use authuid instead uid name when handling the authentication uid bytes (different from UID with 7bytes MIFARE Classic

This commit is contained in:
Romuald Conty 2012-06-03 21:23:51 +00:00
parent bc109b9252
commit 451f2fa29c
2 changed files with 8 additions and 12 deletions

View file

@ -214,13 +214,9 @@ int main(int argc, char * const argv[]) {
goto error; goto error;
} }
// TODO: Support Mifare Classic with 7 bytes UID ?
if (t.nt.nti.nai.szUidLen != 4) {
ERR ("only Mifare Classic with UID on 4 bytes are supported");
}
// Save tag's block size (b4K) // Save tag's block size (b4K)
t.b4K = (t.nt.nti.nai.abtAtqa[1] == 0x02); t.b4K = (t.nt.nti.nai.abtAtqa[1] == 0x02);
t.uid = (uint32_t) bytes_to_num(t.nt.nti.nai.abtUid, 4); t.authuid = (uint32_t) bytes_to_num(t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, 4);
t.num_blocks = (t.b4K) ? 0xff : 0x3f; t.num_blocks = (t.b4K) ? 0xff : 0x3f;
t.num_sectors = t.b4K ? NR_TRAILERS_4k : NR_TRAILERS_1k; t.num_sectors = t.b4K ? NR_TRAILERS_4k : NR_TRAILERS_1k;
@ -432,7 +428,7 @@ int main(int argc, char * const argv[]) {
// We haven't found any key, exiting // We haven't found any key, exiting
if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) { if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) {
ERR ("No success, maybe you should increase the probes"); ERR ("No success, maybe you should increase the probes");
exit (EXIT_FAILURE); goto error;
} }
} }
} }
@ -507,7 +503,7 @@ int main(int argc, char * const argv[]) {
if (fwrite(&mtDump, 1, sizeof(mtDump), pfDump) != sizeof(mtDump)) { if (fwrite(&mtDump, 1, sizeof(mtDump), pfDump) != sizeof(mtDump)) {
fprintf(stdout, "Error, cannot write dump\n"); fprintf(stdout, "Error, cannot write dump\n");
fclose(pfDump); fclose(pfDump);
exit (EXIT_FAILURE); goto error;
} }
fclose(pfDump); fclose(pfDump);
} }
@ -716,7 +712,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
} }
// Load (plain) uid^nt into the cipher {48..79} bits // Load (plain) uid^nt into the cipher {48..79} bits
crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 0); crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.authuid, 0);
// Generate (encrypted) nr+parity by loading it into the cipher // Generate (encrypted) nr+parity by loading it into the cipher
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
@ -785,7 +781,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
} else { } else {
pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyB, 6)); pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyB, 6));
} }
NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 1); NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.authuid, 1);
// Save the determined nonces distance // Save the determined nonces distance
d->distances[m] = nonce_distance(Nt, NtLast); d->distances[m] = nonce_distance(Nt, NtLast);
@ -868,12 +864,12 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d
revstate_start = NULL; revstate_start = NULL;
if (valid_nonce(NtProbe, NtEnc, Ks1, d->parity)) { if (valid_nonce(NtProbe, NtEnc, Ks1, d->parity)) {
// And finally recover the first 32 bits of the key // And finally recover the first 32 bits of the key
revstate = lfsr_recovery32(Ks1, NtProbe ^ t.uid); revstate = lfsr_recovery32(Ks1, NtProbe ^ t.authuid);
if (revstate_start == NULL) { if (revstate_start == NULL) {
revstate_start = revstate; revstate_start = revstate;
} }
while ((revstate->odd != 0x0) || (revstate->even != 0x0)) { while ((revstate->odd != 0x0) || (revstate->even != 0x0)) {
lfsr_rollback_word(revstate, NtProbe ^ t.uid, 0); lfsr_rollback_word(revstate, NtProbe ^ t.authuid, 0);
crypto1_get_lfsr(revstate, &lfsr); crypto1_get_lfsr(revstate, &lfsr);
// Allocate a new space for keys // Allocate a new space for keys
if (((kcount % MEM_CHUNK) == 0) || (kcount >= pk->size)) { if (((kcount % MEM_CHUNK) == 0) || (kcount >= pk->size)) {

View file

@ -45,7 +45,7 @@ typedef struct {
sector e_sector; // Exploit sector sector e_sector; // Exploit sector
uint8_t num_sectors; uint8_t num_sectors;
uint8_t num_blocks; uint8_t num_blocks;
uint32_t uid; uint32_t authuid;
bool b4K; bool b4K;
} mftag; } mftag;