CHG: some textual change to README.txt

ADD: a prng.c to collect some different PRNG's i've ran into ADD: some changes the tea implementation ADD: a enhanced version - SwapEndian64ex
2025-08-19 21:03:48 -07:00 · 2015-12-21 19:48:00 +01:00 · 2015-12-21 19:48:00 +01:00 · f4d0ffd1b9
commit f4d0ffd1b9
parent a7474bb30a
8 changed files with 86 additions and 37 deletions
--- a/README.txt
+++ b/README.txt
@ -14,7 +14,8 @@ Among the stuff is

 	* Jonor's hf 14a raw timing patch
 	* Piwi's updates. (usually gets into the master)
-	* Piwi's "topaz" branch (not merged)
+	* Piwi's "topaz" branch
+	* Piwi's "hardnested" branch 
 	* Holiman's iclass, (usually gets into the master)
 	* Marshmellow's fixes (usually gets into the master)
 	* Midnitesnake's Ultralight,  Ultralight-c enhancements
@ -25,8 +26,11 @@ Among the stuff is
 	* Minor textual changes here and there.
 	* Simulation of Ultralight/Ntag.
 	* Marshmellow's and my "RevEng" addon for the client.  Ref: http://reveng.sourceforge.net/
-	* Someone's alterantive bruteforce Mifare changes.. (you need the two other exe to make it work)
-	* 
+	* Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work)
+
+	* A Bruteforce for T55XX passwords against tag.
+	* A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader.
+
 	
 Give me a hint, and I'll see if I can't merge in the stuff you have. 

@ -96,8 +100,8 @@ iceman at host iuse.se
 The Proxmark 3 is available for purchase (assembled and tested) from the
 following locations:

-   * http://proxmark3.com/
-   * http://www.xfpga.com/
+   * http://www.elechouse.com  (new and revised hardware package 2015)
+   

 Most of the ultra-low-volume contract assemblers could put
 something like this together with a reasonable yield. A run of around
--- a/client/Makefile
+++ b/client/Makefile
@ -142,7 +142,7 @@ CMDSRCS = 	nonce2key/crapto1.c\
 			reveng/poly.c\
 			reveng/getopt.c\
 			tea.c\
-	   
+			prng.c

 ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c
 ZLIB_FLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED 
--- a/client/cmddata.c
+++ b/client/cmddata.c
@ -2325,21 +2325,15 @@ int Cmdbin2hex(const char *Cmd)
 }

 int usage_data_hex2bin(){
-
-	PrintAndLog("Usage: data bin2hex <binary_digits>");
+	PrintAndLog("Usage: data hex2bin <hex_digits>");
 	PrintAndLog("       This function will ignore all non-hexadecimal characters (but stop reading on whitespace)");
 	return 0;
-
 }

 int Cmdhex2bin(const char *Cmd)
 {
 	int bg =0, en =0;
-	if(param_getptr(Cmd, &bg, &en, 0))
-	{
-		return usage_data_hex2bin();
-	}
-
+	if(param_getptr(Cmd, &bg, &en, 0))  return usage_data_hex2bin();

 	while(bg <= en )
 	{
--- a/client/util.c
+++ b/client/util.c
@ -194,7 +194,7 @@ void num_to_bytebits(uint64_t	n, size_t len, uint8_t *dest) {
 // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
 // up to 64 bytes or 512 bits
 uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize){
-	static uint8_t buf[64];
+	uint8_t buf[64];
 	memset(buf, 0x00, 64);
 	uint8_t *tmp = buf;
 	for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
@ -205,6 +205,15 @@ uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockS
 	return tmp;
 }

+void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest){
+	for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
+		for (size_t i = 0; i < blockSize; i++){
+			dest[i+(blockSize*block)] = src[(blockSize-1-i)+(blockSize*block)];
+		}
+	}
+}
+
+
 //  -------------------------------------------------------------------------
 //  string parameters lib
 //  -------------------------------------------------------------------------
--- a/client/util.h
+++ b/client/util.h
@ -46,6 +46,7 @@ void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
 uint64_t bytes_to_num(uint8_t* src, size_t len);
 void num_to_bytebits(uint64_t	n, size_t len, uint8_t *dest);
 uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
+void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);

