I can't compile your project about crypto1_bs HOT 124 CLOSED

It looks like you need to install the libnfc-dev(el) package on your machine. Yes you understood correctly, it's all in the paper by Meijer and Verdult.
I can't share compiled versions because of the license restriction of CraptEV1.

from crypto1_bs.

Can you send me on e-mail compile version ?

05.05.2016, 18:02, "Aram Verstegen" [email protected]:

It looks like you need to install the libnfc-dev(el) package on your machine. Yes you understood correctly, it's all in the paper by Meijer and Verdult.
I can't share compiled versions because of the license restriction of CraptEV1.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub

from crypto1_bs.

No. I just told you why.

from crypto1_bs.

How install the libnfc-dev(el) packages on Windows 7 ?

from crypto1_bs.

I think that on e-mail can. I try install libnfc, do you can to help me please.

05.05.2016, 20:18, "Aram Verstegen" [email protected]:

No. I just told you why.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub

from crypto1_bs.

This software is not supported on Windows (yet). You could try using a Linux VM?

from crypto1_bs.

I use Kali Linux, i try compile your program sush as: make -f Makefile but i get errors.

from crypto1_bs.

apt-get install libnfc-dev

from crypto1_bs.

I install firstly libnfc this:
root@kali:~# apt-get install libnfc-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libusb-dev
The following NEW packages will be installed:
libnfc-dev libusb-dev
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 123 kB of archives.
After this operation, 465 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://http.kali.org/kali/ sana/main libusb-dev i386 2:0.1.12-25 [36.4 kB]
Get:2 http://http.kali.org/kali/ sana/main libnfc-dev i386 1.7.1-2 [86.4 kB]
Fetched 123 kB in 1s (99.9 kB/s)
Selecting previously unselected package libusb-dev.
(Reading database ... 323492 files and directories currently installed.)
Preparing to unpack .../libusb-dev_2%3a0.1.12-25_i386.deb ...
Unpacking libusb-dev (2:0.1.12-25) ...
Selecting previously unselected package libnfc-dev:i386.
Preparing to unpack .../libnfc-dev_1.7.1-2_i386.deb ...
Unpacking libnfc-dev:i386 (1.7.1-2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up libusb-dev (2:0.1.12-25) ...
Setting up libnfc-dev:i386 (1.7.1-2) ...

I download your project and try use makefile but i get error.
root@kali:# cd crypto1_bs-master
root@kali:/crypto1_bs-master# ls
0xcafec0de.bin crypto1_bs.h README.md
crypto1_bs.c libnfc_crypto1_crack.c solve_bs.c
crypto1_bs_crack.c Makefile solve_piwi_bs.c
crypto1_bs_crack.h pwpiwi_proxmark3_hard_nested.patch solve_piwi.c
root@kali:~/crypto1_bs-master# make -f Makefile
gcc -O3 craptev1-v1.0/solve.c -fPIC -shared -o solve.so
gcc: error: craptev1-v1.0/solve.c: No such file or directory
gcc: fatal error: no input files
compilation terminated.
Makefile:12: recipe for target 'all' failed
make: *** [all] Error 4

Please, help me that i do wrong.

from crypto1_bs.

You need to also run make get_crapto1 and make get_craptev1 from the build directory to get the dependencies.

from crypto1_bs.

I do this comand: make get_crapto1 and make get_craptev1
After i do thic and get new error:
root@kali:~/crypto1_bs-master# make -f Makefile
gcc -O3 craptev1-v1.0/solve.c -fPIC -shared -o solve.so
gcc -std=c99 -O3 -march=native -mpopcnt solve_bs.c crypto1_bs.c crypto1_bs_crack.c -Icraptev1-v1.0 craptev1-v1.0/craptev1.c crapto1-v3.3/crapto1.c ./solve.so -o solve_bs -lpthread
In file included from crapto1-v3.3/crapto1.c:20:0:
crapto1-v3.3/crapto1.h: In function ‘parity’:
crapto1-v3.3/crapto1.h:69:9: warning: implicit declaration of function ‘asm’ [-Wimplicit-function-declaration]
asm( "movl %1, %%eax\n"
^
crapto1-v3.3/crapto1.h:75:35: error: expected ‘)’ before ‘:’ token
"movzx %%al, %0\n": "=r"(x) : "r"(x): "eax","ecx");
^
Makefile:12: recipe for target 'all' failed
make: *** [all] Error 1

Problem with code crapto1-v3.3/crapto1.h
How fix this.

from crypto1_bs.

try renaming "asm" to "__asm__"

from crypto1_bs.

Thank you program work)
I have question how long need collected nonced. Now i try hack mifare classic emulated.
And how long time this need to get key differnet block.

from crypto1_bs.

See #7

from crypto1_bs.

