Permalink
Browse files

Fixed errors in hash1 calculation, also added a testcase which would …

…have found the error
  • Loading branch information...
holiman committed Dec 18, 2014
1 parent ad4bbcb commit 964df69a851b1a3b41ba7c81209fd44680b3bee5
Showing with 49 additions and 21 deletions.
  1. +31 −14 loclass/elite_crack.c
  2. +1 −1 loclass/ikeys.c
  3. +17 −6 loclass/main.c
View
@@ -148,17 +148,17 @@ uint8_t swap(uint8_t val)
*/
void hash1(uint8_t csn[] , uint8_t k[])
{
k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
k[2] = rr(swap( csn[2]+k[1] ));
k[3] = rr(swap( csn[3]+k[0] ));
k[4] = ~rr(swap( csn[4]+k[2] ))+1;
k[5] = ~rr(swap( csn[5]+k[3] ))+1;
k[6] = rr( csn[6]+(k[4]^0x3c) );
k[7] = rl( csn[7]+(k[5]^0xc3) );
int i;
for(i = 7; i >=0; i--)
k[i] = k[i] & 0x7F;
k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
k[2] = rr(swap( csn[2]+k[1] ));
k[3] = rl(swap( csn[3]+k[0] ));
k[4] = ~rr( csn[4]+k[2] )+1;
k[5] = ~rl( csn[5]+k[3] )+1;
k[6] = rr( csn[6]+(k[4]^0x3c) );
k[7] = rl( csn[7]+(k[5]^0xc3) );
int i;
for(i = 7; i >=0; i--)
k[i] = k[i] & 0x7F;
}
/**
Definition 14. Define the rotate key function rk : (F 82 ) 8 × N → (F 82 ) 8 as
@@ -647,6 +647,21 @@ int _test_iclass_key_permutation()
prnlog("[+] Iclass key permutation OK!");
return 0;
}
int _testHash1()
{
uint8_t csn[8]= {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0};
uint8_t k[8] = {0};
hash1(csn, k);
uint8_t expected[8] = {0x7E,0x72,0x2F,0x40,0x2D,0x02,0x51,0x42};
if(memcmp(k,expected,8) != 0)
{
prnlog("Error with hash1!");
printarr("calculated", k, 8);
printarr("expected", expected, 8);
return 1;
}
return 0;
}
int testElite()
{
@@ -679,11 +694,13 @@ int testElite()
prnlog("[+] Hash2 looks fine...");
}
prnlog("[+] Testing key diversification ...");
int errors = 0 ;
errors +=_test_iclass_key_permutation();
prnlog("[+] Testing hash1...");
errors += _testHash1();
prnlog("[+] Testing key diversification ...");
errors +=_test_iclass_key_permutation();
errors += _testBruteforce();
return errors;
}
View
@@ -402,7 +402,7 @@ void diversifyKey(uint8_t csn[8], uint8_t key[8], uint8_t div_key[8])
des_crypt_ecb(&ctx_enc,csn, crypted_csn);
//Calculate HASH0(DES))
uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
uint64_t crypted_csn_swapped = swapZvalues(crypt_csn);
hash0(crypt_csn,div_key);
View
@@ -49,21 +49,26 @@
#include "ikeys.h"
#include "fileutils.h"
#include "elite_crack.h"
#include "hash1_brute.h"
int unitTests()
{
int errors = testCipherUtils();
errors += testMAC();
errors += doKeyTests(0);
errors += testElite();
if(errors)
{
prnlog("OBS! There were errors!!!");
}
return errors;
}
int showHelp()
{
prnlog("Usage: iclazz [options]");
prnlog("Usage: loclass [options]");
prnlog("Options:");
prnlog("-t Perform self-test");
prnlog("-h Show this help");
prnlog("-t Perform self-test");
prnlog("-h Show this help");
prnlog("-d <CSN> -k <key> Calculate diversified key, based on CSN and K_CUS. Key should be on standard NIST-format, not iclass format ");
prnlog("-f <filename> Bruteforce iclass dumpfile");
prnlog(" An iclass dumpfile is assumed to consist of an arbitrary number of malicious CSNs, and their protocol responses");
prnlog(" The the binary format of the file is expected to be as follows: ");
@@ -96,9 +101,13 @@ int main (int argc, char **argv)
char *fileName = NULL;
int c;
while ((c = getopt (argc, argv, "thf:")) != -1)
while ((c = getopt (argc, argv, "xthf:")) != -1)
switch (c)
{
case 'x':
brute_hash1();
return 0;
case 't':
return unitTests();
case 'h':
@@ -119,7 +128,9 @@ int main (int argc, char **argv)
//default:
//showHelp();
}
showHelp();
showHelp();
return 0;
}

0 comments on commit 964df69

Please sign in to comment.