From 451f2fa29cb0fe98b751b95d07d39d0886dfd6f7 Mon Sep 17 00:00:00 2001 From: Romuald Conty Date: Sun, 3 Jun 2012 21:23:51 +0000 Subject: [PATCH] use authuid instead uid name when handling the authentication uid bytes (different from UID with 7bytes MIFARE Classic --- src/mfoc.c | 18 +++++++----------- src/mfoc.h | 2 +- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/src/mfoc.c b/src/mfoc.c index cad1d75..11b6fad 100644 --- a/src/mfoc.c +++ b/src/mfoc.c @@ -214,13 +214,9 @@ int main(int argc, char * const argv[]) { goto error; } - // TODO: Support Mifare Classic with 7 bytes UID ? - if (t.nt.nti.nai.szUidLen != 4) { - ERR ("only Mifare Classic with UID on 4 bytes are supported"); - } // Save tag's block size (b4K) t.b4K = (t.nt.nti.nai.abtAtqa[1] == 0x02); - t.uid = (uint32_t) bytes_to_num(t.nt.nti.nai.abtUid, 4); + t.authuid = (uint32_t) bytes_to_num(t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, 4); t.num_blocks = (t.b4K) ? 0xff : 0x3f; t.num_sectors = t.b4K ? NR_TRAILERS_4k : NR_TRAILERS_1k; @@ -432,7 +428,7 @@ int main(int argc, char * const argv[]) { // We haven't found any key, exiting if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) { ERR ("No success, maybe you should increase the probes"); - exit (EXIT_FAILURE); + goto error; } } } @@ -507,7 +503,7 @@ int main(int argc, char * const argv[]) { if (fwrite(&mtDump, 1, sizeof(mtDump), pfDump) != sizeof(mtDump)) { fprintf(stdout, "Error, cannot write dump\n"); fclose(pfDump); - exit (EXIT_FAILURE); + goto error; } fclose(pfDump); } @@ -716,7 +712,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d } // Load (plain) uid^nt into the cipher {48..79} bits - crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 0); + crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.authuid, 0); // Generate (encrypted) nr+parity by loading it into the cipher for (i = 0; i < 4; i++) { @@ -785,7 +781,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d } else { pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyB, 6)); } - NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 1); + NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.authuid, 1); // Save the determined nonces distance d->distances[m] = nonce_distance(Nt, NtLast); @@ -868,12 +864,12 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d revstate_start = NULL; if (valid_nonce(NtProbe, NtEnc, Ks1, d->parity)) { // And finally recover the first 32 bits of the key - revstate = lfsr_recovery32(Ks1, NtProbe ^ t.uid); + revstate = lfsr_recovery32(Ks1, NtProbe ^ t.authuid); if (revstate_start == NULL) { revstate_start = revstate; } while ((revstate->odd != 0x0) || (revstate->even != 0x0)) { - lfsr_rollback_word(revstate, NtProbe ^ t.uid, 0); + lfsr_rollback_word(revstate, NtProbe ^ t.authuid, 0); crypto1_get_lfsr(revstate, &lfsr); // Allocate a new space for keys if (((kcount % MEM_CHUNK) == 0) || (kcount >= pk->size)) { diff --git a/src/mfoc.h b/src/mfoc.h index 74d497e..b0696e1 100644 --- a/src/mfoc.h +++ b/src/mfoc.h @@ -45,7 +45,7 @@ typedef struct { sector e_sector; // Exploit sector uint8_t num_sectors; uint8_t num_blocks; - uint32_t uid; + uint32_t authuid; bool b4K; } mftag;