mfcuk_mifare.c 13.4 KB
Newer Older
1 2 3
/*
 Package:
    MiFare Classic Universal toolKit (MFCUK)
4

5 6
 Package version:
    0.1
7

8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
 Filename:
    mfcuk_mifare.c

 Description:
    MFCUK defines and function implementation file extending
    mainly libnfc's "mifare.h" interface/functionality.

 Contact, bug-reports:
    http://andreicostin.com/
    mailto:zveriu@gmail.com

 License:
    GPL2 (see below), Copyright (C) 2009, Andrei Costin

 * @file mfcuk_mifare.c
23
 * @brief
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
*/

/*
 VERSION HISTORY
--------------------------------------------------------------------------------
| Number     : 0.1
| dd/mm/yyyy : 23/11/2009
| Author     : zveriu@gmail.com, http://andreicostin.com
| Description: Moved bulk of defines and functions from "mfcuk_keyrecovery_darkside.c"
--------------------------------------------------------------------------------
*/

/*
 LICENSE

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 2 of the License, or
 (at your option) any later version.
43

44 45 46 47
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
48

49
 You should have received a copy of the GNU General Public License
50
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
51 52 53 54 55
*/

#include "mfcuk_mifare.h"

// Default keys used as a *BIG* mistake in many applications - especially System Integrators should pay attention!
56 57 58 59 60 61 62 63 64 65
uint8_t mfcuk_default_keys[][MIFARE_CLASSIC_KEY_BYTELENGTH] = {
  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, // Place-holder for current key to verify
  {0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
  {0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5},
  {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5},
  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
  {0x4d, 0x3a, 0x99, 0xc3, 0x51, 0xdd},
  {0x1a, 0x98, 0x2c, 0x7e, 0x45, 0x9a},
  {0xd3, 0xf7, 0xd3, 0xf7, 0xd3, 0xf7},
  {0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
66 67
};

68
int mfcuk_default_keys_num = sizeof(mfcuk_default_keys) / sizeof(mfcuk_default_keys[0]);
69 70 71

bool is_valid_block(uint8_t bTagType, uint32_t uiBlock)
{
72 73 74
  if (IS_MIFARE_CLASSIC_1K(bTagType) && (uiBlock < MIFARE_CLASSIC_1K_MAX_BLOCKS)) {
    return true;
  }
75

76 77 78
  if (IS_MIFARE_CLASSIC_4K(bTagType) && (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS)) {
    return true;
  }
79

80
  return false;
81 82 83 84
}

bool is_valid_sector(uint8_t bTagType, uint32_t uiSector)
{
85 86 87
  if (IS_MIFARE_CLASSIC_1K(bTagType) && (uiSector < MIFARE_CLASSIC_1K_MAX_SECTORS)) {
    return true;
  }
88

89 90 91
  if (IS_MIFARE_CLASSIC_4K(bTagType) && (uiSector < MIFARE_CLASSIC_4K_MAX_SECTORS)) {
    return true;
  }
92

93
  return false;
94 95 96 97
}

bool is_first_block(uint8_t bTagType, uint32_t uiBlock)
{
98
  if (!is_valid_block(bTagType, uiBlock)) {
99
    return false;
100 101 102 103 104 105 106 107 108 109 110 111 112
  }

  // Test if we are in the small or big sectors
  if (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS1) {
    // For Mifare Classic 1K, it will enter always here
    return ((uiBlock) % (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1) == 0);
  } else {
    // This branch will enter only for Mifare Classic 4K big sectors
    return ((uiBlock) % (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2) == 0);
  }

  // Should not reach here, but... never know
  return false;
113 114 115 116
}

bool is_trailer_block(uint8_t bTagType, uint32_t uiBlock)
{
117
  if (!is_valid_block(bTagType, uiBlock)) {
118
    return false;
119 120 121 122 123 124 125 126 127 128 129 130 131
  }

  // Test if we are in the small or big sectors
  if (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS1) {
    // For Mifare Classic 1K, it will enter always here
    return ((uiBlock + 1) % (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1) == 0);
  } else {
    // This branch will enter only for Mifare Classic 4K big sectors
    return ((uiBlock + 1) % (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2) == 0);
  }

  // Should not reach here, but... never know
  return false;
132 133 134 135
}

uint32_t get_first_block(uint8_t bTagType, uint32_t uiBlock)
{
136
  if (!is_valid_block(bTagType, uiBlock)) {
137
    return MIFARE_CLASSIC_INVALID_BLOCK;
138 139 140 141 142 143 144 145 146 147 148 149 150
  }

