Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2016-09-26 16:36:39

mdawid
Contributor
Registered: 2015-11-30
Posts: 3

Mifare classic nested authentication

Hi All,

i have a question regarding Mifare Classic nested authentication.

I have managed to establish a mutual authentication against a Mifare Classic 1K card. Now, i would like to perform a nested mutual authentication. But i am uncertain how to setup my prng and lfsr for a successful nested auth.

I've taken a look at the code posted in the linked forum below (post #12) but i couldn't fully understand the procedure:

http://forums.nfc-tools.org/topic/60/nested-authentication/

My problem is, i am sending a terminal response, but the card does not respond to it. It is clear i am doing something wrong.

I commented the lines below with -> questions

           // Encrypt Auth command with the current keystream
            for (i = 0; i < 4; i++) {
               AuthEnc[i] = crypto1_byte(pcs,0x00,0) ^ Auth[i];
               // Encrypt the parity bits with the 4 plaintext bytes
               AuthEncPar[i] = filter(pcs->odd) ^ ODD_PARITY(Auth[i]);
            }

            // Sending the encrypted Auth command
            
            // -> after sending my encrypted auth, i receive 4 bytes seemingly the encrypted nonce {Nt}

            // Decrypt the encrypted auth 
            // -> do i have to decrypt the nonce {Nt} with the current cipher stream first, to get Nt?
            pcs = crypto1_create(KEY_1); //0xffffffffffff
            
            num_to_bytes(0x5a920d85, 4, Rx);  //encrypted Nt (from trace)
            NtLast = bytes_to_num(Rx, 4) ^ crypto1_word(pcs, bytes_to_num(Rx, 4) ^ uid, 1); 
            
            num_to_bytes(0xEF60E26F, 4, Nr);  //reader's Nr (from trace)
            // Again, prepare and send {At}
            for (i = 0; i < 4; i++) {
                ArEnc[i] = crypto1_byte(pcs, Nr[i], 0) ^ Nr[i];
                ArEncPar[i] = filter(pcs->odd) ^ ODD_PARITY(Nr[i]);
            }
            Nt = prng_successor(NtLast, 32);
            for (i = 4; i < 8; i++) {
                Nt = prng_successor(Nt, 8);
                ArEnc[i] = crypto1_byte(pcs, 0x00, 0) ^ (Nt&0xFF);
                ArEncPar[i] = filter(pcs->odd) ^ ODD_PARITY(Nt);
            }
            
            num_to_bytes(0xca7e0b63, 4, Rx);  // Nt'' from trace
            Nt = prng_successor(Nt, 32);
            if (!((crypto1_word(pcs, 0x00, 0) ^ bytes_to_num(Rx, 4)) == (Nt&0xFFFFFFFF))) {
                fprintf(stderr, "[At] is not Suc3(Nt), something is wrong, exiting..\n");
                exit(1);
            }

Offline

Pages: 1

Board footer

Powered by FluxBB