Example #1
0
        public static string Attack(byte[] bytes)
        {
            var show_all = "";

            if (!bytes.Any())
            {
                return(show_all);
            }


            // Decrypt data,  with key 123321,  length 208
            DecryptData(bytes, 123321, 208);

            // validate CRC is ok.  (length 210,  since two last bytes is crc)
            if (!Crc.CheckCrc14443(Crc.CRC16_14443_A, bytes, 210))
            {
                return(show_all);
            }


            var myKeys = new List <MyKey>();

            // Copy nonce - data into object and list
            for (int i = 0; i < 12; i++)
            {
                var mykey = new MyKey();
                mykey.UID     = ToUInt32(bytes, 0);
                mykey.KeyType = bytes[(i + 1) * 16];
                mykey.Sector  = bytes[(i + 1) * 16 + 1];

                mykey.nt0 = ToUInt32(bytes, (i + 1) * 16 + 4);
                mykey.nr0 = ToUInt32(bytes, (i + 1) * 16 + 8);
                mykey.ar0 = ToUInt32(bytes, (i + 1) * 16 + 12);

                // skip sectors with 0xFF
                if (mykey.Sector != 0xFF)
                {
                    myKeys.Add(mykey);
                }
            }


            var my_cmp = new KeyComparer();

            myKeys.Sort(my_cmp);

            show_all = KeyWorker(myKeys);
            return(show_all);
        }
Example #2
0
        private void selftest()
        {
            // MOEBIUS test
            //   <uid>      <nt>       <nr_0>     <ar_0>     <nt1>      <nr_1>    <ar_1>
            // 0x12345678 0x1AD8DF2B 0x1D316024 0x620EF048 0x30D6CB07 0xC52077E2 0x837AC61A
            //  Found Key: [a0a1a2a3a4a5]

            var t = new MyKey
            {
                UID = 0x12345678,
                nt0 = 0x1AD8DF2B,
                nr0 = 0x1D316024,
                ar0 = 0x620EF048,
                nt1 = 0x30D6CB07,
                nr1 = 0xC52077E2,
                ar1 = 0x837AC61A
            };

            t.key   = MfKey.MfKey32(t.UID, t.nt0, t.nr0, t.ar0, t.nt1, t.nr1, t.ar1);
            t.Found = t.key != ulong.MaxValue;
            if (t.Found && t.key == 0xa0a1a2a3a4a5)
            {
                var s = $"[S{t.Sector}/B%d] Type {t.KeyType} Key found [{t.key:x12}] {Environment.NewLine} ";
                Debug.WriteLine(s);
            }

            // MFKEY32 standard
            //::        < uid >    < nt >     < nr_0 >   < ar_0 >   < nr_1 >   < ar_1 >
            //         0x52B0F519 0x5417D1F8 0x4D545EA7 0xE15AC8C2 0xDAC1A7F4 0x5AE5C37F
            //t.UID = 0x52B0F519;
            //t.nt0 = 0x5417D1F8; t.nr0 = 0x4D545EA7; t.ar0 = 0xE15AC8C2;
            //                    t.nr1 = 0xDAC1A7F4; t.ar1 = 0x5AE5C37F;

            //t.Found = mfkey32(t.UID, t.nt0, t.nr0, t.ar0, t.nr1, t.ar1, out t.key);
            //if (t.Found)
            //{
            //    var s = $"[S{t.Sector}/B%d] Type {t.KeyType} Key found [{t.key:x12}] {Environment.NewLine} ";
            //    Debug.WriteLine(s);
            //}
        }
Example #3
0
        public static string Attack(byte[] bytes)
        {
            var show_all = "";

            if (bytes == null || !bytes.Any())
            {
                return($"No data found on device{Environment.NewLine}");
            }


            // Decrypt data,  with key 123321,  length 208
            DecryptData(bytes, 123321, 208);

            // validate CRC is ok.  (length 210,  since two last bytes is crc)
            if (!Crc.CheckCrc14443(Crc.CRC16_14443_A, bytes, 210))
            {
                return($"Data failed CRC check{Environment.NewLine}");
            }

            /*
             * Data layout
             * first 16byte is Sector0, Block0
             *
             * then comes items of 16bytes length
             *   0           auth cmd  (0x60 or 0x61)
             *  1           blocknumber  (0 - 0x7F)
             *  2,3         crc 2bytes
             *  4,5,6,7     NT
             *  8,9,10,11   NR
             *  12,13,14,15 AR
             */

            var uid = ToUInt32(bytes, 0);

            var myKeys = new List <MyKey>();

            // Copy nonce - data into object and list
            for (int i = 0; i < 12; i++)
            {
                var mykey = new MyKey
                {
                    UID     = uid,
                    KeyType = bytes[(i + 1) * 16],
                    Block   = bytes[(i + 1) * 16 + 1],
                    nt0     = ToUInt32(bytes, (i + 1) * 16 + 4),
                    nr0     = ToUInt32(bytes, (i + 1) * 16 + 8),
                    ar0     = ToUInt32(bytes, (i + 1) * 16 + 12)
                };
                mykey.Sector = ToSector(mykey.Block);

                // skip sectors with 0xFF
                if (mykey.Sector != 0xFF)
                {
                    myKeys.Add(mykey);
                }
            }


            var my_cmp = new KeyComparer();

            myKeys.Sort(my_cmp);

            show_all = KeyWorker(myKeys);
            return(show_all);
        }