Error using Crapto v 2.2

licheca · 2009-06-09 17:40:43

Hello. I've collected the following using the PM3 on a Mifare tag and reader:

> hi14alist
recorded activity:
 ETU     :rssi: who bytes
---------+----+----+-----------
 +      0:    :     26    
 +   4752:    :     26    
 +    919:    :     93  20    
 +   2431:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  28806:    :     47  fd  e3  93      !crc
 +  17360:    :     62  9b  dc  ff      !crc
 +   1088:    :     7a  86  1c  59  9d  e6  24  e7      !crc
 +   8664:    :     80  3a  2f  6a      !crc
 +  15407:    :     16  42  f3  6a      !crc
 +1733265:    :     26    
 +   4744:    :     26    
 +   3351:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18847:    :     60  04  d1  3d    
 +  27374:    :     c0  bc  83  dc      !crc
 +   1088:    :     d3  9f  0f  79  9b  eb  91  de      !crc
 +   8616:    :     5c  2a  7a  e3      !crc
 +1749584:    :     26    
 +   4744:    :     26    
 +    920:    :     93  20    
 +   2423:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18847:    :     60  04  d1  3d    
 +   1089:    :     90  a4  7a  d8  4c  cb  a5  e3      !crc
 +   8863:    :     fb  f7  2b  f3      !crc
 +  17358:    :     23  63  89  bb      !crc
 +   9704:    :     ad  85  ca  63      !crc
 +  15464:    :     e6  0c  00  32      !crc
 +1733272:    :     26    
 +   4752:    :     26    
 +    920:    :     93  20    
 +   2432:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18951:    :     60  04  d1  3d    
 +   1088:    :     cc  e3  7f  a6  fb  5d  38  c8      !crc
 +  26127:    :     95  89  cb  a5      !crc
 +   1088:    :     45  56  2c  3c  9f  8c  2c  a3      !crc
 +   8662:    :     77  af  a1  ba      !crc
 +  15416:    :     c1  c1  6d  1f      !crc
 +1733266:    :     26    
 +   4744:    :     26    
 +    910:    :     93  20    
 +   2432:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18895:    :     60  04  d1  3d    
 +   1089:    :     05  09  2a  39  c0  93  1b  37      !crc
 +   8919:    :     36  21  f9  d8      !crc
 +  17311:    :     60  36  c9  38      !crc
 +   9752:    :     56  86  b0  bc      !crc
 +  15414:    :     a7  6e  51  0b      !crc
 +1733274:    :     26    
 +   4744:    :     26    
 +    918:    :     93  20    
 +   2432:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18896:    :     60  04  d1  3d    
 +   9903:    :     5c  3e  d4  27      !crc
 +  18504:    :     32  fe  6b  53  f9  bc  a4  be      !crc
 +   8623:    :     95  c8  1b  ca      !crc
 +  15414:    :     5e  66  4c  55      !crc
 +1738922:    :     93  20    
 +   2430:    :     93  70  54  cb  d7  26  6e  b3  84    
 +  18896:    :     60  04  d1  3d    
 +   9952:    :     60  2b  69  3f      !crc
 +  17359:    :     f0  04  b8  c4      !crc
 +   1088:    :     d4  38  f8  6b  ca  cf  1a  e9      !crc
 +  24079:    :     04  0d  12  04      !crc

If I'm reading this correctly I would get:

 
UID: 0x54cbd726
nt: 0xc0bc83dc
nr: 0xd39fof79
ar: 0x9beb91de
at: 0x5c2a7ae3

Now using this values with the following test program doesn't get the correct key:

#include "crapto1.h"
#include <stdio.h>

int main (void)
{
 struct Crypto1State *revstate;
 uint64_t lfsr;
 unsigned char* plfsr = (unsigned char*)&lfsr;

 uint32_t uid                = 0x54cbd726;
 uint32_t tag_challenge      = 0xc0bc83dc;
 uint32_t nr_enc             = 0xd39f0f79;
 uint32_t reader_response    = 0x9beb91de;
 uint32_t tag_response       = 0x5c2a7ae3;

 uint32_t ks2                = reader_response ^ prng_successor(tag_challenge, 64);
 uint32_t ks3                = tag_response ^ prng_successor(tag_challenge, 96);

 printf("nt': %08x\n",prng_successor(tag_challenge, 64));
 printf("nt'': %08x\n",prng_successor(tag_challenge, 96));

 printf("ks2: %08x\n",ks2);
 printf("ks3: %08x\n",ks3);

 revstate = lfsr_recovery64(ks2, ks3);
 lfsr_rollback(revstate, 0, 0);
 lfsr_rollback(revstate, 0, 0);
 lfsr_rollback(revstate, nr_enc, 1);
 lfsr_rollback(revstate, uid ^ tag_challenge, 0);
 crypto1_get_lfsr(revstate, &lfsr);
 printf("Found Key: [%02x %02x %02x %02x %02x %02x]\n\n",plfsr[0],plfsr[1],plfsr[2],plfsr[3],plfsr[4],plfsr[5]);

 return 0;
}

Can anyone please give me a pointer on what I'm doing wrong? Do I have the correct values?

Thanks.

TomBu · 2009-06-10 08:43:37

Hi,

<Disclaimer> n00b speaking </Disclaimer>

I've had troubles with 2.2 also and reverted back to older versions which did work.

