From d8af608f8e4e6dc520045bac69e8e9dac6de7d42 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 13 Jul 2015 23:06:49 +0200 Subject: [PATCH] TEST: Moebius two noce mfkey32... --- armsrc/iso14443b.c | 5 ++-- armsrc/iso14443b.h | 21 +++++++++++++++++ client/cmdhf14b.c | 4 ++-- client/nonce2key/nonce2key.c | 45 ++++++++++++++++++++++++++++++++++++ client/nonce2key/nonce2key.h | 1 + tools/mfkey/Makefile | 2 +- 6 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 armsrc/iso14443b.h diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 250be30f..2bdce7cb 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -16,7 +16,7 @@ #include "iso14443crc.h" -#define RECEIVE_SAMPLES_TIMEOUT 0x0003FFFF +#define RECEIVE_SAMPLES_TIMEOUT 0x0004FFFF #define ISO14443B_DMA_BUFFER_SIZE 256 uint8_t PowerOn = TRUE; @@ -799,7 +799,7 @@ static void GetSamplesFor14443bDemod(int n, bool quiet) samples += 2; - if(Handle14443bSamplesDemod(ci, cq)) { + if(Handle14443bSamplesDemod(ci | 0x01 , cq | 0x01)) { gotFrame = TRUE; break; } @@ -1307,6 +1307,7 @@ void RAMFUNC SnoopIso14443b(void) } if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time + // is this | 0x01 the error? & 0xfe in https://github.com/Proxmark/proxmark3/issues/103 if(Handle14443bSamplesDemod(ci | 0x01, cq | 0x01)) { //Use samples as a time measurement diff --git a/armsrc/iso14443b.h b/armsrc/iso14443b.h new file mode 100644 index 00000000..f90c54f3 --- /dev/null +++ b/armsrc/iso14443b.h @@ -0,0 +1,21 @@ +//----------------------------------------------------------------------------- +// Merlok - June 2011 +// Gerhard de Koning Gans - May 2008 +// Hagen Fritsch - June 2010 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Routines to support ISO 14443 type A. +//----------------------------------------------------------------------------- + +#ifndef __ISO14443B_H +#define __ISO14443B_H +#include "common.h" + +int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response); +void iso14443b_setup(); +int iso14443b_select_card(); + +#endif /* __ISO14443B_H */ diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index d1eb9917..a9d5ff7e 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -225,7 +225,7 @@ int CmdHF14BCmdRaw (const char *Cmd) { // REQB if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose(); - PrintAndLog("REQB : %s", sprint_hex(cmd2, 9)); + PrintAndLog("REQB : %s", sprint_hex(cmd2, cmdLen)); if ( SRx && (cmdLen != 3 || !crc2) ) return rawClose(); else if (cmd2[0] != 0x50 || cmdLen != 14 || !crc2) return rawClose(); @@ -251,7 +251,7 @@ int CmdHF14BCmdRaw (const char *Cmd) { // attrib if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose(); - PrintAndLog("ATTRIB : %s", sprint_hex(cmd2, 3)); + PrintAndLog("ATTRIB : %s", sprint_hex(cmd2, cmdLen)); if (cmdLen != 3 || !crc2) return rawClose(); if (SRx && cmd2[0] != chipID) return rawClose(); diff --git a/client/nonce2key/nonce2key.c b/client/nonce2key/nonce2key.c index 5ec95437..919c0a3e 100644 --- a/client/nonce2key/nonce2key.c +++ b/client/nonce2key/nonce2key.c @@ -199,6 +199,51 @@ int tryMfk32(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ return isSuccess; } +int tryMfk32_moebius(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ + + struct Crypto1State *s,*t; + uint64_t key; // recovered key + uint32_t uid; // serial number + uint32_t nt0; // tag challenge first + uint32_t nt1; // tag challenge second + uint32_t nr0_enc; // first encrypted reader challenge + uint32_t ar0_enc; // first encrypted reader response + uint32_t nr1_enc; // second encrypted reader challenge + uint32_t ar1_enc; // second encrypted reader response + bool isSuccess = FALSE; + int counter = 0; + + uid = myuid;//(uint32_t)bytes_to_num(data + 0, 4); + nt0 = *(uint32_t*)(data+8); + nr0_enc = *(uint32_t*)(data+12); + ar0_enc = *(uint32_t*)(data+16); + nt1 = *(uint32_t*)(data+8); + nr1_enc = *(uint32_t*)(data+32); + ar1_enc = *(uint32_t*)(data+36); + + s = lfsr_recovery32(ar0_enc ^ prng_successor(nt0, 64), 0); + + for(t = s; t->odd | t->even; ++t) { + lfsr_rollback_word(t, 0, 0); + lfsr_rollback_word(t, nr0_enc, 1); + lfsr_rollback_word(t, uid ^ nt0, 0); + crypto1_get_lfsr(t, &key); + + crypto1_word(t, uid ^ nt1, 0); + crypto1_word(t, nr1_enc, 1); + if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt1, 64))) { + PrintAndLog("Found Key: [%012"llx"]",key); + isSuccess = TRUE; + ++counter; + if (counter==20) + break; + } + } + free(s); + return isSuccess; +} + + int tryMfk64(uint64_t myuid, uint8_t *data, uint8_t *outputkey ){ struct Crypto1State *revstate; diff --git a/client/nonce2key/nonce2key.h b/client/nonce2key/nonce2key.h index 82c65b55..30b66516 100644 --- a/client/nonce2key/nonce2key.h +++ b/client/nonce2key/nonce2key.h @@ -20,5 +20,6 @@ int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key); int tryMfk32(uint64_t myuid, uint8_t *data, uint8_t *outputkey ); +int tryMfk32_moebius(uint64_t myuid, uint8_t *data, uint8_t *outputkey ); int tryMfk64(uint64_t myuid, uint8_t *data, uint8_t *outputkey ); #endif diff --git a/tools/mfkey/Makefile b/tools/mfkey/Makefile index f4f7eb82..5553d964 100755 --- a/tools/mfkey/Makefile +++ b/tools/mfkey/Makefile @@ -5,7 +5,7 @@ LDFLAGS = OBJS = crapto1.o crypto1.o HEADERS = -EXES = mfkey64 mfkey32 +EXES = mfkey64 mfkey32 mfkey32v2 LIBS = all: $(OBJS) $(EXES) $(LIBS) -- 2.39.5