summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlaforge <laforge@e0336214-984f-0b4b-a45f-81c69e1f0ede>2008-01-22 15:46:47 +0000
committerlaforge <laforge@e0336214-984f-0b4b-a45f-81c69e1f0ede>2008-01-22 15:46:47 +0000
commitb14030db2b85f86022686055d572b22014a0b917 (patch)
tree3d38e3a38f29c93bced8d472fd2e247dc65b6ed9
parent322f6919c993efb7fadcf61f212a051ef7287cec (diff)
Patch to implement brute-forcng of mifare classic keys (Bjoern Riemer)
git-svn-id: https://svn.gnumonks.org/trunk/librfid@2040 e0336214-984f-0b4b-a45f-81c69e1f0ede
-rw-r--r--utils/mifare-tool.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/utils/mifare-tool.c b/utils/mifare-tool.c
index dd6f148..664e566 100644
--- a/utils/mifare-tool.c
+++ b/utils/mifare-tool.c
@@ -50,7 +50,8 @@ static void help(void)
" -r --read Read a mifare sector\n"
" -l --loop-read Loop reading a mifare sector\n"
" -w --write Write a mifare sector\n"
- " -k --key Specify mifare access key (in hex tuples)\n");
+ " -k --key Specify mifare access key (in hex tuples)\n"
+ " -b --brute-force n Brute Force read sector n\n");
}
static struct option mifare_opts[] = {
@@ -59,6 +60,7 @@ static struct option mifare_opts[] = {
{ "loop-read", 1, 0, 'l' },
{ "write", 1 ,0, 'w' },
{ "help", 0, 0, 'h' },
+ { "brute-force", 1, 0, 'c' },
{ 0, 0, 0, 0 }
};
@@ -92,6 +94,19 @@ static void mifare_l3(void)
printf("Mifare card available\n");
}
+static void inc_key(char* key, int len)
+{
+ int i;
+
+ if (len <= 0)
+ return;
+ i = len - 1;
+ if (key[i] < 0xff)
+ key[i]++;
+ else
+ key[i] = 0;
+}
+
int main(int argc, char **argv)
{
int len, rc, c, option_index = 0;
@@ -120,12 +135,25 @@ int main(int argc, char **argv)
}
while (1) {
- c = getopt_long(argc, argv, "k:r:l:w:", mifare_opts,
+ c = getopt_long(argc, argv, "k:r:l:w:c:", mifare_opts,
&option_index);
if (c == -1)
break;
switch (c) {
+ int i;
+ case 'c':
+ page = atoi(optarg);
+ printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
+ len = MIFARE_CL_PAGE_SIZE;
+ mifare_l3();
+ for (i = 0; i <= 0xff; i++) {
+ key[MIFARE_CL_KEY_LEN-1]=i;
+ if (mifare_cl_auth(key, page) >= 0)
+ printf("KEY: %s\n",hexdump(key, MIFARE_CL_KEY_LEN));
+ }
+
+ break;
case 'k':
hexread(key, optarg, strlen(optarg));
printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
personal git repositories of Harald Welte. Your mileage may vary