2022-07-03 11:44:38 +03:00
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// Borrowed initially from https://github.com/holiman/loclass
|
|
|
|
// More recently from https://github.com/RfidResearchGroup/proxmark3
|
|
|
|
// Copyright (C) 2014 Martin Holst Swende
|
|
|
|
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// See LICENSE.txt for the text of the license.
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// WARNING
|
|
|
|
//
|
|
|
|
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
|
|
|
|
//
|
|
|
|
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
|
|
|
|
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
|
|
|
|
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
|
|
|
|
//
|
|
|
|
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
|
|
|
|
//
|
|
|
|
// The implementation is based on the work performed by
|
|
|
|
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
|
|
|
|
// Milosch Meriac in the paper "Dismantling IClass".
|
|
|
|
//-----------------------------------------------------------------------------
|
|
|
|
#ifndef OPTIMIZED_CIPHER_H
|
|
|
|
#define OPTIMIZED_CIPHER_H
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2
|
|
|
|
* consisting of the following four components:
|
|
|
|
* 1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ;
|
|
|
|
* 2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ;
|
|
|
|
* 3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 .
|
|
|
|
* 4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 .
|
|
|
|
**/
|
|
|
|
typedef struct {
|
|
|
|
uint8_t l;
|
|
|
|
uint8_t r;
|
|
|
|
uint8_t b;
|
|
|
|
uint16_t t;
|
2022-07-08 15:56:23 +03:00
|
|
|
} LoclassState_t;
|
2022-07-03 11:44:38 +03:00
|
|
|
|
|
|
|
/** The reader MAC is MAC(key, CC * NR )
|
|
|
|
**/
|
2022-09-14 19:11:38 +03:00
|
|
|
void loclass_opt_doReaderMAC(uint8_t* cc_nr_p, uint8_t* div_key_p, uint8_t mac[4]);
|
2022-07-03 11:44:38 +03:00
|
|
|
|
2022-09-14 19:11:38 +03:00
|
|
|
void loclass_opt_doReaderMAC_2(
|
|
|
|
LoclassState_t _init,
|
|
|
|
uint8_t* nr,
|
|
|
|
uint8_t mac[4],
|
|
|
|
const uint8_t* div_key_p);
|
2022-07-03 11:44:38 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* The tag MAC is MAC(key, CC * NR * 32x0))
|
|
|
|
*/
|
2022-09-14 19:11:38 +03:00
|
|
|
void loclass_opt_doTagMAC(uint8_t* cc_p, const uint8_t* div_key_p, uint8_t mac[4]);
|
2022-07-03 11:44:38 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* The tag MAC can be divided (both can, but no point in dividing the reader mac) into
|
|
|
|
* two functions, since the first 8 bytes are known, we can pre-calculate the state
|
|
|
|
* reached after feeding CC to the cipher.
|
|
|
|
* @param cc_p
|
|
|
|
* @param div_key_p
|
|
|
|
* @return the cipher state
|
|
|
|
*/
|
2022-09-14 19:11:38 +03:00
|
|
|
LoclassState_t loclass_opt_doTagMAC_1(uint8_t* cc_p, const uint8_t* div_key_p);
|
2022-07-03 11:44:38 +03:00
|
|
|
/**
|
|
|
|
* The second part of the tag MAC calculation, since the CC is already calculated into the state,
|
|
|
|
* this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag
|
|
|
|
* MAC response.
|
|
|
|
* @param _init - precalculated cipher state
|
|
|
|
* @param nr - the reader challenge
|
|
|
|
* @param mac - where to store the MAC
|
|
|
|
* @param div_key_p - the key to use
|
|
|
|
*/
|
2022-09-14 19:11:38 +03:00
|
|
|
void loclass_opt_doTagMAC_2(
|
|
|
|
LoclassState_t _init,
|
|
|
|
uint8_t* nr,
|
|
|
|
uint8_t mac[4],
|
|
|
|
const uint8_t* div_key_p);
|
2022-07-03 11:44:38 +03:00
|
|
|
|
2022-09-14 19:11:38 +03:00
|
|
|
void loclass_doMAC_N(uint8_t* in_p, uint8_t in_size, uint8_t* div_key_p, uint8_t mac[4]);
|
|
|
|
void loclass_iclass_calc_div_key(uint8_t* csn, uint8_t* key, uint8_t* div_key, bool elite);
|
2022-07-03 11:44:38 +03:00
|
|
|
#endif // OPTIMIZED_CIPHER_H
|