mirror of
https://github.com/Proxmark/proxmark3.git
synced 2024-11-21 04:50:14 -08:00
c48c4d7856
This implements the attack described in Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015 It uses precomputed tables for many bitflip properties (not only two as in the paper) and is therefore quite efficient. To prevent failing it doesn't do differential analysis with several nonce bytes' Sum(a8) properties (each of them may be wrongly guessed) - instead it concentrates on one nonce byte and tries all Sum(a8) property guesses sequentially (ordered by probability). The brute force phase makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs). Includes runtime CPU-detection to leverage modern (and old) SIMD instructions with a single executable.
49 lines
1.4 KiB
C
49 lines
1.4 KiB
C
//-----------------------------------------------------------------------------
|
|
// Copyright (C) 2015 piwi
|
|
//
|
|
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
|
// at your option, any later version. See the LICENSE.txt file for the text of
|
|
// the license.
|
|
//-----------------------------------------------------------------------------
|
|
// hf mf hardnested command
|
|
//-----------------------------------------------------------------------------
|
|
|
|
#ifndef CMDHFMFHARD_H__
|
|
#define CMDHFMFHARD_H__
|
|
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
#define NUM_SUMS 19 // number of possible sum property values
|
|
|
|
typedef struct guess_sum_a8 {
|
|
float prob;
|
|
uint64_t num_states;
|
|
uint8_t sum_a8_idx;
|
|
} guess_sum_a8_t;
|
|
|
|
typedef struct noncelistentry {
|
|
uint32_t nonce_enc;
|
|
uint8_t par_enc;
|
|
void *next;
|
|
} noncelistentry_t;
|
|
|
|
typedef struct noncelist {
|
|
uint16_t num;
|
|
uint16_t Sum;
|
|
guess_sum_a8_t sum_a8_guess[NUM_SUMS];
|
|
bool sum_a8_guess_dirty;
|
|
float expected_num_brute_force;
|
|
uint8_t BitFlips[0x400];
|
|
uint32_t *states_bitarray[2];
|
|
uint32_t num_states_bitarray[2];
|
|
bool all_bitflips_dirty[2];
|
|
noncelistentry_t *first;
|
|
} noncelist_t;
|
|
|
|
int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests);
|
|
void hardnested_print_progress(uint32_t nonces, char *activity, float brute_force, uint64_t min_diff_print_time);
|
|
|
|
#endif
|
|
|