Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2010-04-07 10:25:14

rule
Member
Registered: 2008-05-21
Posts: 417

Atmel CryptoRF (SecureMemory, CryptoMemory)

Hey people,

We are proud to present our newest research in "secure" RFID chips.
The article is now in submission, but already available on eprint.
You can find some simulations on this website.

Cheers,

  Roel

Offline

#2 2010-05-11 18:08:14

hat
Contributor
Registered: 2009-04-12
Posts: 160

Re: Atmel CryptoRF (SecureMemory, CryptoMemory)

in case you were starting to wonder if anybody here read it. i'll give you one of my dickishly worded comments

why did you chose to implement the function this way:

byte_t funny_mod(byte_t a, byte_t m)
{
  // Just return the input when this is less or equal than the modular value
  if (a<m) return a;
  
  // Compute the modular value
  a %= m;

  // Return the funny value, when the output was now zero, return the modular value
  return (a == 0) ? m : a;
}

i mean ok it's funny, but implementing it with 2 branches is a bit ridiculous me thinks. off the top of my head i would suggest

1+ ((a-1) % (m))

there is only one special case(a=0,m=1) else those two should return the same result. (keeping in mind that a m=0 will cause a fpe). since funnymod is always called with constant m, and m > 1 ..

funny_mod is even only ever called with 0..01..1 bit patterns for modulo. i'm guessing there's also a way to transform that % into an &.

finally let me note that you have neglected to license the code samples. so this is use and get sued code?


edit:
since it's only ever called with 0x1f and 0x7f as m, i would imagine the hardware does this respectively

(a+( (a+(a>>5))>>5))&0x1f
(a+( (a+(a>>7))>>7))&0x7f

these are 5 operations to the modulo version's 3, but since modulo usually isn't the fastest instruction..

Last edited by hat (2010-05-14 11:45:46)

Offline

#3 2010-05-25 22:53:56

thefkboss
Contributor
Registered: 2008-10-26
Posts: 198

Re: Atmel CryptoRF (SecureMemory, CryptoMemory)

hi i have some questions about this. that i don´t understand.
what is this file for cryptorf.zip??? is a linux executable??
or are some exmaples.
thanks

Offline

#4 2010-05-29 21:07:06

*dudux
Member
Registered: 2009-10-04
Posts: 7

Re: Atmel CryptoRF (SecureMemory, CryptoMemory)

There are the sources!

guepardo cryptorf $ ls
cm.c  crf.c  cryptolib.c  cryptolib.h  defines.h  Makefile  sm.c  util.c  util.h
guepardo cryptorf $ make
gcc -W -Wall -O4 -c -o cryptolib.o cryptolib.c
gcc -W -Wall -O4 -c -o util.o util.c
gcc -W -Wall -O4  -o cm cm.c cryptolib.o util.o
gcc -W -Wall -O4  -o sm sm.c cryptolib.o util.o

guepardo cryptorf $ ls
cm  cm.c  crf.c  cryptolib.c  cryptolib.h  cryptolib.o  defines.h  Makefile  sm  sm.c  util.c  util.h  util.o
guepardo cryptorf $ ./sm
SecureMemory simulator - (c) Radboud University Nijmegen

syntax: sm <Gc> <Ci> <Q>

guepardo cryptorf $ ./cm
CryptoMemory simulator - (c) Radboud University Nijmegen

syntax: cm <Gc> <Ci> <Q> <Q(s)>
guepardo cryptorf $

and......

// Main authentication values
  byte_t     Q[8]; // Reader key-auth random
  byte_t    Gc[8]; // Secret seed
  byte_t    Ci[8]; // Card random (last state)
  byte_t    Ch[8]; // Reader answer (challenge)
  byte_t  Ci_1[8]; // Card answer
  byte_t  Ci_2[8]; // Session key

  // Session authentication values
  byte_t    Qs[8]; // Reader session-auth random
  byte_t   Chs[8]; // Reader session-answer (challenge)
  byte_t Ci_1s[8]; // Card answer for session
  byte_t Ci_2s[8]; // Is this used?

Last edited by *dudux (2010-05-29 21:11:56)

Offline

Board footer

Powered by FluxBB