  // Test if we are in the small or big sectors
  if (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS1) {
    // Integer divide, then integer multiply
    return (uiBlock / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1) * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1;
  } else {
    uint32_t tmp = uiBlock - MIFARE_CLASSIC_4K_MAX_BLOCKS1;
    return MIFARE_CLASSIC_4K_MAX_BLOCKS1 + (tmp / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2) * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2;
  }

  // Should not reach here, but... never know
  return MIFARE_CLASSIC_INVALID_BLOCK;
151 152 153 154
}

uint32_t get_trailer_block(uint8_t bTagType, uint32_t uiBlock)
{
155
  if (!is_valid_block(bTagType, uiBlock)) {
156
    return MIFARE_CLASSIC_INVALID_BLOCK;
157 158 159 160 161 162 163 164 165 166 167 168 169
  }

  // Test if we are in the small or big sectors
  if (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS1) {
    // Integer divide, then integer multiply
    return (uiBlock / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1) * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1 + (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1 - 1);
  } else {
    uint32_t tmp = uiBlock - MIFARE_CLASSIC_4K_MAX_BLOCKS1;
    return MIFARE_CLASSIC_4K_MAX_BLOCKS1 + (tmp / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2) * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2 + (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2 - 1);
  }

  // Should not reach here, but... never know
  return MIFARE_CLASSIC_INVALID_BLOCK;
170 171 172 173
}

bool is_big_sector(uint8_t bTagType, uint32_t uiSector)
{
174 175 176
  if (!is_valid_sector(bTagType, uiSector)) {
    return false;
  }
177

178 179 180
  if (uiSector >= MIFARE_CLASSIC_4K_MAX_SECTORS1) {
    return true;
  }
181

182
  return false;
183 184 185 186
}

uint32_t get_first_block_for_sector(uint8_t bTagType, uint32_t uiSector)
{
187
  if (!is_valid_sector(bTagType, uiSector)) {
188
    return MIFARE_CLASSIC_INVALID_BLOCK;
189 190 191 192 193 194 195 196 197 198 199 200 201
  }

  if (uiSector < MIFARE_CLASSIC_4K_MAX_SECTORS1) {
    // For Mifare Classic 1K, it will enter always here
    return (uiSector * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1);
  } else {
    // For Mifare Classic 4K big sectors it will enter always here
    uint32_t tmp = uiSector - MIFARE_CLASSIC_4K_MAX_SECTORS1;
    return MIFARE_CLASSIC_4K_MAX_BLOCKS1 + (tmp * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2);
  }

  // Should not reach here, but... never know
  return MIFARE_CLASSIC_INVALID_BLOCK;
202 203 204 205
}

uint32_t get_trailer_block_for_sector(uint8_t bTagType, uint32_t uiSector)
{
206
  if (!is_valid_sector(bTagType, uiSector)) {
207
    return MIFARE_CLASSIC_INVALID_BLOCK;
208 209 210 211 212 213 214 215 216 217 218 219 220
  }

  if (uiSector < MIFARE_CLASSIC_4K_MAX_SECTORS1) {
    // For Mifare Classic 1K, it will enter always here
    return (uiSector * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1) + (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1 - 1);
  } else {
    // For Mifare Classic 4K big sectors it will enter always here
    uint32_t tmp = uiSector - MIFARE_CLASSIC_4K_MAX_SECTORS1;
    return MIFARE_CLASSIC_4K_MAX_BLOCKS1 + (tmp * MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2) + (MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2 - 1);
  }

  // Should not reach here, but... never know
  return MIFARE_CLASSIC_INVALID_BLOCK;
221 222 223 224
}

uint32_t get_sector_for_block(uint8_t bTagType, uint32_t uiBlock)
{
225
  if (!is_valid_block(bTagType, uiBlock)) {
226
    return MIFARE_CLASSIC_INVALID_BLOCK;
227 228 229 230 231 232 233 234 235 236 237 238 239
  }

  // Test if we are in the small or big sectors
  if (uiBlock < MIFARE_CLASSIC_4K_MAX_BLOCKS1) {
    // For Mifare Classic 1K, it will enter always here
    return (uiBlock / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR1);
  } else {
    uint32_t tmp = uiBlock - MIFARE_CLASSIC_4K_MAX_BLOCKS1;
    return MIFARE_CLASSIC_4K_MAX_SECTORS1 + (tmp / MIFARE_CLASSIC_4K_BLOCKS_PER_SECTOR2);
  }

  // Should not reach here, but... never know
  return MIFARE_CLASSIC_INVALID_BLOCK;
240 241 242 243 244
}

