From 4f131b53ea7e9a66f5c7269fc35b11f8038cbf3e Mon Sep 17 00:00:00 2001 From: merlokk Date: Fri, 9 Feb 2018 17:37:31 +0200 Subject: [PATCH 01/25] added cmdhflist file --- client/Makefile | 1 + client/cmdhf.c | 7 +++++++ client/cmdhflist.c | 17 +++++++++++++++++ client/cmdhflist.h | 11 +++++++++++ common/protocols.h | 9 +++++---- 5 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 client/cmdhflist.c create mode 100644 client/cmdhflist.h diff --git a/client/Makefile b/client/Makefile index bf642803..bf3c8d36 100644 --- a/client/Makefile +++ b/client/Makefile @@ -128,6 +128,7 @@ CMDSRCS = crapto1/crapto1.c\ emv/test/cda_test.c\ emv/cmdemv.c\ cmdhf.c \ + cmdhflist.c \ cmdhf14a.c \ cmdhf14b.c \ cmdhf15.c \ diff --git a/client/cmdhf.c b/client/cmdhf.c index 7a2f3252..34d95c50 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -1,5 +1,6 @@ //----------------------------------------------------------------------------- // Copyright (C) 2010 iZsh +// Merlok - 2017 // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -31,6 +32,7 @@ #include "cmdhftopaz.h" #include "protocols.h" #include "emv/cmdemv.h" +#include "cmdhflist.h" static int CmdHelp(const char *Cmd); @@ -466,6 +468,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui case TOPAZ: crcStatus = iso14443B_CRC_check(isResponse, frame, data_len); break; + case PROTO_MIFARE: case ISO_14443A: crcStatus = iso14443A_CRC_check(isResponse, frame, data_len); break; @@ -518,6 +521,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui { switch(protocol) { case ICLASS: annotateIclass(explanation,sizeof(explanation),frame,data_len); break; + case PROTO_MIFARE: case ISO_14443A: annotateIso14443a(explanation,sizeof(explanation),frame,data_len); break; case ISO_14443B: annotateIso14443b(explanation,sizeof(explanation),frame,data_len); break; case TOPAZ: annotateTopaz(explanation,sizeof(explanation),frame,data_len); break; @@ -583,6 +587,8 @@ int CmdHFList(const char *Cmd) if(!errors) { if(strcmp(type, "iclass") == 0) { protocol = ICLASS; + } else if(strcmp(type, "mf") == 0) { + protocol = PROTO_MIFARE; } else if(strcmp(type, "14a") == 0) { protocol = ISO_14443A; } else if(strcmp(type, "14b") == 0) { @@ -604,6 +610,7 @@ int CmdHFList(const char *Cmd) PrintAndLog("Supported values:"); PrintAndLog(" raw - just show raw data without annotations"); PrintAndLog(" 14a - interpret data as iso14443a communications"); + PrintAndLog(" mf - interpret data as iso14443a communications and decrypt crypto1 stream"); PrintAndLog(" 14b - interpret data as iso14443b communications"); PrintAndLog(" iclass - interpret data as iclass communications"); PrintAndLog(" topaz - interpret data as topaz communications"); diff --git a/client/cmdhflist.c b/client/cmdhflist.c new file mode 100644 index 00000000..86562e4c --- /dev/null +++ b/client/cmdhflist.c @@ -0,0 +1,17 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Merlok - 2017 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Command: hf mf list. It shows data from arm buffer. +//----------------------------------------------------------------------------- + +#include "cmdhflist.h" + +#include +#include +#include + + diff --git a/client/cmdhflist.h b/client/cmdhflist.h new file mode 100644 index 00000000..138e5590 --- /dev/null +++ b/client/cmdhflist.h @@ -0,0 +1,11 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Merlok - 2017 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Command: hf mf list. It shows data from arm buffer. +//----------------------------------------------------------------------------- + + diff --git a/common/protocols.h b/common/protocols.h index 31252ad3..57e6011f 100644 --- a/common/protocols.h +++ b/common/protocols.h @@ -200,10 +200,11 @@ NXP/Philips CUSTOM COMMANDS #define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes) -#define ISO_14443A 0 -#define ICLASS 1 -#define ISO_14443B 2 -#define TOPAZ 3 +#define ISO_14443A 0 +#define ICLASS 1 +#define ISO_14443B 2 +#define TOPAZ 3 +#define PROTO_MIFARE 4 //-- Picopass fuses #define FUSE_FPERS 0x80 From 6612a5a20136d0d4b11bd7f3fd113f4dd836119f Mon Sep 17 00:00:00 2001 From: merlokk Date: Fri, 9 Feb 2018 18:23:04 +0200 Subject: [PATCH 02/25] moved some functions and added auth sequence annotation --- client/cmdhf.c | 126 ++--------------------------- client/cmdhflist.c | 196 +++++++++++++++++++++++++++++++++++++++++++++ client/cmdhflist.h | 12 +++ 3 files changed, 213 insertions(+), 121 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 34d95c50..ae1b12a6 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -43,99 +43,6 @@ int CmdHFTune(const char *Cmd) return 0; } - -void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - switch(cmd[0]) - { - case ISO14443A_CMD_WUPA: snprintf(exp,size,"WUPA"); break; - case ISO14443A_CMD_ANTICOLL_OR_SELECT:{ - // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) - // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) - if(cmd[1] == 0x70) - { - snprintf(exp,size,"SELECT_UID"); break; - }else - { - snprintf(exp,size,"ANTICOLL"); break; - } - } - case ISO14443A_CMD_ANTICOLL_OR_SELECT_2:{ - //95 20 = Anticollision of cascade level2 - //95 70 = Select of cascade level2 - if(cmd[2] == 0x70) - { - snprintf(exp,size,"SELECT_UID-2"); break; - }else - { - snprintf(exp,size,"ANTICOLL-2"); break; - } - } - case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; - case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break; - case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; - case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; - case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; - case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; - case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; - case MIFARE_AUTH_KEYA:{ - if ( cmdsize > 3) - snprintf(exp,size,"AUTH-A(%d)",cmd[1]); - else - // case MIFARE_ULEV1_VERSION : both 0x60. - snprintf(exp,size,"EV1 VERSION"); - break; - } - case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break; - case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break; - case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break; - case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break; - case MIFARE_ULC_AUTH_1: snprintf(exp,size,"AUTH "); break; - case MIFARE_ULC_AUTH_2: snprintf(exp,size,"AUTH_ANSW"); break; - case MIFARE_ULEV1_AUTH: - if ( cmdsize == 7 ) - snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] ); - else - snprintf(exp,size,"PWD-AUTH"); - break; - case MIFARE_ULEV1_FASTREAD:{ - if ( cmdsize >=3 && cmd[2] <= 0xE6) - snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]); - else - snprintf(exp,size,"?"); - break; - } - case MIFARE_ULC_WRITE:{ - if ( cmd[1] < 0x21 ) - snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); - else - snprintf(exp,size,"?"); - break; - } - case MIFARE_ULEV1_READ_CNT:{ - if ( cmd[1] < 5 ) - snprintf(exp,size,"READ CNT(%d)",cmd[1]); - else - snprintf(exp,size,"?"); - break; - } - case MIFARE_ULEV1_INCR_CNT:{ - if ( cmd[1] < 5 ) - snprintf(exp,size,"INCR(%d)",cmd[1]); - else - snprintf(exp,size,"?"); - break; - } - case MIFARE_ULEV1_READSIG: snprintf(exp,size,"READ_SIG"); break; - case MIFARE_ULEV1_CHECKTEAR: snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break; - case MIFARE_ULEV1_VCSL: snprintf(exp,size,"VCSL"); break; - default: snprintf(exp,size,"?"); break; - } - return; -} - void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { switch(cmd[0]) @@ -246,33 +153,6 @@ void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } -/** - * @brief iso14443A_CRC_check Checks CRC in command or response - * @param isResponse - * @param data - * @param len - * @return 0 : CRC-command, CRC not ok - * 1 : CRC-command, CRC ok - * 2 : Not crc-command - */ - -uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len) -{ - uint8_t b1,b2; - - if(len <= 2) return 2; - - if(isResponse & (len < 6)) return 2; - - ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2); - if (b1 != data[len-2] || b2 != data[len-1]) { - return 0; - } else { - return 1; - } -} - - /** * @brief iso14443B_CRC_check Checks CRC in command or response * @param isResponse @@ -469,6 +349,8 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui crcStatus = iso14443B_CRC_check(isResponse, frame, data_len); break; case PROTO_MIFARE: + crcStatus = mifare_CRC_check(isResponse, frame, data_len); + break; case ISO_14443A: crcStatus = iso14443A_CRC_check(isResponse, frame, data_len); break; @@ -517,11 +399,13 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui EndOfTransmissionTimestamp = timestamp + duration; + if (protocol == PROTO_MIFARE) + annotateMifare(explanation, sizeof(explanation), frame, data_len, isResponse); + if(!isResponse) { switch(protocol) { case ICLASS: annotateIclass(explanation,sizeof(explanation),frame,data_len); break; - case PROTO_MIFARE: case ISO_14443A: annotateIso14443a(explanation,sizeof(explanation),frame,data_len); break; case ISO_14443B: annotateIso14443b(explanation,sizeof(explanation),frame,data_len); break; case TOPAZ: annotateTopaz(explanation,sizeof(explanation),frame,data_len); break; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 86562e4c..b1d432ee 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -13,5 +13,201 @@ #include #include #include +#include +#include +#include "util.h" +#include "data.h" +#include "ui.h" +#include "iso14443crc.h" +#include "parity.h" +#include "protocols.h" +enum MifareAuthSeq { + masNone, + masNt, + masNrAr, + masAt, + masData, + masDataNested, + masError, +}; +static enum MifareAuthSeq MifareAuthState; + +/** + * @brief iso14443A_CRC_check Checks CRC in command or response + * @param isResponse + * @param data + * @param