Removed openssl from the mfu-stuff

2025-08-19 04:49:38 -07:00 · 2015-01-22 21:02:21 +01:00 · 2015-01-22 21:02:21 +01:00 · afceaf4018
commit afceaf4018
parent c54d1394c6
3 changed files with 356 additions and 259 deletions
--- a/client/Makefile
+++ b/client/Makefile
@ -9,13 +9,12 @@ include ../common/Makefile.common
 CC=gcc
 CXX=g++
 #COMMON_FLAGS = -m32
-
 VPATH = ../common
 OBJDIR = obj

 LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
 LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
+CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
 LUAPLATFORM = generic
 ifneq (,$(findstring MINGW,$(platform)))
 CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
--- a/client/cmdhfmfu.c
+++ b/client/cmdhfmfu.c
@ -7,7 +7,8 @@
 //-----------------------------------------------------------------------------
 // High frequency MIFARE ULTRALIGHT (C) commands
 //-----------------------------------------------------------------------------
-#include <openssl/des.h>
+//#include <openssl/des.h>
+#include "loclass/des.h"
 #include "cmdhfmfu.h"
 #include "cmdhfmf.h"
 #include "cmdhf14a.h"
@ -16,11 +17,7 @@
 #define MAX_ULTRA_BLOCKS   0x0f
 #define MAX_ULTRAC_BLOCKS  0x2f
 //#define MAX_ULTRAC_BLOCKS  0x2c
-uint8_t key1_blnk_data[16] = { 0x00 };
-uint8_t key2_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
-uint8_t key3_3des_data[16] = { 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 };
-uint8_t key4_nfc_data[16]  = { 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 };
-uint8_t key5_ones_data[16] = { 0x01 };
+

 static int CmdHelp(const char *Cmd);

@ -336,33 +333,19 @@ int CmdHF14AMfUDump(const char *Cmd){
 	else
 		len = param_getstr(Cmd,1,filename);

-	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+	if (len > FILE_PATH_SIZE-5) len = FILE_PATH_SIZE-5;

 	// user supplied filename?
 	if (len < 1) {
 	
 		// UID = data 0-1-2 4-5-6-7  (skips a beat)
-		sprintf(fnameptr, "%02X", data[0]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[1]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[2]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[4]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[5]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[6]);
-		fnameptr += 2;
-		sprintf(fnameptr, "%02X", data[7]);
-		fnameptr += 2;
+		sprintf(fnameptr,"%02X%02X%02X%02X%02X%02X%02X.bin",
+			data[0],data[1], data[2], data[4],data[5],data[6], data[7]);

 	} else {
-		fnameptr += len;
+		sprintf(fnameptr + len," .bin");
 	}

-	// add file extension
-	sprintf(fnameptr, ".bin"); 

 	if ((fout = fopen(filename,"wb")) == NULL) { 
 		PrintAndLog("Could not create file name %s", filename);
@ -393,62 +376,49 @@ void rol (uint8_t *data, const size_t len){
 //
 int CmdHF14AMfucAuth(const char *Cmd){

-    uint8_t blockNo = 0, keyNo = 0;
-    uint8_t e_RndB[8] = {0x00};
-    uint32_t cuid = 0;
-    unsigned char RndARndB[16] = {0x00};
-    uint8_t key[16] = {0x00};
-    DES_cblock RndA, RndB;
-    DES_cblock iv;
-    DES_key_schedule ks1,ks2;
-    DES_cblock key1,key2;
+	uint8_t default_keys[5][16] = {
+		{ 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 },// 3des std key
+		{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },// all zeroes
+		{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },// 0x00-0x0F
+		{ 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 },// NFC-key
+		{ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 }	// all ones
+	};

 	char cmdp = param_getchar(Cmd, 0);
-	// 
-	memset(iv, 0, 8);
+	
+	uint8_t keyNo = 0;
+	bool errors = false;
+	//Change key to user defined one
+	if (cmdp == 'k' || cmdp == 'K'){
+		keyNo = param_get8(Cmd, 1);
+		if(keyNo >= 4) errors = true;
+	}

 	if (cmdp == 'h' || cmdp == 'H') {
+		errors = true;
+	}
+
+	if (errors) {
 		PrintAndLog("Usage:  hf mfu cauth k <key number>");
-		PrintAndLog("      1 = all zeros key");
-		PrintAndLog("      2 = 0x00-0x0F key");
-		PrintAndLog("      3 = nfc key");
-		PrintAndLog("      4 = all ones key");
-		PrintAndLog("      defaults to 3DES standard key");
+		PrintAndLog("      0 (default): 3DES standard key");
+		PrintAndLog("      1 : all zeros key");
+		PrintAndLog("      2 : 0x00-0x0F key");
+		PrintAndLog("      3 : nfc key");
+		PrintAndLog("      4 : all ones key");
 		PrintAndLog("        sample : hf mfu cauth k");
 		PrintAndLog("               : hf mfu cauth k 3");
 		return 0;
 	} 