 char param_getchar(const char *line, int paramnum);
 int param_getptr(const char *line, int *bg, int *en, int paramnum);
--- a/common/prng.c
+++ b/common/prng.c
@ -0,0 +1,39 @@
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+// Burtle Prng - Modified.   42iterations instead of 20.
+// ref: http://burtleburtle.net/bob/rand/smallprng.html
+//-----------------------------------------------------------------------------
+#include "prng.h"
+
+#define rot(x,k) (((x)<<(k))|((x)>>(32-(k))))
+uint32_t burtle_get_mod( prng_ctx *x ) {
+    uint32_t e = x->a - rot(x->b, 21);
+    x->a = x->b ^ rot(x->c, 19);
+    x->b = x->c + rot(x->d, 6);
+    x->c = x->d + e;
+    x->d = e + x->a;
+    return x->d;
+}
+
+void burtle_init_mod(prng_ctx *x, uint32_t seed ) {
+    x->a = 0xf1ea5eed;
+	x->b = x->c = x->d = seed;
+    for (uint8_t i=0; i < 42; ++i) {
+        (void)burtle_get_mod(x);
+    }
+}
+
+void burtle_init(prng_ctx *x, uint32_t seed ) {
+    uint32_t i;	
+    x->a = 0xf1ea5eed, x->b = x->c = x->d = seed;
+    for (i=0; i < 20; ++i) {
+        (void)burtle_get_mod(x);
+    }
+}
+
+
+uint32_t GetSimplePrng( uint32_t seed ){
+	seed *= 0x19660D;
+	seed += 0x3C6EF35F;
+	return seed;
+}
--- a/common/prng.h
+++ b/common/prng.h
@ -0,0 +1,24 @@
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+// Burtle Prng - Modified.   42iterations instead of 20.
+// ref: http://burtleburtle.net/bob/rand/smallprng.html
+//-----------------------------------------------------------------------------
+
+#ifndef __PRNG_H
+#define __PRNG_H
+#include <stdint.h>
+#include <stddef.h>
+typedef struct prng_ctx { 
+	uint32_t a; 
+	uint32_t b; 
+	uint32_t c; 
+	uint32_t d; 
+} prng_ctx;
+
+//uint32_t burtle_get( prng_ctx *x );
+uint32_t burtle_get_mod( prng_ctx *x );
+void burtle_init_mod(prng_ctx *x, uint32_t seed );
+void burtle_init(prng_ctx *x, uint32_t seed );
+
+uint32_t GetSimplePrng( uint32_t seed );
+#endif /* __PRNG_H */
--- a/common/tea.c
+++ b/common/tea.c
@ -10,8 +10,6 @@
 #define ROUNDS 32
 #define DELTA  0x9E3779B9
 #define SUM    0xC6EF3720
-#define SWAPENDIAN(x)\
-  (x = (x >> 8 & 0xff00ff) | (x & 0xff00ff) << 8, x = x >> 16 | x << 16)

 void tea_encrypt(uint8_t *v, uint8_t *key) {

@ -28,13 +26,6 @@ void tea_encrypt(uint8_t *v, uint8_t *key) {
 	//input
 	y = bytes_to_num(v, 4);
 	z = bytes_to_num(v+4, 4);
-	
-	// SWAPENDIAN(a);
-	// SWAPENDIAN(b);
-	// SWAPENDIAN(c);
-	// SWAPENDIAN(d);
-	// SWAPENDIAN(y);
-	// SWAPENDIAN(z);
 		
 	while ( n-- > 0 ) {
 		sum += DELTA;
@ -42,9 +33,6 @@ void tea_encrypt(uint8_t *v, uint8_t *key) {
 		z += ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
 	}

-	// SWAPENDIAN(y);
-	// SWAPENDIAN(z);
-
 	num_to_bytes(y, 4, v);
 	num_to_bytes(z, 4, v+4);
 }
@ -65,22 +53,12 @@ void tea_decrypt(uint8_t *v, uint8_t *key) {
 	y = bytes_to_num(v, 4);
 	z = bytes_to_num(v+4, 4);

-	// SWAPENDIAN(a);
-	// SWAPENDIAN(b);
-	// SWAPENDIAN(c);
-	// SWAPENDIAN(d);
-	// SWAPENDIAN(y);
-	// SWAPENDIAN(z);
-	
 	/* sum = delta<<5, in general sum = delta * n */
 	while ( n-- > 0 ) {
 		z -= ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
 		y -= ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b);
 		sum -= DELTA;
 	}
-
-	// SWAPENDIAN(y);
-	// SWAPENDIAN(z);
 	num_to_bytes(y, 4, v);
 	num_to_bytes(z, 4, v+4);
 }