len + * @return 0 : CRC-command, CRC not ok + * 1 : CRC-command, CRC ok + * 2 : Not crc-command + */ +uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len) +{ + uint8_t b1,b2; + + if(len <= 2) return 2; + + if(isResponse & (len < 6)) return 2; + + ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2); + if (b1 != data[len-2] || b2 != data[len-1]) { + return 0; + } else { + return 1; + } +} + +uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len) +{ + switch(MifareAuthState) { + case masNone: + case masData: + case masDataNested: + case masError: + return iso14443A_CRC_check(isResponse, data, len); + default: + return 2; + } + +} + +void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + switch(cmd[0]) + { + case ISO14443A_CMD_WUPA: snprintf(exp,size,"WUPA"); break; + case ISO14443A_CMD_ANTICOLL_OR_SELECT:{ + // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) + // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) + if(cmd[1] == 0x70) + { + snprintf(exp,size,"SELECT_UID"); break; + }else + { + snprintf(exp,size,"ANTICOLL"); break; + } + } + case ISO14443A_CMD_ANTICOLL_OR_SELECT_2:{ + //95 20 = Anticollision of cascade level2 + //95 70 = Select of cascade level2 + if(cmd[2] == 0x70) + { + snprintf(exp,size,"SELECT_UID-2"); break; + }else + { + snprintf(exp,size,"ANTICOLL-2"); break; + } + } + case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; + case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_HALT: + snprintf(exp,size,"HALT"); + MifareAuthState = masNone; + break; + case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; + case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; + case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; + case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; + case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; + case MIFARE_AUTH_KEYA: + if ( cmdsize > 3) { + snprintf(exp,size,"AUTH-A(%d)",cmd[1]); + MifareAuthState = masNt; + } else { + // case MIFARE_ULEV1_VERSION : both 0x60. + snprintf(exp,size,"EV1 VERSION"); + } + break; + case MIFARE_AUTH_KEYB: + MifareAuthState = masNt; + snprintf(exp,size,"AUTH-B(%d)",cmd[1]); + break; + case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break; + case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break; + case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break; + case MIFARE_ULC_AUTH_1: snprintf(exp,size,"AUTH "); break; + case MIFARE_ULC_AUTH_2: snprintf(exp,size,"AUTH_ANSW"); break; + case MIFARE_ULEV1_AUTH: + if ( cmdsize == 7 ) + snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] ); + else + snprintf(exp,size,"PWD-AUTH"); + break; + case MIFARE_ULEV1_FASTREAD:{ + if ( cmdsize >=3 && cmd[2] <= 0xE6) + snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULC_WRITE:{ + if ( cmd[1] < 0x21 ) + snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_READ_CNT:{ + if ( cmd[1] < 5 ) + snprintf(exp,size,"READ CNT(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_INCR_CNT:{ + if ( cmd[1] < 5 ) + snprintf(exp,size,"INCR(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_READSIG: snprintf(exp,size,"READ_SIG"); break; + case MIFARE_ULEV1_CHECKTEAR: snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break; + case MIFARE_ULEV1_VCSL: snprintf(exp,size,"VCSL"); break; + default: snprintf(exp,size,"?"); break; + } + return; +} + +void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse) { + switch(MifareAuthState) { + case masNt: + if (cmdsize == 4) { + snprintf(exp,size,"AUTH: nt"); + MifareAuthState = masNrAr; + printf("--ntok\n"); + return; + } else { + MifareAuthState = masError; + printf("--err %d\n", cmdsize); + } + break; + case masNrAr: + if (cmdsize == 8) { + snprintf(exp,size,"AUTH: nr ar"); + MifareAuthState = masAt; + return; + } else { + MifareAuthState = masError; + } + break; + case masAt: + if (cmdsize == 4) { + snprintf(exp,size,"AUTH: at"); + MifareAuthState = masData; + return; + } else { + MifareAuthState = masError; + } + break; + default: + break; + } + + if (!isResponse) + annotateIso14443a(exp, size, cmd, cmdsize); + +} diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 138e5590..9bed08ab 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -7,5 +7,17 @@ //----------------------------------------------------------------------------- // Command: hf mf list. It shows data from arm buffer. //----------------------------------------------------------------------------- +#ifndef CMDHFLIST_H +#define CMDHFLIST_H + +#include +#include +#include + +extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); +extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); +extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); +extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse); +#endif // CMDHFLIST From 6c30a244eb553ed342318ad2ec11a45b2db3a909 Mon Sep 17 00:00:00 2001 From: merlokk Date: Fri, 9 Feb 2018 19:32:17 +0200 Subject: [PATCH 03/25] added some get auth data --- client/cmdhflist.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index b1d432ee..a91df26a 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -70,7 +70,6 @@ uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len) default: return 2; } - } void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) @@ -173,22 +172,33 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse) { +// uint32_t uid; // UID + static uint32_t nt; // tag challenge +// uint32_t nt_enc; // encrypted tag challenge +// uint8_t nt_enc_par; // encrypted tag challenge parity + static uint32_t nr_enc; // encrypted reader challenge + static uint32_t ar_enc; // encrypted reader response +// uint8_t ar_enc_par; // encrypted reader response parity + static uint32_t at_enc; // encrypted tag response +// uint8_t at_enc_par; // encrypted tag response parity + switch(MifareAuthState) { case masNt: if (cmdsize == 4) { - snprintf(exp,size,"AUTH: nt"); + snprintf(exp,size,"AUTH: nt %s", (MifareAuthState == masData) ? "(enc)" : ""); MifareAuthState = masNrAr; - printf("--ntok\n"); + nt = bytes_to_num(cmd, cmdsize); return; } else { MifareAuthState = masError; - printf("--err %d\n", cmdsize); } break; case masNrAr: if (cmdsize == 8) { - snprintf(exp,size,"AUTH: nr ar"); + snprintf(exp,size,"AUTH: nr ar (enc)"); MifareAuthState = masAt; + nr_enc = bytes_to_num(cmd, cmdsize); + ar_enc = bytes_to_num(&cmd[3], cmdsize); return; } else { MifareAuthState = masError; @@ -196,8 +206,9 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool break; case masAt: if (cmdsize == 4) { - snprintf(exp,size,"AUTH: at"); + snprintf(exp,size,"AUTH: at (enc)"); MifareAuthState = masData; + at_enc = bytes_to_num(cmd, cmdsize); return; } else { MifareAuthState = masError; From fb30f5a1013a4e37280c72dda7b37052e317634f Mon Sep 17 00:00:00 2001 From: merlokk Date: Fri, 9 Feb 2018 19:40:39 +0200 Subject: [PATCH 04/25] added check reader/tag --- client/cmdhflist.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index a91df26a..065cbde2 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -184,8 +184,8 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool switch(MifareAuthState) { case masNt: - if (cmdsize == 4) { - snprintf(exp,size,"AUTH: nt %s", (MifareAuthState == masData) ? "(enc)" : ""); + if (cmdsize == 4 && isResponse) { + snprintf(exp,size,"AUTH: nt %s", (nt) ? "(enc)" : ""); MifareAuthState = masNrAr; nt = bytes_to_num(cmd, cmdsize); return; @@ -194,7 +194,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool } break; case masNrAr: - if (cmdsize == 8) { + if (cmdsize == 8 && !isResponse) { snprintf(exp,size,"AUTH: nr ar (enc)"); MifareAuthState = masAt; nr_enc = bytes_to_num(cmd, cmdsize); @@ -205,7 +205,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool } break; case masAt: - if (cmdsize == 4) { + if (cmdsize == 4 && isResponse) { snprintf(exp,size,"AUTH: at (enc)"); MifareAuthState = masData; at_enc = bytes_to_num(cmd, cmdsize); From aadc6bf1e162316eab391ca2ca61d05bdac7db80 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 19:03:29 +0200 Subject: [PATCH 05/25] combine all auth data to single struct and fill it --- client/cmdhf.c | 1 + client/cmdhflist.c | 46 ++++++++++++++++++++++++++++++---------------- client/cmdhflist.h | 14 ++++++++++++++ 3 files changed, 45 insertions(+), 16 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index ae1b12a6..2557607b 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -543,6 +543,7 @@ int CmdHFList(const char *Cmd) PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC | Annotation |"); PrintAndLog("------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|"); + ClearAuthData(); while(tracepos < traceLen) { tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles, markCRCBytes); diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 065cbde2..ec710b2c 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -28,11 +28,19 @@ enum MifareAuthSeq { masNt, masNrAr, masAt, + masFirstData, masData, masDataNested, masError, }; static enum MifareAuthSeq MifareAuthState; +static TAuthData AuthData; + +void ClearAuthData() { + AuthData.uid = 0; + AuthData.nt = 0; + AuthData.first_auth = false; +} /** * @brief iso14443A_CRC_check Checks CRC in command or response @@ -63,6 +71,7 @@ uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len) { switch(MifareAuthState) { case masNone: + case masFirstData: case masData: case masDataNested: case masError: @@ -172,22 +181,27 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse) { -// uint32_t uid; // UID - static uint32_t nt; // tag challenge -// uint32_t nt_enc; // encrypted tag challenge -// uint8_t nt_enc_par; // encrypted tag challenge parity - static uint32_t nr_enc; // encrypted reader