github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-22 14:13:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

mifarehost.c resolved

Browse source
This commit is contained in:
merlokk 2017-09-19 17:34:20 +03:00
commit 54b6bd1eef
42 changed files with 251 additions and 1882 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Makefile
View file

@ -19,7 +19,7 @@ SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c protocols.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443b.c
SRC_CRAPTO1 = crypto1.c des.c aes.c
SRC_CRAPTO1 = crypto1.c des.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c parity.c
#the FPGA bitstream files. Note: order matters!

1170
armsrc/aes.c
View file

File diff suppressed because it is too large Load diff

30
armsrc/aes.h
View file

@ -1,30 +0,0 @@
/*
* AES Cryptographic Algorithm Header File. Include this header file in
* your source which uses these given APIs. (This source is kept under
* public domain)
*/
// AES context structure
typedef struct {
unsigned int Ek[60];
unsigned int Dk[60];
unsigned int Iv[4];
unsigned char Nr;
unsigned char Mode;
} AesCtx;
// key length in bytes
#define KEY128 16
#define KEY192 24
#define KEY256 32
// block size in bytes
#define BLOCKSZ 16
// mode
#define EBC 0
#define CBC 1
// AES API function prototype
int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode);
int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen);
int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen);

11
armsrc/appmain.c
View file

@ -1294,6 +1294,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
// iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
// to be able to use this one for uploading data to device
// arg1 = 0 upload for LF usage
// 1 upload for HF usage
if (c->arg[1] == 0)
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
else
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
uint8_t *b = BigBuf_get_addr();
memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,0,0,0,0,0);
@ -1304,7 +1313,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_SET_LF_DIVISOR:
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
break;

