• axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Topic: Crypto1 - cipher initialization

Hi, its the first time that i write here, by the way im trying to complete a Mifare authentication with a 8bit microcontroller.

I've found this log with either encrypted and unencrypted nonces:

key:              FF FF FF FF FF FF
UID:              2a 69 8d 43
nT:               3b ae 03 2d
nR+aR:           bb 03 1f 2d     7f cf 34 c3
{nR}+{aR}:   c4! 94 a1 d2   6e! 96 86! 42
aT:                  86 9d bb d5
{aT}:            84 66! 05! 9e!

My first step is to get the same {nR} knowing the nR, the UID and the key

I've already successfully calculated the aR and aT starting from the tag nonce. Now im trying to crypting them.

As I said im using an 8bit microcontroller so i cant even use an unique 48bit or 64bit variable but im trying to avoid this problem.

Anyone may give me some hints how to initialize the cipher step by step focusing also on the bit orientation (LSB/MSB) ?

this is what i've done:

-I've started to set up the cipher with the 48bit key (FF FF FF FF FF FF).
-I've added the nT and the UID shifting the cipher for each of the 32bits adding the new bit on the right
-adding the nR im filling up the {nR}

but i dont get expected results big_smile of course...

may somebody helps me? ThanKs!

sorry for my english and for my newbie questions smile


-AxxE-

  • axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Re: Crypto1 - cipher initialization

It would be helpfull for me even to know some logs of the cipher initialization process.

for example I would like to see the state of the 48bit cipher after filling it with the nT and the UID (after the first 32clocks) knowing the key, the UID and the tag Nonce.

Then i would be able to check if my currently work is ok or no.

Thanks!

Last edited by axxe (2011-03-09 10:49:54)

  • axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Re: Crypto1 - cipher initialization

solved smile

  • Registered: 2011-12-05
  • Posts: 5

Re: Crypto1 - cipher initialization

How did you fix it? I have the same problem. Thank you.

  • axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Re: Crypto1 - cipher initialization

Some of my logs were wrong, especially some logs from some crypto1 explaination's pdf.
Look here on libnfc.org there should be a topic about mifare log, with a lot of examples which helped me a lot.

Good Luck smile

  • Registered: 2011-12-05
  • Posts: 5

Re: Crypto1 - cipher initialization

Hi Axxe,

Thank you very much for your fast reply and advice. So far I used crypt algorithm from libnfc and I get next data
(I used one from website to be able to check if it's correct):

    Initialization values
         UID: de  ad  be  af
         KEY: ff  ff  ff  ff  ff  ff

    Decrypted random nonces
          Nt: b0  0b  77  90
         Nt': cc  02  30  82
        Nt'': eb  4e  fb  2e
          Nr: ae  99  ca  99

    Mifare Classic trace, []=Encrypted
    Auth(00): 60  00  f5  7b
          Nt: b0  0b  77  90
    [Nr,Nt']: ca  fe! ba  be  48  76! af  fa
      [Nt'']: 69  1e  8d  21
      

I obtain next parity bites:
    1, 1, 0, 1, 1, 1, 1, 1

Coverting: ca fe ba  be  48  76 af  fa + parity bites -> ca fd eb f2 8d d4 ee 6b fd (this data should be send on air)
Apply same algorithm for a Mifare clasic 1K -> tag doesn't reply. Do you have some suggestion? Should I send this data with data bit reverse?
Thank you very much in advance.

  • axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Re: Crypto1 - cipher initialization

Hi, i've checked your data with my own tool and it seems ok.

http://img38.imageshack.us/img38/127/catturaeh.jpg

If you have this encrypted data: ca  fe! ba  be  48  76! af  fa
You have to send it on air. I dunno why you are converting it on ca fd eb f2 8d d4 ee 6b fd ...

You just have to send it ca  fe! ba  be  48  76! af  fa. Fixing the parity bits.

Example:

send 0xCA with correct parity bit (8bit data + 1bit parity)
send 0xFE with inverted parity bit (8bit data + 1bit parity)
...and so on

You have to send 9bit for each byte. You DONT have to change the second byte from FE to FD but you just have to add the inverted parity bit on FE.

I hope it helps.

  • Registered: 2011-12-05
  • Posts: 5

Re: Crypto1 - cipher initialization

Hi Axxe,

Thank you very much for your fast reply. So far I'm using ST CH95HR tranceiver to send and receive data.
This tranceiver has just simple commands like send and receive data:

EX: 04 08  ca  fe ba  be  48  76 af  fa 0x08
0x04 = cmd
0x08 = length
data
0x08 = don't calculate CRC

Practically I can't specify parity bit (on/off) and this was the reason I try to calculate also parity bit.
I try with and without parity bit and I received always time out. If you have some suggestion will perfect.
Thank you very much in advance.

  • axxe
  • Member
  • Offline
  • Registered: 2011-01-30
  • Posts: 10

Re: Crypto1 - cipher initialization

The problem is your tranceiver, you should be able to calculate and send your own parity bits.

In my case I've developed myself a code for a microcontroller, so im able so manage every single bit during the whole transmission process.

If you can't get access on the parity bits you wont be able to manage with Mifare cards, im sorry.

Solutions? change your transceiver to a better one which let you manage every single bit, not only the entire bytes.

  • Registered: 2011-12-05
  • Posts: 5

Re: Crypto1 - cipher initialization

Thank you very much. I'm in contact with ST (they reply after 1 week). I'll keep you informed about feedback/solution. Thank you very much for your help one more.