challenge - static uint32_t ar_enc; // encrypted reader response -// uint8_t ar_enc_par; // encrypted reader response parity - static uint32_t at_enc; // encrypted tag response -// uint8_t at_enc_par; // encrypted tag response parity - + // get UID + if (MifareAuthState == masNone) { + if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) { + ClearAuthData(); + AuthData.uid = bytes_to_num(&cmd[2], 4); + } + if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && cmd[1] == 0x70) { + ClearAuthData(); + AuthData.uid = bytes_to_num(&cmd[2], 4); + } + } + switch(MifareAuthState) { case masNt: if (cmdsize == 4 && isResponse) { - snprintf(exp,size,"AUTH: nt %s", (nt) ? "(enc)" : ""); + snprintf(exp,size,"AUTH: nt %s", (AuthData.first_auth) ? "" : "(enc)"); MifareAuthState = masNrAr; - nt = bytes_to_num(cmd, cmdsize); + if (AuthData.first_auth) + AuthData.nt = bytes_to_num(cmd, cmdsize); + else + AuthData.nt_enc = bytes_to_num(cmd, cmdsize); return; } else { MifareAuthState = masError; @@ -197,8 +211,8 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool if (cmdsize == 8 && !isResponse) { snprintf(exp,size,"AUTH: nr ar (enc)"); MifareAuthState = masAt; - nr_enc = bytes_to_num(cmd, cmdsize); - ar_enc = bytes_to_num(&cmd[3], cmdsize); + AuthData.nr_enc = bytes_to_num(cmd, cmdsize); + AuthData.ar_enc = bytes_to_num(&cmd[3], cmdsize); return; } else { MifareAuthState = masError; @@ -207,8 +221,8 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool case masAt: if (cmdsize == 4 && isResponse) { snprintf(exp,size,"AUTH: at (enc)"); - MifareAuthState = masData; - at_enc = bytes_to_num(cmd, cmdsize); + MifareAuthState = masFirstData; + AuthData.at_enc = bytes_to_num(cmd, cmdsize); return; } else { MifareAuthState = masError; diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 9bed08ab..6ec2f6fc 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -14,6 +14,20 @@ #include #include +typedef struct { + uint32_t uid; // UID + uint32_t nt; // tag challenge + uint32_t nt_enc; // encrypted tag challenge + uint8_t nt_enc_par; // encrypted tag challenge parity + uint32_t nr_enc; // encrypted reader challenge + uint32_t ar_enc; // encrypted reader response + uint8_t ar_enc_par; // encrypted reader response parity + uint32_t at_enc; // encrypted tag response + uint8_t at_enc_par; // encrypted tag response parity + bool first_auth; // is first authentication +} TAuthData; +extern void ClearAuthData(); + extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); From a31f7f899b6d62c94bc236fce4330d6bbb8996e7 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 19:06:34 +0200 Subject: [PATCH 06/25] small fix --- client/cmdhflist.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index ec710b2c..8e7b7f6e 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -85,7 +85,10 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { switch(cmd[0]) { - case ISO14443A_CMD_WUPA: snprintf(exp,size,"WUPA"); break; + case ISO14443A_CMD_WUPA: + snprintf(exp,size,"WUPA"); + MifareAuthState = masNone; + break; case ISO14443A_CMD_ANTICOLL_OR_SELECT:{ // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) @@ -108,7 +111,10 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) snprintf(exp,size,"ANTICOLL-2"); break; } } - case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; + case ISO14443A_CMD_REQA: + snprintf(exp,size,"REQA"); + MifareAuthState = masNone; + break; case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; case ISO14443A_CMD_HALT: From b957bcd382bf718f766c0774839752eb99f668af Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 19:19:56 +0200 Subject: [PATCH 07/25] added get parity --- client/cmdhf.c | 5 ++++- client/cmdhflist.c | 5 ++++- client/cmdhflist.h | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 2557607b..3256b69a 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -400,7 +400,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui EndOfTransmissionTimestamp = timestamp + duration; if (protocol == PROTO_MIFARE) - annotateMifare(explanation, sizeof(explanation), frame, data_len, isResponse); + annotateMifare(explanation, sizeof(explanation), frame, data_len, parityBytes, parity_len, isResponse); if(!isResponse) { @@ -430,6 +430,9 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui (j == num_lines-1) ? explanation : ""); } } + +// if (DecodeMifareData(frame, data_len, isResponse)) { +// }; if (is_last_record(tracepos, trace, traceLen)) return traceLen; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 8e7b7f6e..5ff3192b 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -186,7 +186,7 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) return; } -void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse) { +void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse) { // get UID if (MifareAuthState == masNone) { if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) { @@ -208,6 +208,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool AuthData.nt = bytes_to_num(cmd, cmdsize); else AuthData.nt_enc = bytes_to_num(cmd, cmdsize); + AuthData.nt_enc_par = parity[0]; return; } else { MifareAuthState = masError; @@ -219,6 +220,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool MifareAuthState = masAt; AuthData.nr_enc = bytes_to_num(cmd, cmdsize); AuthData.ar_enc = bytes_to_num(&cmd[3], cmdsize); + AuthData.ar_enc_par = parity[0] << 4; return; } else { MifareAuthState = masError; @@ -229,6 +231,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool snprintf(exp,size,"AUTH: at (enc)"); MifareAuthState = masFirstData; AuthData.at_enc = bytes_to_num(cmd, cmdsize); + AuthData.at_enc_par = parity[0]; return; } else { MifareAuthState = masError; diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 6ec2f6fc..329df7db 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -31,7 +31,7 @@ extern void ClearAuthData(); extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); -extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse); +extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); #endif // CMDHFLIST From 7b215d149ac4fd5709635111d86a2062fc7ac3ad Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 20:28:30 +0200 Subject: [PATCH 08/25] correct 1st key calculation --- client/cmdhf.c | 10 ++++++-- client/cmdhflist.c | 62 ++++++++++++++++++++++++++++++++++++++++------ client/cmdhflist.h | 2 +- 3 files changed, 63 insertions(+), 11 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 3256b69a..9f3ff4e4 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -300,6 +300,8 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui uint8_t topaz_reader_command[9]; uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp; char explanation[30] = {0}; + uint8_t mfData[32] = {0}; + size_t mfDataLen = 0; if (tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) > traceLen) return traceLen; @@ -431,8 +433,12 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui } } -// if (DecodeMifareData(frame, data_len, isResponse)) { -// }; + if (DecodeMifareData(frame, data_len, isResponse, mfData, &mfDataLen)) { + PrintAndLog(" | | |%-64s | %s| %s", + sprint_hex(mfData, mfDataLen), + "", + (false) ? explanation : ""); + }; if (is_last_record(tracepos, trace, traceLen)) return traceLen; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 5ff3192b..0eaafa68 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -21,6 +21,8 @@ #include "iso14443crc.h" #include "parity.h" #include "protocols.h" +#include "crapto1/crapto1.h" +#include "mifarehost.h" enum MifareAuthSeq { @@ -39,7 +41,7 @@ static TAuthData AuthData; void ClearAuthData() { AuthData.uid = 0; AuthData.nt = 0; - AuthData.first_auth = false; + AuthData.first_auth = true; } /** @@ -189,11 +191,11 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse) { // get UID if (MifareAuthState == masNone) { - if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) { + if (cmdsize == 9 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) { ClearAuthData(); AuthData.uid = bytes_to_num(&cmd[2], 4); } - if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && cmd[1] == 0x70) { + if (cmdsize == 9 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && cmd[1] == 0x70) { ClearAuthData(); AuthData.uid = bytes_to_num(&cmd[2], 4); } @@ -205,9 +207,9 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 snprintf(exp,size,"AUTH: nt %s", (AuthData.first_auth) ? "" : "(enc)"); MifareAuthState = masNrAr; if (AuthData.first_auth) - AuthData.nt = bytes_to_num(cmd, cmdsize); + AuthData.nt = bytes_to_num(cmd, 4); else - AuthData.nt_enc = bytes_to_num(cmd, cmdsize); + AuthData.nt_enc = bytes_to_num(cmd, 4); AuthData.nt_enc_par = parity[0]; return; } else { @@ -218,8 +220,8 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 if (cmdsize == 8 && !isResponse) { snprintf(exp,size,"AUTH: nr ar (enc)"); MifareAuthState = masAt; - AuthData.nr_enc = bytes_to_num(cmd, cmdsize); - AuthData.ar_enc = bytes_to_num(&cmd[3], cmdsize); + AuthData.nr_enc = bytes_to_num(cmd, 4); + AuthData.ar_enc = bytes_to_num(&cmd[4], 4); AuthData.ar_enc_par = parity[0] << 4; return; } else { @@ -230,7 +232,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 if (cmdsize == 4 && isResponse) { snprintf(exp,size,"AUTH: at (enc)"); MifareAuthState = masFirstData; - AuthData.at_enc = bytes_to_num(cmd, cmdsize); + AuthData.at_enc = bytes_to_num(cmd, 4); AuthData.at_enc_par = parity[0]; return; } else { @@ -245,3 +247,47 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 annotateIso14443a(exp, size, cmd, cmdsize); } + +bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen) { + *mfDataLen = 0; + + if (cmdsize > 32) + return false; + + if (MifareAuthState == masFirstData) { + if (AuthData.first_auth) { + uint32_t ks2 = AuthData.ar_enc ^ prng_successor(AuthData.nt, 64); + uint32_t ks3 = AuthData.at_enc ^ prng_successor(AuthData.nt, 96); + struct Crypto1State *revstate = lfsr_recovery64(ks2, ks3); + lfsr_rollback_word(revstate, 0, 0); + lfsr_rollback_word(revstate, 0, 0); + lfsr_rollback_word(revstate, AuthData.nr_enc, 1); + lfsr_rollback_word(revstate, AuthData.uid ^ AuthData.nt, 0); + + uint64_t lfsr = 0; + crypto1_get_lfsr(revstate, &lfsr); + crypto1_destroy(revstate); +// LastKey = lfsr; + printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); + printf("AUTH: probable key:%x%x Prng:%s ks2:%08x ks3:%08x\n", + (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF), + validate_prng_nonce(AuthData.nt) ? "WEAK": "HARDEND", + ks2, + ks3); + + AuthData.first_auth = false; + } else { + } + + + + MifareAuthState = masData; + return true; + } + + if (MifareAuthState == masData) { + } + + return *mfDataLen > 0; +} + diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 329df7db..7d95cc1c 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -32,6 +32,6 @@ extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); - +extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen); #endif // CMDHFLIST From 28ee794f59aac1fac7aa18bfbaa4050d48a90260 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 20:41:56 +0200 Subject: [PATCH 09/25] fix appearance --- client/cmdhf.c | 6 ++++-- client/cmdhflist.c | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 9f3ff4e4..00b1aa8d 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -434,10 +434,12 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui } if (DecodeMifareData(frame, data_len, isResponse, mfData, &mfDataLen)) { - PrintAndLog(" | | |%-64s | %s| %s", + annotateIso14443a(explanation, sizeof(explanation), mfData, mfDataLen); + + PrintAndLog(" | * | dec |%-64s | %-4s| %s", sprint_hex(mfData, mfDataLen), "", - (false) ? explanation : ""); + (true) ? explanation : ""); }; if (is_last_record(tracepos, trace, traceLen)) return traceLen; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 0eaafa68..3dd03970 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -268,15 +268,15 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m crypto1_get_lfsr(revstate, &lfsr); crypto1_destroy(revstate); // LastKey = lfsr; - printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); - printf("AUTH: probable key:%x%x Prng:%s ks2:%08x ks3:%08x\n", + PrintAndLog(" | * | key | probable key:%x%x Prng:%s ks2:%08x ks3:%08x | |", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF), - validate_prng_nonce(AuthData.nt) ? "WEAK": "HARDEND", + validate_prng_nonce(AuthData.nt) ? "WEAK": "HARD", ks2, ks3); AuthData.first_auth = false; } else { + printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); } From edd4c8385b3d6efb1467f5cee3c9ad5fe1491d11 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 22:10:38 +0200 Subject: [PATCH 10/25] small fix util.c --- client/util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/util.c b/client/util.c index bbc7f2cf..5dc9a455 100644 --- a/client/util.c +++ b/client/util.c @@ -116,6 +116,7 @@ void hex_to_buffer(const uint8_t *buf, const uint8_t *hex_data, const size_t hex char *tmp = (char *)buf; size_t i; + memset(tmp, 0x00, hex_max_len); int maxLen = ( hex_len > hex_max_len) ? hex_max_len : hex_len; From 747885a6ed9670c06a17140dd5385a9bac25c6b0 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 22:33:32 +0200 Subject: [PATCH 11/25] hf list mf 1st auth works --- client/cmdhf.c | 10 +++++++--- client/cmdhflist.c | 44 +++++++++++++++++++++++++++++++++++--------- client/mifarehost.h | 2 ++ 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 00b1aa8d..06382abb 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -434,11 +434,15 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui } if (DecodeMifareData(frame, data_len, isResponse, mfData, &mfDataLen)) { - annotateIso14443a(explanation, sizeof(explanation), mfData, mfDataLen); - + memset(explanation, 0x00, sizeof(explanation)); + if (!isResponse) { + explanation[0] = '>'; + annotateIso14443a(&explanation[1], sizeof(explanation) - 1, mfData, mfDataLen); + } + uint8_t crcc = iso14443A_CRC_check(isResponse, mfData, mfDataLen); PrintAndLog(" | * | dec |%-64s | %-4s| %s", sprint_hex(mfData, mfDataLen), - "", + (crcc == 0 ? "!crc" : (crcc == 1 ? " ok " : " ")), (true) ? explanation : ""); }; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 3dd03970..43e0e562 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -30,9 +30,9 @@ enum MifareAuthSeq { masNt, masNrAr, masAt, + masAuthComplete, masFirstData, masData, - masDataNested, masError, }; static enum MifareAuthSeq MifareAuthState; @@ -73,9 +73,6 @@ uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len) { switch(MifareAuthState) { case masNone: - case masFirstData: - case masData: - case masDataNested: case masError: return iso14443A_CRC_check(isResponse, data, len); default: @@ -231,7 +228,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 case masAt: if (cmdsize == 4 && isResponse) { snprintf(exp,size,"AUTH: at (enc)"); - MifareAuthState = masFirstData; + MifareAuthState = masAuthComplete; AuthData.at_enc = bytes_to_num(cmd, 4); AuthData.at_enc_par = parity[0]; return; @@ -243,14 +240,26 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 break; } - if (!isResponse) + if (!isResponse && ((MifareAuthState == masNone) || (MifareAuthState == masError))) annotateIso14443a(exp, size, cmd, cmdsize); } bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen) { + static struct Crypto1State *traceCrypto1; + uint64_t mfLastKey; + *mfDataLen = 0; + if (MifareAuthState == masAuthComplete) { + if (traceCrypto1) { + crypto1_destroy(traceCrypto1); + } + + MifareAuthState = masFirstData; + return false; + } + if (cmdsize > 32) return false; @@ -267,7 +276,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m uint64_t lfsr = 0; crypto1_get_lfsr(revstate, &lfsr); crypto1_destroy(revstate); -// LastKey = lfsr; + mfLastKey = lfsr; PrintAndLog(" | * | key | probable key:%x%x Prng:%s ks2:%08x ks3:%08x | |", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF), validate_prng_nonce(AuthData.nt) ? "WEAK": "HARD", @@ -275,17 +284,34 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m ks3); AuthData.first_auth = false; + + traceCrypto1 = lfsr_recovery64(ks2, ks3); } else { printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); + + // check last used key + if (mfLastKey) { + + } + + // check default keys + + // nested + if (validate_prng_nonce(AuthData.nt)) { + } + + //hardnested } MifareAuthState = masData; - return true; } - if (MifareAuthState == masData) { + if (MifareAuthState == masData && traceCrypto1) { + memcpy(mfData, cmd, cmdsize); + mf_crypto1_decrypt(traceCrypto1, mfData, cmdsize, 0); + *mfDataLen = cmdsize; } return *mfDataLen > 0; diff --git a/client/mifarehost.h b/client/mifarehost.h index bef397bb..457a879f 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -14,6 +14,7 @@ #include #include #include "data.h" +#include "crapto1/crapto1.h" // defaults // timeout in units. (ms * 106)/10 or us*0.0106 @@ -62,5 +63,6 @@ extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t extern int mfCIdentify(); extern int DetectClassicPrng(void); extern bool validate_prng_nonce(uint32_t nonce); +extern void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted); #endif From c6a886fb4f25b8925956a267ed3d2f60455adf4a Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 23:06:01 +0200 Subject: [PATCH 12/25] added mock of key check --- client/cmdhflist.c | 13 ++++++++++++- client/cmdhflist.h | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 43e0e562..30249579 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -23,6 +23,7 @@ #include "protocols.h" #include "crapto1/crapto1.h" #include "mifarehost.h" +#include "mifaredefault.h" enum MifareAuthSeq { @@ -291,10 +292,17 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m // check last used key if (mfLastKey) { - + if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize)) { + }; } // check default keys + for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ + if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize)) { + + break; + }; + } // nested if (validate_prng_nonce(AuthData.nt)) { @@ -317,3 +325,6 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m return *mfDataLen > 0; } +bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) { + return false; +} \ No newline at end of file diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 7d95cc1c..d0298de5 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -33,5 +33,6 @@ extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen); +extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize); #endif // CMDHFLIST From dca8220f729d7855b12c89ecb402958ce6dbc81b Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 23:25:28 +0200 Subject: [PATCH 13/25] mock of key checking --- client/cmdhflist.c | 55 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 30249579..dc3d9640 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -248,7 +248,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen) { static struct Crypto1State *traceCrypto1; - uint64_t mfLastKey; + static uint64_t mfLastKey; *mfDataLen = 0; @@ -325,6 +325,57 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m return *mfDataLen > 0; } +bool NTParityChk(TAuthData *ad, uint32_t ntx) { + if ( + (oddparity8(ntx >> 8 & 0xff) ^ (ntx & 0x01) ^ ((ad->nt_enc_par >> 5) & 0x01) ^ (ad->nt_enc & 0x01)) || + (oddparity8(ntx >> 16 & 0xff) ^ (ntx >> 8 & 0x01) ^ ((ad->nt_enc_par >> 6) & 0x01) ^ (ad->nt_enc >> 8 & 0x01)) || + (oddparity8(ntx >> 