tools/mfkey/mfkey64.c

   1 #define __STDC_FORMAT_MACROS
   2 #include <inttypes.h>
   3 #include <stdbool.h>
   4 #include <stdio.h>
   5 #include <string.h>
   6 #include <stdlib.h>
   7 #include "crapto1/crapto1.h"
   8 #include "util_posix.h"
   9
  10 int main(int argc, char *argv[]) {
  11     struct Crypto1State *revstate;
  12     uint64_t key;     // recovered key
  13     uint32_t uid;     // serial number
  14     uint32_t nt;      // tag challenge
  15     uint32_t nr_enc;  // encrypted reader challenge
  16     uint32_t ar_enc;  // encrypted reader response
  17     uint32_t at_enc;  // encrypted tag response
  18     uint32_t ks2;     // keystream used to encrypt reader response
  19     uint32_t ks3;     // keystream used to encrypt tag response
  20
  21     printf("MIFARE Classic key recovery - based 64 bits of keystream\n");
  22     printf("Recover key from only one complete authentication!\n\n");
  23
  24     if (argc < 6) {
  25         printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}> [enc...]\n\n", argv[0]);
  26         return 1;
  27     }
  28
  29     int encc = argc - 6;
  30     int enclen[encc];
  31     uint8_t enc[encc][120];
  32
  33     sscanf(argv[1], "%x", &uid);
  34     sscanf(argv[2], "%x", &nt);
  35     sscanf(argv[3], "%x", &nr_enc);
  36     sscanf(argv[4], "%x", &ar_enc);
  37     sscanf(argv[5], "%x", &at_enc);
  38     for (int i = 0; i < encc; i++) {
  39         enclen[i] = strlen(argv[i + 6]) / 2;
  40         for (int i2 = 0; i2 < enclen[i]; i2++) {
  41             sscanf(argv[i + 6] + i2 * 2, "%2hhx", &enc[i][i2]);
  42         }
  43     }
  44
  45     printf("Recovering key for:\n");
  46
  47     printf("  uid: %08x\n", uid);
  48     printf("   nt: %08x\n", nt);
  49     printf(" {nr}: %08x\n", nr_enc);
  50     printf(" {ar}: %08x\n", ar_enc);
  51     printf(" {at}: %08x\n", at_enc);
  52
  53     for (int i = 0; i < encc; i++) {
  54         printf("{enc%d}: ", i);
  55         for (int i2 = 0; i2 < enclen[i]; i2++) {
  56             printf("%02x", enc[i][i2]);
  57         }
  58         printf("\n");
  59     }
  60
  61     // Generate lfsr succesors of the tag challenge
  62     printf("\nLFSR succesors of the tag challenge:\n");
  63     uint32_t p64 = prng_successor(nt, 64);
  64     printf("  nt': %08x\n", p64);
  65     printf(" nt'': %08x\n", prng_successor(p64, 32));
  66
  67     // Extract the keystream from the messages
  68     printf("\nKeystream used to generate {ar} and {at}:\n");
  69     ks2 = ar_enc ^ p64;
  70     ks3 = at_enc ^ prng_successor(p64, 32);
  71     printf("  ks2: %08x\n", ks2);
  72     printf("  ks3: %08x\n", ks3);
  73
  74     revstate = lfsr_recovery64(ks2, ks3);
  75
  76     // Decrypting communication using keystream if presented
  77     if (argc > 6) {
  78         printf("\nDecrypted communication:\n");
  79         uint8_t ks4;
  80         int rollb = 0;
  81         for (int i = 0; i < encc; i++) {
  82             printf("{dec%d}: ", i);
  83             for (int i2 = 0; i2 < enclen[i]; i2++) {
  84                 ks4 = crypto1_byte(revstate, 0, 0);
  85                 printf("%02x", ks4 ^ enc[i][i2]);
  86                 rollb += 1;
  87             }
  88             printf("\n");
  89         }
  90         for (int i = 0; i < rollb; i++)
  91             lfsr_rollback_byte(revstate, 0, 0);
  92     }
  93
  94     lfsr_rollback_word(revstate, 0, 0);
  95     lfsr_rollback_word(revstate, 0, 0);
  96     lfsr_rollback_word(revstate, nr_enc, 1);
  97     lfsr_rollback_word(revstate, uid ^ nt, 0);
  98     crypto1_get_lfsr(revstate, &key);
  99     printf("\nFound Key: [%012" PRIx64 "]\n\n", key);
 100     crypto1_destroy(revstate);
 101     return 0;
 102 }