// Test case function for checking correct functionality of the block/sector is_ ang get_ functions
void test_mifare_classic_blocks_sectors_functions(uint8_t bTagType)
{
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278
  uint32_t i;
  uint32_t max_blocks, max_sectors;

  if (IS_MIFARE_CLASSIC_1K(bTagType)) {
    printf("\nMIFARE CLASSIC 1K\n");
    max_blocks = MIFARE_CLASSIC_1K_MAX_BLOCKS;
    max_sectors = MIFARE_CLASSIC_1K_MAX_SECTORS;
  } else if (IS_MIFARE_CLASSIC_4K(bTagType)) {
    printf("\nMIFARE CLASSIC 4K\n");
    max_blocks = MIFARE_CLASSIC_4K_MAX_BLOCKS;
    max_sectors = MIFARE_CLASSIC_4K_MAX_SECTORS;
  } else {
    return;
  }

  // Include one invalid block, that is why we add +1
  for (i = 0; i < max_blocks + 1; i++) {
    printf("BLOCK %d\n", i);
    printf("\t is_valid_block: %c\n", (is_valid_block(bTagType, i) ? 'Y' : 'N'));
    printf("\t is_first_block: %c\n", (is_first_block(bTagType, i) ? 'Y' : 'N'));
    printf("\t is_trailer_block: %c\n", (is_trailer_block(bTagType, i) ? 'Y' : 'N'));
    printf("\t get_first_block: %d\n", get_first_block(bTagType, i));
    printf("\t get_trailer_block: %d\n", get_trailer_block(bTagType, i));
    printf("\t get_sector_for_block: %d\n", get_sector_for_block(bTagType, i));
  }

  // Include one invalid sector, that is why we add +1
  for (i = 0; i < max_sectors + 1; i++) {
    printf("SECTOR %d\n", i);
    printf("\t is_valid_sector: %c\n", (is_valid_sector(bTagType, i) ? 'Y' : 'N'));
    printf("\t is_big_sector: %c\n", (is_big_sector(bTagType, i) ? 'Y' : 'N'));
    printf("\t get_first_block_for_sector: %d\n", get_first_block_for_sector(bTagType, i));
    printf("\t get_trailer_block_for_sector: %d\n", get_trailer_block_for_sector(bTagType, i));
  }
279 280 281 282 283

}

bool mfcuk_save_tag_dump(const char *filename, mifare_classic_tag *tag)
{
284 285
  FILE *fp;
  size_t result;
286

287 288 289 290
  fp = fopen(filename, "wb");
  if (!fp) {
    return false;
  }
291

292 293
  // Expect to write 1 record
  result = fwrite((void *) tag, sizeof(*tag), 1, fp);
294

295 296
  // If not written exactly 1 record, something is wrong
  if (result != 1) {
297
    fclose(fp);
298 299 300 301 302
    return false;
  }

  fclose(fp);
  return true;
303 304 305 306
}

bool mfcuk_save_tag_dump_ext(const char *filename, mifare_classic_tag_ext *tag_ext)
{
307 308
  FILE *fp;
  size_t result;
309

310 311 312 313
  fp = fopen(filename, "wb");
  if (!fp) {
    return false;
  }
314

315 316
  // Expect to write 1 record
  result = fwrite((void *) tag_ext, sizeof(*tag_ext), 1, fp);
317

318 319
  // If not written exactly 1 record, something is wrong
  if (result != 1) {
320
    fclose(fp);
321 322 323 324 325
    return false;
  }

  fclose(fp);
  return true;
326 327 328 329
}

bool mfcuk_load_tag_dump(const char *filename, mifare_classic_tag *tag)
{
330 331
  FILE *fp;
  size_t result;
332

333 334 335 336
  fp = fopen(filename, "rb");
  if (!fp) {
    return false;
  }
337

338 339
  // Expect to read 1 record
  result = fread((void *) tag, sizeof(*tag), 1, fp);
340

341 342
  // If not read exactly 1 record, something is wrong
  if (result != 1) {
343
    fclose(fp);
344 345 346 347 348
    return false;
  }

  fclose(fp);
  return true;
349 350 351 352
}

bool mfcuk_load_tag_dump_ext(const char *filename, mifare_classic_tag_ext *tag_ext)
{
353 354
  FILE *fp;
  size_t result;
355

356 357 358 359
  fp = fopen(filename, "rb");
  if (!fp) {
    return false;
  }
360

361 362
  // Expect to read 1 record
  result = fread((void *) tag_ext, sizeof(*tag_ext), 1, fp);
363

