tools/hitag2crack/hitag2_gen_nRaR.py

   1 #!/usr/bin/env python3
   2
   3 """
   4 HITAG2 cipher
   5 Implemented by Aram Verstegen
   6 """
   7 import random
   8
   9 def i4(x, a, b, c, d):
  10     return (((x >> a) & 1)*8)+((x >> b) & 1)*4+((x >> c) & 1)*2+((x >> d) & 1)
  11
  12
  13 def f20_4(state):
  14     return ((0x3c65 >> i4(state,34,43,44,46)) & 1)
  15
  16 def f20_3(state):
  17     return (( 0xee5 >> i4(state,28,29,31,33)) & 1)
  18
  19 def f20_2(state):
  20     return (( 0xee5 >> i4(state,17,21,23,26)) & 1)
  21
  22 def f20_1(state):
  23     return (( 0xee5 >> i4(state, 8,12,14,15)) & 1)
  24
  25 def f20_0(state):
  26     return ((0x3c65 >> i4(state, 2, 3, 5, 6)) & 1)
  27
  28 def f20_last(s0,s1,s2,s3,s4):
  29     return (0xdd3929b >> ((s0 * 16)
  30                         + (s1 *  8)
  31                         + (s2 *  4)
  32                         + (s3 *  2)
  33                         + (s4 *  1))) & 1
  34
  35 def f20(state):
  36     return f20_last(f20_0(state), f20_1(state), f20_2(state), f20_3(state), f20_4(state))
  37
  38 def lfsr_bs(state, i):
  39     return (state[i+ 0] ^ state[i+ 2] ^ state[i+ 3] ^ state[i+ 6] ^
  40             state[i+ 7] ^ state[i+ 8] ^ state[i+16] ^ state[i+22] ^
  41             state[i+23] ^ state[i+26] ^ state[i+30] ^ state[i+41] ^
  42             state[i+42] ^ state[i+43] ^ state[i+46] ^ state[i+47])
  43
  44 def f20a_bs(a,b,c,d):
  45     return (~(((a|b)&c)^(a|d)^b)) # 6 ops
  46 def f20b_bs(a,b,c,d):
  47     return (~(((d|c)&(a^b))^(d|a|b))) # 7 ops
  48 def f20c_bs(a,b,c,d,e):
  49     return (~((((((c^e)|d)&a)^b)&(c^b))^(((d^e)|a)&((d^b)|c)))) # 13 ops
  50
  51 def filter_bs(state, i):
  52     return (f20c_bs( f20a_bs(state[i+ 2],state[i+ 3],state[i+ 5],state[i+ 6]),
  53                      f20b_bs(state[i+ 8],state[i+12],state[i+14],state[i+15]),
  54                      f20b_bs(state[i+17],state[i+21],state[i+23],state[i+26]),
  55                      f20b_bs(state[i+28],state[i+29],state[i+31],state[i+33]),
  56                      f20a_bs(state[i+34],state[i+43],state[i+44],state[i+46])))
  57
  58 def unbitslice(s, n):
  59     return int(''.join(map(str,map(int,map(bool,s[n:n+48])))[::-1]),2)
  60
  61 def hitag2_init(key, uid, nonce):
  62     state = 0
  63     for i in range(32, 48):
  64         state = (state << 1) | ((key >> i) & 1)
  65     for i in range(0, 32):
  66         state = (state << 1) | ((uid >> i) & 1)
  67     #print '%012x' % state
  68     #print '%012x' % (int("{0:048b}".format(state)[::-1],2))
  69     for i in range(0, 32):
  70         nonce_bit = (f20(state) ^ ((nonce >> (31 - i)) & 1))
  71         #print nonce_bit
  72         state = (state >> 1) | (((nonce_bit ^ (key >> (31 - i))) & 1) << 47)
  73     #print '%012x' % state
  74     #print '%012x' % (int("{0:048b}".format(state)[::-1],2))
  75     return state
  76
  77 def lfsr_feedback(state):
  78     return (((state >>  0) ^ (state >>  2) ^ (state >>  3)
  79             ^ (state >>  6) ^ (state >>  7) ^ (state >>  8)
  80             ^ (state >> 16) ^ (state >> 22) ^ (state >> 23)
  81             ^ (state >> 26) ^ (state >> 30) ^ (state >> 41)
  82             ^ (state >> 42) ^ (state >> 43) ^ (state >> 46)
  83             ^ (state >> 47)) & 1)
  84
  85 def lfsr(state):
  86     return (state >>  1) + (lfsr_feedback(state) << 47)
  87
  88 def lfsr_feedback_inv(state):
  89     return (((state >>  47) ^ (state >>  1) ^ (state >>  2)
  90             ^ (state >>  5) ^ (state >>  6) ^ (state >>  7)
  91             ^ (state >> 15) ^ (state >> 21) ^ (state >> 22)
  92             ^ (state >> 25) ^ (state >> 29) ^ (state >> 40)
  93             ^ (state >> 41) ^ (state >> 42) ^ (state >> 45)
  94             ^ (state >> 46)) & 1)
  95
  96 def lfsr_inv(state):
  97     return ((state <<  1) + (lfsr_feedback_inv(state))) & ((1 << 48) - 1)
  98
  99 def hitag2(state, length=48):
 100     c = 0
 101     for i in range(0, length):
 102         c = (c << 1) | f20(state)
 103         #print ('%012x' % state)
 104         state = lfsr(state)
 105         #print ('%012x' % (int("{0:048b}".format(state)[::-1],2)))
 106         #print('%08X %08X' % (c, state))
 107     #print('final: %08X %08X' % (c, state))
 108     return c
 109
 110 if __name__ == "__main__":
 111     import sys
 112
 113     if len(sys.argv) == 4:
 114         key = int(sys.argv[1], 16)
 115         uid = int(sys.argv[2], 16)
 116         n = int(sys.argv[3])
 117         for i in range(n):
 118             nonce = random.randrange(2**32)
 119             state = hitag2_init(key, uid, nonce)
 120             print('%08X %08X' % (nonce, hitag2(state, 32) ^ 0xffffffff))
 121
 122     elif len(sys.argv) == 5:
 123         key = int(sys.argv[1], 16)
 124         uid = int(sys.argv[2], 16)
 125         n = int(sys.argv[3])
 126         for i in range(n):
 127             nonceA = random.randrange(2**32)
 128             stateA = hitag2_init(key, uid, nonceA)
 129             csA = hitag2(stateA, 32) ^ 0xffffffff
 130             # print('%08X %08X' % (nonceA, csA))
 131
 132             nonceB = random.randrange(2**32)
 133             stateB = hitag2_init(key, uid, nonceB)
 134             csB = hitag2(stateB, 32) ^ 0xffffffff
 135             print('./ht2crack5opencl %08X %08X %08X %08X %08X' % (uid, nonceA, csA, nonceB, csB))
 136             print('lf hitag lookup --uid %08X --nr %08X --ar %08X --key %012X' % (uid, nonceA, csA, key))
 137     else:
 138         print("Usage: python %s <key> <uid> <nr of nRaR to generate>" % sys.argv[0])