437
armsrc/des.c
View file

@ -1,437 +0,0 @@
/* des.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file des.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2007-06-16
* \brief DES and EDE-DES implementation
* \license GPLv3 or later
*
*/
#include <stdint.h>
#include "string.h"
const uint8_t sbox[256] = {
/* S-box 1 */
0xE4, 0xD1, 0x2F, 0xB8, 0x3A, 0x6C, 0x59, 0x07,
0x0F, 0x74, 0xE2, 0xD1, 0xA6, 0xCB, 0x95, 0x38,
0x41, 0xE8, 0xD6, 0x2B, 0xFC, 0x97, 0x3A, 0x50,
0xFC, 0x82, 0x49, 0x17, 0x5B, 0x3E, 0xA0, 0x6D,
/* S-box 2 */
0xF1, 0x8E, 0x6B, 0x34, 0x97, 0x2D, 0xC0, 0x5A,
0x3D, 0x47, 0xF2, 0x8E, 0xC0, 0x1A, 0x69, 0xB5,
0x0E, 0x7B, 0xA4, 0xD1, 0x58, 0xC6, 0x93, 0x2F,
0xD8, 0xA1, 0x3F, 0x42, 0xB6, 0x7C, 0x05, 0xE9,
/* S-box 3 */
0xA0, 0x9E, 0x63, 0xF5, 0x1D, 0xC7, 0xB4, 0x28,
0xD7, 0x09, 0x34, 0x6A, 0x28, 0x5E, 0xCB, 0xF1,
0xD6, 0x49, 0x8F, 0x30, 0xB1, 0x2C, 0x5A, 0xE7,
0x1A, 0xD0, 0x69, 0x87, 0x4F, 0xE3, 0xB5, 0x2C,
/* S-box 4 */
0x7D, 0xE3, 0x06, 0x9A, 0x12, 0x85, 0xBC, 0x4F,
0xD8, 0xB5, 0x6F, 0x03, 0x47, 0x2C, 0x1A, 0xE9,
0xA6, 0x90, 0xCB, 0x7D, 0xF1, 0x3E, 0x52, 0x84,
0x3F, 0x06, 0xA1, 0xD8, 0x94, 0x5B, 0xC7, 0x2E,
/* S-box 5 */
0x2C, 0x41, 0x7A, 0xB6, 0x85, 0x3F, 0xD0, 0xE9,
0xEB, 0x2C, 0x47, 0xD1, 0x50, 0xFA, 0x39, 0x86,
0x42, 0x1B, 0xAD, 0x78, 0xF9, 0xC5, 0x63, 0x0E,
0xB8, 0xC7, 0x1E, 0x2D, 0x6F, 0x09, 0xA4, 0x53,
/* S-box 6 */
0xC1, 0xAF, 0x92, 0x68, 0x0D, 0x34, 0xE7, 0x5B,
0xAF, 0x42, 0x7C, 0x95, 0x61, 0xDE, 0x0B, 0x38,
0x9E, 0xF5, 0x28, 0xC3, 0x70, 0x4A, 0x1D, 0xB6,
0x43, 0x2C, 0x95, 0xFA, 0xBE, 0x17, 0x60, 0x8D,
/* S-box 7 */
0x4B, 0x2E, 0xF0, 0x8D, 0x3C, 0x97, 0x5A, 0x61,
0xD0, 0xB7, 0x49, 0x1A, 0xE3, 0x5C, 0x2F, 0x86,
0x14, 0xBD, 0xC3, 0x7E, 0xAF, 0x68, 0x05, 0x92,
0x6B, 0xD8, 0x14, 0xA7, 0x95, 0x0F, 0xE2, 0x3C,
/* S-box 8 */
0xD2, 0x84, 0x6F, 0xB1, 0xA9, 0x3E, 0x50, 0xC7,
0x1F, 0xD8, 0xA3, 0x74, 0xC5, 0x6B, 0x0E, 0x92,
0x7B, 0x41, 0x9C, 0xE2, 0x06, 0xAD, 0xF3, 0x58,
0x21, 0xE7, 0x4A, 0x8D, 0xFC, 0x90, 0x35, 0x6B
};
const uint8_t e_permtab[] ={
4, 6, /* 4 bytes in 6 bytes out*/
32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13,
12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21,
20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29,
28, 29, 30, 31, 32, 1
};
const uint8_t p_permtab[] ={
4, 4, /* 32 bit -> 32 bit */
16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25
};
const uint8_t ip_permtab[] ={
8, 8, /* 64 bit -> 64 bit */
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7
};
const uint8_t inv_ip_permtab[] ={
8, 8, /* 64 bit -> 64 bit */
40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25
};
const uint8_t pc1_permtab[] ={
8, 7, /* 64 bit -> 56 bit*/
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4
};
const uint8_t pc2_permtab[] ={
7, 6, /* 56 bit -> 48 bit */
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32
};
const uint8_t splitin6bitword_permtab[] = {
8, 8, /* 64 bit -> 64 bit */
64, 64, 1, 6, 2, 3, 4, 5,
64, 64, 7, 12, 8, 9, 10, 11,
64, 64, 13, 18, 14, 15, 16, 17,
64, 64, 19, 24, 20, 21, 22, 23,
64, 64, 25, 30, 26, 27, 28, 29,
64, 64, 31, 36, 32, 33, 34, 35,
64, 64, 37, 42, 38, 39, 40, 41,
64, 64, 43, 48, 44, 45, 46, 47
};
const uint8_t shiftkey_permtab[] = {
7, 7, /* 56 bit -> 56 bit */
2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25,
26, 27, 28, 1,
30, 31, 32, 33, 34, 35, 36, 37,
38, 39, 40, 41, 42, 43, 44, 45,
46, 47, 48, 49, 50, 51, 52, 53,
54, 55, 56, 29
};
const uint8_t shiftkeyinv_permtab[] = {
7, 7,
28, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23,
24, 25, 26, 27,
56, 29, 30, 31, 32, 33, 34, 35,
36, 37, 38, 39, 40, 41, 42, 43,
44, 45, 46, 47, 48, 49, 50, 51,
52, 53, 54, 55
};
/*
1 0
1 0
2 1
2 1
2 1
2 1
2 1
2 1
----
1 0
2 1
2 1
2 1
2 1
2 1
2 1
1 0
*/
#define ROTTABLE 0x7EFC
#define ROTTABLE_INV 0x3F7E
/******************************************************************************/
void permute(const uint8_t *ptable, const uint8_t *in, uint8_t *out){
uint8_t ob; /* in-bytes and out-bytes */
uint8_t byte, bit; /* counter for bit and byte */
ob = ptable[1];
ptable = &(ptable[2]);
for(byte=0; byte<ob; ++byte){
uint8_t x,t=0;
for(bit=0; bit<8; ++bit){
x=*ptable++ -1 ;
t<<=1;
if((in[x/8]) & (0x80>>(x%8)) ){
t|=0x01;
}
}
out[byte]=t;
}
}
/******************************************************************************/
void changeendian32(uint32_t * a){
*a = (*a & 0x000000FF) << 24 |
(*a & 0x0000FF00) << 8 |
(*a & 0x00FF0000) >> 8 |
(*a & 0xFF000000) >> 24;
}
/******************************************************************************/
static inline
void shiftkey(uint8_t *key){
uint8_t k[7];
memcpy(k, key, 7);
permute((uint8_t*)shiftkey_permtab, k, key);
}
/******************************************************************************/
static inline
void shiftkey_inv(uint8_t *key){
uint8_t k[7];
memcpy(k, key, 7);
permute((uint8_t*)shiftkeyinv_permtab, k, key);
}
/******************************************************************************/
static inline
uint64_t splitin6bitwords(uint64_t a){
uint64_t ret=0;
a &= 0x0000ffffffffffffLL;
permute((uint8_t*)splitin6bitword_permtab, (uint8_t*)&a, (uint8_t*)&ret);
return ret;
}
/******************************************************************************/
static inline
uint8_t substitute(uint8_t a, uint8_t * sbp){
uint8_t x;
x = sbp[a>>1];
x = (a&1)?x&0x0F:x>>4;
return x;
}
/******************************************************************************/
uint32_t des_f(uint32_t r, uint8_t* kr){
uint8_t i;
uint32_t t=0,ret;
uint64_t data;
uint8_t *sbp; /* sboxpointer */
permute((uint8_t*)e_permtab, (uint8_t*)&r, (uint8_t*)&data);
for(i=0; i<6; ++i)
((uint8_t*)&data)[i] ^= kr[i];
/* Sbox substitution */
data = splitin6bitwords(data);
sbp=(uint8_t*)sbox;
for(i=0; i<8; ++i){
uint8_t x;
x = substitute(((uint8_t*)&data)[i], sbp);
t<<=4;
t |= x;
sbp += 32;
}
changeendian32(&t);
permute((uint8_t*)p_permtab,(uint8_t*)&t, (uint8_t*)&ret);
return ret;
}
/******************************************************************************/
void des_enc(void* out, const void* in, const void* key){
#define R *((uint32_t*)&(data[4]))
#define L *((uint32_t*)&(data[0]))
uint8_t data[8],kr[6],k[7];
uint8_t i;
permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
for(i=0; i<8; ++i){
shiftkey(k);
if(ROTTABLE&((1<<((i<<1)+0))) )
shiftkey(k);
permute((uint8_t*)pc2_permtab, k, kr);
L ^= des_f(R, kr);
shiftkey(k);
if(ROTTABLE&((1<<((i<<1)+1))) )
shiftkey(k);
permute((uint8_t*)pc2_permtab, k, kr);
R ^= des_f(L, kr);
}
/* L <-> R*/
R ^= L;
L ^= R;
R ^= L;
permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
}
/******************************************************************************/
void des_dec(void* out, const void* in, const uint8_t* key){
#define R *((uint32_t*)&(data[4]))
#define L *((uint32_t*)&(data[0]))
uint8_t data[8],kr[6],k[7];
int8_t i;
permute((uint8_t*)ip_permtab, (uint8_t*)in, data);
permute((uint8_t*)pc1_permtab, (const uint8_t*)key, k);
for(i=7; i>=0; --i){
permute((uint8_t*)pc2_permtab, k, kr);
L ^= des_f(R, kr);
shiftkey_inv(k);
if(ROTTABLE&((1<<((i<<1)+1))) ){
shiftkey_inv(k);
}
permute((uint8_t*)pc2_permtab, k, kr);
R ^= des_f(L, kr);
shiftkey_inv(k);
if(ROTTABLE&((1<<((i<<1)+0))) ){
shiftkey_inv(k);
}
}
/* L <-> R*/
R ^= L;
L ^= R;
R ^= L;
permute((uint8_t*)inv_ip_permtab, data, (uint8_t*)out);
}
/******************************************************************************/
void tdes_enc(void* out, void* in, const void* key){
des_enc(out, in, (uint8_t*)key + 0);
des_dec(out, out, (uint8_t*)key + 8);
des_enc(out, out, (uint8_t*)key +16);
}
/******************************************************************************/
void tdes_dec(void* out, void* in, const uint8_t* key){
des_dec(out, in, (uint8_t*)key +16);
des_enc(out, out, (uint8_t*)key + 8);
des_dec(out, out, (uint8_t*)key + 0);
}
void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
if( length % 8 ) return;
uint8_t i;
uint8_t* tin = (uint8_t*) in;
uint8_t* tout = (uint8_t*) out;
while( length > 0 )
{
for ( i = 0; i < 8; i++ )
tout[i] = (unsigned char)(tin[i] ^ iv[i]);
des_enc(tout, tin, (uint8_t*)key + 0);
des_dec(tout, tout, (uint8_t*)key + 8);
des_enc(tout, tout, (uint8_t*)key + 0);
memcpy(iv, tout, 8);
tin += 8;
tout += 8;
length -= 8;
}
}
void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]){
if( length % 8 ) return;
uint8_t i;
unsigned char temp[8];
uint8_t* tin = (uint8_t*) in;
uint8_t* tout = (uint8_t*) out;
while( length > 0 )
{
memcpy(temp, tin, 8);
des_dec(tout, tin, (uint8_t*)key + 0);
des_enc(tout, tout, (uint8_t*)key + 8);
des_dec(tout, tout, (uint8_t*)key + 0);
for (i = 0; i < 8; i++)
tout[i] = (unsigned char)(tout[i] ^ iv[i]);
memcpy(iv, temp, 8);
tin += 8;
tout += 8;
length -= 8;
}
}
/******************************************************************************/