24 & 0xff) ^ (ntx >> 16 & 0x01) ^ ((ad->nt_enc_par >> 7) & 0x01) ^ (ad->nt_enc >> 16 & 0x01)) + ) + return false; + + uint32_t ar = prng_successor(ntx, 64); + if ( + (oddparity8(ar >> 8 & 0xff) ^ (ar & 0x01) ^ ((ad->ar_enc_par >> 5) & 0x01) ^ (ad->ar_enc & 0x01)) || + (oddparity8(ar >> 16 & 0xff) ^ (ar >> 8 & 0x01) ^ ((ad->ar_enc_par >> 6) & 0x01) ^ (ad->ar_enc >> 8 & 0x01)) || + (oddparity8(ar >> 24 & 0xff) ^ (ar >> 16 & 0x01) ^ ((ad->ar_enc_par >> 7) & 0x01) ^ (ad->ar_enc >> 16 & 0x01)) + ) + return false; + + uint32_t at = prng_successor(ntx, 96); + if ( + (oddparity8(ar & 0xff) ^ (at >> 24 & 0x01) ^ ((ad->ar_enc_par >> 4) & 0x01) ^ (ad->at_enc >> 24 & 0x01)) || + (oddparity8(at >> 8 & 0xff) ^ (at & 0x01) ^ ((ad->at_enc_par >> 5) & 0x01) ^ (ad->at_enc & 0x01)) || + (oddparity8(at >> 16 & 0xff) ^ (at >> 8 & 0x01) ^ ((ad->at_enc_par >> 6) & 0x01) ^ (ad->at_enc >> 8 & 0x01)) || + (oddparity8(at >> 24 & 0xff) ^ (at >> 16 & 0x01) ^ ((ad->at_enc_par >> 7) & 0x01) ^ (ad->at_enc >> 16 & 0x01)) + ) + return false; + + return true; +} + bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) { - return false; + uint8_t buf[32] = {0}; + struct Crypto1State *pcs; + + pcs = crypto1_create(key); + uint32_t nt1 = crypto1_word(pcs, ad->nt_enc ^ ad->uid, 1) ^ ad->nt_enc; + uint32_t ar = prng_successor(nt1, 64); + uint32_t at = prng_successor(nt1, 96); + printf("key> nested auth uid: %08x nt: %08x nt_parity: %s ar: %08x at: %08x\n", ad->uid, nt1, printBitsPar(&ad->nt_enc_par, 4), ar, at); + uint32_t nr1 = crypto1_word(pcs, ad->nr_enc, 1) ^ ad->nr_enc; + uint32_t ar1 = crypto1_word(pcs, 0, 0) ^ ad->ar_enc; + uint32_t at1 = crypto1_word(pcs, 0, 0) ^ ad->at_enc; + printf("key> the same key test. nr1: %08x ar1: %08x at1: %08x \n", nr1, ar1, at1); + + if (NTParityChk(ad, nt1)) + printf("key> the same key test OK. key=%x%x\n", (unsigned int)((key & 0xFFFFFFFF00000000) >> 32), (unsigned int)(key & 0xFFFFFFFF)); + else { + printf("key> the same key test. check nt parity error.\n"); + return false; + } + + memcpy(buf, cmd, cmdsize); + mf_crypto1_decrypt(pcs, buf, cmdsize, 0); + + return CheckCrc14443(CRC_14443_A, buf, cmdsize); } \ No newline at end of file From e0158d33736110e3fbcdd8331acb7ce747ee9ba2 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sat, 10 Feb 2018 23:28:15 +0200 Subject: [PATCH 14/25] added destroy --- client/cmdhflist.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index dc3d9640..b1bd8a7a 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -377,5 +377,7 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) memcpy(buf, cmd, cmdsize); mf_crypto1_decrypt(pcs, buf, cmdsize, 0); + crypto1_destroy(pcs); + return CheckCrc14443(CRC_14443_A, buf, cmdsize); } \ No newline at end of file From 7bea15816e2c9c4277df4670ab841ca5694c61d0 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sun, 11 Feb 2018 00:28:23 +0200 Subject: [PATCH 15/25] added some cone in nested. not tested. --- client/cmdhflist.c | 38 ++++++++++++++++++++++++++++++++------ client/cmdhflist.h | 1 + 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index b1bd8a7a..06bd8d18 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -297,18 +297,44 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m } // check default keys - for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ - if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize)) { - - break; - }; + if (!traceCrypto1) { + for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ + if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize)) { + + break; + }; + } } // nested - if (validate_prng_nonce(AuthData.nt)) { + if (!traceCrypto1 && validate_prng_nonce(AuthData.nt)) { + uint32_t ntx = prng_successor(AuthData.nt, 90); + for (int i = 0; i < 16383; i++) { + ntx = prng_successor(ntx, 1); + if (NTParityChk(&AuthData, ntx)){ + + uint32_t ks2 = AuthData.ar_enc ^ prng_successor(ntx, 64); + uint32_t ks3 = AuthData.at_enc ^ prng_successor(ntx, 96); + struct Crypto1State *pcs = lfsr_recovery64(ks2, ks3); + memcpy(mfData, cmd, cmdsize); + mf_crypto1_decrypt(pcs, mfData, cmdsize, 0); + + crypto1_destroy(pcs); + if (CheckCrc14443(CRC_14443_A, mfData, cmdsize)) { + traceCrypto1 = lfsr_recovery64(ks2, ks3); + break; + } + } + } + if (traceCrypto1) + printf("key> nt=%08x nonce distance=%d \n", ntx, nonce_distance(AuthData.nt, ntx)); + else + printf("key> don't have any valid nt( \n"); } //hardnested + if (!traceCrypto1) { + } } diff --git a/client/cmdhflist.h b/client/cmdhflist.h index d0298de5..aa037658 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -33,6 +33,7 @@ extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen); +extern bool NTParityChk(TAuthData *ad, uint32_t ntx); extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize); #endif // CMDHFLIST From e01bc7942cb7dc87350fd095388be58560f32f9a Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sun, 11 Feb 2018 00:40:24 +0200 Subject: [PATCH 16/25] move ks to authdata --- client/cmdhflist.c | 18 +++++++++++------- client/cmdhflist.h | 2 ++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 06bd8d18..1701c13a 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -43,6 +43,8 @@ void ClearAuthData() { AuthData.uid = 0; AuthData.nt = 0; AuthData.first_auth = true; + AuthData.ks2 = 0; + AuthData.ks3 = 0; } /** @@ -266,9 +268,9 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m if (MifareAuthState == masFirstData) { if (AuthData.first_auth) { - uint32_t ks2 = AuthData.ar_enc ^ prng_successor(AuthData.nt, 64); - uint32_t ks3 = AuthData.at_enc ^ prng_successor(AuthData.nt, 96); - struct Crypto1State *revstate = lfsr_recovery64(ks2, ks3); + AuthData.ks2 = AuthData.ar_enc ^ prng_successor(AuthData.nt, 64); + AuthData.ks3 = AuthData.at_enc ^ prng_successor(AuthData.nt, 96); + struct Crypto1State *revstate = lfsr_recovery64(AuthData.ks2, AuthData.ks3); lfsr_rollback_word(revstate, 0, 0); lfsr_rollback_word(revstate, 0, 0); lfsr_rollback_word(revstate, AuthData.nr_enc, 1); @@ -281,12 +283,12 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m PrintAndLog(" | * | key | probable key:%x%x Prng:%s ks2:%08x ks3:%08x | |", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF), validate_prng_nonce(AuthData.nt) ? "WEAK": "HARD", - ks2, - ks3); + AuthData.ks2, + AuthData.ks3); AuthData.first_auth = false; - traceCrypto1 = lfsr_recovery64(ks2, ks3); + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); } else { printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); @@ -321,7 +323,9 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m crypto1_destroy(pcs); if (CheckCrc14443(CRC_14443_A, mfData, cmdsize)) { - traceCrypto1 = lfsr_recovery64(ks2, ks3); + AuthData.ks2 = ks2; + AuthData.ks3 = ks3; + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); break; } } diff --git a/client/cmdhflist.h b/client/cmdhflist.h index aa037658..76b57392 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -25,6 +25,8 @@ typedef struct { uint32_t at_enc; // encrypted tag response uint8_t at_enc_par; // encrypted tag response parity bool first_auth; // is first authentication + uint32_t ks2; // ar ^ ar_enc + uint32_t ks3; // at ^ at_enc } TAuthData; extern void ClearAuthData(); From 856da9a1c081abedef9af96220723eb1031f49e2 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sun, 11 Feb 2018 00:44:24 +0200 Subject: [PATCH 17/25] added cipherstream recovery --- client/cmdhflist.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 1701c13a..64ffed5c 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -295,6 +295,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m // check last used key if (mfLastKey) { if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize)) { + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); }; } @@ -302,7 +303,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m if (!traceCrypto1) { for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize)) { - + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); break; }; } @@ -409,5 +410,11 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) crypto1_destroy(pcs); - return CheckCrc14443(CRC_14443_A, buf, cmdsize); + if(CheckCrc14443(CRC_14443_A, buf, cmdsize)) { + AuthData.ks2 = AuthData.ar_enc ^ ar; + AuthData.ks3 = AuthData.at_enc ^ at; + return true; + } else { + return false; + } } \ No newline at end of file From bf52d74adcfbe3947970d9c2984c36f77af0c9c7 Mon Sep 17 00:00:00 2001 From: Oleg Moiseenko Date: Sun, 11 Feb 2018 00:45:12 +0200 Subject: [PATCH 18/25] small fix --- client/cmdhflist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 64ffed5c..7b3fdca5 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -417,4 +417,4 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) } else { return false; } -} \ No newline at end of file +} From 2d7bdee30b93e3669850b9c16eed23174cf07b65 Mon Sep 17 00:00:00 2001 From: merlokk Date: Mon, 12 Feb 2018 18:53:12 +0200 Subject: [PATCH 19/25] added parity check of deciphered command --- client/cmdhf.c | 2 +- client/cmdhflist.c | 88 +++++++++++++++++++++++++++++++++------------- client/cmdhflist.h | 5 +-- 3 files changed, 68 insertions(+), 27 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 06382abb..ffbc4515 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -433,7 +433,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui } } - if (DecodeMifareData(frame, data_len, isResponse, mfData, &mfDataLen)) { + if (DecodeMifareData(frame, data_len, parityBytes, isResponse, mfData, &mfDataLen)) { memset(explanation, 0x00, sizeof(explanation)); if (!isResponse) { explanation[0] = '>'; diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 7b3fdca5..a9691aa3 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -89,7 +89,6 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { case ISO14443A_CMD_WUPA: snprintf(exp,size,"WUPA"); - MifareAuthState = masNone; break; case ISO14443A_CMD_ANTICOLL_OR_SELECT:{ // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) @@ -115,7 +114,6 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); - MifareAuthState = masNone; break; case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; @@ -189,6 +187,17 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse) { + if (!isResponse && cmdsize == 1) { + switch(cmd[0]) { + case ISO14443A_CMD_WUPA: + case ISO14443A_CMD_REQA: + MifareAuthState = masNone; + break; + default: + break; + } + } + // get UID if (MifareAuthState == masNone) { if (cmdsize == 9 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) { @@ -248,7 +257,7 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 } -bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen) { +bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen) { static struct Crypto1State *traceCrypto1; static uint64_t mfLastKey; @@ -281,7 +290,8 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m crypto1_destroy(revstate); mfLastKey = lfsr; PrintAndLog(" | * | key | probable key:%x%x Prng:%s ks2:%08x ks3:%08x | |", - (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF), + (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), + (unsigned int)(lfsr & 0xFFFFFFFF), validate_prng_nonce(AuthData.nt) ? "WEAK": "HARD", AuthData.ks2, AuthData.ks3); @@ -290,19 +300,29 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); } else { - printf("uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); - // check last used key if (mfLastKey) { - if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize)) { - traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); + if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize, parity)) { + PrintAndLog(" | * | key | last used key:%x%x ks2:%08x ks3:%08x | |", + (unsigned int)((mfLastKey & 0xFFFFFFFF00000000) >> 32), + (unsigned int)(mfLastKey & 0xFFFFFFFF), + AuthData.ks2, + AuthData.ks3); + + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); }; } // check default keys if (!traceCrypto1) { for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ - if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize)) { + if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize, parity)) { + PrintAndLog(" | * | key | default key:%x%x ks2:%08x ks3:%08x | |", + (unsigned int)((MifareDefaultKeys[defaultKeyCounter] & 0xFFFFFFFF00000000) >> 32), + (unsigned int)(MifareDefaultKeys[defaultKeyCounter] & 0xFFFFFFFF), + AuthData.ks2, + AuthData.ks3); + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); break; }; @@ -311,6 +331,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m // nested if (!traceCrypto1 && validate_prng_nonce(AuthData.nt)) { +printf("nested. uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); uint32_t ntx = prng_successor(AuthData.nt, 90); for (int i = 0; i < 16383; i++) { ntx = prng_successor(ntx, 1); @@ -339,6 +360,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *m //hardnested if (!traceCrypto1) { + printf("hardnested not implemented. uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); } } @@ -384,37 +406,55 @@ bool NTParityChk(TAuthData *ad, uint32_t ntx) { return true; } -bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize) { +bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity) { uint8_t buf[32] = {0}; struct Crypto1State *pcs; + AuthData.ks2 = 0; + AuthData.ks3 = 0; + pcs = crypto1_create(key); uint32_t nt1 = crypto1_word(pcs, ad->nt_enc ^ ad->uid, 1) ^ ad->nt_enc; uint32_t ar = prng_successor(nt1, 64); uint32_t at = prng_successor(nt1, 96); - printf("key> nested auth uid: %08x nt: %08x nt_parity: %s ar: %08x at: %08x\n", ad->uid, nt1, printBitsPar(&ad->nt_enc_par, 4), ar, at); - uint32_t nr1 = crypto1_word(pcs, ad->nr_enc, 1) ^ ad->nr_enc; + + crypto1_word(pcs, ad->nr_enc, 1); +// uint32_t nr1 = crypto1_word(pcs, ad->nr_enc, 1) ^ ad->nr_enc; // if needs deciphered nr uint32_t ar1 = crypto1_word(pcs, 0, 0) ^ ad->ar_enc; uint32_t at1 = crypto1_word(pcs, 0, 0) ^ ad->at_enc; - printf("key> the same key test. nr1: %08x ar1: %08x at1: %08x \n", nr1, ar1, at1); - if (NTParityChk(ad, nt1)) - printf("key> the same key test OK. key=%x%x\n", (unsigned int)((key & 0xFFFFFFFF00000000) >> 32), (unsigned int)(key & 0xFFFFFFFF)); - else { - printf("key> the same key test. check nt parity error.\n"); + if (!(ar == ar1 && at == at1 && NTParityChk(ad, nt1))) return false; - } memcpy(buf, cmd, cmdsize); mf_crypto1_decrypt(pcs, buf, cmdsize, 0); crypto1_destroy(pcs); - if(CheckCrc14443(CRC_14443_A, buf, cmdsize)) { - AuthData.ks2 = AuthData.ar_enc ^ ar; - AuthData.ks3 = AuthData.at_enc ^ at; - return true; - } else { + if(!CheckCrc14443(CRC_14443_A, buf, cmdsize)) return false; - } + + if (!CheckCrypto1Parity(cmd, cmdsize, buf, parity)) + return false; + + AuthData.ks2 = AuthData.ar_enc ^ ar; + AuthData.ks3 = AuthData.at_enc ^ at; + + return true; +} + +bool CheckCrypto1Parity(uint8_t *cmd, uint8_t cmdsize, uint8_t *cmd_enc, uint8_t *parity_enc) { + printf("parity check. size=%d\n", cmdsize); + printf("cmd =%s\n", sprint_hex(cmd, cmdsize)); + printf("cmd_enc=%s\n", sprint_hex(cmd_enc, cmdsize)); + printf("parity=%s\n", printBitsPar(parity_enc, cmdsize)); +// (oddparity8(ntx >> 8 & 0xff) ^ (ntx & 0x01) ^ ((ad->nt_enc_par >> 5) & 0x01) ^ (ad->nt_enc & 0x01)) || + for (int i = 0; i < cmdsize - 1; i++) { + bool b = oddparity8(cmd[i]) ^ (cmd[i + 1] & 0x01) ^ ((parity_enc[i / 8] >> (6 - i % 8)) & 0x01) ^ (cmd_enc[i + 1] & 0x01); + printf("i=%d b=%d\n", i, b); + if (b) + return false; + } + + return true; } diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 76b57392..977be288 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -34,8 +34,9 @@ extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); -extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, bool isResponse, uint8_t *mfData, size_t *mfDataLen); +extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen); extern bool NTParityChk(TAuthData *ad, uint32_t ntx); -extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize); +extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity); +extern bool CheckCrypto1Parity(uint8_t *cmd, uint8_t cmdsize, uint8_t *cmd_enc, uint8_t *parity_enc); #endif // CMDHFLIST From 597fca4ff17facc186df1de069d52b3f343c44f6 Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 13 Feb 2018 12:33:15 +0200 Subject: [PATCH 20/25] check parity works --- client/cmdhflist.c | 19 +++++++++++-------- client/cmdhflist.h | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index a9691aa3..7059a223 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -431,29 +431,32 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, crypto1_destroy(pcs); - if(!CheckCrc14443(CRC_14443_A, buf, cmdsize)) - return false; - if (!CheckCrypto1Parity(cmd, cmdsize, buf, parity)) return false; + if(!CheckCrc14443(CRC_14443_A, buf, cmdsize)) + return false; + AuthData.ks2 = AuthData.ar_enc ^ ar; AuthData.ks3 = AuthData.at_enc ^ at; return true; } -bool CheckCrypto1Parity(uint8_t *cmd, uint8_t cmdsize, uint8_t *cmd_enc, uint8_t *parity_enc) { +bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc) { + uint8_t parity[16]; + oddparitybuf(cmd, cmdsize, parity); printf("parity check. size=%d\n", cmdsize); printf("cmd =%s\n", sprint_hex(cmd, cmdsize)); printf("cmd_enc=%s\n", sprint_hex(cmd_enc, cmdsize)); - printf("parity=%s\n", printBitsPar(parity_enc, cmdsize)); + printf("parity =%s\n", printBitsPar(parity, cmdsize)); + printf("parity_enc=%s\n", printBitsPar(parity_enc, cmdsize)); // (oddparity8(ntx >> 8 & 0xff) ^ (ntx & 0x01) ^ ((ad->nt_enc_par >> 5) & 0x01) ^ (ad->nt_enc & 0x01)) || +// (oddparity8(ntx >> 24 & 0xff) ^ (ntx >> 16 & 0x01) ^ ((ad->nt_enc_par >> 7) & 0x01) ^ (ad->nt_enc >> 16 & 0x01)) for (int i = 0; i < cmdsize - 1; i++) { - bool b = oddparity8(cmd[i]) ^ (cmd[i + 1] & 0x01) ^ ((parity_enc[i / 8] >> (6 - i % 8)) & 0x01) ^ (cmd_enc[i + 1] & 0x01); - printf("i=%d b=%d\n", i, b); + bool b = oddparity8(cmd[i]) ^ (cmd[i + 1] & 0x01) ^ ((parity_enc[i / 8] >> (7 - i % 8)) & 0x01) ^ (cmd_enc[i + 1] & 0x01); if (b) - return false; + printf("!!! i=%d \n", i); } return true; diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 977be288..835b17e2 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -37,6 +37,6 @@ extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen); extern bool NTParityChk(TAuthData *ad, uint32_t ntx); extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity); -extern bool CheckCrypto1Parity(uint8_t *cmd, uint8_t cmdsize, uint8_t *cmd_enc, uint8_t *parity_enc); +extern bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc); #endif // CMDHFLIST From 8253ca0e1b91fd5163483badbfd5c4a345cfbdb8 Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 13 Feb 2018 12:35:33 +0200 Subject: [PATCH 21/25] code cleaning --- client/cmdhflist.