const QByteArray Wad::Content( quint16 i )
{
if( tmdData.isEmpty() || tikData.isEmpty() )
{
Err( "Can't decryte data without a TMD and ticket" );
return QByteArray();
}
Ticket ticket( tikData );
Tmd t( tmdData );
if( partsEnc.size() != t.Count() || i >= partsEnc.size() )
{
Err( "I dont know whats going on some number is out of range and i dont like it" );
return QByteArray();
}
QByteArray encData = partsEnc.at( i );
AesSetKey( ticket.DecryptedKey() );
QByteArray decData = AesDecrypt( t.Index( i ), encData );
decData.resize( t.Size( i ) );
QByteArray realHash = GetSha1( decData );
if( realHash != t.Hash( i ) )
{
Err( QString( "hash doesnt match for content %1" ).arg( i ) );
return QByteArray();
}
return decData;
}
int main() {
std::string ToEncrypt, Encrypted, Decrypted, AesKey1, AesKey2;
int retval=0;
AesKey1 = "111112222233333444445555566666664444888885554444888548136241859641"; // 32 Byte = 256 Bit key.
AesKey2 = "111112222233333444445555566666664444888885554444888548136241859641"; // 32 Byte = 256 Bit key.
ToEncrypt = "aaaaaaaaaaaaaabbbbbbbbbbbbbcccccccccccccccddddddddddddddddeeeeeeeeeeeeee";
// Not sure why this is here?
//OpenSSL_add_all_algorithms();
//OpenSSL_add_all_ciphers();
//OpenSSL_add_all_digests();
retval = AesEncrypt(AesKey1, ToEncrypt, Encrypted);
retval = AesDecrypt(AesKey2, Encrypted, Decrypted);
printf( "Original: %s\nDecrypted: %s\n", ToEncrypt.c_str(), Decrypted.c_str() );
return 0;
}
int main(int argc, char** argv)
{
Aes aes;
byte* key; /* user entered key */
FILE* inFile;
FILE* outFile = NULL;
const char* in;
const char* out;
int option; /* choice of how to run program */
int ret = 0; /* return value */
int size = 0;
int inCheck = 0;
int outCheck = 0;
char choice = 'n';
while ((option = getopt(argc, argv, "d:e:i:o:h")) != -1) {
switch (option) {
case 'd': /* if entered decrypt */
size = atoi(optarg);
ret = SizeCheck(size);
choice = 'd';
break;
case 'e': /* if entered encrypt */
size = atoi(optarg);
ret = SizeCheck(size);
choice = 'e';
break;
case 'h': /* if entered 'help' */
help();
break;
case 'i': /* input file */
in = optarg;
inCheck = 1;
inFile = fopen(in, "r");
break;
case 'o': /* output file */
out = optarg;
outCheck = 1;
outFile = fopen(out, "w");
break;
case '?':
if (optopt) {
printf("Ending Session\n");
return -111;
}
default:
abort();
}
}
if (inCheck == 0 || outCheck == 0) {
printf("Must have both input and output file");
printf(": -i filename -o filename\n");
}
else if (ret == 0 && choice != 'n') {
key = malloc(size); /* sets size memory of key */
ret = NoEcho((char*)key, size);
if (choice == 'e')
AesEncrypt(&aes, key, size, inFile, outFile);
else if (choice == 'd')
AesDecrypt(&aes, key, size, inFile, outFile);
}
else if (choice == 'n') {
printf("Must select either -e or -d for encryption and decryption\n");
ret = -110;
}
return ret;
}
void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain){
int len = 0;
//uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47};
uint8_t PICC_MASTER_KEY16[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
uint8_t null_key_data8[8] = {0x00};
//uint8_t null_key_data16[16] = {0x00};
//uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
//uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF};
uint8_t resp[256] = {0x00};
uint8_t IV[16] = {0x00};
size_t datalen = datain[0];
uint8_t cmd[40] = {0x00};
uint8_t encRndB[16] = {0x00};
uint8_t decRndB[16] = {0x00};
uint8_t nonce[16] = {0x00};
uint8_t both[32] = {0x00};
uint8_t encBoth[32] = {0x00};
InitDesfireCard();
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
// 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
// 4 olika crypto algo DES, 3DES, 3K3DES, AES
// 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO
// des, nyckel 0,
switch (mode){
case 1:{
uint8_t keybytes[16];
uint8_t RndA[8] = {0x00};
uint8_t RndB[8] = {0x00};
if (algo == 2) {
if (datain[1] == 0xff){
memcpy(keybytes,PICC_MASTER_KEY16,16);
} else {
memcpy(keybytes, datain+1, datalen);
}
} else {
if (algo == 1) {
if (datain[1] == 0xff){
memcpy(keybytes,null_key_data8,8);
} else{
memcpy(keybytes, datain+1, datalen);
}
}
}
