mirror of
https://github.com/Proxmark/proxmark3.git
synced 2025-08-20 21:33:19 -07:00
auth4 refactoring
This commit is contained in:
parent
8df4180f39
commit
729dbe0471
5 changed files with 171 additions and 77 deletions
|
@ -121,6 +121,7 @@ CMDSRCS = $(SRC_SMARTCARD) \
|
|||
loclass/fileutils.c\
|
||||
whereami.c\
|
||||
mifarehost.c\
|
||||
mifare4.c\
|
||||
parity.c\
|
||||
crc.c \
|
||||
crc16.c \
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
#include "hardnested/hardnested_bf_core.h"
|
||||
#include "cliparser/cliparser.h"
|
||||
#include "cmdhf14a.h"
|
||||
#include "polarssl/libpcrypto.h"
|
||||
#include "mifare4.h"
|
||||
|
||||
#define NESTED_SECTOR_RETRY 10 // how often we try mfested() until we give up
|
||||
|
||||
|
@ -2642,13 +2642,7 @@ int CmdHF14AMfAuth4(const char *cmd) {
|
|||
int keynlen = 0;
|
||||
uint8_t key[16] = {0};
|
||||
int keylen = 0;
|
||||
uint8_t data[257] = {0};
|
||||
int datalen = 0;
|
||||
|
||||
uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
|
||||
uint8_t Rnd2[17] = {0};
|
||||
|
||||
|
||||
|
||||
CLIParserInit("hf mf auth4",
|
||||
"Executes AES authentication command in ISO14443-4",
|
||||
"Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
|
||||
|
@ -2676,73 +2670,7 @@ int CmdHF14AMfAuth4(const char *cmd) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
|
||||
int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen);
|
||||
if (res) {
|
||||
PrintAndLog("ERROR exchande raw error: %d", res);
|
||||
DropField();
|
||||
return 2;
|
||||
}
|
||||
|
||||
PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
|
||||
|
||||
if (datalen < 1) {
|
||||
PrintAndLog("ERROR: card response length: %d", datalen);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (data[0] != 0x90) {
|
||||
PrintAndLog("ERROR: card response error: %02x", data[2]);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (datalen != 19) { // code 1b + 16b + crc 2b
|
||||
PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
aes_decode(NULL, key, &data[1], Rnd2, 16);
|
||||
Rnd2[16] = Rnd2[0];
|
||||
PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
|
||||
|
||||
uint8_t cmd2[33] = {0};
|
||||
cmd2[0] = 0x72;
|
||||
|
||||
uint8_t raw[32] = {0};
|
||||
memmove(raw, Rnd1, 16);
|
||||
memmove(&raw[16], &Rnd2[1], 16);
|
||||
|
||||
aes_encode(NULL, key, raw, &cmd2[1], 32);
|
||||
PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
|
||||
|
||||
res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
|
||||
if (res) {
|
||||
PrintAndLog("ERROR exchande raw error: %d", res);
|
||||
DropField();
|
||||
return 4;
|
||||
}
|
||||
|
||||
PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
|
||||
|
||||
aes_decode(NULL, key, &data[1], raw, 32);
|
||||
PrintAndLog("res: %s", sprint_hex(raw, 32));
|
||||
|
||||
PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
|
||||
if (memcmp(&raw[4], &Rnd1[1], 16)) {
|
||||
PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
|
||||
PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
|
||||
PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
|
||||
DropField();
|
||||
return 5;
|
||||
}
|
||||
|
||||
DropField();
|
||||
PrintAndLog("\nAuthentication OK");
|
||||
|
||||
return 0;
|
||||
return MifareAuth4(keyn, key, true, false, true);
|
||||
}
|
||||
|
||||
static command_t CommandTable[] =
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#include "ui.h"
|
||||
#include "cmdhf14a.h"
|
||||
#include "mifare.h"
|
||||
#include "mifare4.h"
|
||||
#include "cliparser/cliparser.h"
|
||||
#include "polarssl/libpcrypto.h"
|
||||
|
||||
|
@ -342,8 +343,41 @@ int CmdHFMFPCommitPerso(const char *cmd) {
|
|||
}
|
||||
|
||||
int CmdHFMFPAuth(const char *cmd) {
|
||||
uint8_t keyn[250] = {0};
|
||||
int keynlen = 0;
|
||||
uint8_t key[250] = {0};
|
||||
int keylen = 0;
|
||||
|
||||
return 0;
|
||||
CLIParserInit("hf mfp auth",
|
||||
"Executes AES authentication command in ISO14443-4",
|
||||
"Usage:\n\thf mfp auth 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
|
||||
"\thf mfp auth 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");
|
||||
|
||||
void* argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_lit0("vV", "verbose", "show internal data."),
|
||||
arg_str1(NULL, NULL, "<Key Num (HEX 2 bytes)>", NULL),
|
||||
arg_str1(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(cmd, argtable, true);
|
||||
|
||||
bool verbose = arg_get_lit(1);
|
||||
CLIGetHexWithReturn(2, keyn, &keynlen);