Thank, i read then. Please one question)

/libnfc_crypto1_crack A0A1A2A3A4A5 0 A 4 A
Found tag with uid 2a274e80, collecting nonces for key A of block 4 using known key A a0a1a2a3a4a5 for block 0
Collected 2133 nonces... leftover complexity 849608704 (~2^29.66) - initializing brute-force phase...
Starting 2 threads to test 849608704 states using 128-way bitslicing
Cracking... 503%

Program work from 0% to 503% and again 0% to 503%.
And process repeat. This is correct or card isn't exploit.
I understand correctly that in my choose program will brut about 849 608 704 keys.
How long time do you think, bigger hour or less.

from crypto1_bs.

Hmm, yes that doesn't look correct at all...

from crypto1_bs.

I hack card mifare plus that work as mifare classic with emulation. Darkside and nested attack are failed on this card. I want hardnested on this card try known keys.

from crypto1_bs.

Are you on a 32-bit (virtual) machine?

from crypto1_bs.

I uses Kali Linux.
root@kali:~# uname -a
Linux kali 4.0.0-kali1-686-pae #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) i686 GNU/Linux
This i686.

from crypto1_bs.

I have pushed a fix for the counting of states, please try it now.

from crypto1_bs.

Do I need again download program in your github.

from crypto1_bs.

Just run git pull

from crypto1_bs.

I get error.
root@kali:~/crypto1_bs-master# git pull
fatal: Not a git repository (or any of the parent directories): .git

from crypto1_bs.

Oh, you downloaded it without git? Then yeah, you need to re-download... Easier is to do git clone https://github.com/aczid/crypto1_bs.git from your home directory, then you can keep in sync with git pull.

from crypto1_bs.

To be honest I have not tested the code on any 32 bit system yet, so I can't give you any guarantees on whether that will work at all. Sorry. You do seem to have 128 bit vector operations available...

from crypto1_bs.

Your advice about bit Kali Linux. I can to download other linux version. I use kali on usb flesh and boot kali across bios. Give mt please link on system that you tested program. And you use usb flash or virtual machine.

from crypto1_bs.

Any 64-bit Linux should work. But I would appreciate it if you could test on 32 bit with the latest version? I use libusb natively on Ubuntu 14.04.

from crypto1_bs.

Ok, i can test your program on 32. Linux kali 4.0.0-kali1-686-pae latest or not.
Now hack classic 1k without super emulation that hack with dark and simple nested.

I re-download.
./libnfc_crypto1_crack A0A1A2A3A4A5 0 A 4 A
Found tag with uid 423562a6, collecting nonces for key A of block 4 using known key A a0a1a2a3a4a5 for block 0
Collected 3069 nonces... leftover complexity 849608704 (~2^1998461791791167533291873765896778849441855454227681048023115925054656643554503658285162182652433256024930071390757093056264434140793609565179433420403443838360024725025518649190101181914364623402789569896553910497438630834018086070596416394581027729967583625834659840.00) - initializing brute-force phase...
Starting 2 threads to test 849608704 states using 0-way bitslicing
Cracking... 4200%
only increased number % and not repeat. Now correct work program or not.

What maximum % need wait me)

from crypto1_bs.

The complexity calculation and "0-way bitslicing" looks entirely wrong. I'm sorry, please try it natively from a usb stick with 64-bit Linux.

from crypto1_bs.

Ok, i will download http://cdimage.kali.org/kali-2016.1/kali-linux-2016.1-i386.iso on this link 64 bit kali. Right ? Is this latest version Kali ?

from crypto1_bs.

No that's i386 again, you need http://cdimage.kali.org/kali-2016.1/kali-linux-2016.1-amd64.iso

from crypto1_bs.

I've added a new patch again, tested on 64 bit Linux with 32-bit compiled binary, and the % numbers are correct now. (It also finds the key.)

from crypto1_bs.

I do not quite understand.
You offer to save the compiled program on kali 32 and move to 64-bit kali ? I was going to download and compile again on 64 kali your program.

from crypto1_bs.

Well, just try it on Kali 64 to get something that works. I just want to make sure my program also works correctly on 32 bit...

from crypto1_bs.

Ok, i try 32 bit binary on 64 bit and if it fail i will re-download program.

from crypto1_bs.