-    //Change key to user defined one
-    if (cmdp == 'k' || cmdp == 'K'){
-
-		keyNo = param_get8(Cmd, 1);
-        
-		switch(keyNo){
-            case 0:
-                memcpy(key,key1_blnk_data,16);
-                break;
-            case 1:
-                memcpy(key,key2_defa_data,16);
-                break;
-			case 2:	
-                memcpy(key,key4_nfc_data,16);
-                break;
-			case 3: 
-				memcpy(key,key5_ones_data,16);
-                break;
-            default:
-                memcpy(key,key3_3des_data,16);
-                break;
-        }
-    } else {
-        memcpy(key,key3_3des_data,16);  
-    }
-	
-    memcpy(key1,key,8);
-    memcpy(key2,key+8,8);
-    DES_set_key((DES_cblock *)key1,&ks1);
-    DES_set_key((DES_cblock *)key2,&ks2);
+	uint8_t random_a[8]     = { 1,1,1,1,1,1,1,1 };
+	//uint8_t enc_random_a[8] = { 0 };
+	uint8_t random_b[8]     = { 0 };
+	uint8_t enc_random_b[8] = { 0 };
+	uint8_t random_a_and_b[16] = { 0 };
+	des3_context ctx        = { 0 };
+	uint8_t *key = default_keys[keyNo];
+	uint8_t blockNo = 0;
+	uint32_t cuid = 0;

 	//Auth1
 	UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
@ -461,8 +431,9 @@ int CmdHF14AMfucAuth(const char *Cmd){

 		if (isOK){
 			PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
-			memcpy(e_RndB,data+1,8);
+			memcpy(enc_random_b,data+1,8);
 		} else {
+			PrintAndLog("Auth failed");
 			return 2; // auth failed.
 		}		
 	} else {
@ -470,21 +441,46 @@ int CmdHF14AMfucAuth(const char *Cmd){
 		return 1;
 	}

-    //Do crypto magic
-    DES_random_key(&RndA);
-    DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
-    PrintAndLog("     RndB:%s",sprint_hex(RndB, 8));
-    PrintAndLog("     RndA:%s",sprint_hex(RndA, 8));
-    rol(RndB,8);
-    memcpy(RndARndB,RndA,8);
-    memcpy(RndARndB+8,RndB,8);
-    PrintAndLog("     RA+B:%s",sprint_hex(RndARndB, 16));
-    DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
-    PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
+	uint8_t iv[8]           = { 0 };
+	// Do we need random ? Right now we use all ones, is that random enough ?
+//    DES_random_key(&RndA);
+
+	PrintAndLog("     RndA  :%s",sprint_hex(random_a, 8));
+	PrintAndLog("     e_RndB:%s",sprint_hex(enc_random_b, 8));
+
+	des3_set2key_dec(&ctx, key);
+
+	des3_crypt_cbc(&ctx      // des3_context *ctx
+		, DES_DECRYPT        // int mode
+		, sizeof(random_b)   // size_t length
+		, iv                 // unsigned char iv[8]
+		, enc_random_b       // const unsigned char *input
+		, random_b           // unsigned char *output
+		);
+
+	PrintAndLog("     RndB:%s",sprint_hex(random_b, 8));
+
+	rol(random_b,8);
+	memcpy(random_a_and_b  ,random_a,8);
+	memcpy(random_a_and_b+8,random_b,8);
+	
+	PrintAndLog("     RA+B:%s",sprint_hex(random_a_and_b, 16));
+
+	des3_set2key_enc(&ctx, key);
+
+	des3_crypt_cbc(&ctx          // des3_context *ctx
+		, DES_ENCRYPT            // int mode
+		, sizeof(random_a_and_b)   // size_t length
+		, enc_random_b           // unsigned char iv[8]
+		, random_a_and_b         // const unsigned char *input
+		, random_a_and_b         // unsigned char *output
+		);
+
+	PrintAndLog("enc(RA+B):%s",sprint_hex(random_a_and_b, 16));

 	//Auth2
 	UsbCommand d = {CMD_MIFAREUC_AUTH2, {cuid}};
-    memcpy(d.d.asBytes,RndARndB, 16);
+	memcpy(d.d.asBytes,random_a_and_b, 16);
 	SendCommand(&d);