110
armsrc/des.h
View file

@ -1,110 +0,0 @@
/* des.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file des.h
* \author Daniel Otte
* \date 2007-06-16
* \brief des and tdes declarations
* \license GPLv3 or later
*
*/
#ifndef DES_H_
#define DES_H_
/* the FIPS 46-3 (1999-10-25) name for triple DES is triple data encryption algorithm so TDEA.
* Also we only implement the three key mode */
/** \def tdea_enc
* \brief defining an alias for void tdes_enc(void* out, const void* in, const void* key)
*/
/** \def tdea_dec
* \brief defining an alias for void tdes_dec(void* out, const void* in, const void* key)
*/
#define tdea_enc tdes_enc
#define tdea_dec tdes_dec
/** \fn void des_enc(void* out, const void* in, const void* key)
* \brief encrypt a block with DES
*
* This function encrypts a block of 64 bits (8 bytes) with the DES algorithm.
* Key expansion is done automatically. The key is 64 bits long, but note that
* only 56 bits are used (the LSB of each byte is dropped). The input and output
* blocks may overlap.
*
* \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
* \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from
* \param key pointer to the key (64 bit = 8 byte)
*/
void des_enc(void* out, const void* in, const void* key);
/** \fn void des_dec(void* out, const void* in, const void* key)
* \brief decrypt a block with DES
*
* This function decrypts a block of 64 bits (8 bytes) with the DES algorithm.
* Key expansion is done automatically. The key is 64 bits long, but note that
* only 56 bits are used (the LSB of each byte is dropped). The input and output
* blocks may overlap.
*
* \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
* \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from
* \param key pointer to the key (64 bit = 8 byte)
*/
void des_dec(void* out, const void* in, const void* key);
/** \fn void tdes_enc(void* out, const void* in, const void* key)
* \brief encrypt a block with Tripple-DES
*
* This function encrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
* algorithm. Key expansion is done automatically. The key is 192 bits long, but
* note that only 178 bits are used (the LSB of each byte is dropped). The input
* and output blocks may overlap.
*
* \param out pointer to the block (64 bit = 8 byte) where the ciphertext is written to
* \param in pointer to the block (64 bit = 8 byte) where the plaintext is read from
* \param key pointer to the key (192 bit = 24 byte)
*/
void tdes_enc(void* out, const void* in, const void* key);
/** \fn void tdes_dec(void* out, const void* in, const void* key)
* \brief decrypt a block with Tripple-DES
*
* This function decrypts a block of 64 bits (8 bytes) with the Tripple-DES (EDE)
* algorithm. Key expansion is done automatically. The key is 192 bits long, but
* note that only 178 bits are used (the LSB of each byte is dropped). The input
* and output blocks may overlap.
*
* \param out pointer to the block (64 bit = 8 byte) where the plaintext is written to
* \param in pointer to the block (64 bit = 8 byte) where the ciphertext is read from
* \param key pointer to the key (192 bit = 24 byte)
*/
void tdes_dec(void* out, const void* in, const void* key);
void tdes_2key_enc(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
void tdes_2key_dec(void* out, const void* in, size_t length, const void* key, unsigned char iv[8]);
#endif /*DES_H_*/
// Copied from des.h in desfire imp.
typedef unsigned long DES_KS[16][2]; /* Single-key DES key schedule */
typedef unsigned long DES3_KS[48][2]; /* Triple-DES key schedule */
extern int Asmversion; /* 1 if we're linked with an asm version, 0 if C */

