diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index af29df827..86c3e23e7 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -1045,7 +1045,7 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec // Part 3 - if (dctx->keyType == T_AES) { + /*if (dctx->keyType == T_AES) { if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { return 5; } @@ -1059,7 +1059,8 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 2); else if (dctx->keyType == T_3K3DES) { tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 3); - } + }*/ + DesfireCryptoEncDecEx(dctx, DCOMainKey, encRndB, rndlen, RndB, false, false, IV); if (g_debugMode > 1) { PrintAndLogEx(DEBUG, "encRndB: %s", sprint_hex(encRndB, 8)); @@ -1073,6 +1074,8 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec uint8_t encRndA[16] = {0x00}; // - Encrypt our response + if (secureChannel == DACd40) + memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); if (secureChannel == DACd40) { if (dctx->keyType == T_DES) { des_decrypt(encRndA, RndA, key->data); @@ -1173,9 +1176,9 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec // Part 4 memcpy(encRndA, recv_data, rndlen); - //PrintAndLogEx(INFO, "encRndA : %s", sprint_hex(encRndA, rndlen)); - //PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen)); - if (dctx->keyType == T_DES) { + PrintAndLogEx(INFO, "encRndA : %s", sprint_hex(encRndA, rndlen)); + PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen)); + /*if (dctx->keyType == T_DES) { if (secureChannel == DACd40) des_decrypt(encRndA, encRndA, key->data); if (secureChannel == DACEV1) @@ -1192,14 +1195,17 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec return 10; } mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndA, encRndA); - } - + }*/ + if (secureChannel == DACd40) + memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); + DesfireCryptoEncDecEx(dctx, DCOMainKey, encRndA, rndlen, encRndA, false, false, IV); + // generate session key from rnda and rndb. before rol(RndA)! DesfireGenSessionKeyEV1(RndA, RndB, dctx->keyType, dctx->sessionKeyEnc); rol(RndA, rndlen); - //PrintAndLogEx(INFO, "Expected_RndA : %s", sprint_hex(RndA, rndlen)); - //PrintAndLogEx(INFO, "Generated_RndA : %s", sprint_hex(encRndA, rndlen)); + PrintAndLogEx(INFO, "Expected_RndA : %s", sprint_hex(RndA, rndlen)); + PrintAndLogEx(INFO, "Generated_RndA : %s", sprint_hex(encRndA, rndlen)); for (uint32_t x = 0; x < rndlen; x++) { if (RndA[x] != encRndA[x]) { if (g_debugMode > 1) { diff --git a/client/src/mifare/desfirecore.h b/client/src/mifare/desfirecore.h index 833c1f8b3..0e8ad26b7 100644 --- a/client/src/mifare/desfirecore.h +++ b/client/src/mifare/desfirecore.h @@ -16,7 +16,7 @@ #include "common.h" #include "cliparser.h" #include "mifare/desfirecrypto.h" -#include "mifare/mifare4.h" +#include "mifare/desfire_crypto.h" #define DESFIRE_TX_FRAME_MAX_LEN 54 diff --git a/client/src/mifare/desfiresecurechan.h b/client/src/mifare/desfiresecurechan.h index 235e3a41b..77b84bafc 100644 --- a/client/src/mifare/desfiresecurechan.h +++ b/client/src/mifare/desfiresecurechan.h @@ -16,7 +16,6 @@ #include "common.h" #include "mifare/desfirecore.h" #include "mifare/desfirecrypto.h" -#include "mifare/desfire_crypto.h" #include "mifare/mifare4.h" typedef struct {