More cryptoRF information: http://nfc-tools.org/index.php?title=Nfc-cryptorf
Link dead
]]>the 14B source has been updated and there is also a PR for CryptoRF simulation.
Which CryptoRF tag do you have? Is there a possibility to get some spares from you?
You don't have a Secure memory RF tag?
an hf snoop with a trace may help but it is hard with hf to get enough samples to tell much. but if you share one maybe someone will see something..
when i have a little time i'll take a quick look at the reader demod code under the 14b snoop, but i'm not sure what i'll be looking for...
maybe @piwi would have some ideas on next steps.
]]>guepardo cryptorf $ ls
cm.c crf.c cryptolib.c cryptolib.h defines.h Makefile sm.c util.c util.h
guepardo cryptorf $ make
gcc -W -Wall -O4 -c -o cryptolib.o cryptolib.c
gcc -W -Wall -O4 -c -o util.o util.c
gcc -W -Wall -O4 -o cm cm.c cryptolib.o util.o
gcc -W -Wall -O4 -o sm sm.c cryptolib.o util.o
guepardo cryptorf $ ls
cm cm.c crf.c cryptolib.c cryptolib.h cryptolib.o defines.h Makefile sm sm.c util.c util.h util.o
guepardo cryptorf $ ./sm
SecureMemory simulator - (c) Radboud University Nijmegen
syntax: sm <Gc> <Ci> <Q>
guepardo cryptorf $ ./cm
CryptoMemory simulator - (c) Radboud University Nijmegen
syntax: cm <Gc> <Ci> <Q> <Q(s)>
guepardo cryptorf $
and......
// Main authentication values
byte_t Q[8]; // Reader key-auth random
byte_t Gc[8]; // Secret seed
byte_t Ci[8]; // Card random (last state)
byte_t Ch[8]; // Reader answer (challenge)
byte_t Ci_1[8]; // Card answer
byte_t Ci_2[8]; // Session key// Session authentication values
byte_t Qs[8]; // Reader session-auth random
byte_t Chs[8]; // Reader session-answer (challenge)
byte_t Ci_1s[8]; // Card answer for session
byte_t Ci_2s[8]; // Is this used?