------------------------------------------------- + +#include +#include + void print_hex(const uint8_t * data, const size_t len); +char * sprint_hex(const uint8_t * data, const size_t len); diff --git a/common/iso15693tools.c b/common/iso15693tools.c index 6d8ae5b1..ec9c4a5e 100644 --- a/common/iso15693tools.c +++ b/common/iso15693tools.c @@ -56,7 +56,7 @@ int sprintf(char *str, const char *format, ...); // uid[] the UID in transmission order // return: ptr to string char* Iso15693sprintUID(char *target,uint8_t *uid) { - static char tempbuf[9]=""; + static char tempbuf[2*8+1]=""; if (target==NULL) target=tempbuf; sprintf(target,"%02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX", uid[7],uid[6],uid[5],uid[4],uid[3],uid[2],uid[1],uid[0]); diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 20a2b7ea..b36ea5dd 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -36,24 +36,24 @@ typedef struct { #define CMD_DEVICE_INFO 0x0000 #define CMD_SETUP_WRITE 0x0001 #define CMD_FINISH_WRITE 0x0003 -#define CMD_HARDWARE_RESET 0x0004 +#define CMD_HARDWARE_RESET 0x0004 #define CMD_START_FLASH 0x0005 -#define CMD_NACK 0x00fe -#define CMD_ACK 0x00ff +#define CMD_NACK 0x00fe +#define CMD_ACK 0x00ff // For general mucking around #define CMD_DEBUG_PRINT_STRING 0x0100 #define CMD_DEBUG_PRINT_INTEGERS 0x0101 -#define CMD_DEBUG_PRINT_BYTES 0x0102 -#define CMD_LCD_RESET 0x0103 -#define CMD_LCD 0x0104 -#define CMD_BUFF_CLEAR 0x0105 -#define CMD_READ_MEM 0x0106 -#define CMD_VERSION 0x0107 +#define CMD_DEBUG_PRINT_BYTES 0x0102 +#define CMD_LCD_RESET 0x0103 +#define CMD_LCD 0x0104 +#define CMD_BUFF_CLEAR 0x0105 +#define CMD_READ_MEM 0x0106 +#define CMD_VERSION 0x0107 // For low-frequency tags -#define CMD_READ_TI_TYPE 0x0202 -#define CMD_WRITE_TI_TYPE 0x0203 +#define CMD_READ_TI_TYPE 0x0202 +#define CMD_WRITE_TI_TYPE 0x0203 #define CMD_DOWNLOADED_RAW_BITS_TI_TYPE 0x0204 #define CMD_ACQUIRE_RAW_ADC_SAMPLES_125K 0x0205 #define CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K 0x0206 @@ -71,38 +71,42 @@ typedef struct { // For the 13.56 MHz tags #define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693 0x0300 #define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443 0x0301 -#define CMD_READ_SRI512_TAG 0x0303 -#define CMD_READ_SRIX4K_TAG 0x0304 -#define CMD_READER_ISO_15693 0x0310 -#define CMD_SIMTAG_ISO_15693 0x0311 +#define CMD_READ_SRI512_TAG 0x0303 +#define CMD_READ_SRIX4K_TAG 0x0304 +#define CMD_READER_ISO_15693 0x0310 +#define CMD_SIMTAG_ISO_15693 0x0311 #define CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693 0x0312 -#define CMD_ISO_15693_COMMAND 0x0313 -#define CMD_ISO_15693_COMMAND_DONE 0x0314 -#define CMD_ISO_15693_FIND_AFI 0x0315 -#define CMD_ISO_15693_DEBUG 0x0316 +#define CMD_ISO_15693_COMMAND 0x0313 +#define CMD_ISO_15693_COMMAND_DONE 0x0314 +#define CMD_ISO_15693_FIND_AFI 0x0315 +#define CMD_ISO_15693_DEBUG 0x0316 #define CMD_SIMULATE_TAG_HF_LISTEN 0x0380 #define CMD_SIMULATE_TAG_ISO_14443 0x0381 -#define CMD_SNOOP_ISO_14443 0x0382 -#define CMD_SNOOP_ISO_14443a 0x0383 +#define CMD_SNOOP_ISO_14443 0x0382 +#define CMD_SNOOP_ISO_14443a 0x0383 #define CMD_SIMULATE_TAG_ISO_14443a 0x0384 -#define CMD_READER_ISO_14443a 0x0385 -#define CMD_SIMULATE_MIFARE_CARD 0x0386 -#define CMD_SIMULATE_TAG_LEGIC_RF 0x0387 -#define CMD_READER_LEGIC_RF 0x0388 -#define CMD_WRITER_LEGIC_RF 0x0399 -#define CMD_READER_MIFARE 0x0389 -#define CMD_SNOOP_ICLASS 0x0392 +#define CMD_READER_ISO_14443a 0x0385 +#define CMD_SIMULATE_MIFARE_CARD 0x0386 +#define CMD_SIMULATE_TAG_LEGIC_RF 0x0387 +#define CMD_READER_LEGIC_RF 0x0388 +#define CMD_WRITER_LEGIC_RF 0x0399 +#define CMD_READER_MIFARE 0x0389 +#define CMD_MIFARE_NESTED 0x0390 +#define CMD_MIFARE_READBL 0x0391 +#define CMD_MIFARE_READSC 0x0393 +#define CMD_MIFARE_WRITEBL 0x0394 +#define CMD_SNOOP_ICLASS 0x0392 // For measurements of the antenna tuning -#define CMD_MEASURE_ANTENNA_TUNING 0x0400 +#define CMD_MEASURE_ANTENNA_TUNING 0x0400 #define CMD_MEASURE_ANTENNA_TUNING_HF 0x0401 -#define CMD_MEASURED_ANTENNA_TUNING 0x0410 -#define CMD_LISTEN_READER_FIELD 0x0420 +#define CMD_MEASURED_ANTENNA_TUNING 0x0410 +#define CMD_LISTEN_READER_FIELD 0x0420 // For direct FPGA control -#define CMD_FPGA_MAJOR_MODE_OFF 0x0500 +#define CMD_FPGA_MAJOR_MODE_OFF 0x0500 -#define CMD_UNKNOWN 0xFFFF +#define CMD_UNKNOWN 0xFFFF // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: /* Whether a bootloader that understands the common_area is present */