From fc8e3e8851bfb11b037de3afc838d97f108056fd Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Wed, 4 Aug 2021 14:58:07 +0300
Subject: [PATCH] fix ev2 auth. ev2/enc/nodata works

---
 client/src/mifare/desfirecore.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c
index 869be3d0e..1a1890b11 100644
--- a/client/src/mifare/desfirecore.c
+++ b/client/src/mifare/desfirecore.c
@@ -1153,6 +1153,7 @@ static int DesfireAuthenticateEV2(DesfireContext *dctx, DesfireSecureChannel sec
     uint8_t RndA[CRYPTO_AES_BLOCK_SIZE] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
     uint8_t RndB[CRYPTO_AES_BLOCK_SIZE] = {0};
     uint8_t encRndB[CRYPTO_AES_BLOCK_SIZE] = {0};
+    uint8_t rotRndA[CRYPTO_AES_BLOCK_SIZE] = {0};   //RndA'
     uint8_t rotRndB[CRYPTO_AES_BLOCK_SIZE] = {0};   //RndB'
     uint8_t both[CRYPTO_AES_BLOCK_SIZE * 2 + 1] = {0};  // ek/dk_keyNo(RndA+RndB')
 
@@ -1201,8 +1202,6 @@ static int DesfireAuthenticateEV2(DesfireContext *dctx, DesfireSecureChannel sec
     memcpy(rotRndB, RndB, CRYPTO_AES_BLOCK_SIZE);
     rol(rotRndB, CRYPTO_AES_BLOCK_SIZE);
 
-    uint8_t encRndA[16] = {0x00};
-
     // - Encrypt our response
     uint8_t tmp[32] = {0x00};
     memcpy(tmp, RndA, CRYPTO_AES_BLOCK_SIZE);
@@ -1232,20 +1231,21 @@ static int DesfireAuthenticateEV2(DesfireContext *dctx, DesfireSecureChannel sec
     }
 
     // Part 4
-    memcpy(encRndA, recv_data, CRYPTO_AES_BLOCK_SIZE);
-
     uint8_t data[32] = {0};
 
     if (aes_decode(IV, key, recv_data, data, recv_len))
         return 10;
 
-    rol(RndA, CRYPTO_AES_BLOCK_SIZE);
+    // rotate rndA to check
+    memcpy(rotRndA, RndA, CRYPTO_AES_BLOCK_SIZE);
+    rol(rotRndA, CRYPTO_AES_BLOCK_SIZE);
+    
     uint8_t *recRndA = (firstauth) ? &data[4] : data;
 
-    if (memcmp(RndA, recRndA, CRYPTO_AES_BLOCK_SIZE) != 0) {
+    if (memcmp(rotRndA, recRndA, CRYPTO_AES_BLOCK_SIZE) != 0) {
         if (g_debugMode > 1) {
-            PrintAndLogEx(DEBUG, "Expected_RndA  : %s", sprint_hex(RndA, CRYPTO_AES_BLOCK_SIZE));
-            PrintAndLogEx(DEBUG, "Generated_RndA : %s", sprint_hex(recRndA, CRYPTO_AES_BLOCK_SIZE));
+            PrintAndLogEx(DEBUG, "Expected_RndA'  : %s", sprint_hex(rotRndA, CRYPTO_AES_BLOCK_SIZE));
+            PrintAndLogEx(DEBUG, "Generated_RndA' : %s", sprint_hex(recRndA, CRYPTO_AES_BLOCK_SIZE));
         }
         return 11;
     }