Now restart kali 32 and start program and other rezult:
root@kali:~/crypto1_bs# ./libnfc_crypto1_crack 112233445566 0 B 5 B
Found tag with uid 4d24c289, collecting nonces for key B of block 5 using known key B 112233445566 for block 0
Collected 1775 nonces... leftover complexity 1695692288 (~2^-nan) - press enter Collected 1784 nonces... leftover complexity 1695692288 (~2^-nan) - press enter Collected 1794 nonces... leftover complexity 1695692288 (~2^-nan) - press enter Collected 1804 nonces... leftover complexity 1695692288 (~2^-nan) - press enter Collected 1813 nonces... leftover complexity 1695692288 (~2^-nan) - press enter Collected 1823 nonces... leftover complexity 1695692288 (~2^-nan) - press enter to start brute-force phase
Collected 1832 nonces... leftover complexity 1695692288 (~2^-nan) - initializing brute-force phase...
Starting 2 threads to test 1695692288 states using 4294967295-way bitslicing
Cracking... 0.00%

And % stay on 0.00% 5 minutes yet.
This correct or not.

from crypto1_bs.

I've tried it by compiling with -m32 and it seems like craptev1 doesn't work well at all. You could verify this by trying the solve program in craptev1. It will return a very large number. I think you should try on the 64 bit image I linked for you. Thanks for trying.

from crypto1_bs.

I install 64 bit kali and:
libnfc_crypto1_crack A0A1A2A3A4A5 0 A 4 A
Found tag with uid 4debc279, collecting nonces for key A of block 4 using known key A a0a1a2a3a4a5 for block 0
Collected 2665 nonces... leftover complexity 1126131040256 (~2^40.03) - press enCollected 2675 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-force phase
Collected 2684 nonces... leftover complexity 1126131040256 (~2^40.03) - initializing brute-force phase...
Starting 2 threads to test 23661390384 states using 128-way bitslicing
Cracking... 39.24%
% grow about 0.5% in sec.
Now correct or not.

from crypto1_bs.

Now 105%. What about maximum % wait.

from crypto1_bs.

I don't know what is wrong. 105% does not make sense, of course.

from crypto1_bs.

Why % bigger then 100% stay on in program. This I on 64 bit Kali. I try hack classic 1k card without emulation. Why don't work, what do. Your advice,please.

from crypto1_bs.

I have reverted the changes I made to support 32-bit (which isn't going to work). Please try the latest git version again.

from crypto1_bs.

I did git pull and again:
/libnfc_crypto1_crack A0A1A2A3A4A5 0 A 4 A
Found tag with uid 4debc279, collecting nonces for key A of block 4 using known key A a0a1a2a3a4a5 for block 0
Collected 2220 nonces... leftover complexity 1126131040256 (~2^40.03) - press enCollected 2230 nonces... leftover complexity 1126131040256 (~2^40.03) - press enCollected 2239 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-force phase
Collected 2248 nonces... leftover complexity 1126131040256 (~2^40.03) - initializing brute-force phase...
Starting 2 threads to test 1126131040256 states using 128-way bitslicing
Cracking... 0.25%
% increase 0.01% in sec. Now now very slow go process. Usually this programm with such speed work or not.

from crypto1_bs.

Ok, it looks like it works correctly now. Now it is a matter of balancing the speed of your PC with how many states are left over after a number of nonces are collected. The complexity will go down with more nonces. It starts automatically under 2^37.

from crypto1_bs.

Your advice don't press enter when program ask me and wait and give program get more nonce number, right ?

from crypto1_bs.

Yep. That's only provided to force starting when your machine is very fast.

from crypto1_bs.

I have machine that isn't very fast. notebook. Press enter or not in my choose ?

from crypto1_bs.

Just be patient.

from crypto1_bs.

Ok, i write you about rezult across 1-3 hour)

from crypto1_bs.

Good luck! And see #7 . It can take minutes or hours per key and it can fail sometimes. But keep trying.

from crypto1_bs.

Can you give your virtual machine more cores? Or try booting a real Linux from USB? It will be faster.

from crypto1_bs.

I try booting Kali Linux from USB.

from crypto1_bs.

Also on 64-bit you no longer have the __asm__ / asm issue, right? :)

from crypto1_bs.

Yes, compile sucessfull with asm without __

from crypto1_bs.

I will remember this next time this comes up as an issue!

from crypto1_bs.

Ok, thank you.

from crypto1_bs.

Collected 4730 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 4740 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 4749 nonces... leftover complexity 79161478400 (~2^36.20) - initializing brute-force phase...
Starting 2 threads to test 79161478400 states using 128-way bitslicing
Cracking... 99.95%
No solution found :(
Why this fail.

from crypto1_bs.

Sometimes it just fails. Because it's a probabilistic attack. You only get 95% guarantee. Try again.

from crypto1_bs.

How many you get fail in this program before get key. Statistics interest me)

from crypto1_bs.

I've had it fail 10 times before it worked!

from crypto1_bs.

Oh, will try get key :))

from crypto1_bs.

Are you running from USB now? It's much faster, right? :)

from crypto1_bs.

Yes, i always with USB running this kali)

from crypto1_bs.

Oh I thought you had a VM.

from crypto1_bs.

