From 729dbe0471ed15bebbce127b438cf4369f03c693 Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Fri, 19 Oct 2018 17:20:09 +0300
Subject: [PATCH] auth4 refactoring

---
 client/Makefile   |   1 +
 client/cmdhfmf.c  |  78 ++-------------------------------
 client/cmdhfmfp.c |  38 +++++++++++++++-
 client/mifare4.c  | 109 ++++++++++++++++++++++++++++++++++++++++++++++
 client/mifare4.h  |  22 ++++++++++
 5 files changed, 171 insertions(+), 77 deletions(-)
 create mode 100644 client/mifare4.c
 create mode 100644 client/mifare4.h

diff --git a/client/Makefile b/client/Makefile
index d2f2105e..72d5080d 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -121,6 +121,7 @@ CMDSRCS = 	$(SRC_SMARTCARD) \
 			loclass/fileutils.c\
 			whereami.c\
 			mifarehost.c\
+			mifare4.c\
 			parity.c\
 			crc.c \
 			crc16.c \
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 47e7fa7d..2cd7f085 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -29,7 +29,7 @@
 #include "hardnested/hardnested_bf_core.h"
 #include "cliparser/cliparser.h"
 #include "cmdhf14a.h"
-#include "polarssl/libpcrypto.h"
+#include "mifare4.h"
 
 #define NESTED_SECTOR_RETRY     10			// how often we try mfested() until we give up
 
@@ -2642,13 +2642,7 @@ int CmdHF14AMfAuth4(const char *cmd) {
 	int keynlen = 0;
 	uint8_t key[16] = {0};
 	int keylen = 0;
-	uint8_t data[257] = {0};
-	int datalen = 0;
-	
-	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
-	uint8_t Rnd2[17] = {0};
-	
-	
+
 	CLIParserInit("hf mf auth4", 
 		"Executes AES authentication command in ISO14443-4", 
 		"Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
@@ -2676,73 +2670,7 @@ int CmdHF14AMfAuth4(const char *cmd) {
 		return 1;
 	}
 
-	uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
-	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen);
-	if (res) {
-		PrintAndLog("ERROR exchande raw error: %d", res);
-		DropField();
-		return 2;
-	}
-	
-	PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
-		
-	if (datalen < 1) {
-		PrintAndLog("ERROR: card response length: %d", datalen);
-		DropField();
-		return 3;
-	}
-	
-	if (data[0] != 0x90) {
-		PrintAndLog("ERROR: card response error: %02x", data[2]);
-		DropField();
-		return 3;
-	}
-
-	if (datalen != 19) { // code 1b + 16b + crc 2b
-		PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
-		DropField();
-		return 3;
-	}
-	
-    aes_decode(NULL, key, &data[1], Rnd2, 16);
-	Rnd2[16] = Rnd2[0];
-	PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
-
-	uint8_t cmd2[33] = {0};
-	cmd2[0] = 0x72;
-
-	uint8_t raw[32] = {0};
-	memmove(raw, Rnd1, 16);
-	memmove(&raw[16], &Rnd2[1], 16);
-
-    aes_encode(NULL, key, raw, &cmd2[1], 32);
-	PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
-	
-	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
-	if (res) {
-		PrintAndLog("ERROR exchande raw error: %d", res);
-		DropField();
-		return 4;
-	}
-	
-	PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
-
-    aes_decode(NULL, key, &data[1], raw, 32);
-	PrintAndLog("res: %s", sprint_hex(raw, 32));
-	
-	PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
-	if (memcmp(&raw[4], &Rnd1[1], 16)) {
-		PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
-		PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
-		PrintAndLog("rnd1   card: %s", sprint_hex(&raw[4], 16));
-		DropField();
-		return 5;
-	}
-
-	DropField();
-	PrintAndLog("\nAuthentication OK");
-	
-	return 0;
+	return MifareAuth4(keyn, key, true, false, true);
 }
 
 static command_t CommandTable[] =
diff --git a/client/cmdhfmfp.c b/client/cmdhfmfp.c
index 5749c3be..bcf4201f 100644
--- a/client/cmdhfmfp.c
+++ b/client/cmdhfmfp.c
@@ -21,6 +21,7 @@
 #include "ui.h"
 #include "cmdhf14a.h"
 #include "mifare.h"
+#include "mifare4.h"
 #include "cliparser/cliparser.h"
 #include "polarssl/libpcrypto.h"
 
@@ -342,8 +343,41 @@ int CmdHFMFPCommitPerso(const char *cmd) {
 }
 
 int CmdHFMFPAuth(const char *cmd) {
+	uint8_t keyn[250] = {0};
+	int keynlen = 0;
+	uint8_t key[250] = {0};
+	int keylen = 0;
 	
