public static string Attack(byte[] bytes)
{
var show_all = "";
if (!bytes.Any())
{
return(show_all);
}
// Decrypt data, with key 123321, length 208
DecryptData(bytes, 123321, 208);
// validate CRC is ok. (length 210, since two last bytes is crc)
if (!Crc.CheckCrc14443(Crc.CRC16_14443_A, bytes, 210))
{
return(show_all);
}
var myKeys = new List <MyKey>();
// Copy nonce - data into object and list
for (int i = 0; i < 12; i++)
{
var mykey = new MyKey();
mykey.UID = ToUInt32(bytes, 0);
mykey.KeyType = bytes[(i + 1) * 16];
mykey.Sector = bytes[(i + 1) * 16 + 1];
mykey.nt0 = ToUInt32(bytes, (i + 1) * 16 + 4);
mykey.nr0 = ToUInt32(bytes, (i + 1) * 16 + 8);
mykey.ar0 = ToUInt32(bytes, (i + 1) * 16 + 12);
// skip sectors with 0xFF
if (mykey.Sector != 0xFF)
{
myKeys.Add(mykey);
}
}
var my_cmp = new KeyComparer();
myKeys.Sort(my_cmp);
show_all = KeyWorker(myKeys);
return(show_all);
}
private void selftest()
{
// MOEBIUS test
// <uid> <nt> <nr_0> <ar_0> <nt1> <nr_1> <ar_1>
// 0x12345678 0x1AD8DF2B 0x1D316024 0x620EF048 0x30D6CB07 0xC52077E2 0x837AC61A
// Found Key: [a0a1a2a3a4a5]
var t = new MyKey
{
UID = 0x12345678,
nt0 = 0x1AD8DF2B,
nr0 = 0x1D316024,
ar0 = 0x620EF048,
nt1 = 0x30D6CB07,
nr1 = 0xC52077E2,
ar1 = 0x837AC61A
};
t.key = MfKey.MfKey32(t.UID, t.nt0, t.nr0, t.ar0, t.nt1, t.nr1, t.ar1);
t.Found = t.key != ulong.MaxValue;
if (t.Found && t.key == 0xa0a1a2a3a4a5)
{
var s = $"[S{t.Sector}/B%d] Type {t.KeyType} Key found [{t.key:x12}] {Environment.NewLine} ";
Debug.WriteLine(s);
}
// MFKEY32 standard
//:: < uid > < nt > < nr_0 > < ar_0 > < nr_1 > < ar_1 >
// 0x52B0F519 0x5417D1F8 0x4D545EA7 0xE15AC8C2 0xDAC1A7F4 0x5AE5C37F
//t.UID = 0x52B0F519;
//t.nt0 = 0x5417D1F8; t.nr0 = 0x4D545EA7; t.ar0 = 0xE15AC8C2;
// t.nr1 = 0xDAC1A7F4; t.ar1 = 0x5AE5C37F;
//t.Found = mfkey32(t.UID, t.nt0, t.nr0, t.ar0, t.nr1, t.ar1, out t.key);
//if (t.Found)
//{
// var s = $"[S{t.Sector}/B%d] Type {t.KeyType} Key found [{t.key:x12}] {Environment.NewLine} ";
// Debug.WriteLine(s);
//}
}
public static string Attack(byte[] bytes)
{
var show_all = "";
if (bytes == null || !bytes.Any())
{
return($"No data found on device{Environment.NewLine}");
}
// Decrypt data, with key 123321, length 208
DecryptData(bytes, 123321, 208);
// validate CRC is ok. (length 210, since two last bytes is crc)
if (!Crc.CheckCrc14443(Crc.CRC16_14443_A, bytes, 210))
{
return($"Data failed CRC check{Environment.NewLine}");
}
/*
* Data layout
* first 16byte is Sector0, Block0
*
* then comes items of 16bytes length
* 0 auth cmd (0x60 or 0x61)
* 1 blocknumber (0 - 0x7F)
* 2,3 crc 2bytes
* 4,5,6,7 NT
* 8,9,10,11 NR
* 12,13,14,15 AR
*/
var uid = ToUInt32(bytes, 0);
var myKeys = new List <MyKey>();
// Copy nonce - data into object and list
for (int i = 0; i < 12; i++)
{
var mykey = new MyKey
{
UID = uid,
KeyType = bytes[(i + 1) * 16],
Block = bytes[(i + 1) * 16 + 1],
nt0 = ToUInt32(bytes, (i + 1) * 16 + 4),
nr0 = ToUInt32(bytes, (i + 1) * 16 + 8),
ar0 = ToUInt32(bytes, (i + 1) * 16 + 12)
};
mykey.Sector = ToSector(mykey.Block);
// skip sectors with 0xFF
if (mykey.Sector != 0xFF)
{
myKeys.Add(mykey);
}
}
var my_cmp = new KeyComparer();
myKeys.Sort(my_cmp);
show_all = KeyWorker(myKeys);
return(show_all);
}