No, VM very slowly. I like use on booting with USB)

from crypto1_bs.

Okay, at least now 2^37 after enough nonces finishes very fast, right?

from crypto1_bs.

Yes very fast finished.

from crypto1_bs.

Okay, nice to hear that. :) Maybe you can try at 2^38 or higher too - it's only 2x as long. Etc. 2^40 is quite a big number though, that's why that didn't work.

from crypto1_bs.

Now other card with emulation classic 1k try.
Collected 6147 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6157 nonces... leftover complexity 68926322320 (~2^36.00) - initializing brute-force phase...
Starting 2 threads to test 68926322320 states using 128-way bitslicing
Cracking... 23%

from crypto1_bs.

If you start the brute-force phase and it doesn't go very fast and you want to try again, you should replace: fp = fopen(filename, "wb"); to fp = fopen(filename, "wb+"); to re-use the nonces you've already gathered.

from crypto1_bs.

thank, I change program)

from crypto1_bs.

Oh wait, that only works when you use the solve_* programs next to this libnfc_* program...

from crypto1_bs.

I didn't add the code to re-load the saved nonces yet... Sorry.

from crypto1_bs.

How is the other card doing?

from crypto1_bs.

other card mifare plus with emulation mifare classic. Now 50% and 2^36 numbers.

from crypto1_bs.

Ok please let me know how it goes.

from crypto1_bs.

log, of course.

Collected 6110 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6119 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6128 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6138 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6147 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 6157 nonces... leftover complexity 68926322320 (~2^36.00) - initializing brute-force phase...
Starting 2 threads to test 68926322320 states using 128-way bitslicing
Cracking...73,77%

from crypto1_bs.

Cracking... 99.99%
No solution found :(

from crypto1_bs.

Keep trying...

from crypto1_bs.

ok)

from crypto1_bs.

"Maybe you can try at 2^38" How stop program when 2^38, program have many 2^40 and last fastly on 2^36. How catch 2^38 in program.

from crypto1_bs.

No, it's all or nothing. Either you can go at 2^40, or at 2^36, or nothing.

from crypto1_bs.

2^40 you have sucessfull or not.

from crypto1_bs.

There is some uncertainty in the attack. This is described in the paper.

from crypto1_bs.

I right understand that on 2^40 program will very slowly but i have more chance find key than on 2^36

from crypto1_bs.

The crypto1 cipher uses 48 bits so the maximum keyspace is 2^48, but that's quite big. So we reduce it to a smaller space using some probabilities based on the encrypted nonces, and can check that with the encrypted parity bits.

from crypto1_bs.

Well, yeah. There is a trade-off between the online (nonce collecting) time and the offline (brute forcing) time. It could be that you would spend several hours more to reduce the space to under 2^37 but could actually do 2^40 of brute-force in that time.

from crypto1_bs.

Yes, i read about crypto-1 mifare classic practical attack. New attack about hardnested don't read yet. I see only today about this new attack. Do you try hack jcop41 card with emulation mifare classic in this program.

from crypto1_bs.

No, I have never heard of that. Javacard emulation of MFC?

from crypto1_bs.

Yes.

from crypto1_bs.

Okay, this sounds new to me, but I don't see why this attack would not work, because it attacks the protocol, not any specific chip. Please let me know about your results!

from crypto1_bs.

2 times trying, wait nonce package.

from crypto1_bs.

Now Collected 8115 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 8124 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-foCollected 8134 nonces... leftover complexity 1126131040256 (~2^40.03) - press enter to start brute-fo

from crypto1_bs.

In first was this: foCollected 6157 nonces... leftover complexity 68926322320 (~2^36.00)

from crypto1_bs.

It all depends. There is some math going on in craptev1 that I don't fully understand. :)

from crypto1_bs.

Ok,understand))

from crypto1_bs.

I find keyB and want to read in card keyA across keyB. Do you can to say how without brut find KeyA know KeyB yet.

from crypto1_bs.

Problem with jcop42 card with emulation mifare classic 1k. (sak 28 ataq 0004)
root@kali:~/crypto1_bs# ./libnfc_crypto1_crack a0a1a2a3a4a5 5 B 0 B
Error while requesting plain tag-nonce Some other error occurred.
Found tag with uid 6767b9d1, collecting nonces for key B of block 0 using known key B a0a1a2a3a4a5 for block 5
Don't move the tag!

from crypto1_bs.

Sorry, had to sleep for a bit. :) Don't move the tag, don't unplug usb, don't suspend your machine, etc. Unfortunately the newer cards don't allow the reading of key A with key B or vice versa. :( You have to crack them both.

from crypto1_bs.

I don,t move tag but this message only when i try hack card jcop41 with emulation MST. Can you fix this bag ?

from crypto1_bs.