 	UsbCommand respb;
@ -504,7 +500,102 @@ int CmdHF14AMfucAuth(const char *Cmd){
 	} 
 	return 0;
 }
+/**
+A test function to validate that the polarssl-function works the same 
+was as the openssl-implementation. 
+Commented out, since it requires openssl 

+int CmdTestDES(const char * cmd)
+{
+	uint8_t key[16] = {0x00};	
+	
+	memcpy(key,key3_3des_data,16);  
+	DES_cblock RndA, RndB;
+
+	PrintAndLog("----------OpenSSL DES implementation----------");
+	{
+		uint8_t e_RndB[8] = {0x00};
+		unsigned char RndARndB[16] = {0x00};
+
+		DES_cblock iv = { 0 };
+		DES_key_schedule ks1,ks2;
+		DES_cblock key1,key2;
+
+		memcpy(key,key3_3des_data,16);  
+		memcpy(key1,key,8);
+		memcpy(key2,key+8,8);
+
+
+		DES_set_key((DES_cblock *)key1,&ks1);
+		DES_set_key((DES_cblock *)key2,&ks2);
+
+		DES_random_key(&RndA);
+		PrintAndLog("     RndA:%s",sprint_hex(RndA, 8));
+		PrintAndLog("     e_RndB:%s",sprint_hex(e_RndB, 8));
+		//void DES_ede2_cbc_encrypt(const unsigned char *input,
+		//    unsigned char *output, long length, DES_key_schedule *ks1,
+		//    DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+		DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
+
+		PrintAndLog("     RndB:%s",sprint_hex(RndB, 8));
+		rol(RndB,8);
+		memcpy(RndARndB,RndA,8);
+		memcpy(RndARndB+8,RndB,8);
+		PrintAndLog("     RA+B:%s",sprint_hex(RndARndB, 16));
+		DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
+		PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
+
+	}
+	PrintAndLog("----------PolarSSL implementation----------");
+	{
+		uint8_t random_a[8]     = { 0 };
+		uint8_t enc_random_a[8] = { 0 };
+		uint8_t random_b[8]     = { 0 };
+		uint8_t enc_random_b[8] = { 0 };
+		uint8_t random_a_and_b[16] = { 0 };
+		des3_context ctx        = { 0 };
+
+		memcpy(random_a, RndA,8);
+
+		uint8_t output[8]       = { 0 };
+		uint8_t iv[8]           = { 0 };
+
+		PrintAndLog("     RndA  :%s",sprint_hex(random_a, 8));
+		PrintAndLog("     e_RndB:%s",sprint_hex(enc_random_b, 8));
+
+		des3_set2key_dec(&ctx, key);
+
+		des3_crypt_cbc(&ctx      // des3_context *ctx
+			, DES_DECRYPT        // int mode
+			, sizeof(random_b)   // size_t length
+			, iv                 // unsigned char iv[8]
+			, enc_random_b       // const unsigned char *input
+			, random_b           // unsigned char *output
+			);
+
+		PrintAndLog("     RndB:%s",sprint_hex(random_b, 8));
+
+		rol(random_b,8);
+		memcpy(random_a_and_b  ,random_a,8);
+		memcpy(random_a_and_b+8,random_b,8);
+		
+		PrintAndLog("     RA+B:%s",sprint_hex(random_a_and_b, 16));
+
+		des3_set2key_enc(&ctx, key);
+
+		des3_crypt_cbc(&ctx          // des3_context *ctx
+			, DES_ENCRYPT            // int mode
+			, sizeof(random_a_and_b)   // size_t length
+			, enc_random_b           // unsigned char iv[8]
+			, random_a_and_b         // const unsigned char *input
+			, random_a_and_b         // unsigned char *output
+			);
+
+		PrintAndLog("enc(RA+B):%s",sprint_hex(random_a_and_b, 16));
+	}
+	return 0;	
+}
+**/
 //
 // Ultralight C Read Single Block
 //
@ -634,6 +725,7 @@ static command_t CommandTable[] =
 	{"crdbl",	CmdHF14AMfUCRdBl,	0,"Read block - MIFARE Ultralight C"},
 	{"cwrbl",	CmdHF14AMfUCWrBl,	0,"Write MIFARE Ultralight C block"},   
 	{"cauth",	CmdHF14AMfucAuth,	0,"try a Ultralight C Authentication"},
+	//{"testdes", CmdTestDES ,        1, "Test DES"},
 	{NULL, NULL, 0, NULL}
 };

--- a/client/loclass/des.h
+++ b/client/loclass/des.h
@ -28,6 +28,12 @@
 #define POLARSSL_DES_H

 //#include "config.h"
+/**
+ * \def POLARSSL_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define POLARSSL_CIPHER_MODE_CBC
 
 #include <string.h>