1
armsrc/fpgaloader.h
View file

@ -58,6 +58,7 @@ void SetAdcMuxFor(uint32_t whichGpio);
// Options for the HF reader, correlating against rx from tag
#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0)
#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1)
#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2)
// Options for the HF simulated tag, how to modulate
#define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0)
#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0)

17
armsrc/iso14443a.c
View file

@ -2352,18 +2352,6 @@ void ReaderMifare(bool first_try)
set_tracing(false);
}
typedef struct {
uint32_t cuid;
uint8_t sector;
uint8_t keytype;
uint32_t nonce;
uint32_t ar;
uint32_t nr;
uint32_t nonce2;
uint32_t ar2;
uint32_t nr2;
} nonces_t;
/**
*MIFARE 1K simulate.
*
@ -2562,7 +2550,10 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
LED_A_ON();
}
}
if (cardSTATE == MFEMUL_NOFIELD) continue;
if (cardSTATE == MFEMUL_NOFIELD) {
button_pushed = BUTTON_PRESS();
continue;
}
//Now, get data
res = EmGetCmd(receivedCmd, &len, receivedCmd_par);

49
armsrc/lfops.c
View file

@ -387,7 +387,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
int i;
uint8_t *tab = BigBuf_get_addr();
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
//note FpgaDownloadAndGo destroys the bigbuf so be sure this is called before now...
//FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
@ -401,13 +402,19 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
i = 0;
for(;;) {
//wait until SSC_CLK goes HIGH
int ii = 0;
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
return;
//only check every 1000th time (usb_poll_validate_length on some systems was too slow)
if ( ii == 1000 ) {
if (BUTTON_PRESS() || usb_poll_validate_length() ) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
return;
}
ii=0;
}
WDT_HIT();
ii++;
}
if (ledcontrol)
LED_D_ON();
@ -419,14 +426,20 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
if (ledcontrol)
LED_D_OFF();
ii=0;
//wait until SSC_CLK goes LOW
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
DbpString("Stopped");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
return;
//only check every 1000th time (usb_poll_validate_length on some systems was too slow)
if ( ii == 1000 ) {
if (BUTTON_PRESS() || usb_poll_validate_length() ) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
return;
}
ii=0;
}
WDT_HIT();
ii++;
}
i++;
@ -545,6 +558,9 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags");
return;
}
// set LF so we don't kill the bigbuf we are setting with simulation data.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
fc(0,&n);
// special start of frame marker containing invalid bit sequences
fc(8, &n); fc(8, &n); // invalid
@ -595,6 +611,9 @@ void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
uint8_t clk = arg2 & 0xFF;
uint8_t invert = (arg2 >> 8) & 1;
// set LF so we don't kill the bigbuf we are setting with simulation data.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
for (i=0; i<size; i++){
if (BitStream[i] == invert){
fcAll(fcLow, &n, clk, &modCnt);
@ -670,6 +689,9 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
uint8_t separator = arg2 & 1;
uint8_t invert = (arg2 >> 8) & 1;
// set LF so we don't kill the bigbuf we are setting with simulation data.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
if (encoding==2){ //biphase
uint8_t phase=0;
for (i=0; i<size; i++){
@ -741,6 +763,9 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
uint8_t carrier = arg1 & 0xFF;
uint8_t invert = arg2 & 0xFF;
uint8_t curPhase = 0;
// set LF so we don't kill the bigbuf we are setting with simulation data.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
for (i=0; i<size; i++){
if (BitStream[i] == curPhase){
pskSimBit(carrier, &n, clk, &curPhase, FALSE);
@ -1392,10 +1417,10 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
//Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
//TODO add selection of chip for Q5 or T55x7
// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);

37
armsrc/mifareutil.c
View file

@ -9,17 +9,17 @@
// Work with mifare cards.
//-----------------------------------------------------------------------------
#include <string.h>
#include "mifareutil.h"
#include "proxmark3.h"
#include "apps.h"
#include "util.h"
#include "parity.h"
#include "string.h"
#include "iso14443crc.h"
#include "iso14443a.h"
#include "crapto1/crapto1.h"
#include "des.h"
#include "polarssl/des.h"
int MF_DBGLEVEL = MF_DBG_ALL;
@ -290,6 +290,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
/// 3des2k
des3_context ctx = { 0x00 };
uint8_t random_a[8] = {1,1,1,1,1,1,1,1};
uint8_t random_b[8] = {0x00};
uint8_t enc_random_b[8] = {0x00};
@ -313,7 +314,16 @@ int mifare_ultra_auth(uint8_t *keybytes){
memcpy(enc_random_b,resp+1,8);
// decrypt nonce.
tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );
// tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );
des3_set2key_dec(&ctx, key);
des3_crypt_cbc(&ctx // des3_context
, DES_DECRYPT // int mode
, sizeof(random_b) // length
, IV // iv[8]
, enc_random_b // input
, random_b // output
);
rol(random_b,8);
memcpy(rnd_ab ,random_a,8);
memcpy(rnd_ab+8,random_b,8);
@ -333,7 +343,16 @@ int mifare_ultra_auth(uint8_t *keybytes){
}
// encrypt out, in, length, key, iv
tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
//tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
des3_set2key_enc(&ctx, key);
des3_crypt_cbc(&ctx // des3_context
, DES_ENCRYPT // int mode
, sizeof(rnd_ab) // length
, enc_random_b // iv[8]
, rnd_ab // input
, rnd_ab // output
);
//len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL);
if (len != 11) {
@ -346,7 +365,15 @@ int mifare_ultra_auth(uint8_t *keybytes){
memcpy(enc_resp, resp+1, 8);
// decrypt out, in, length, key, iv
tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
// tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
des3_set2key_dec(&ctx, key);
des3_crypt_cbc(&ctx // des3_context
, DES_DECRYPT // int mode
, 8 // length
, enc_random_b // iv[8]
, enc_resp // input
, resp_random_a // output
);
if ( memcmp(resp_random_a, random_a, 8) != 0 ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");
return 0;

