Permalink
Browse files

Fixed errors in hash1 calculation, also added a testcase which would …

…have found the error
  • Loading branch information...
1 parent ad4bbcb commit 964df69a851b1a3b41ba7c81209fd44680b3bee5 @holiman committed Dec 18, 2014
Showing with 49 additions and 21 deletions.
  1. +31 −14 loclass/elite_crack.c
  2. +1 −1 loclass/ikeys.c
  3. +17 −6 loclass/main.c
View
@@ -148,17 +148,17 @@ uint8_t swap(uint8_t val)
*/
void hash1(uint8_t csn[] , uint8_t k[])
{
- k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
- k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
- k[2] = rr(swap( csn[2]+k[1] ));
- k[3] = rr(swap( csn[3]+k[0] ));
- k[4] = ~rr(swap( csn[4]+k[2] ))+1;
- k[5] = ~rr(swap( csn[5]+k[3] ))+1;
- k[6] = rr( csn[6]+(k[4]^0x3c) );
- k[7] = rl( csn[7]+(k[5]^0xc3) );
- int i;
- for(i = 7; i >=0; i--)
- k[i] = k[i] & 0x7F;
+ k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
+ k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
+ k[2] = rr(swap( csn[2]+k[1] ));
+ k[3] = rl(swap( csn[3]+k[0] ));
+ k[4] = ~rr( csn[4]+k[2] )+1;
+ k[5] = ~rl( csn[5]+k[3] )+1;
+ k[6] = rr( csn[6]+(k[4]^0x3c) );
+ k[7] = rl( csn[7]+(k[5]^0xc3) );
+ int i;
+ for(i = 7; i >=0; i--)
+ k[i] = k[i] & 0x7F;
}
/**
Definition 14. Define the rotate key function rk : (F 82 ) 8 × N → (F 82 ) 8 as
@@ -647,6 +647,21 @@ int _test_iclass_key_permutation()
prnlog("[+] Iclass key permutation OK!");
return 0;
}
+int _testHash1()
+{
+ uint8_t csn[8]= {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0};
+ uint8_t k[8] = {0};
+ hash1(csn, k);
+ uint8_t expected[8] = {0x7E,0x72,0x2F,0x40,0x2D,0x02,0x51,0x42};
+ if(memcmp(k,expected,8) != 0)
+ {
+ prnlog("Error with hash1!");
+ printarr("calculated", k, 8);
+ printarr("expected", expected, 8);
+ return 1;
+ }
+ return 0;
+}
int testElite()
{
@@ -679,11 +694,13 @@ int testElite()
prnlog("[+] Hash2 looks fine...");
}
- prnlog("[+] Testing key diversification ...");
-
int errors = 0 ;
- errors +=_test_iclass_key_permutation();
+ prnlog("[+] Testing hash1...");
+ errors += _testHash1();
+ prnlog("[+] Testing key diversification ...");
+ errors +=_test_iclass_key_permutation();
errors += _testBruteforce();
+
return errors;
}
View
@@ -402,7 +402,7 @@ void diversifyKey(uint8_t csn[8], uint8_t key[8], uint8_t div_key[8])
des_crypt_ecb(&ctx_enc,csn, crypted_csn);
//Calculate HASH0(DES))
- uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
+ uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
uint64_t crypted_csn_swapped = swapZvalues(crypt_csn);
hash0(crypt_csn,div_key);
View
@@ -49,21 +49,26 @@
#include "ikeys.h"
#include "fileutils.h"
#include "elite_crack.h"
-
+#include "hash1_brute.h"
int unitTests()
{
int errors = testCipherUtils();
errors += testMAC();
errors += doKeyTests(0);
errors += testElite();
+ if(errors)
+ {
+ prnlog("OBS! There were errors!!!");
+ }
return errors;
}
int showHelp()
{
- prnlog("Usage: iclazz [options]");
+ prnlog("Usage: loclass [options]");
prnlog("Options:");
- prnlog("-t Perform self-test");
- prnlog("-h Show this help");
+ prnlog("-t Perform self-test");
+ prnlog("-h Show this help");
+ prnlog("-d <CSN> -k <key> Calculate diversified key, based on CSN and K_CUS. Key should be on standard NIST-format, not iclass format ");
prnlog("-f <filename> Bruteforce iclass dumpfile");
prnlog(" An iclass dumpfile is assumed to consist of an arbitrary number of malicious CSNs, and their protocol responses");
prnlog(" The the binary format of the file is expected to be as follows: ");
@@ -96,9 +101,13 @@ int main (int argc, char **argv)
char *fileName = NULL;
int c;
- while ((c = getopt (argc, argv, "thf:")) != -1)
+
+ while ((c = getopt (argc, argv, "xthf:")) != -1)
switch (c)
{
+ case 'x':
+ brute_hash1();
+ return 0;
case 't':
return unitTests();
case 'h':
@@ -119,7 +128,9 @@ int main (int argc, char **argv)
//default:
//showHelp();
}
- showHelp();
+
+ showHelp();
+
return 0;
}

0 comments on commit 964df69

Please sign in to comment.