github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: 'hf iclass loclass' output newline.

Browse source
This commit is contained in:
iceman1001 2017-08-19 09:52:17 +02:00
commit 19439605d3
1 changed files with 21 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

28
client/loclass/elite_crack.c
View file

@ -283,8 +283,7 @@ int _readFromDump(uint8_t dump[], dumpdata* item, uint8_t i)
//dumpdata item = {0};
memcpy(item, dump+i*itemsize, itemsize);
if(true)
{
if(true) {
printvar("csn", item->csn,8);
printvar("cc_nr", item->cc_nr,12);
printvar("mac", item->mac,4);
@ -292,7 +291,7 @@ int _readFromDump(uint8_t dump[], dumpdata* item, uint8_t i)
return 0;
}
static uint32_t startvalue = 0;
//static uint32_t startvalue = 0;
/**
* @brief Performs brute force attack against a dump-data item, containing csn, cc_nr and mac.
*This method calculates the hash1 for the CSN, and determines what bytes need to be bruteforced
@ -354,13 +353,14 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
/*
*A uint32 has room for 4 bytes, we'll only need 24 of those bits to bruteforce up to three bytes,
*/
uint32_t brute = startvalue;
//uint32_t brute = startvalue;
uint32_t brute = 0;
/*
Determine where to stop the bruteforce. A 1-byte attack stops after 256 tries,
(when brute reaches 0x100). And so on...
bytes_to_recover = 1 --> endmask = 0x0000100
bytes_to_recover = 2 --> endmask = 0x0010000
bytes_to_recover = 3 --> endmask = 0x1000000
bytes_to_recover = 1 --> endmask = 0x000000100
bytes_to_recover = 2 --> endmask = 0x000010000
bytes_to_recover = 3 --> endmask = 0x001000000
*/
uint32_t endmask = 1 << 8*numbytes_to_recover;
@ -368,8 +368,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
for (i =0 ; i < numbytes_to_recover && numbytes_to_recover > 1; i++)
prnlog("Bruteforcing byte %d", bytes_to_recover[i]);
while(!found && !(brute & endmask))
{
while (!found && !(brute & endmask)) {
//Update the keytable with the brute-values
for (i=0; i < numbytes_to_recover; i++) {
keytable[bytes_to_recover[i]] &= 0xFF00;
@ -394,15 +393,17 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
doMAC(item.cc_nr, div_key, calculated_MAC);
if (memcmp(calculated_MAC, item.mac, 4) == 0) {
for(i =0 ; i < numbytes_to_recover; i++)
printf("\r\n");
for(i =0 ; i < numbytes_to_recover; i++) {
prnlog("=> %d: 0x%02x", bytes_to_recover[i],0xFF & keytable[bytes_to_recover[i]]);
}
found = true;
break;
}
brute++;
if ((brute & 0xFFFF) == 0) {
printf("%d",(brute >> 16) & 0xFF);
printf("%d,",(brute >> 16) & 0xFF);
fflush(stdout);
}
}
@ -515,7 +516,7 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
free(attack);
t1 = msclock() - t1;
float diff = ((float)t1 / CLOCKS_PER_SEC );
prnlog("\nPerformed full crack in %f seconds",diff);
prnlog("\nPerformed full crack in %.1f seconds",diff);
// Pick out the first 16 bytes of the keytable.
// The keytable is now in 16-bit ints, where the upper 8 bits
@ -526,11 +527,10 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
for(i = 0 ; i < 16 ; i++)
{
first16bytes[i] = keytable[i] & 0xFF;
if(!(keytable[i] & CRACKED))
{
prnlog("Error, we are missing byte %d, custom key calculation will fail...", i);
}
}
errors += calculateMasterKey(first16bytes, NULL);
return errors;
}