17
client/Makefile
View file

@ -85,10 +85,11 @@ CORESRCS = uart_posix.c \
CMDSRCS = crapto1/crapto1.c\
crapto1/crypto1.c\
polarssl/des.c \
polarssl/aes.c\
mfkey.c\
loclass/cipher.c \
loclass/cipherutils.c \
loclass/des.c \
loclass/ikeys.c \
loclass/elite_crack.c\
loclass/fileutils.c\
@ -147,7 +148,6 @@ CMDSRCS = crapto1/crapto1.c\
cmdscript.c\
pm3_binlib.c\
pm3_bitlib.c\
aes.c\
protocols.c\
sha1.c\
cmdcrc.c\
@ -162,7 +162,7 @@ cpu_arch = $(shell uname -m)
ifneq ($(findstring 86, $(cpu_arch)), )
MULTIARCHSRCS = hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c
endif
ifneq ($(findstring 64, $(cpu_arch)), )
ifneq ($(findstring amd64, $(cpu_arch)), )
MULTIARCHSRCS = hardnested/hardnested_bf_core.c hardnested/hardnested_bitarray_core.c
endif
ifeq ($(MULTIARCHSRCS), )
@ -184,14 +184,21 @@ MULTIARCHOBJS = $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX.o) \
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX2.o)
GCC_GTEQ_490 := $(shell expr `gcc -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
GCC_VERSION := $(shell gcc --version | awk '/gcc/{print $$NF;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
CLANG_VERSION := $(shell gcc --version | awk '/Apple LLVM version/{print $$4;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
ifneq ($(CLANG_VERSION), )
SUPPORTS_AVX512 := $(shell [ $(CLANG_VERSION) -ge 80000 ] && echo "True" )
endif
ifneq ($(GCC_VERSION), )
SUPPORTS_AVX512 := $(shell [ $(GCC_VERSION) -ge 40900 ] && echo "True" )
endif
HARD_SWITCH_NOSIMD = -mno-mmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_MMX = -mmmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_SSE2 = -mmmx -msse2 -mno-avx -mno-avx2
HARD_SWITCH_AVX = -mmmx -msse2 -mavx -mno-avx2
HARD_SWITCH_AVX2 = -mmmx -msse2 -mavx -mavx2
HARD_SWITCH_AVX512 = -mmmx -msse2 -mavx -mavx2 -mavx512f
ifeq "$(GCC_GTEQ_490)" "1"
ifeq "$(SUPPORTS_AVX512)" "True"
HARD_SWITCH_NOSIMD += -mno-avx512f
HARD_SWITCH_MMX += -mno-avx512f
HARD_SWITCH_SSE2 += -mno-avx512f

2
client/cmdhficlass.c
View file

@ -23,7 +23,7 @@
#include "common.h"
#include "util.h"
#include "cmdmain.h"
#include "loclass/des.h"
#include "polarssl/des.h"
#include "loclass/cipherutils.h"
#include "loclass/cipher.h"
#include "loclass/ikeys.h"

4
client/cmdhflegic.c
View file

@ -251,7 +251,7 @@ int CmdLegicLoad(const char *Cmd)
fclose(f);
return -1;
}
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 1, 0}};
int j; for(j = 0; j < 8; j++) {
c.d.asBytes[j] = data[j];
}
@ -351,7 +351,7 @@ int CmdLegicRfFill(const char *Cmd)
}
int i;
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 1, 0}};
for(i = 0; i < 48; i++) {
c.d.asBytes[i] = cmd.arg[2];
}

2
client/cmdhfmfhard.c
View file

@ -72,7 +72,7 @@ static float brute_force_per_second;
static void get_SIMD_instruction_set(char* instruction_set) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) strcpy(instruction_set, "AVX512F");
else if (__builtin_cpu_supports("avx2")) strcpy(instruction_set, "AVX2");

2
client/cmdhfmfu.c
View file

@ -16,7 +16,7 @@
#include "usb_cmd.h"
#include "cmdmain.h"
#include "ui.h"
#include "loclass/des.h"
#include "polarssl/des.h"
#include "cmdhfmf.h"
#include "cmdhf14a.h"
#include "mifare.h"

5
client/cmdlf.c
View file

@ -410,14 +410,13 @@ int CmdLFSim(const char *Cmd)
sscanf(Cmd, "%i", &gap);
// convert to bitstream if necessary
// convert to bitstream if necessary
ChkBitstream(Cmd);
//can send only 512 bits at a time (1 byte sent per bit...)
printf("Sending [%d bytes]", GraphTraceLen);
for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
c.d.asBytes[j] = GraphBuffer[i+j];

2
client/cmdlffdx.c
View file

@ -58,7 +58,7 @@ int usage_lf_fdx_clone(void){
// extended data
PrintAndLog(" <Q5> : Specify write to Q5 (t5555 instead of t55x7)");
PrintAndLog("");
PrintAndLog("Sample: lf animal clone 999 112233");
PrintAndLog("Sample: lf fdx clone 999 112233");
return 0;
}

22
client/cmdlfhid.c
View file

@ -120,20 +120,20 @@ int CmdHIDReadFSK(const char *Cmd)
int CmdHIDSim(const char *Cmd)
{
unsigned int hi = 0, lo = 0;
int n = 0, i = 0;
uint32_t hi = 0, lo = 0;
int n = 0, i = 0;
while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
hi = (hi << 4) | (lo >> 28);
lo = (lo << 4) | (n & 0xf);
}
while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
hi = (hi << 4) | (lo >> 28);
lo = (lo << 4) | (n & 0xf);
}
PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
PrintAndLog("Press pm3-button to abort simulation");
PrintAndLog("Emulating tag with ID %x%08x", hi, lo);
PrintAndLog("Press pm3-button to abort simulation");
UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
SendCommand(&c);
return 0;
UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
SendCommand(&c);
return 0;
}
int CmdHIDClone(const char *Cmd)

