client/src/mifare/mifarehost.h

   1 //-----------------------------------------------------------------------------
   2 // Borrowed initially from https://nethemba.com/tag/darkside-attack/
   3 // Copyright (C) mifare@nethemba.com, 2010
   4 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   5 //
   6 // This program is free software: you can redistribute it and/or modify
   7 // it under the terms of the GNU General Public License as published by
   8 // the Free Software Foundation, either version 3 of the License, or
   9 // (at your option) any later version.
  10 //
  11 // This program is distributed in the hope that it will be useful,
  12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 // GNU General Public License for more details.
  15 //
  16 // See LICENSE.txt for the text of the license.
  17 //-----------------------------------------------------------------------------
  18 // High frequency ISO14443A commands
  19 //-----------------------------------------------------------------------------
  20 #ifndef __MIFARE_HOST_H
  21 #define __MIFARE_HOST_H
  22
  23 #include "common.h"
  24
  25 #include "util.h"       // FILE_PATH_SIZE
  26 #include "mifaredefault.h"      // consts
  27 #include "protocol_vigik.h"
  28
  29 #define MIFARE_SECTOR_RETRY     10
  30
  31 // mifare tracer flags
  32 #define TRACE_IDLE              0x00
  33 #define TRACE_AUTH1             0x01
  34 #define TRACE_AUTH2             0x02
  35 #define TRACE_AUTH_OK           0x03
  36 #define TRACE_READ_DATA         0x04
  37 #define TRACE_WRITE_OK          0x05
  38 #define TRACE_WRITE_DATA        0x06
  39 #define TRACE_ERROR             0xFF
  40
  41 typedef struct {
  42     union {
  43         struct Crypto1State *slhead;
  44         uint64_t *keyhead;
  45     } head;
  46     union {
  47         struct Crypto1State *sltail;
  48         uint64_t *keytail;
  49     } tail;
  50     uint32_t len;
  51     uint32_t uid;
  52     uint32_t blockNo;
  53     uint32_t keyType;
  54     uint32_t nt_enc;
  55     uint32_t ks1;
  56 } StateList_t;
  57
  58 typedef struct {
  59     uint64_t Key[2];
  60     uint8_t foundKey[2];
  61 } sector_t;
  62
  63 typedef struct {
  64     uint8_t keyA[MIFARE_KEY_SIZE];
  65     uint8_t keyB[MIFARE_KEY_SIZE];
  66     //uint8_t foundKey[2];
  67 } icesector_t;
  68
  69 #define KEYS_IN_BLOCK   ((PM3_CMD_DATA_SIZE - 5) / MIFARE_KEY_SIZE)
  70 #define KEYBLOCK_SIZE   (KEYS_IN_BLOCK * MIFARE_KEY_SIZE)
  71 #define CANDIDATE_SIZE  (0xFFFF * MIFARE_KEY_SIZE)
  72
  73 int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key);
  74 int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *resultKey, bool calibrate);
  75 int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *resultKey);
  76 int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t *keyBlock, uint64_t *key);
  77 int mfCheckKeys_fast(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
  78                      uint8_t strategy, uint32_t size, uint8_t *keyBlock, sector_t *e_sector,
  79                      bool use_flashmemory, bool verbose);
  80 int mfCheckKeys_fast_ex(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk, uint8_t strategy,
  81                         uint32_t size, uint8_t *keyBlock, sector_t *e_sector, bool use_flashmemory,
  82                         bool verbose, bool quiet, uint16_t singleSectorParams);
  83
  84 int mfCheckKeys_file(uint8_t *destfn, uint64_t *key);
  85
  86 int mfKeyBrute(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint64_t *resultkey);
  87
  88 int mfReadSector(uint8_t sectorNo, uint8_t keyType, const uint8_t *key, uint8_t *data);
  89 int mfReadBlock(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint8_t *data);
  90
  91 int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
  92 int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
  93 int mfEmlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth);
  94
  95 int mfCSetUID(uint8_t *uid, uint8_t uidlen, const uint8_t *atqa, const uint8_t *sak, uint8_t *old_uid, uint8_t *verifed_uid, uint8_t wipecard);
  96 int mfCWipe(uint8_t *uid, const uint8_t *atqa, const uint8_t *sak);
  97 int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, uint8_t params);
  98 int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);
  99
 100 int mfGen3UID(uint8_t *uid, uint8_t uidlen, uint8_t *oldUid);
 101 int mfGen3Block(uint8_t *block, int blockLen, uint8_t *newBlock);
 102 int mfGen3Freeze(void);
 103
 104 int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);
 105
 106 int detect_classic_prng(void);
 107 int detect_classic_nackbug(bool verbose);
 108 uint16_t detect_mf_magic(bool is_mfc, uint8_t key_type, uint64_t key);
 109 int detect_classic_static_nonce(void);
 110 int detect_classic_static_encrypted_nonce_ex(uint8_t block_no, uint8_t key_type, uint8_t *key, uint8_t block_no_nested, uint8_t key_type_nested, uint8_t *key_nested, uint8_t nr_nested, bool reset, bool hardreset, bool addread, bool addauth, bool incblk2, bool corruptnrar, bool corruptnrarparity, bool verbose);
 111 int detect_classic_static_encrypted_nonce(uint8_t block_no, uint8_t key_type, uint8_t *key);
 112 bool detect_mfc_ev1_signature(void);
 113 int read_mfc_ev1_signature(uint8_t *signature);
 114
 115
 116 void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted);
 117
 118 // remove all sector trailers in a MFC dump
 119 int convert_mfc_2_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen);
 120 const char *vigik_get_service(uint16_t service_code);
 121 int vigik_verify(mfc_vigik_t *d);
 122 int vigik_annotate(mfc_vigik_t *d);
 123 #endif