However, your trace does not seem to include any TAG replies. I'm not sure if it's because you're using old firmware or because of bad placement of the antenna

When I do hi14alist the response includes lines like these:
+ 112: 4 : TAG 36! 41 24! 79

They seem to be absent in your trace.
Furthermore you get a lot of CRC errors, in places where you shouldn't.
Look at these sample traces:
http://www.proxmark.org/forum/topic/71/ … re-traces/

So see if you can get any TAG responses by moving your antenna and / or reflash you proxmark with, for instance, 20090416_ela.

Cheers,
Tom

licheca · 2009-06-10 14:59:35

Hello.

I've reflashed the PM3 with 20090416_ela (OS, FPGA and bootloader). I guess I'll have to check my antenna and se if I can get some TAG replies.

rule · 2009-06-10 21:49:52

Check out the FAQ in this forum, in particularly, this post

adam@algroup.co.uk · 2009-06-18 15:24:04

I've ported the test program to crapto1-v2.2 and made it slightly more user friendly in that it now takes it's values from the command line:

usage: mifarecrack <UID> <TAG CHALLENGE> <READER CHALLENGE> <TAG RESPONSE> <READER RESPONSE>

example: mifarecrack 0x5c72325e 0x50829cd6 0xb8671f76 0xe00eefc9 0x4888964f

should produce the output:

uid: 5c72325e
nt': 73ba72d6
nt'': 93c7b940
ks2: 93b49d1f
ks3: db4f2f0f

Found Key: [ff ff ff ff ff ff]

I've uploaded it and a Makefile to the uploads section - it would be useful to know if it works against other keys than the test examples I've tried...

adam@algroup.co.uk · 2009-06-18 15:54:13

Doh!

Got the help the wrong way around:

This:

usage: mifarecrack <UID> <TAG CHALLENGE> <READER CHALLENGE> <TAG RESPONSE> <READER RESPONSE>

should be:

usage: mifarecrack <UID> <TAG CHALLENGE> <READER CHALLENGE> <READER RESPONSE> <TAG RESPONSE>

which is also the order they will be read from the trace, so makes more sense!

soz!

rule · 2009-06-18 21:20:42

Moved it to the Various Software section.

adam@algroup.co.uk · 2009-06-23 21:07:28

Thanks for the tip. The bug was that the cracked key was output in the wrong order. I've uploaded a new version.

I've also included the -O3 in the Makefile, so use the .3 of a second you gain wisely!

adam@algroup.co.uk · 2009-06-24 09:19:15

I agree with the cut & paste thing and did indeed implement that last night, but I couldn't upload a new version until the old one was moved out of the way...

Usage is now:

usage: mifarecrack <UID> <TAG CHALLENGE> <READER CHALLENGE> <READER RESPONSE> <TAG RESPONSE>
or: mifarecrack <CUT & PASTE FROM SNIFFER LOG>

example: mifarecrack 0x5c72325e 0x50829cd6 0xb8671f76 0xe00eefc9 0x4888964f
or: mifarecrack 5c 72 32 5e 50 82 9c d6 b8 67 1f 76 e0 0e ef c9 48! 88 96 4f

I've now uploaded it.

I'll take a look at the %qx thing - does anyone have access to a big-endian system to test it?

adam@algroup.co.uk · 2009-06-24 16:18:21

To make it even simpler, I've also just uploaded a python helper app 'mifarecrack.py', which will parse a full logfile:

$ ./mifarecrack.py snooper.log

Found TAG UID: da 93 96 36
Executing ./mifarecrack da 93 96 36 64 1d 7a 09 29 56 9a f9 c5 5a 4c 66 c2! 9a! 8f! 2a

uid: da939636
nt': 4ff0d74d
nt'': 76a5aead
ks2: 8aaa9b2b
ks3: b43f2187

Found Key: [ab cd ef 01 23 45]

adam@algroup.co.uk · 2009-06-25 10:15:43

I'm always interested in constructive criticism - thanks for your feedback.

To answer your specific points:

I use python because that's what I'm comfortable programming in. I'm not going to start playing with yacc/lex, but there is, of course, nothing to stop you publishing your own stuff.

I think a TAG with UID starting 60 or 61 will not fail as it will not match ': 60' or ': 61' as it will either have the word 'TAG' or a command such as '93 70' in there as well.

Whitespace is not an issue either as the output of the logfile is fixed and the final call to the external cracker strips it anyway.

It is not intended to be a general decoder, but it could of course be expanded to be one.

Finally, I realise it will fail on multiple authentications (or even if the TAG UID changes before the authentication), but this is an example program, knocked up in a few minutes, that can be adapted as required - I follow the 'publish early, publish often' philosophy, and would rather publish something that's broken and fix it as and when the requirement arises than not publish it at all or spend more time than necessary trying to make it perfect before it's allowed to see the light of day...

Proxmark3 community

Announcement

#1 2009-06-09 17:40:43

Error using Crapto v 2.2

#2 2009-06-10 08:43:37

Re: Error using Crapto v 2.2

#3 2009-06-10 14:59:35

Re: Error using Crapto v 2.2

#4 2009-06-10 21:49:52

Re: Error using Crapto v 2.2

#5 2009-06-18 15:24:04

Re: Error using Crapto v 2.2

#6 2009-06-18 15:54:13

Re: Error using Crapto v 2.2

#7 2009-06-18 21:20:42

Re: Error using Crapto v 2.2

#8 2009-06-23 21:07:28

Re: Error using Crapto v 2.2

#9 2009-06-24 09:19:15

Re: Error using Crapto v 2.2

#10 2009-06-24 16:18:21

Re: Error using Crapto v 2.2

#11 2009-06-25 10:15:43

Re: Error using Crapto v 2.2

Board footer