github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: 'hf iclass loclass' output newline.

Browse source
This commit is contained in:
iceman1001 2017-08-19 09:52:17 +02:00
commit 19439605d3
1 changed files with 21 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

40
client/loclass/elite_crack.c
View file

@ -281,10 +281,9 @@ int _readFromDump(uint8_t dump[], dumpdata* item, uint8_t i)
{ {
size_t itemsize = sizeof(dumpdata); size_t itemsize = sizeof(dumpdata);
//dumpdata item = {0}; //dumpdata item = {0};
memcpy(item,dump+i*itemsize, itemsize); memcpy(item, dump+i*itemsize, itemsize);
if(true) if(true) {
{
printvar("csn", item->csn,8); printvar("csn", item->csn,8);
printvar("cc_nr", item->cc_nr,12); printvar("cc_nr", item->cc_nr,12);
printvar("mac", item->mac,4); printvar("mac", item->mac,4);
@ -292,7 +291,7 @@ int _readFromDump(uint8_t dump[], dumpdata* item, uint8_t i)
return 0; return 0;
} }
static uint32_t startvalue = 0; //static uint32_t startvalue = 0;
/** /**
* @brief Performs brute force attack against a dump-data item, containing csn, cc_nr and mac. * @brief Performs brute force attack against a dump-data item, containing csn, cc_nr and mac.
*This method calculates the hash1 for the CSN, and determines what bytes need to be bruteforced *This method calculates the hash1 for the CSN, and determines what bytes need to be bruteforced
@ -354,22 +353,22 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
/* /*
*A uint32 has room for 4 bytes, we'll only need 24 of those bits to bruteforce up to three bytes, *A uint32 has room for 4 bytes, we'll only need 24 of those bits to bruteforce up to three bytes,
*/ */
uint32_t brute = startvalue; //uint32_t brute = startvalue;
uint32_t brute = 0;
/* /*
Determine where to stop the bruteforce. A 1-byte attack stops after 256 tries, Determine where to stop the bruteforce. A 1-byte attack stops after 256 tries,
(when brute reaches 0x100). And so on... (when brute reaches 0x100). And so on...
bytes_to_recover = 1 --> endmask = 0x0000100 bytes_to_recover = 1 --> endmask = 0x000000100
bytes_to_recover = 2 --> endmask = 0x0010000 bytes_to_recover = 2 --> endmask = 0x000010000
bytes_to_recover = 3 --> endmask = 0x1000000 bytes_to_recover = 3 --> endmask = 0x001000000
*/ */
uint32_t endmask = 1 << 8*numbytes_to_recover; uint32_t endmask = 1 << 8*numbytes_to_recover;
for(i =0 ; i < numbytes_to_recover && numbytes_to_recover > 1; i++) for (i =0 ; i < numbytes_to_recover && numbytes_to_recover > 1; i++)
prnlog("Bruteforcing byte %d", bytes_to_recover[i]); prnlog("Bruteforcing byte %d", bytes_to_recover[i]);
while(!found && !(brute & endmask)) while (!found && !(brute & endmask)) {
{
//Update the keytable with the brute-values //Update the keytable with the brute-values
for (i=0; i < numbytes_to_recover; i++) { for (i=0; i < numbytes_to_recover; i++) {
keytable[bytes_to_recover[i]] &= 0xFF00; keytable[bytes_to_recover[i]] &= 0xFF00;
@ -393,22 +392,24 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
//Calc mac //Calc mac
doMAC(item.cc_nr, div_key, calculated_MAC); doMAC(item.cc_nr, div_key, calculated_MAC);
if(memcmp(calculated_MAC, item.mac, 4) == 0) { if (memcmp(calculated_MAC, item.mac, 4) == 0) {
for(i =0 ; i < numbytes_to_recover; i++) printf("\r\n");
for(i =0 ; i < numbytes_to_recover; i++) {
prnlog("=> %d: 0x%02x", bytes_to_recover[i],0xFF & keytable[bytes_to_recover[i]]); prnlog("=> %d: 0x%02x", bytes_to_recover[i],0xFF & keytable[bytes_to_recover[i]]);
}
found = true; found = true;
break; break;
} }
brute++; brute++;
if ((brute & 0xFFFF) == 0) { if ((brute & 0xFFFF) == 0) {
printf("%d",(brute >> 16) & 0xFF); printf("%d,",(brute >> 16) & 0xFF);
fflush(stdout); fflush(stdout);
} }
} }
if (!found) { if (!found) {
prnlog("Failed to recover %d bytes using the following CSN",numbytes_to_recover); prnlog("Failed to recover %d bytes using the following CSN", numbytes_to_recover);
printvar("CSN",item.csn,8); printvar("CSN", item.csn, 8);
errors++; errors++;
//Before we exit, reset the 'BEING_CRACKED' to zero //Before we exit, reset the 'BEING_CRACKED' to zero
@ -509,13 +510,13 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
for(i = 0 ; i * itemsize < dumpsize ; i++ ) for(i = 0 ; i * itemsize < dumpsize ; i++ )
{ {
memcpy(attack,dump+i*itemsize, itemsize); memcpy(attack, dump + i * itemsize, itemsize);
errors += bruteforceItem(*attack, keytable); errors += bruteforceItem(*attack, keytable);
} }
free(attack); free(attack);
t1 = msclock() - t1; t1 = msclock() - t1;
float diff = ((float)t1 / CLOCKS_PER_SEC ); float diff = ((float)t1 / CLOCKS_PER_SEC );
prnlog("\nPerformed full crack in %f seconds",diff); prnlog("\nPerformed full crack in %.1f seconds",diff);
// Pick out the first 16 bytes of the keytable. // Pick out the first 16 bytes of the keytable.
// The keytable is now in 16-bit ints, where the upper 8 bits // The keytable is now in 16-bit ints, where the upper 8 bits
@ -526,10 +527,9 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
for(i = 0 ; i < 16 ; i++) for(i = 0 ; i < 16 ; i++)
{ {
first16bytes[i] = keytable[i] & 0xFF; first16bytes[i] = keytable[i] & 0xFF;
if(!(keytable[i] & CRACKED)) if(!(keytable[i] & CRACKED))
{
prnlog("Error, we are missing byte %d, custom key calculation will fail...", i); prnlog("Error, we are missing byte %d, custom key calculation will fail...", i);
}
} }
errors += calculateMasterKey(first16bytes, NULL); errors += calculateMasterKey(first16bytes, NULL);
return errors; return errors;