14
client/cmdlfindala.c
View file

@ -40,10 +40,16 @@ int CmdIndalaDecode(const char *Cmd) {
}
uint8_t invert=0;
size_t size = DemodBufferLen;
int startIdx = indala26decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size > 224) {
if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
return -1;
int startIdx = indala64decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size != 64) {
// try 224 indala
invert = 0;
size = DemodBufferLen;
startIdx = indala224decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size != 224) {
if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
return -1;
}
}
setDemodBuf(DemodBuffer, size, (size_t)startIdx);
setClockGrid(g_DemodClock, g_DemodStartIdx + (startIdx*g_DemodClock));

24
client/cmdlfvisa2000.c
View file

@ -29,26 +29,26 @@ static int CmdHelp(const char *Cmd);
int usage_lf_visa2k_clone(void){
PrintAndLog("clone a Visa2000 tag to a T55x7 tag.");
PrintAndLog("Usage: lf visa2k clone [h] <card ID> <Q5>");
PrintAndLog("Usage: lf visa2000 clone [h] <card ID> <Q5>");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
PrintAndLog(" <card ID> : Visa2k card ID");
PrintAndLog(" <card ID> : Visa2000 card ID");
PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)");
PrintAndLog("");
PrintAndLog("Sample: lf visa2k clone 112233");
PrintAndLog("Sample: lf visa2000 clone 112233");
return 0;
}
int usage_lf_visa2k_sim(void) {
PrintAndLog("Enables simulation of visa2k card with specified card number.");
PrintAndLog("Enables simulation of visa2000 card with specified card number.");
PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
PrintAndLog("");
PrintAndLog("Usage: lf visa2k sim [h] <card ID>");
PrintAndLog("Usage: lf visa2000 sim [h] <card ID>");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
PrintAndLog(" <card ID> : Visa2k card ID");
PrintAndLog(" <card ID> : Visa2000 card ID");
PrintAndLog("");
PrintAndLog("Sample: lf visa2k sim 112233");
PrintAndLog("Sample: lf visa2000 sim 112233");
return 0;
}
@ -100,7 +100,7 @@ int CmdVisa2kDemod(const char *Cmd) {
//ASK / Manchester
bool st = true;
if (!ASKDemod_ext("64 0 0", false, false, 1, &st)) {
if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2k: ASK/Manchester Demod failed");
if (g_debugMode) PrintAndLog("DEBUG: Error - Visa2000: ASK/Manchester Demod failed");
return 0;
}
size_t size = DemodBufferLen;
@ -108,13 +108,13 @@ int CmdVisa2kDemod(const char *Cmd) {
if (ans < 0){
if (g_debugMode){
if (ans == -1)
PrintAndLog("DEBUG: Error - Visa2k: too few bits found");
PrintAndLog("DEBUG: Error - Visa2000: too few bits found");
else if (ans == -2)
PrintAndLog("DEBUG: Error - Visa2k: preamble not found");
PrintAndLog("DEBUG: Error - Visa2000: preamble not found");
else if (ans == -3)
PrintAndLog("DEBUG: Error - Visa2k: Size not correct: %d", size);
PrintAndLog("DEBUG: Error - Visa2000: Size not correct: %d", size);
else
PrintAndLog("DEBUG: Error - Visa2k: ans: %d", ans);
PrintAndLog("DEBUG: Error - Visa2000: ans: %d", ans);
}
return 0;
}

4
client/hardnested/hardnested_bf_core.c
View file

@ -551,7 +551,7 @@ bitslice_test_nonces_t *bitslice_test_nonces_function_p = &bitslice_test_nonces_
// determine the available instruction set at runtime and call the correct function
const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_first_bytes, statelist_t *p, uint32_t *keys_found, uint64_t *num_keys_tested, uint32_t nonces_to_bruteforce, uint8_t *bf_test_nonce_2nd_byte, noncelist_t *nonces) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX512;
else if (__builtin_cpu_supports("avx2")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX2;
@ -572,7 +572,7 @@ const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_firs
void bitslice_test_nonces_dispatch(uint32_t nonces_to_bruteforce, uint32_t *bf_test_nonce, uint8_t *bf_test_nonce_par) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX512;
else if (__builtin_cpu_supports("avx2")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX2;

26
client/hardnested/hardnested_bitarray_core.c
View file

@ -319,7 +319,7 @@ count_bitarray_AND4_t *count_bitarray_AND4_function_p = &count_bitarray_AND4_dis
// determine the available instruction set at runtime and call the correct function
uint32_t *malloc_bitarray_dispatch(uint32_t x) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) malloc_bitarray_function_p = &malloc_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) malloc_bitarray_function_p = &malloc_bitarray_AVX2;
@ -340,7 +340,7 @@ uint32_t *malloc_bitarray_dispatch(uint32_t x) {
void free_bitarray_dispatch(uint32_t *x) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) free_bitarray_function_p = &free_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) free_bitarray_function_p = &free_bitarray_AVX2;
@ -361,7 +361,7 @@ void free_bitarray_dispatch(uint32_t *x) {
uint32_t bitcount_dispatch(uint32_t a) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitcount_function_p = &bitcount_AVX512;
else if (__builtin_cpu_supports("avx2")) bitcount_function_p = &bitcount_AVX2;
@ -382,7 +382,7 @@ uint32_t bitcount_dispatch(uint32_t a) {
uint32_t count_states_dispatch(uint32_t *bitarray) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_states_function_p = &count_states_AVX512;
else if (__builtin_cpu_supports("avx2")) count_states_function_p = &count_states_AVX2;
@ -403,7 +403,7 @@ uint32_t count_states_dispatch(uint32_t *bitarray) {
void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND_function_p = &bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND_function_p = &bitarray_AND_AVX2;
@ -424,7 +424,7 @@ void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX2;
@ -445,7 +445,7 @@ void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX2;
@ -466,7 +466,7 @@ uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX2;
@ -487,7 +487,7 @@ uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND4_function_p = &bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND4_function_p = &bitarray_AND4_AVX2;
@ -508,7 +508,7 @@ void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D)
void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_OR_function_p = &bitarray_OR_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_OR_function_p = &bitarray_OR_AVX2;
@ -529,7 +529,7 @@ void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX2;
@ -550,7 +550,7 @@ uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX2;
@ -571,7 +571,7 @@ uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
uint32_t count_bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX2;

