CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones.

This commit is contained in:
iceman1001 2016-08-10 16:25:56 +02:00
commit 31cf804877
2 changed files with 14 additions and 19 deletions

View file

@ -1,4 +1,4 @@
/* crapto1.c
1/* crapto1.c
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@ -383,7 +383,7 @@ uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb)
/** nonce_distance
* x,y valid tag nonces, then prng_successor(x, nonce_distance(x, y)) = y
*/
static uint16_t *dist;
static uint16_t *dist = 0;
int nonce_distance(uint32_t from, uint32_t to)
{
uint16_t x, i;
@ -391,7 +391,7 @@ int nonce_distance(uint32_t from, uint32_t to)
dist = malloc(2 << 16);
if(!dist)
return -1;
for (x = 1, i = 1; i; ++i) {
for (x = i = 1; i; ++i) {
dist[(x & 0xff) << 8 | x >> 8] = i;
x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;
}
@ -468,21 +468,18 @@ static struct Crypto1State* check_pfx_parity(uint32_t prefix, uint32_t rresp, ui
return sl + good;
}
static struct Crypto1State* check_pfx_parity_ex(uint32_t prefix, uint32_t odd, uint32_t even, struct Crypto1State* sl) {
struct Crypto1State s;
uint32_t c = 0;
s.odd = odd ^ fastfwd[1][c];
s.even = even ^ fastfwd[0][c];
sl.odd = odd ^ fastfwd[1][c];
sl.even = even ^ fastfwd[0][c];
lfsr_rollback_bit(&s, 0, 0);
lfsr_rollback_bit(&s, 0, 0);
lfsr_rollback_bit(&s, 0, 0);
lfsr_rollback_bit(&sl, 0, 0);
lfsr_rollback_bit(&sl, 0, 0);
lfsr_rollback_bit(&sl, 0, 0);
lfsr_rollback_word(&sl, 0, 0);
lfsr_rollback_word(&sl, prefix | c << 5, 1);
lfsr_rollback_word(&s, 0, 0);
lfsr_rollback_word(&s, prefix | c << 5, 1);
sl->odd = s.odd;
sl->even = s.even;
return ++sl;
}

View file

@ -101,7 +101,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
*(state_s + i) = key_recovered;
}
PrintAndLog("zero");
if(!state)
return 1;
@ -115,7 +114,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
p1 = p3 = last_keylist;
p2 = state_s;
PrintAndLog("one");
while ( *p1 != -1 && *p2 != -1 ) {
if (compar_int(p1, p2) == 0) {
printf("p1:%"llx" p2:%"llx" p3:%"llx" key:%012"llx"\n",(uint64_t)(p1-last_keylist),(uint64_t)(p2-state_s),(uint64_t)(p3-last_keylist),*p1);
@ -127,9 +125,11 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
while (compar_int(p1, p2) == 1) ++p2;
}
}
key_count = p3 - last_keylist;;
key_count = p3 - last_keylist;
PrintAndLog("one A");
} else {
key_count = 0;
PrintAndLog("one B");
}
printf("key_count:%d\n", key_count);
@ -137,7 +137,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
// The list may still contain several key candidates. Test each of them with mfCheckKeys
uint8_t keyBlock[6] = {0,0,0,0,0,0};
uint64_t key64;
PrintAndLog("two");
for (i = 0; i < key_count; i++) {
key64 = *(last_keylist + i);
num_to_bytes(key64, 6, keyBlock);
@ -151,7 +150,6 @@ int nonce2key_ex(uint8_t blockno, uint8_t keytype, uint32_t uid, uint32_t nt, ui
}
}
free(last_keylist);
last_keylist = state_s;
return 1;