From f4d0ffd1b99481943e77fce805be5eb10241b2d9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 21 Dec 2015 19:48:00 +0100 Subject: [PATCH] CHG: some textual change to README.txt ADD: a prng.c to collect some different PRNG's i've ran into ADD: some changes the tea implementation ADD: a enhanced version - SwapEndian64ex --- README.txt | 14 +++++++++----- client/Makefile | 2 +- client/cmddata.c | 10 ++-------- client/util.c | 11 ++++++++++- client/util.h | 1 + common/prng.c | 39 +++++++++++++++++++++++++++++++++++++++ common/prng.h | 24 ++++++++++++++++++++++++ common/tea.c | 22 ---------------------- 8 files changed, 86 insertions(+), 37 deletions(-) create mode 100644 common/prng.c create mode 100644 common/prng.h diff --git a/README.txt b/README.txt index 81bd7720..59388231 100644 --- a/README.txt +++ b/README.txt @@ -14,7 +14,8 @@ Among the stuff is * Jonor's hf 14a raw timing patch * Piwi's updates. (usually gets into the master) - * Piwi's "topaz" branch (not merged) + * Piwi's "topaz" branch + * Piwi's "hardnested" branch * Holiman's iclass, (usually gets into the master) * Marshmellow's fixes (usually gets into the master) * Midnitesnake's Ultralight, Ultralight-c enhancements @@ -25,8 +26,11 @@ Among the stuff is * Minor textual changes here and there. * Simulation of Ultralight/Ntag. * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/ - * Someone's alterantive bruteforce Mifare changes.. (you need the two other exe to make it work) - * + * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work) + + * A Bruteforce for T55XX passwords against tag. + * A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader. + Give me a hint, and I'll see if I can't merge in the stuff you have. @@ -96,8 +100,8 @@ iceman at host iuse.se The Proxmark 3 is available for purchase (assembled and tested) from the following locations: - * http://proxmark3.com/ - * http://www.xfpga.com/ + * http://www.elechouse.com (new and revised hardware package 2015) + Most of the ultra-low-volume contract assemblers could put something like this together with a reasonable yield. A run of around diff --git a/client/Makefile b/client/Makefile index 7ae23917..f071f85b 100644 --- a/client/Makefile +++ b/client/Makefile @@ -142,7 +142,7 @@ CMDSRCS = nonce2key/crapto1.c\ reveng/poly.c\ reveng/getopt.c\ tea.c\ - + prng.c ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c ZLIB_FLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED diff --git a/client/cmddata.c b/client/cmddata.c index ad86f45f..83d5f3f2 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -2325,21 +2325,15 @@ int Cmdbin2hex(const char *Cmd) } int usage_data_hex2bin(){ - - PrintAndLog("Usage: data bin2hex "); + PrintAndLog("Usage: data hex2bin "); PrintAndLog(" This function will ignore all non-hexadecimal characters (but stop reading on whitespace)"); return 0; - } int Cmdhex2bin(const char *Cmd) { int bg =0, en =0; - if(param_getptr(Cmd, &bg, &en, 0)) - { - return usage_data_hex2bin(); - } - + if(param_getptr(Cmd, &bg, &en, 0)) return usage_data_hex2bin(); while(bg <= en ) { diff --git a/client/util.c b/client/util.c index 159929b5..a3672130 100644 --- a/client/util.c +++ b/client/util.c @@ -194,7 +194,7 @@ void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) { // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii // up to 64 bytes or 512 bits uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize){ - static uint8_t buf[64]; + uint8_t buf[64]; memset(buf, 0x00, 64); uint8_t *tmp = buf; for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){ @@ -205,6 +205,15 @@ uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockS return tmp; } +void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest){ + for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){ + for (size_t i = 0; i < blockSize; i++){ + dest[i+(blockSize*block)] = src[(blockSize-1-i)+(blockSize*block)]; + } + } +} + + // ------------------------------------------------------------------------- // string parameters lib // ------------------------------------------------------------------------- diff --git a/client/util.h b/client/util.h index 7831716a..446ec882 100644 --- a/client/util.h +++ b/client/util.h @@ -46,6 +46,7 @@ void num_to_bytes(uint64_t n, size_t len, uint8_t* dest); uint64_t bytes_to_num(uint8_t* src, size_t len); void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest); uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize); +void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest); char param_getchar(const char *line, int paramnum); int param_getptr(const char *line, int *bg, int *en, int paramnum); diff --git a/common/prng.c b/common/prng.c new file mode 100644 index 00000000..170550ed --- /dev/null +++ b/common/prng.c @@ -0,0 +1,39 @@ +//----------------------------------------------------------------------------- +//----------------------------------------------------------------------------- +// Burtle Prng - Modified. 42iterations instead of 20. +// ref: http://burtleburtle.net/bob/rand/smallprng.html +//----------------------------------------------------------------------------- +#include "prng.h" + +#define rot(x,k) (((x)<<(k))|((x)>>(32-(k)))) +uint32_t burtle_get_mod( prng_ctx *x ) { + uint32_t e = x->a - rot(x->b, 21); + x->a = x->b ^ rot(x->c, 19); + x->b = x->c + rot(x->d, 6); + x->c = x->d + e; + x->d = e + x->a; + return x->d; +} + +void burtle_init_mod(prng_ctx *x, uint32_t seed ) { + x->a = 0xf1ea5eed; + x->b = x->c = x->d = seed; + for (uint8_t i=0; i < 42; ++i) { + (void)burtle_get_mod(x); + } +} + +void burtle_init(prng_ctx *x, uint32_t seed ) { + uint32_t i; + x->a = 0xf1ea5eed, x->b = x->c = x->d = seed; + for (i=0; i < 20; ++i) { + (void)burtle_get_mod(x); + } +} + + +uint32_t GetSimplePrng( uint32_t seed ){ + seed *= 0x19660D; + seed += 0x3C6EF35F; + return seed; +} diff --git a/common/prng.h b/common/prng.h new file mode 100644 index 00000000..4aa89092 --- /dev/null +++ b/common/prng.h @@ -0,0 +1,24 @@ +//----------------------------------------------------------------------------- +//----------------------------------------------------------------------------- +// Burtle Prng - Modified. 42iterations instead of 20. +// ref: http://burtleburtle.net/bob/rand/smallprng.html +//----------------------------------------------------------------------------- + +#ifndef __PRNG_H +#define __PRNG_H +#include +#include +typedef struct prng_ctx { + uint32_t a; + uint32_t b; + uint32_t c; + uint32_t d; +} prng_ctx; + +//uint32_t burtle_get( prng_ctx *x ); +uint32_t burtle_get_mod( prng_ctx *x ); +void burtle_init_mod(prng_ctx *x, uint32_t seed ); +void burtle_init(prng_ctx *x, uint32_t seed ); + +uint32_t GetSimplePrng( uint32_t seed ); +#endif /* __PRNG_H */ \ No newline at end of file diff --git a/common/tea.c b/common/tea.c index d0bea1c0..616b4043 100644 --- a/common/tea.c +++ b/common/tea.c @@ -10,8 +10,6 @@ #define ROUNDS 32 #define DELTA 0x9E3779B9 #define SUM 0xC6EF3720 -#define SWAPENDIAN(x)\ - (x = (x >> 8 & 0xff00ff) | (x & 0xff00ff) << 8, x = x >> 16 | x << 16) void tea_encrypt(uint8_t *v, uint8_t *key) { @@ -28,13 +26,6 @@ void tea_encrypt(uint8_t *v, uint8_t *key) { //input y = bytes_to_num(v, 4); z = bytes_to_num(v+4, 4); - - // SWAPENDIAN(a); - // SWAPENDIAN(b); - // SWAPENDIAN(c); - // SWAPENDIAN(d); - // SWAPENDIAN(y); - // SWAPENDIAN(z); while ( n-- > 0 ) { sum += DELTA; @@ -42,9 +33,6 @@ void tea_encrypt(uint8_t *v, uint8_t *key) { z += ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d); } - // SWAPENDIAN(y); - // SWAPENDIAN(z); - num_to_bytes(y, 4, v); num_to_bytes(z, 4, v+4); } @@ -65,22 +53,12 @@ void tea_decrypt(uint8_t *v, uint8_t *key) { y = bytes_to_num(v, 4); z = bytes_to_num(v+4, 4); - // SWAPENDIAN(a); - // SWAPENDIAN(b); - // SWAPENDIAN(c); - // SWAPENDIAN(d); - // SWAPENDIAN(y); - // SWAPENDIAN(z); - /* sum = delta<<5, in general sum = delta * n */ while ( n-- > 0 ) { z -= ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d); y -= ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b); sum -= DELTA; } - - // SWAPENDIAN(y); - // SWAPENDIAN(z); num_to_bytes(y, 4, v); num_to_bytes(z, 4, v+4); } -- 2.39.5