2
client/loclass/elite_crack.c
View file

@ -47,7 +47,7 @@
#include "ikeys.h"
#include "elite_crack.h"
#include "fileutils.h"
#include "des.h"
#include "polarssl/des.h"
/**
* @brief Permutes a key from standard NIST format to Iclass specific format

2
client/loclass/ikeys.c
View file

@ -69,7 +69,7 @@ From "Dismantling iclass":
#include <inttypes.h>
#include "fileutils.h"
#include "cipherutils.h"
#include "des.h"
#include "polarssl/des.h"
uint8_t pi[35] = {0x0F,0x17,0x1B,0x1D,0x1E,0x27,0x2B,0x2D,0x2E,0x33,0x35,0x39,0x36,0x3A,0x3C,0x47,0x4B,0x4D,0x4E,0x53,0x55,0x56,0x59,0x5A,0x5C,0x63,0x65,0x66,0x69,0x6A,0x6C,0x71,0x72,0x74,0x78};

1
client/mfkey.c
View file

@ -12,6 +12,7 @@
#include "mfkey.h"
#include "mifare.h"
#include "crapto1/crapto1.h"

14
client/mfkey.h
View file

@ -15,19 +15,7 @@
#include <stdint.h>
#include <stdbool.h>
typedef struct {
uint32_t cuid;
uint8_t sector;
uint8_t keytype;
uint32_t nonce;
uint32_t ar;
uint32_t nr;
uint32_t at;
uint32_t nonce2;
uint32_t ar2;
uint32_t nr2;
} nonces_t;
#include "mifare.h"
extern bool mfkey32(nonces_t data, uint64_t *outputkey);
extern bool mfkey32_moebius(nonces_t data, uint64_t *outputkey);

0
client/obj/polarssl/.dummy Normal file
View file

14
client/proxmark3.c
View file

@ -274,8 +274,22 @@ int main(int argc, char* argv[]) {
pthread_mutex_init(&print_lock, NULL);
#ifdef HAVE_GUI
#ifdef _WIN32
InitGraphics(argc, argv, script_cmds_file, usb_present);
MainGraphics();
#else
char* display = getenv("DISPLAY");
if (display && strlen(display) > 1)
{
InitGraphics(argc, argv, script_cmds_file, usb_present);
MainGraphics();
}
else
{
main_loop(script_cmds_file, usb_present);
}
#endif
#else
main_loop(script_cmds_file, usb_present);
#endif

2
client/scripting.c
View file

@ -24,7 +24,7 @@
#include "../common/crc16.h"
#include "../common/crc64.h"
#include "../common/sha1.h"
#include "aes.h"
#include "polarssl/aes.h"
#include "cmdcrc.h"
/**
* The following params expected:

2
common/Makefile.common
View file

@ -63,7 +63,7 @@ endif
# Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
VPATH = . ../common ../common/crapto1 ../fpga ../zlib
VPATH = . ../common ../common/crapto1 ../common/polarssl ../fpga ../zlib
INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gpio.h ../include/usb_cmd.h $(APP_INCLUDES)

55
common/lfdemod.c
View file

@ -1777,22 +1777,53 @@ int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx) {
}
// redesigned by marshmellow adjusted from existing decode functions
// indala id decoding - only tested on 26 bit tags, but attempted to make it work for more
int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//26 bit 40134 format (don't know other formats)
uint8_t preamble[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
uint8_t preamble_i[] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0};
size_t startidx = 0;
if (!preambleSearch(bitStream, preamble, sizeof(preamble), size, &startidx)){
// if didn't find preamble try again inverting
if (!preambleSearch(bitStream, preamble_i, sizeof(preamble_i), size, &startidx)) return -1;
// indala id decoding
int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//standard 64 bit indala formats including 26 bit 40134 format
uint8_t preamble64[] = {1,0,1,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 1};
uint8_t preamble64_i[] = {0,1,0,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 0};
size_t startidx = 0;
size_t found_size = *size;
bool found = preambleSearch(bitStream, preamble64, sizeof(preamble64), &found_size, &startidx);
if (!found) {
found = preambleSearch(bitStream, preamble64_i, sizeof(preamble64_i), &found_size, &startidx);
if (!found) return -1;
*invert ^= 1;
}
if (*size != 64 && *size != 224) return -2;
}
if (found_size != 64) return -2;
if (*invert==1)
for (size_t i = startidx; i < *size + startidx; i++)
for (size_t i = startidx; i < found_size + startidx; i++)
bitStream[i] ^= 1;
// note: don't change *size until we are sure we got it...
*size = found_size;
return (int) startidx;
}
int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//large 224 bit indala formats (different preamble too...)
uint8_t preamble224[] = {1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1};
uint8_t preamble224_i[] = {0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,0};
size_t startidx = 0;
size_t found_size = *size;
bool found = preambleSearch(bitStream, preamble224, sizeof(preamble224), &found_size, &startidx);
if (!found) {
found = preambleSearch(bitStream, preamble224_i, sizeof(preamble224_i), &found_size, &startidx);
if (!found) return -1;
*invert ^= 1;
}
if (found_size != 224) return -2;
if (*invert==1 && startidx > 0)
for (size_t i = startidx-1; i < found_size + startidx + 2; i++)
bitStream[i] ^= 1;
// 224 formats are typically PSK2 (afaik 2017 Marshmellow)
// note loses 1 bit at beginning of transformation...
// don't need to verify array is big enough as to get here there has to be a full preamble after all of our data
psk1TOpsk2(bitStream + (startidx-1), found_size+2);
startidx++;
*size = found_size;
return (int) startidx;
}

