From b14030db2b85f86022686055d572b22014a0b917 Mon Sep 17 00:00:00 2001
From: laforge <laforge@e0336214-984f-0b4b-a45f-81c69e1f0ede>
Date: Tue, 22 Jan 2008 15:46:47 +0000
Subject: Patch to implement brute-forcng of mifare classic keys (Bjoern
 Riemer)

git-svn-id: https://svn.gnumonks.org/trunk/librfid@2040 e0336214-984f-0b4b-a45f-81c69e1f0ede
---
 utils/mifare-tool.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/utils/mifare-tool.c b/utils/mifare-tool.c
index dd6f148..664e566 100644
--- a/utils/mifare-tool.c
+++ b/utils/mifare-tool.c
@@ -50,7 +50,8 @@ static void help(void)
 		" -r	--read		Read a mifare sector\n"
 		" -l	--loop-read	Loop reading a mifare sector\n"
 		" -w	--write		Write a mifare sector\n"
-		" -k	--key		Specify mifare access key (in hex tuples)\n");
+		" -k	--key		Specify mifare access key (in hex tuples)\n"
+		" -b    --brute-force n	Brute Force read sector n\n");
 }
 
 static struct option mifare_opts[] = {
@@ -59,6 +60,7 @@ static struct option mifare_opts[] = {
 	{ "loop-read", 1, 0, 'l' },
 	{ "write", 1 ,0, 'w' },
 	{ "help", 0, 0, 'h' },
+	{ "brute-force", 1, 0, 'c' },
 	{ 0, 0, 0, 0 }
 };
 
@@ -92,6 +94,19 @@ static void mifare_l3(void)
 	printf("Mifare card available\n");
 }
 
+static void inc_key(char* key, int len)
+{
+	int i;
+
+	if (len <= 0)
+		return;
+	i = len - 1;
+	if (key[i] < 0xff)
+		key[i]++;
+	else
+		key[i] = 0;
+}
+
 int main(int argc, char **argv)
 {
 	int len, rc, c, option_index = 0;
@@ -120,12 +135,25 @@ int main(int argc, char **argv)
 	}
 
 	while (1) {
-		c = getopt_long(argc, argv, "k:r:l:w:", mifare_opts,
+		c = getopt_long(argc, argv, "k:r:l:w:c:", mifare_opts,
 				&option_index);
 		if (c == -1)
 			break;
 
 		switch (c) {
+			int i;
+		case 'c':
+			page = atoi(optarg);
+			printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
+			len = MIFARE_CL_PAGE_SIZE;
+			mifare_l3();
+			for (i = 0; i <= 0xff; i++) {
+				key[MIFARE_CL_KEY_LEN-1]=i;
+				if (mifare_cl_auth(key, page) >= 0)
+					printf("KEY: %s\n",hexdump(key, MIFARE_CL_KEY_LEN));
+			}
+
+			break;
 		case 'k':
 			hexread(key, optarg, strlen(optarg));
 			printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
-- 
cgit v1.2.3