From b14030db2b85f86022686055d572b22014a0b917 Mon Sep 17 00:00:00 2001 From: laforge Date: Tue, 22 Jan 2008 15:46:47 +0000 Subject: Patch to implement brute-forcng of mifare classic keys (Bjoern Riemer) git-svn-id: https://svn.gnumonks.org/trunk/librfid@2040 e0336214-984f-0b4b-a45f-81c69e1f0ede --- utils/mifare-tool.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/utils/mifare-tool.c b/utils/mifare-tool.c index dd6f148..664e566 100644 --- a/utils/mifare-tool.c +++ b/utils/mifare-tool.c @@ -50,7 +50,8 @@ static void help(void) " -r --read Read a mifare sector\n" " -l --loop-read Loop reading a mifare sector\n" " -w --write Write a mifare sector\n" - " -k --key Specify mifare access key (in hex tuples)\n"); + " -k --key Specify mifare access key (in hex tuples)\n" + " -b --brute-force n Brute Force read sector n\n"); } static struct option mifare_opts[] = { @@ -59,6 +60,7 @@ static struct option mifare_opts[] = { { "loop-read", 1, 0, 'l' }, { "write", 1 ,0, 'w' }, { "help", 0, 0, 'h' }, + { "brute-force", 1, 0, 'c' }, { 0, 0, 0, 0 } }; @@ -92,6 +94,19 @@ static void mifare_l3(void) printf("Mifare card available\n"); } +static void inc_key(char* key, int len) +{ + int i; + + if (len <= 0) + return; + i = len - 1; + if (key[i] < 0xff) + key[i]++; + else + key[i] = 0; +} + int main(int argc, char **argv) { int len, rc, c, option_index = 0; @@ -120,12 +135,25 @@ int main(int argc, char **argv) } while (1) { - c = getopt_long(argc, argv, "k:r:l:w:", mifare_opts, + c = getopt_long(argc, argv, "k:r:l:w:c:", mifare_opts, &option_index); if (c == -1) break; switch (c) { + int i; + case 'c': + page = atoi(optarg); + printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN)); + len = MIFARE_CL_PAGE_SIZE; + mifare_l3(); + for (i = 0; i <= 0xff; i++) { + key[MIFARE_CL_KEY_LEN-1]=i; + if (mifare_cl_auth(key, page) >= 0) + printf("KEY: %s\n",hexdump(key, MIFARE_CL_KEY_LEN)); + } + + break; case 'k': hexread(key, optarg, strlen(optarg)); printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN)); -- cgit v1.2.3