3
common/lfdemod.h
View file

@ -54,7 +54,8 @@ extern int FDXBdemodBI(uint8_t *dest, size_t *size);
extern int gProxII_Demod(uint8_t BitStream[], size_t *size);
extern int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx);
extern int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int PrescoDemod(uint8_t *dest, size_t *size);
extern int PyramiddemodFSK(uint8_t *dest, size_t *size, int *waveStartIdx);

0
client/aes.c → common/polarssl/aes.c
View file

0
client/aes.h → common/polarssl/aes.h
View file

0
client/loclass/des.c → common/polarssl/des.c
View file

0
client/loclass/des.h → common/polarssl/des.h
View file

0
client/polarssl_config.h → common/polarssl/polarssl_config.h
View file

BIN
fpga/fpga_hf.bit
View file

Binary file not shown.

4
fpga/fpga_hf.v
View file

@ -73,6 +73,8 @@ wire hi_read_tx_shallow_modulation = conf_word[0];
wire hi_read_rx_xcorr_848 = conf_word[0];
// and whether to drive the coil (reader) or just short it (snooper)
wire hi_read_rx_xcorr_snoop = conf_word[1];
// divide subcarrier frequency by 4
wire hi_read_rx_xcorr_quarter = conf_word[2];
// For the high-frequency simulated tag: what kind of modulation to use.
wire [2:0] hi_simulate_mod_type = conf_word[2:0];
@ -100,7 +102,7 @@ hi_read_rx_xcorr hrxc(
hrxc_ssp_frame, hrxc_ssp_din, ssp_dout, hrxc_ssp_clk,
cross_hi, cross_lo,
hrxc_dbg,
hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop
hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
);
hi_simulate hs(

31
fpga/hi_read_rx_xcorr.v
View file

@ -10,7 +10,7 @@ module hi_read_rx_xcorr(
ssp_frame, ssp_din, ssp_dout, ssp_clk,
cross_hi, cross_lo,
dbg,
xcorr_is_848, snoop
xcorr_is_848, snoop, xcorr_quarter_freq
);
input pck0, ck_1356meg, ck_1356megb;
output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
@ -20,7 +20,7 @@ module hi_read_rx_xcorr(
output ssp_frame, ssp_din, ssp_clk;
input cross_hi, cross_lo;
output dbg;
input xcorr_is_848, snoop;
input xcorr_is_848, snoop, xcorr_quarter_freq;
// Carrier is steady on through this, unless we're snooping.
assign pwr_hi = ck_1356megb & (~snoop);
@ -28,19 +28,21 @@ assign pwr_oe1 = 1'b0;
assign pwr_oe3 = 1'b0;
assign pwr_oe4 = 1'b0;
// Clock divider
reg [0:0] fc_divider;
reg [2:0] fc_div;
always @(negedge ck_1356megb)
fc_divider <= fc_divider + 1;
wire fc_div2 = fc_divider[0];
fc_div <= fc_div + 1;
reg adc_clk;
always @(ck_1356megb)
if (xcorr_is_848)
(* clock_signal = "yes" *) reg adc_clk; // sample frequency, always 16 * fc
always @(ck_1356megb, xcorr_is_848, xcorr_quarter_freq, fc_div)
if (xcorr_is_848 & ~xcorr_quarter_freq) // fc = 847.5 kHz
adc_clk <= ck_1356megb;
else
adc_clk <= fc_div2;
else if (~xcorr_is_848 & ~xcorr_quarter_freq) // fc = 424.25 kHz
adc_clk <= fc_div[0];
else if (xcorr_is_848 & xcorr_quarter_freq) // fc = 212.125 kHz
adc_clk <= fc_div[1];
else // fc = 106.0625 kHz
adc_clk <= fc_div[2];
// When we're a reader, we just need to do the BPSK demod; but when we're an
// eavesdropper, we also need to pick out the commands sent by the reader,
// using AM. Do this the same way that we do it for the simulated tag.
@ -71,8 +73,7 @@ end
// so we need a 6-bit counter.
reg [5:0] corr_i_cnt;
// And a couple of registers in which to accumulate the correlations.
// we would add at most 32 times adc_d, the result can be held in 13 bits.
// Need one additional bit because it can be negative as well
// we would add/sub at most 32 times adc_d, the signed result can be held in 14 bits.
reg signed [13:0] corr_i_accum;
reg signed [13:0] corr_q_accum;
reg signed [7:0] corr_i_out;
@ -84,7 +85,7 @@ reg ssp_frame;
always @(negedge adc_clk)
begin
corr_i_cnt <= corr_i_cnt + 1;
corr_i_cnt <= corr_i_cnt + 1;
end

13
include/mifare.h
View file

@ -37,4 +37,17 @@ typedef enum ISO14A_COMMAND {
ISO14A_TOPAZMODE = (1 << 8)
} iso14a_command_t;
typedef struct {
uint32_t cuid;
uint8_t sector;
uint8_t keytype;
uint32_t nonce;
uint32_t ar;
uint32_t nr;
uint32_t at;
uint32_t nonce2;
uint32_t ar2;
uint32_t nr2;
} nonces_t;
#endif // _MIFARE_H_

2
tools/mfkey/Makefile
View file

@ -1,7 +1,7 @@
VPATH = ../../common ../../common/crapto1 ../../client
CC = gcc
LD = gcc
CFLAGS = -std=c99 -D_ISOC99_SOURCE -I../../common -I../../client -Wall -O3
CFLAGS = -std=c99 -D_ISOC99_SOURCE -I../../include -I../../common -I../../client -Wall -O3
LDFLAGS =
OBJS = crypto1.o crapto1.o parity.o util_posix.o mfkey.o