From 1aa960004875ac04c8e23d21c846477ba5bb31aa Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 19 Sep 2020 11:08:01 +0200 Subject: [PATCH] add white cloner pwdgen algo (thanks to @paleopterix!) --- common/commonutil.c | 12 ++++++++++++ common/commonutil.h | 4 ++++ common/generator.c | 18 +++++++++++++++++- common/generator.h | 2 ++ 4 files changed, 35 insertions(+), 1 deletion(-) diff --git a/common/commonutil.c b/common/commonutil.c index 6b7444045..9be805f31 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -142,3 +142,15 @@ void htole24(uint32_t val, uint8_t data[3]) { data[2] = (uint8_t)(val >> 16); } + +// ROL on u32 +uint32_t rotl(uint32_t a, uint8_t n) { + n &= 31; + return (a << n) | (a >> (32 - n)); +} + +// ROR on u32 +uint32_t rotr(uint32_t a, uint8_t n) { + n &= 31; + return (a >> n) | (a << (32 - n)); +} \ No newline at end of file diff --git a/common/commonutil.h b/common/commonutil.h index fdd2ac065..6bf330e7c 100644 --- a/common/commonutil.h +++ b/common/commonutil.h @@ -51,9 +51,13 @@ uint16_t reflect16(uint16_t b); // dedicated 16bit reversal void num_to_bytes(uint64_t n, size_t len, uint8_t *dest); uint64_t bytes_to_num(uint8_t *src, size_t len); +// rotate left byte array void rol(uint8_t *data, const size_t len); void lsl(uint8_t *data, size_t len); uint32_t le24toh(uint8_t data[3]); void htole24(uint32_t val, uint8_t data[3]); +// rol on a u32 +uint32_t rotl(uint32_t a, uint8_t n); +uint32_t rotr(uint32_t a, uint8_t n); #endif diff --git a/common/generator.c b/common/generator.c index f189d09e3..37a1aa4f7 100644 --- a/common/generator.c +++ b/common/generator.c @@ -414,12 +414,21 @@ int mfc_algo_sky_all(uint8_t *uid, uint8_t *keys) { return PM3_SUCCESS; } +// LF T55x7 White gun cloner algo +uint32_t lf_t55xx_white_pwdgen(uint32_t id) { + uint32_t r1 = rotl(id & 0x000000ec, 8); + uint32_t r2 = rotl(id & 0x86000000, 16); + uint32_t pwd = 0x10303; + pwd += ((id & 0x86ee00ec) ^ r1 ^ r2 ); + return pwd; +} + //------------------------------------ // Self tests //------------------------------------ int generator_selftest(void) { -#define NUM_OF_TEST 5 +#define NUM_OF_TEST 6 PrintAndLogEx(INFO, "PWD / KEY generator selftest"); PrintAndLogEx(INFO, "----------------------------"); @@ -468,6 +477,13 @@ int generator_selftest(void) { testresult++; PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" - %s", sprint_hex(uid6, 4), key6, success ? "OK" : "->82C7E64BC565<--"); + + uint32_t lf_id = lf_t55xx_white_pwdgen(0x00000080); + success = (lf_id = 0x00018383); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "ID | 0x00000080 | %08"PRIx32 " - %s", lf_id, success ? "OK" : "->00018383<--"); + PrintAndLogEx(SUCCESS, "------------------- Selftest %s", (testresult == NUM_OF_TEST) ? "OK" : "fail"); return PM3_SUCCESS; } diff --git a/common/generator.h b/common/generator.h index c90fe483a..b1c3c82d0 100644 --- a/common/generator.h +++ b/common/generator.h @@ -41,5 +41,7 @@ int mfc_algo_di_all(uint8_t *uid, uint8_t *keys); int mfc_algo_sky_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key); int mfc_algo_sky_all(uint8_t *uid, uint8_t *keys); +uint32_t lf_t55xx_white_pwdgen(uint32_t id); + int generator_selftest(void); #endif