struct desfire_key defaultkey = {0};
desfirekey_t key = &defaultkey;
if (algo == 2)
Desfire_3des_key_new_with_version(keybytes, key);
else if (algo ==1)
Desfire_des_key_new(keybytes, key);
cmd[0] = AUTHENTICATE;
cmd[1] = keyno; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0xaf ){
} else {
DbpString("Authetication failed. Invalid key number.");
OnError(3);
return;
}
memcpy( encRndB, resp+3, 8);
if (algo == 2)
tdes_dec(&decRndB, &encRndB, key->data);
else if (algo == 1)
des_dec(&decRndB, &encRndB, key->data);
memcpy(RndB, decRndB, 8);
rol(decRndB,8);
// This should be random
uint8_t decRndA[8] = {0x00};
memcpy(RndA, decRndA, 8);
uint8_t encRndA[8] = {0x00};
if (algo == 2)
tdes_dec(&encRndA, &decRndA, key->data);
else if (algo == 1)
des_dec(&encRndA, &decRndA, key->data);
memcpy(both, encRndA, 8);
for (int x = 0; x < 8; x++) {
decRndB[x] = decRndB[x] ^ encRndA[x];
}
if (algo == 2)
tdes_dec(&encRndB, &decRndB, key->data);
else if (algo == 1)
des_dec(&encRndB, &decRndB, key->data);
memcpy(both + 8, encRndB, 8);
cmd[0] = ADDITIONAL_FRAME;
memcpy(cmd+1, both, 16 );
len = DesfireAPDU(cmd, 17, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0x00 ){
struct desfire_key sessionKey = {0};
desfirekey_t skey = &sessionKey;
Desfire_session_key_new( RndA, RndB , key, skey );
//print_result("SESSION : ", skey->data, 8);
memcpy(encRndA, resp+3, 8);
if (algo == 2)
tdes_dec(&encRndA, &encRndA, key->data);
else if (algo == 1)
des_dec(&encRndA, &encRndA, key->data);
rol(decRndA,8);
for (int x = 0; x < 8; x++) {
if (decRndA[x] != encRndA[x]) {
DbpString("Authetication failed. Cannot varify PICC.");
OnError(4);
return;
}
}
//Change the selected key to a new value.
/*
// Current key is a 3DES key, change it to a DES key
if (algo == 2) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
uint8_t first, second;
uint8_t buff1[8] = {0x00};
uint8_t buff2[8] = {0x00};
uint8_t buff3[8] = {0x00};
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
tdes_dec(&buff1, &buff1, skey->data);
memcpy(cmd+2,buff1,8);
for (int x = 0; x < 8; x++) {
buff2[x] = buff2[x] ^ buff1[x];
}
tdes_dec(&buff2, &buff2, skey->data);
memcpy(cmd+10,buff2,8);
for (int x = 0; x < 8; x++) {
buff3[x] = buff3[x] ^ buff2[x];
}
tdes_dec(&buff3, &buff3, skey->data);
memcpy(cmd+18,buff3,8);
// The command always times out on the first attempt, this will retry until a response
// is recieved.
len = 0;
while(!len) {
len = DesfireAPDU(cmd,26,resp);
}
} else {
// Current key is a DES key, change it to a 3DES key
if (algo == 1) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
uint8_t newKey[16] = {0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f};
uint8_t first, second;
uint8_t buff1[8] = {0x00};
uint8_t buff2[8] = {0x00};
uint8_t buff3[8] = {0x00};
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
des_dec(&buff1, &buff1, skey->data);
memcpy(cmd+2,buff1,8);
for (int x = 0; x < 8; x++) {
buff2[x] = buff2[x] ^ buff1[x];
}
des_dec(&buff2, &buff2, skey->data);
memcpy(cmd+10,buff2,8);
for (int x = 0; x < 8; x++) {
buff3[x] = buff3[x] ^ buff2[x];
}
des_dec(&buff3, &buff3, skey->data);
memcpy(cmd+18,buff3,8);
// The command always times out on the first attempt, this will retry until a response
// is recieved.
len = 0;
while(!len) {
len = DesfireAPDU(cmd,26,resp);
}
}
}
*/
OnSuccess();
if (algo == 2)
cmd_send(CMD_ACK,1,0,0,skey->data,16);
else if (algo == 1)
cmd_send(CMD_ACK,1,0,0,skey->data,8);
} else {
DbpString("Authetication failed.");
OnError(6);
return;
}
}
break;
case 2:
//SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
break;
case 3:{
//defaultkey
uint8_t keybytes[16] = {0x00};
if (datain[1] == 0xff){
memcpy(keybytes,PICC_MASTER_KEY16,16);
} else{
memcpy(keybytes, datain+1, datalen);
}
struct desfire_key defaultkey = {0x00};
desfirekey_t key = &defaultkey;
Desfire_aes_key_new( keybytes, key);
AesCtx ctx;
if ( AesCtxIni(&ctx, IV, key->data, KEY128, CBC) < 0 ){
if( MF_DBGLEVEL >= 4) {
Dbprintf("AES context failed to init");
}
OnError(7);
return;
}
cmd[0] = AUTHENTICATE_AES;
cmd[1] = 0x00; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
memcpy( encRndB, resp+3, 16);
// dekryptera tagnonce.