364 365
  // If not read exactly 1 record, something is wrong
  if (result != sizeof(*tag_ext)) {
366
    fclose(fp);
367 368 369 370 371
    return false;
  }

  fclose(fp);
  return true;
372 373 374 375
}

void print_mifare_classic_tag_keys(const char *title, mifare_classic_tag *tag)
{
376 377 378
  uint32_t i, max_blocks, trailer_block;
  uint8_t bTagType;
  mifare_classic_block_trailer *ptr_trailer = NULL;
379

380 381 382
  if (!tag) {
    return;
  }
383

384
  bTagType = tag->amb->mbm.btUnknown;
385

386 387 388 389 390 391 392
  if (!IS_MIFARE_CLASSIC_1K(bTagType) && !IS_MIFARE_CLASSIC_4K(bTagType)) {
    return;
  }

  printf("%s - UID %02x %02x %02x %02x - TYPE 0x%02x (%s)\n",
         title, tag->amb->mbm.abtUID[0], tag->amb->mbm.abtUID[1], tag->amb->mbm.abtUID[2], tag->amb->mbm.abtUID[3], bTagType,
         (IS_MIFARE_CLASSIC_1K(bTagType) ? (MIFARE_CLASSIC_1K_NAME) : (IS_MIFARE_CLASSIC_4K(bTagType) ? (MIFARE_CLASSIC_4K_NAME) : (MIFARE_CLASSIC_UNKN_NAME)))
393
        );
394 395 396
  printf("-------------------------------------------------------\n");
  printf("Sector\t|    Key A\t|    AC bits\t|    Key B\n");
  printf("-------------------------------------------------------\n");
397

398 399 400 401 402
  if (IS_MIFARE_CLASSIC_1K(tag->amb->mbm.btUnknown)) {
    max_blocks = MIFARE_CLASSIC_1K_MAX_BLOCKS;
  } else {
    max_blocks = MIFARE_CLASSIC_4K_MAX_BLOCKS;
  }
403

404 405
  for (i = 0; i < max_blocks; i++) {
    trailer_block = get_trailer_block(bTagType, i);
406

407 408 409
    if (!is_valid_block(bTagType, trailer_block)) {
      break;
    }
410

411
    ptr_trailer = (mifare_classic_block_trailer *)((char *)tag + (trailer_block * MIFARE_CLASSIC_BYTES_PER_BLOCK));
412

413 414 415 416 417 418 419 420
    printf("%d\t|  %02x%02x%02x%02x%02x%02x\t|  %02x%02x%02x%02x\t|  %02x%02x%02x%02x%02x%02x\n",
           get_sector_for_block(bTagType, trailer_block),
           ptr_trailer->abtKeyA[0], ptr_trailer->abtKeyA[1], ptr_trailer->abtKeyA[2],
           ptr_trailer->abtKeyA[3], ptr_trailer->abtKeyA[4], ptr_trailer->abtKeyA[5],
           ptr_trailer->abtAccessBits[0], ptr_trailer->abtAccessBits[1], ptr_trailer->abtAccessBits[2], ptr_trailer->abtAccessBits[3],
           ptr_trailer->abtKeyB[0], ptr_trailer->abtKeyB[1], ptr_trailer->abtKeyB[2],
           ptr_trailer->abtKeyB[3], ptr_trailer->abtKeyB[4], ptr_trailer->abtKeyB[5]
          );
421

422 423 424
    // Go beyond current trailer block, i.e. go to next sector
    i = trailer_block;
  }
425

426
  printf("\n");
427

428
  return;
429 430 431 432
}

bool mfcuk_key_uint64_to_arr(const uint64_t *ui64Key, uint8_t *arr6Key)
{
433
  int i;
434

435 436 437
  if (!ui64Key || !arr6Key) {
    return false;
  }
438

439 440 441
  for (i = 0; i < MIFARE_CLASSIC_KEY_BYTELENGTH; i++) {
    arr6Key[i] = (uint8_t)(((*ui64Key) >> 8 * (MIFARE_CLASSIC_KEY_BYTELENGTH - i - 1)) & 0xFF);
  }
442

443
  return true;
444 445 446 447
}

bool mfcuk_key_arr_to_uint64(const uint8_t *arr6Key, uint64_t *ui64Key)
{
448 449
  uint64_t key = 0;
  int i;
450

451 452 453
  if (!ui64Key || !arr6Key) {
    return false;
  }
454

455 456 457 458
  for (i = 0; i < MIFARE_CLASSIC_KEY_BYTELENGTH; i++, key <<= 8) {
    key |= arr6Key[i];
  }
  key >>= 8;
459

460
  *ui64Key = key;
461

462
  return true;
463
}