Fixed errors in hash1 calculation, also added a testcase which would …

…have found the error

loclass/elite_crack.c

@@ -148,17 +148,17 @@ uint8_t swap(uint8_t val)
  */
 void hash1(uint8_t csn[] , uint8_t k[])
 {
-	k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
-	k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
-	k[2] = rr(swap( csn[2]+k[1] ));
-	k[3] = rr(swap( csn[3]+k[0] ));
-	k[4] = ~rr(swap( csn[4]+k[2] ))+1;
-	k[5] = ~rr(swap( csn[5]+k[3] ))+1;
-	k[6] = rr( csn[6]+(k[4]^0x3c) );
-	k[7] = rl( csn[7]+(k[5]^0xc3) );
-	int i;
-	for(i = 7; i >=0; i--)
-		k[i] = k[i] & 0x7F;
+    k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
+    k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
+    k[2] = rr(swap( csn[2]+k[1] ));
+    k[3] = rl(swap( csn[3]+k[0] ));
+    k[4] = ~rr( csn[4]+k[2] )+1;
+    k[5] = ~rl( csn[5]+k[3] )+1;
+    k[6] = rr( csn[6]+(k[4]^0x3c) );
+    k[7] = rl( csn[7]+(k[5]^0xc3) );
+    int i;
+    for(i = 7; i >=0; i--)
+        k[i] = k[i] & 0x7F;
 }
 /**
 Definition 14. Define the rotate key function rk : (F 82 ) 8 × N → (F 82 ) 8 as
@@ -647,6 +647,21 @@ int _test_iclass_key_permutation()
 	prnlog("[+] Iclass key permutation OK!");
 	return 0;
 }
+int _testHash1()
+{
+    uint8_t csn[8]= {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0};
+    uint8_t k[8] = {0};
+    hash1(csn, k);
+    uint8_t expected[8] = {0x7E,0x72,0x2F,0x40,0x2D,0x02,0x51,0x42};
+    if(memcmp(k,expected,8) != 0)
+    {
+        prnlog("Error with hash1!");
+        printarr("calculated", k, 8);
+        printarr("expected", expected, 8);
+        return 1;
+    }
+    return 0;
+}
 
 int testElite()
 {
@@ -679,11 +694,13 @@ int testElite()
         prnlog("[+] Hash2 looks fine...");
     }
 
-    prnlog("[+] Testing key diversification ...");
-
 	int errors = 0 ;
-	errors +=_test_iclass_key_permutation();
+    prnlog("[+] Testing hash1...");
+    errors += _testHash1();
+    prnlog("[+] Testing key diversification ...");
+    errors +=_test_iclass_key_permutation();
 	errors += _testBruteforce();
+
 	return errors;
 
 }

loclass/ikeys.c

@@ -402,7 +402,7 @@ void diversifyKey(uint8_t csn[8], uint8_t key[8], uint8_t div_key[8])
 	des_crypt_ecb(&ctx_enc,csn, crypted_csn);
 
 	//Calculate HASH0(DES))
-        uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
+    uint64_t crypt_csn = x_bytes_to_num(crypted_csn, 8);
 	uint64_t crypted_csn_swapped = swapZvalues(crypt_csn);
 
 	hash0(crypt_csn,div_key);

loclass/main.c

@@ -49,21 +49,26 @@
 #include "ikeys.h"
 #include "fileutils.h"
 #include "elite_crack.h"
-
+#include "hash1_brute.h"
 int unitTests()
 {
 	int errors = testCipherUtils();
 	errors += testMAC();
 	errors += doKeyTests(0);
 	errors += testElite();
+    if(errors)
+    {
+        prnlog("OBS! There were errors!!!");
+    }
 	return errors;
 }
 int showHelp()
 {
-	prnlog("Usage: iclazz [options]");
+    prnlog("Usage: loclass [options]");
 	prnlog("Options:");
-	prnlog("-t                 Perform self-test");
-	prnlog("-h                 Show this help");
+    prnlog("-t                 Perform self-test");
+    prnlog("-h                 Show this help");
+    prnlog("-d <CSN> -k <key>  Calculate diversified key, based on CSN and K_CUS. Key should be on standard NIST-format, not iclass format ");
 	prnlog("-f <filename>      Bruteforce iclass dumpfile");
 	prnlog("                   An iclass dumpfile is assumed to consist of an arbitrary number of malicious CSNs, and their protocol responses");
 	prnlog("                   The the binary format of the file is expected to be as follows: ");
@@ -96,9 +101,13 @@ int main (int argc, char **argv)
 
 	char *fileName = NULL;
 	int c;
-	while ((c = getopt (argc, argv, "thf:")) != -1)
+
+    while ((c = getopt (argc, argv, "xthf:")) != -1)
 	  switch (c)
 		{
+        case  'x':
+            brute_hash1();
+            return 0;
 		case 't':
 		  return unitTests();
 		case 'h':
@@ -119,7 +128,9 @@ int main (int argc, char **argv)
 		//default:
 		  //showHelp();
 		}
-	showHelp();
+
+    showHelp();
+
 	return 0;
 }