AesDecrypt(&ctx, encRndB, decRndB, 16);
rol(decRndB,16);
memcpy(both, nonce,16);
memcpy(both+16, decRndB ,16 );
AesEncrypt(&ctx, both, encBoth, 32 );
cmd[0] = ADDITIONAL_FRAME;
memcpy(cmd+1, encBoth, 32 );
len = DesfireAPDU(cmd, 33, resp); // 1 + 32 == 33
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0x00 ){
// Create AES Session key
struct desfire_key sessionKey = {0};
desfirekey_t skey = &sessionKey;
Desfire_session_key_new( nonce, decRndB , key, skey );
print_result("SESSION : ", skey->data, 16);
} else {
DbpString("Authetication failed.");
OnError(7);
return;
}
break;
}
}
OnSuccess();
cmd_send(CMD_ACK,1,len,0,resp,len);
}
Wad::Wad( const QByteArray &stuff )
{
ok = false;
if( !stuff.size() )//prevent error text when it isnt required
return;
if( stuff.size() < 0x80 )//less than this and there is definitely nothing there
{
Err( "Size is < 0x80" );
return;
}
QByteArray copy = stuff;
QBuffer b( © );
b.open( QIODevice::ReadOnly );
quint32 tmp;
if(b.read( (char*)&tmp, 4 ) != 4)
{
b.close();
Err( "Can't read header size" );
return;
}
if( qFromBigEndian( tmp ) != 0x20 )
{
b.close();
hexdump(stuff, 0, 0x10);
Err( "Bad header size" );
return;
}
b.read( (char*)&tmp, 4 );
tmp = qFromBigEndian( tmp );
if( tmp != 0x49730000 &&
tmp != 0x69620000 &&
tmp != 0x426b0000 )
{
b.close();
hexdump( stuff, 0, 0x40 );
Err( "Bad file magic word" );
return;
}
quint32 certSize;
quint32 tikSize;
quint32 tmdSize;
quint32 appSize;
quint32 footerSize;
b.read( (char*)&certSize, 4 );
certSize = qFromBigEndian( certSize );
b.seek( 0x10 );
b.read( (char*)&tikSize, 4 );
tikSize = qFromBigEndian( tikSize );
b.read( (char*)&tmdSize, 4 );
tmdSize = qFromBigEndian( tmdSize );
b.read( (char*)&appSize, 4 );
appSize = qFromBigEndian( appSize );
b.read( (char*)&footerSize, 4 );
footerSize = qFromBigEndian( footerSize );
b.close();//close the buffer, the rest of the data can be checked without it
//sanity check this thing
quint32 s = stuff.size();
if( s < ( RU( certSize, 0x40 ) + RU( tikSize, 0x40 ) + RU( tmdSize, 0x40 ) + RU( appSize, 0x40 ) + RU( footerSize, 0x40 ) ) )
{
Err( "Total size is less than the combined sizes of all the parts that it is supposed to contain" );
return;
}
quint32 pos = 0x40;
certData = stuff.mid( pos, certSize );
pos += RU( certSize, 0x4 );
tikData = stuff.mid( pos, tikSize );
pos += RU( tikSize, 0x40 );
tmdData = stuff.mid( pos, tmdSize );
pos += RU( tmdSize, 0x40 );
Ticket ticket( tikData );
Tmd t( tmdData );
//the constructor for Ticket may have fixed a bad key index. replace the data just incase it did
tikData = ticket.Data();
//hexdump( tikData );
//hexdump( tmdData );
if( ticket.Tid() != t.Tid() )
qWarning() << "wad contains 2 different TIDs";
quint32 cnt = t.Count();
//qDebug() << "Wad contains" << hex << cnt << "contents";
//another quick sanity check
quint32 totalSize = 0;
for( quint32 i = 0; i < cnt; i++ )
totalSize += t.Size( i );
if( totalSize > appSize )
{
Err( "Size of all the apps in the tmd is greater than the size in the wad header" );
return;
}
//read all the contents, check the hash, and remember the data ( still encrypted )
for( quint32 i = 0; i < cnt; i++ )
{
quint32 s = RU( t.Size( i ), 0x40 );
//qDebug() << "content" << i << "is at" << hex << pos
// << "with size" << s;
QByteArray encData = stuff.mid( pos, s );
pos += s;
//doing this here in case there is some other object that
//is using the AES that would change the key on us
AesSetKey( ticket.DecryptedKey() );
QByteArray decData = AesDecrypt( t.Index( i ), encData );
decData.resize( t.Size( i ) );
QByteArray realHash = GetSha1( decData );
if( realHash != t.Hash( i ) )
{
Err( QString( "hash doesnt match for content %1" ).arg( i ) );
}
partsEnc << encData;
}
//wtf? some VC titles have a full banner as the footer? maybe somebody's wad packer is busted
//QByteArray footer = stuff.mid( pos, stuff.size() - pos );
//qDebug() << "footer";
//hexdump( footer );
ok = true;
}