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 7059a223..962c4f82 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -444,19 +444,9 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, } bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc) { - uint8_t parity[16]; - oddparitybuf(cmd, cmdsize, parity); - printf("parity check. size=%d\n", cmdsize); - printf("cmd =%s\n", sprint_hex(cmd, cmdsize)); - printf("cmd_enc=%s\n", sprint_hex(cmd_enc, cmdsize)); - printf("parity =%s\n", printBitsPar(parity, cmdsize)); - printf("parity_enc=%s\n", printBitsPar(parity_enc, cmdsize)); -// (oddparity8(ntx >> 8 & 0xff) ^ (ntx & 0x01) ^ ((ad->nt_enc_par >> 5) & 0x01) ^ (ad->nt_enc & 0x01)) || -// (oddparity8(ntx >> 24 & 0xff) ^ (ntx >> 16 & 0x01) ^ ((ad->nt_enc_par >> 7) & 0x01) ^ (ad->nt_enc >> 16 & 0x01)) for (int i = 0; i < cmdsize - 1; i++) { - bool b = oddparity8(cmd[i]) ^ (cmd[i + 1] & 0x01) ^ ((parity_enc[i / 8] >> (7 - i % 8)) & 0x01) ^ (cmd_enc[i + 1] & 0x01); - if (b) - printf("!!! i=%d \n", i); + if (oddparity8(cmd[i]) ^ (cmd[i + 1] & 0x01) ^ ((parity_enc[i / 8] >> (7 - i % 8)) & 0x01) ^ (cmd_enc[i + 1] & 0x01)) + return false; } return true; From 0113dcf3fd2d22217c481edac525f907be3c0e0b Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 13 Feb 2018 15:12:41 +0200 Subject: [PATCH 22/25] nested works --- client/cmdhflist.c | 68 ++++++++++++++++++++++++++++------------------ client/cmdhflist.h | 1 + 2 files changed, 42 insertions(+), 27 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 962c4f82..eb61c301 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -266,6 +266,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes if (MifareAuthState == masAuthComplete) { if (traceCrypto1) { crypto1_destroy(traceCrypto1); + traceCrypto1 = NULL; } MifareAuthState = masFirstData; @@ -279,19 +280,10 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes if (AuthData.first_auth) { AuthData.ks2 = AuthData.ar_enc ^ prng_successor(AuthData.nt, 64); AuthData.ks3 = AuthData.at_enc ^ prng_successor(AuthData.nt, 96); - struct Crypto1State *revstate = lfsr_recovery64(AuthData.ks2, AuthData.ks3); - lfsr_rollback_word(revstate, 0, 0); - lfsr_rollback_word(revstate, 0, 0); - lfsr_rollback_word(revstate, AuthData.nr_enc, 1); - lfsr_rollback_word(revstate, AuthData.uid ^ AuthData.nt, 0); - uint64_t lfsr = 0; - crypto1_get_lfsr(revstate, &lfsr); - crypto1_destroy(revstate); - mfLastKey = lfsr; - PrintAndLog(" | * | key | probable key:%x%x Prng:%s ks2:%08x ks3:%08x | |", - (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), - (unsigned int)(lfsr & 0xFFFFFFFF), + mfLastKey = GetCrypto1ProbableKey(&AuthData); + PrintAndLog(" | * | key | probable key:%010"PRIx64" Prng:%s ks2:%08x ks3:%08x | |", + mfLastKey, validate_prng_nonce(AuthData.nt) ? "WEAK": "HARD", AuthData.ks2, AuthData.ks3); @@ -300,12 +292,16 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); } else { + if (traceCrypto1) { + crypto1_destroy(traceCrypto1); + traceCrypto1 = NULL; + } + // check last used key - if (mfLastKey) { + if (false && mfLastKey) { if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize, parity)) { - PrintAndLog(" | * | key | last used key:%x%x ks2:%08x ks3:%08x | |", - (unsigned int)((mfLastKey & 0xFFFFFFFF00000000) >> 32), - (unsigned int)(mfLastKey & 0xFFFFFFFF), + PrintAndLog(" | * | key | last used key:%010"PRIx64" ks2:%08x ks3:%08x | |", + mfLastKey, AuthData.ks2, AuthData.ks3); @@ -314,15 +310,15 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes } // check default keys - if (!traceCrypto1) { + if (false && !traceCrypto1) { for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize, parity)) { - PrintAndLog(" | * | key | default key:%x%x ks2:%08x ks3:%08x | |", - (unsigned int)((MifareDefaultKeys[defaultKeyCounter] & 0xFFFFFFFF00000000) >> 32), - (unsigned int)(MifareDefaultKeys[defaultKeyCounter] & 0xFFFFFFFF), + PrintAndLog(" | * | key | default key:%010"PRIx64" ks2:%08x ks3:%08x | |", + MifareDefaultKeys[defaultKeyCounter], AuthData.ks2, AuthData.ks3); + mfLastKey = MifareDefaultKeys[defaultKeyCounter]; traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); break; }; @@ -331,8 +327,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes // nested if (!traceCrypto1 && validate_prng_nonce(AuthData.nt)) { -printf("nested. uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); - uint32_t ntx = prng_successor(AuthData.nt, 90); + uint32_t ntx = prng_successor(AuthData.nt, 90); for (int i = 0; i < 16383; i++) { ntx = prng_successor(ntx, 1); if (NTParityChk(&AuthData, ntx)){ @@ -344,18 +339,22 @@ printf("nested. uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, mf_crypto1_decrypt(pcs, mfData, cmdsize, 0); crypto1_destroy(pcs); - if (CheckCrc14443(CRC_14443_A, mfData, cmdsize)) { + if (CheckCrypto1Parity(cmd, cmdsize, mfData, parity) && CheckCrc14443(CRC_14443_A, mfData, cmdsize)) { AuthData.ks2 = ks2; AuthData.ks3 = ks3; + + AuthData.nt = ntx; + mfLastKey = GetCrypto1ProbableKey(&AuthData); + PrintAndLog(" | * | key | nested probable key:%010"PRIx64" ks2:%08x ks3:%08x | |", + mfLastKey, + AuthData.ks2, + AuthData.ks3); + traceCrypto1 = lfsr_recovery64(AuthData.ks2, AuthData.ks3); break; } } } - if (traceCrypto1) - printf("key> nt=%08x nonce distance=%d \n", ntx, nonce_distance(AuthData.nt, ntx)); - else - printf("key> don't have any valid nt( \n"); } //hardnested @@ -437,6 +436,7 @@ bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, if(!CheckCrc14443(CRC_14443_A, buf, cmdsize)) return false; + AuthData.nt = nt1; AuthData.ks2 = AuthData.ar_enc ^ ar; AuthData.ks3 = AuthData.at_enc ^ at; @@ -451,3 +451,17 @@ bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t return true; } + +uint64_t GetCrypto1ProbableKey(TAuthData *ad) { + struct Crypto1State *revstate = lfsr_recovery64(ad->ks2, ad->ks3); + lfsr_rollback_word(revstate, 0, 0); + lfsr_rollback_word(revstate, 0, 0); + lfsr_rollback_word(revstate, ad->nr_enc, 1); + lfsr_rollback_word(revstate, ad->uid ^ ad->nt, 0); + + uint64_t lfsr = 0; + crypto1_get_lfsr(revstate, &lfsr); + crypto1_destroy(revstate); + + return lfsr; +} diff --git a/client/cmdhflist.h b/client/cmdhflist.h index 835b17e2..c2c9c03e 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -38,5 +38,6 @@ extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, boo extern bool NTParityChk(TAuthData *ad, uint32_t ntx); extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity); extern bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc); +extern uint64_t GetCrypto1ProbableKey(TAuthData *ad); #endif // CMDHFLIST From 45b4ac09c9ef89b9e5892156e69eda860b29381e Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 13 Feb 2018 17:07:49 +0200 Subject: [PATCH 23/25] added hardnested sketch. final cleaning. --- client/cmdhflist.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/client/cmdhflist.c b/client/cmdhflist.c index eb61c301..1fa02cb3 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -298,7 +298,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes } // check last used key - if (false && mfLastKey) { + if (mfLastKey) { if (NestedCheckKey(mfLastKey, &AuthData, cmd, cmdsize, parity)) { PrintAndLog(" | * | key | last used key:%010"PRIx64" ks2:%08x ks3:%08x | |", mfLastKey, @@ -310,7 +310,7 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes } // check default keys - if (false && !traceCrypto1) { + if (!traceCrypto1) { for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){ if (NestedCheckKey(MifareDefaultKeys[defaultKeyCounter], &AuthData, cmd, cmdsize, parity)) { PrintAndLog(" | * | key | default key:%010"PRIx64" ks2:%08x ks3:%08x | |", @@ -360,6 +360,33 @@ bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isRes //hardnested if (!traceCrypto1) { printf("hardnested not implemented. uid:%x nt:%x ar_enc:%x at_enc:%x\n", AuthData.uid, AuthData.nt, AuthData.ar_enc, AuthData.at_enc); + MifareAuthState = masError; + + /* TOO SLOW( needs to have more strong filter. with this filter - aprox 4 mln tests + uint32_t t = msclock(); + uint32_t t1 = t; + int n = 0; + for (uint32_t i = 0; i < 0xFFFFFFFF; i++) { + if (NTParityChk(&AuthData, i)){ + + uint32_t ks2 = AuthData.ar_enc ^ prng_successor(i, 64); + uint32_t ks3 = AuthData.at_enc ^ prng_successor(i, 96); + struct Crypto1State *pcs = lfsr_recovery64(ks2, ks3); + + + + + n++; + + if (!(n % 100000)) { + printf("delta=%d n=%d ks2=%x ks3=%x \n", msclock() - t1 , n, ks2, ks3); + t1 = msclock(); + } + + } + } + printf("delta=%d n=%d\n", msclock() - t, n); + */ } } From 868deeb783002631e3d57c0358986c6fd866e11a Mon Sep 17 00:00:00 2001 From: merlokk Date: Tue, 13 Feb 2018 17:14:51 +0200 Subject: [PATCH 24/25] move annotate* functions --- client/cmdhf.c | 110 --------------------------------------------- client/cmdhflist.c | 110 +++++++++++++++++++++++++++++++++++++++++++++ client/cmdhflist.h | 4 ++ 3 files changed, 114 insertions(+), 110 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index ffbc4515..ab7bfcdf 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -43,116 +43,6 @@ int CmdHFTune(const char *Cmd) return 0; } -void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - switch(cmd[0]) - { - case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; - case ICLASS_CMD_READ_OR_IDENTIFY:{ - if(cmdsize > 1){ - snprintf(exp,size,"READ(%d)",cmd[1]); - }else{ - snprintf(exp,size,"IDENTIFY"); - } - break; - } - case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; - case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL(%d)", cmd[1]); break; - case ICLASS_CMD_READCHECK_KC:snprintf(exp,size,"READCHECK[Kc](%d)", cmd[1]); break; - case ICLASS_CMD_READCHECK_KD:snprintf(exp,size,"READCHECK[Kd](%d)", cmd[1]); break; - case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; - case ICLASS_CMD_DETECT: snprintf(exp,size,"DETECT"); break; - case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; - case ICLASS_CMD_UPDATE: snprintf(exp,size,"UPDATE(%d)",cmd[1]); break; - case ICLASS_CMD_ACT: snprintf(exp,size,"ACT"); break; - case ICLASS_CMD_READ4: snprintf(exp,size,"READ4(%d)",cmd[1]); break; - default: snprintf(exp,size,"?"); break; - } - return; -} - -void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - - if(cmd[0] == 0x26) - { - switch(cmd[1]){ - case ISO15693_INVENTORY :snprintf(exp, size, "INVENTORY");break; - case ISO15693_STAYQUIET :snprintf(exp, size, "STAY_QUIET");break; - default: snprintf(exp,size,"?"); break; - - } - }else if(cmd[0] == 0x02) - { - switch(cmd[1]) - { - case ISO15693_READBLOCK :snprintf(exp, size, "READBLOCK");break; - case ISO15693_WRITEBLOCK :snprintf(exp, size, "WRITEBLOCK");break; - case ISO15693_LOCKBLOCK :snprintf(exp, size, "LOCKBLOCK");break; - case ISO15693_READ_MULTI_BLOCK :snprintf(exp, size, "READ_MULTI_BLOCK");break; - case ISO15693_SELECT :snprintf(exp, size, "SELECT");break; - case ISO15693_RESET_TO_READY :snprintf(exp, size, "RESET_TO_READY");break; - case ISO15693_WRITE_AFI :snprintf(exp, size, "WRITE_AFI");break; - case ISO15693_LOCK_AFI :snprintf(exp, size, "LOCK_AFI");break; - case ISO15693_WRITE_DSFID :snprintf(exp, size, "WRITE_DSFID");break; - case ISO15693_LOCK_DSFID :snprintf(exp, size, "LOCK_DSFID");break; - case ISO15693_GET_SYSTEM_INFO :snprintf(exp, size, "GET_SYSTEM_INFO");break; - case ISO15693_READ_MULTI_SECSTATUS :snprintf(exp, size, "READ_MULTI_SECSTATUS");break; - default: snprintf(exp,size,"?"); break; - } - } -} - - -void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - switch(cmd[0]) { - case TOPAZ_REQA :snprintf(exp, size, "REQA");break; - case TOPAZ_WUPA :snprintf(exp, size, "WUPA");break; - case TOPAZ_RID :snprintf(exp, size, "RID");break; - case TOPAZ_RALL :snprintf(exp, size, "RALL");break; - case TOPAZ_READ :snprintf(exp, size, "READ");break; - case TOPAZ_WRITE_E :snprintf(exp, size, "WRITE-E");break; - case TOPAZ_WRITE_NE :snprintf(exp, size, "WRITE-NE");break; - case TOPAZ_RSEG :snprintf(exp, size, "RSEG");break; - case TOPAZ_READ8 :snprintf(exp, size, "READ8");break; - case TOPAZ_WRITE_E8 :snprintf(exp, size, "WRITE-E8");break; - case TOPAZ_WRITE_NE8 :snprintf(exp, size, "WRITE-NE8");break; - default: snprintf(exp,size,"?"); break; - } -} - - -/** -06 00 = INITIATE -0E xx = SELECT ID (xx = Chip-ID) -0B = Get UID -08 yy = Read Block (yy = block number) -09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) -0C = Reset to Inventory -0F = Completion -0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) -**/ - -void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) -{ - switch(cmd[0]){ - case ISO14443B_REQB : snprintf(exp,size,"REQB");break; - case ISO14443B_ATTRIB : snprintf(exp,size,"ATTRIB");break; - case ISO14443B_HALT : snprintf(exp,size,"HALT");break; - case ISO14443B_INITIATE : snprintf(exp,size,"INITIATE");break; - case ISO14443B_SELECT : snprintf(exp,size,"SELECT(%d)",cmd[1]);break; - case ISO14443B_GET_UID : snprintf(exp,size,"GET UID");break; - case ISO14443B_READ_BLK : snprintf(exp,size,"READ_BLK(%d)", cmd[1]);break; - case ISO14443B_WRITE_BLK : snprintf(exp,size,"WRITE_BLK(%d)",cmd[1]);break; - case ISO14443B_RESET : snprintf(exp,size,"RESET");break; - case ISO14443B_COMPLETION : snprintf(exp,size,"COMPLETION");break; - case ISO14443B_AUTHENTICATE : snprintf(exp,size,"AUTHENTICATE");break; - default : snprintf(exp,size ,"?");break; - } - -} - /** * @brief iso14443B_CRC_check Checks CRC in command or response * @param isResponse diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 1fa02cb3..bbfb24c8 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -83,6 +83,116 @@ uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len) } } +void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + switch(cmd[0]) + { + case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; + case ICLASS_CMD_READ_OR_IDENTIFY:{ + if(cmdsize > 1){ + snprintf(exp,size,"READ(%d)",cmd[1]); + }else{ + snprintf(exp,size,"IDENTIFY"); + } + break; + } + case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; + case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL(%d)", cmd[1]); break; + case ICLASS_CMD_READCHECK_KC:snprintf(exp,size,"READCHECK[Kc](%d)", cmd[1]); break; + case ICLASS_CMD_READCHECK_KD:snprintf(exp,size,"READCHECK[Kd](%d)", cmd[1]); break; + case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break; + case ICLASS_CMD_DETECT: snprintf(exp,size,"DETECT"); break; + case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break; + case ICLASS_CMD_UPDATE: snprintf(exp,size,"UPDATE(%d)",cmd[1]); break; + case ICLASS_CMD_ACT: snprintf(exp,size,"ACT"); break; + case ICLASS_CMD_READ4: snprintf(exp,size,"READ4(%d)",cmd[1]); break; + default: snprintf(exp,size,"?"); break; + } + return; +} + +void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + + if(cmd[0] == 0x26) + { + switch(cmd[1]){ + case ISO15693_INVENTORY :snprintf(exp, size, "INVENTORY");break; + case ISO15693_STAYQUIET :snprintf(exp, size, "STAY_QUIET");break; + default: snprintf(exp,size,"?"); break; + + } + }else if(cmd[0] == 0x02) + { + switch(cmd[1]) + { + case ISO15693_READBLOCK :snprintf(exp, size, "READBLOCK");break; + case ISO15693_WRITEBLOCK :snprintf(exp, size, "WRITEBLOCK");break; + case ISO15693_LOCKBLOCK :snprintf(exp, size, "LOCKBLOCK");break; + case ISO15693_READ_MULTI_BLOCK :snprintf(exp, size, "READ_MULTI_BLOCK");break; + case ISO15693_SELECT :snprintf(exp, size, "SELECT");break; + case ISO15693_RESET_TO_READY :snprintf(exp, size, "RESET_TO_READY");break; + case ISO15693_WRITE_AFI :snprintf(exp, size, "WRITE_AFI");break; + case ISO15693_LOCK_AFI :snprintf(exp, size, "LOCK_AFI");break; + case ISO15693_WRITE_DSFID :snprintf(exp, size, "WRITE_DSFID");break; + case ISO15693_LOCK_DSFID :snprintf(exp, size, "LOCK_DSFID");break; + case ISO15693_GET_SYSTEM_INFO :snprintf(exp, size, "GET_SYSTEM_INFO");break; + case ISO15693_READ_MULTI_SECSTATUS :snprintf(exp, size, "READ_MULTI_SECSTATUS");break; + default: snprintf(exp,size,"?"); break; + } + } +} + + +void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + switch(cmd[0]) { + case TOPAZ_REQA :snprintf(exp, size, "REQA");break; + case TOPAZ_WUPA :snprintf(exp, size, "WUPA");break; + case TOPAZ_RID :snprintf(exp, size, "RID");break; + case TOPAZ_RALL :snprintf(exp, size, "RALL");break; + case TOPAZ_READ :snprintf(exp, size, "READ");break; + case TOPAZ_WRITE_E :snprintf(exp, size, "WRITE-E");break; + case TOPAZ_WRITE_NE :snprintf(exp, size, "WRITE-NE");break; + case TOPAZ_RSEG :snprintf(exp, size, "RSEG");break; + case TOPAZ_READ8 :snprintf(exp, size, "READ8");break; + case TOPAZ_WRITE_E8 :snprintf(exp, size, "WRITE-E8");break; + case TOPAZ_WRITE_NE8 :snprintf(exp, size, "WRITE-NE8");break; + default: snprintf(exp,size,"?"); break; + } +} + + +/** +06 00 = INITIATE +0E xx = SELECT ID (xx = Chip-ID) +0B = Get UID +08 yy = Read Block (yy = block number) +09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) +0C = Reset to Inventory +0F = Completion +0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) +**/ + +void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + switch(cmd[0]){ + case ISO14443B_REQB : snprintf(exp,size,"REQB");break; + case ISO14443B_ATTRIB : snprintf(exp,size,"ATTRIB");break; + case ISO14443B_HALT : snprintf(exp,size,"HALT");break; + case ISO14443B_INITIATE : snprintf(exp,size,"INITIATE");break; + case ISO14443B_SELECT : snprintf(exp,size,"SELECT(%d)",cmd[1]);break; + case ISO14443B_GET_UID : snprintf(exp,size,"GET UID");break; + case ISO14443B_READ_BLK : snprintf(exp,size,"READ_BLK(%d)", cmd[1]);break; + case ISO14443B_WRITE_BLK : snprintf(exp,size,"WRITE_BLK(%d)",cmd[1]);break; + case ISO14443B_RESET : snprintf(exp,size,"RESET");break; + case ISO14443B_COMPLETION : snprintf(exp,size,"COMPLETION");break; + case ISO14443B_AUTHENTICATE : snprintf(exp,size,"AUTHENTICATE");break; + default : snprintf(exp,size ,"?");break; + } + +} + void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { switch(cmd[0]) diff --git a/client/cmdhflist.h b/client/cmdhflist.h index c2c9c03e..8f289b48 100644 --- a/client/cmdhflist.h +++ b/client/cmdhflist.h @@ -32,6 +32,10 @@ extern void ClearAuthData(); extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len); extern uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len); +extern void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); +extern void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); +extern void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); +extern void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize); extern void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8_t* parity, uint8_t paritysize, bool isResponse); extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen); From 079563a092d41495df0cc5ac00772d08b802d465 Mon Sep 17 00:00:00 2001 From: merlokk Date: Wed, 14 Feb 2018 12:36:22 +0200 Subject: [PATCH 25/25] small fix and added line to changelog. --- CHANGELOG.md | 1 + client/cmdhflist.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4162c638..f1d32ae0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added to `hf emv exec` MSD path for VISA and Mastercard and some other compatible EMV cards (Merlok) - Added to `hf emv exec` SDA, DDA, fast DDA, CDA calculations for VISA and Mastercard and some other compatible EMV cards (Merlok) - Added `hf emv test` - crypto tests for DES, AES, SHA, RSA, SDA, DDA, CDA and some other crypto functions (Merlok) +- Added `hf list mf` - deciphers crypto1 stream and works with first authentication and weak nested authentications (Merlok) ## [3.0.1][2017-06-08] diff --git a/client/cmdhflist.c b/client/cmdhflist.c index bbfb24c8..82e35c27 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -325,11 +325,12 @@ void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, uint8 if (cmdsize == 4 && isResponse) { snprintf(exp,size,"AUTH: nt %s", (AuthData.first_auth) ? "" : "(enc)"); MifareAuthState = masNrAr; - if (AuthData.first_auth) + if (AuthData.first_auth) { AuthData.nt = bytes_to_num(cmd, 4); - else + } else { AuthData.nt_enc = bytes_to_num(cmd, 4); AuthData.nt_enc_par = parity[0]; + } return; } else { MifareAuthState = masError;