-	return 0;
+	CLIParserInit("hf mfp auth", 
+		"Executes AES authentication command in ISO14443-4", 
+		"Usage:\n\thf mfp auth 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
+			"\thf mfp auth 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");
+
+	void* argtable[] = {
+		arg_param_begin,
+		arg_lit0("vV",  "verbose", "show internal data."),
+		arg_str1(NULL,  NULL,     "<Key Num (HEX 2 bytes)>", NULL),
+		arg_str1(NULL,  NULL,     "<Key Value (HEX 16 bytes)>", NULL),
+		arg_param_end
+	};
+	CLIExecWithReturn(cmd, argtable, true);
+	
+	bool verbose = arg_get_lit(1);
+	CLIGetHexWithReturn(2, keyn, &keynlen);
+	CLIGetHexWithReturn(3, key, &keylen);
+	CLIParserFree();
+	
+	if (keynlen != 2) {
+		PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);
+		return 1;
+	}
+	
+	if (keylen != 16) {
+		PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);
+		return 1;
+	}
+
+	return MifareAuth4(keyn, key, true, false, verbose);
 }
 
 int CmdHFMFPRdbl(const char *cmd) {
@@ -368,7 +402,7 @@ static command_t CommandTable[] =
   {"wrp",	  	       CmdHFMFPWritePerso,		0, "Write Perso command"},
   {"initp",  	       CmdHFMFPInitPerso,		0, "Fills all the card's keys"},
   {"commitp",  	       CmdHFMFPCommitPerso,		0, "Move card to SL1 or SL3 mode"},
-//  {"auth",  	       CmdHFMFPAuth,			0, "Authentication in iso1443-4"},
+  {"auth",  	       CmdHFMFPAuth,			0, "Authentication in iso1443-4"},
 //  {"rdbl",  	       CmdHFMFPRdbl,			0, "Read blocks"},
 //  {"rdsc",  	       CmdHFMFPRdsc,			0, "Read sectors"},
 //  {"wrbl",  	       CmdHFMFPWrbl,			0, "Write blocks"},
diff --git a/client/mifare4.c b/client/mifare4.c
new file mode 100644
index 00000000..fc3fcf3d
--- /dev/null
+++ b/client/mifare4.c
@@ -0,0 +1,109 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// iso14443-4 mifare commands
+//-----------------------------------------------------------------------------
+
+#include "mifare4.h"
+#include <ctype.h>
+#include <string.h>
+#include "cmdhf14a.h"
+#include "util.h"
+#include "ui.h"
+#include "polarssl/libpcrypto.h"
+
+int MifareAuth4(uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
+	uint8_t data[257] = {0};
+	int datalen = 0;
+	
+	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
+	uint8_t Rnd2[17] = {0};
+	
+	
+	uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
+	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		DropField();
+		return 2;
+	}
+	
+	if (verbose)
+		PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
+		
+	if (datalen < 1) {
+		PrintAndLog("ERROR: card response length: %d", datalen);
+		DropField();
+		return 3;
+	}
+	
+	if (data[0] != 0x90) {
+		PrintAndLog("ERROR: card response error: %02x", data[2]);
+		DropField();
+		return 3;
+	}
+
+	if (datalen != 19) { // code 1b + 16b + crc 2b
+		PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
+		DropField();
+		return 3;
+	}
+	
+    aes_decode(NULL, key, &data[1], Rnd2, 16);
+	Rnd2[16] = Rnd2[0];
+	if (verbose)
+		PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
+
+	uint8_t cmd2[33] = {0};
+	cmd2[0] = 0x72;
+
+	uint8_t raw[32] = {0};
+	memmove(raw, Rnd1, 16);
+	memmove(&raw[16], &Rnd2[1], 16);
+
+	aes_encode(NULL, key, raw, &cmd2[1], 32);
+	if (verbose)
+		PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
+	
+	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		DropField();
+		return 4;
+	}
+	
+	if (verbose)
+		PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
+
+	aes_decode(NULL, key, &data[1], raw, 32);
+	
+	if (verbose) {
+		PrintAndLog("res: %s", sprint_hex(raw, 32));
+		PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
+	}
+
+	if (memcmp(&raw[4], &Rnd1[1], 16)) {
+		PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
+		if (verbose) {
+			PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
+			PrintAndLog("rnd1   card: %s", sprint_hex(&raw[4], 16));
+		}
+		DropField();
+		return 5;
+	}
+
+	if (!leaveSignalON)
+		DropField();
+
+	if (verbose)
+		PrintAndLog("");
+
+	PrintAndLog("Authentication OK");
+	
+	return 0;
+}
+
diff --git a/client/mifare4.h b/client/mifare4.h
new file mode 100644
index 00000000..163bdead
--- /dev/null
+++ b/client/mifare4.h
@@ -0,0 +1,22 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2018 Merlok
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// iso14443-4 mifare commands
+//-----------------------------------------------------------------------------
+
+#ifndef MIFARE4_H
+#define MIFARE4_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+
+extern int MifareAuth4(uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose);
+
+
+
+#endif // mifare4.h