|
||||
CLIGetHexWithReturn(3, key, &keylen);
|
||||
CLIParserFree();
|
||||
|
||||
if (keynlen != 2) {
|
||||
PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (keylen != 16) {
|
||||
PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);
|
||||
return 1;
|
||||
}
|
||||
|
||||
return MifareAuth4(keyn, key, true, false, verbose);
|
||||
}
|
||||
|
||||
int CmdHFMFPRdbl(const char *cmd) {
|
||||
|
@ -368,7 +402,7 @@ static command_t CommandTable[] =
|
|||
{"wrp", CmdHFMFPWritePerso, 0, "Write Perso command"},
|
||||
{"initp", CmdHFMFPInitPerso, 0, "Fills all the card's keys"},
|
||||
{"commitp", CmdHFMFPCommitPerso, 0, "Move card to SL1 or SL3 mode"},
|
||||
// {"auth", CmdHFMFPAuth, 0, "Authentication in iso1443-4"},
|
||||
{"auth", CmdHFMFPAuth, 0, "Authentication in iso1443-4"},
|
||||
// {"rdbl", CmdHFMFPRdbl, 0, "Read blocks"},
|
||||
// {"rdsc", CmdHFMFPRdsc, 0, "Read sectors"},
|
||||
// {"wrbl", CmdHFMFPWrbl, 0, "Write blocks"},
|
||||
|
|
109
client/mifare4.c
Normal file
109
client/mifare4.c
Normal file
|
@ -0,0 +1,109 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2018 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// iso14443-4 mifare commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#include "mifare4.h"
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
#include "cmdhf14a.h"
|
||||
#include "util.h"
|
||||
#include "ui.h"
|
||||
#include "polarssl/libpcrypto.h"
|
||||
|
||||
int MifareAuth4(uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
|
||||
uint8_t data[257] = {0};
|
||||
int datalen = 0;
|
||||
|
||||
uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
|
||||
uint8_t Rnd2[17] = {0};
|
||||
|
||||
|
||||
uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
|
||||
int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
|
||||
if (res) {
|
||||
PrintAndLog("ERROR exchande raw error: %d", res);
|
||||
DropField();
|
||||
return 2;
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
|
||||
|
||||
if (datalen < 1) {
|
||||
PrintAndLog("ERROR: card response length: %d", datalen);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (data[0] != 0x90) {
|
||||
PrintAndLog("ERROR: card response error: %02x", data[2]);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
if (datalen != 19) { // code 1b + 16b + crc 2b
|
||||
PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
|
||||
DropField();
|
||||
return 3;
|
||||
}
|
||||
|
||||
aes_decode(NULL, key, &data[1], Rnd2, 16);
|
||||
Rnd2[16] = Rnd2[0];
|
||||
if (verbose)
|
||||
PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
|
||||
|
||||
uint8_t cmd2[33] = {0};
|
||||
cmd2[0] = 0x72;
|
||||
|
||||
uint8_t raw[32] = {0};
|
||||
memmove(raw, Rnd1, 16);
|
||||
memmove(&raw[16], &Rnd2[1], 16);
|
||||
|
||||
aes_encode(NULL, key, raw, &cmd2[1], 32);
|
||||
if (verbose)
|
||||
PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
|
||||
|
||||
res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
|
||||
if (res) {
|
||||
PrintAndLog("ERROR exchande raw error: %d", res);
|
||||
DropField();
|
||||
return 4;
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
|
||||
|
||||
aes_decode(NULL, key, &data[1], raw, 32);
|
||||
|
||||
if (verbose) {
|
||||
PrintAndLog("res: %s", sprint_hex(raw, 32));
|
||||
PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
|
||||
}
|
||||
|
||||
if (memcmp(&raw[4], &Rnd1[1], 16)) {
|
||||
PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
|
||||
if (verbose) {
|
||||
PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
|
||||
PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
|
||||
}
|
||||
DropField();
|
||||
return 5;
|
||||
}
|
||||
|
||||
if (!leaveSignalON)
|
||||
DropField();
|
||||
|
||||
if (verbose)
|
||||
PrintAndLog("");
|
||||
|
||||
PrintAndLog("Authentication OK");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
22
client/mifare4.h
Normal file
22
client/mifare4.h
Normal file
|
@ -0,0 +1,22 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) 2018 Merlok
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// iso14443-4 mifare commands
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef MIFARE4_H
|
||||
#define MIFARE4_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include <stddef.h>
|
||||
|
||||
extern int MifareAuth4(uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose);
|
||||
|
||||
|
||||
|
||||
#endif // mifare4.h
|
Loading…
Add table
Add a link
Reference in a new issue