refactor: move logic from standalone funcs to state class

Author: li0ard

.github/workflows/test.yml

@@ -19,12 +19,5 @@ jobs:
       - name: Install dependencies
         run: bun i
       - name: Run tests
-        run: bun test:nested
-      - name: Setup LCOV
-        uses: hrishikesh-kadam/setup-lcov@v1
-      - name: Report code coverage
-        uses: zgosalvez/github-actions-report-lcov@v4
-        with:
-          coverage-files: coverage/lcov.info
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+        run: bun test
 

README.md

@@ -78,5 +78,4 @@ Some parts were based on or greatly inspired by these projects:
 
 - [crapto1](https://github.com/li0ard/crapto1) - Original version in C
 - [Crapto1Sharp](https://github.com/kgamecarter/Crapto1Sharp) - Version in C#
-- [mfkey32nested](https://github.com/RfidResearchGroup/proxmark3/blob/master/tools/mfc/card_reader/mfkey32nested.c) - Recovery by nested auth (by @doegox)
-- [chameleon-ultra.js](https://github.com/taichunmin/chameleon-ultra.js/) - Implementation of nested attacks on JS (by @taichunmin)
+- [mfkey32nested](https://github.com/RfidResearchGroup/proxmark3/blob/master/tools/mfc/card_reader/mfkey32nested.c) - Recovery by nested auth (by @doegox)

bunfig.toml

@@ -4,29 +4,22 @@
  * Ported from https://github.com/equipter/mfkey by li0ard
  */
 
-import { crypto1_word, lfsr_recovery32, lfsr_rollback_word, prng_successor } from "../src";
+import { lfsr_recovery32, prng_successor } from "../src";
 
 if (process.argv.length < 9) {
-    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <tag challenge> <reader challenge> <reader response> <tag challenge #2> <reader challenge #2> <reader response #2>')
-    console.log('Example: [bun/node] mfkey32.ts 23a12659 182c6685 3893952a 9613a859 b3aac455 f05e18ac 2c479869')
-    process.exit(1)
+    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <tag challenge> <reader challenge> <reader response> <tag challenge #2> <reader challenge #2> <reader response #2>');
+    console.log('Example: [bun/node] mfkey32.ts 23a12659 182c6685 3893952a 9613a859 b3aac455 f05e18ac 2c479869');
+    process.exit(1);
 }
 
-const dec2hex = (dec: number, bits: number) => {
-    if (dec < 0) {
-        return (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0')
-    } else {
-        return dec.toString(16).padStart(bits / 4, '0');
-    }
-}
-
-const uid = parseInt(process.argv[2], 16)
-const chal = parseInt(process.argv[3], 16)
-const rchal = parseInt(process.argv[4], 16)
-const rresp = parseInt(process.argv[5], 16)
-const chal2 = parseInt(process.argv[6], 16)
-const rchal2 = parseInt(process.argv[7], 16)
-const rresp2 = parseInt(process.argv[8], 16)
+const dec2hex = (dec: number, bits: number): string => (dec < 0) ? (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0') : dec.toString(16).padStart(bits / 4, '0');
+const uid = parseInt(process.argv[2], 16);
+const chal = parseInt(process.argv[3], 16);
+const rchal = parseInt(process.argv[4], 16);
+const rresp = parseInt(process.argv[5], 16);
+const chal2 = parseInt(process.argv[6], 16);
+const rchal2 = parseInt(process.argv[7], 16);
+const rresp2 = parseInt(process.argv[8], 16);
 
 console.log(`MIFARE Classic key recovery - based 32 bits of keystream
 Recover key from two 32-bit reader authentication answers only
@@ -38,30 +31,30 @@ Recovering key for:
  {ar_0}: ${dec2hex(rresp, 32)}
    nt_1: ${dec2hex(chal2, 32)}
  {nr_1}: ${dec2hex(rchal2, 32)}
- {ar_1}: ${dec2hex(rresp2, 32)}\n`)
+ {ar_1}: ${dec2hex(rresp2, 32)}\n`);
 
 const p64 = prng_successor(chal, 64)
 const p64b = prng_successor(chal2, 64);
 
 console.log(`LFSR successors of the tag challenge:
   nt': ${dec2hex(p64, 32)}
- nt'': ${dec2hex(p64b, 32)}\n`)
+ nt'': ${dec2hex(p64b, 32)}\n`);
 
 let ks2 = rresp ^ p64;
 
 console.log(`Keystream used to generate {ar} and {at}:
-  ks2: ${dec2hex(ks2, 32)}\n`)
+  ks2: ${dec2hex(ks2, 32)}\n`);
 
 let s = lfsr_recovery32(rresp ^ p64, 0);
 for (let t = 0; (s[t].odd !== 0) || (s[t].even !== 0); ++t) {
-    lfsr_rollback_word(s[t], 0, false);
-    lfsr_rollback_word(s[t], rchal, true);
-    lfsr_rollback_word(s[t], uid ^ chal, false);
-    let key = s[t].lfsr
-    crypto1_word(s[t], uid ^ chal2, false);
-    crypto1_word(s[t], rchal2, true);
-    if (rresp2 === (crypto1_word(s[t], 0, false) ^ prng_successor(chal2, 64))) {
-        console.log(`Found Key: [${key.toString(16).padStart(12, "0")}]`)
+    s[t].rollback_word();
+    s[t].rollback_word(rchal, true);
+    s[t].rollback_word(uid ^ chal);
+    const key = s[t].lfsr;
+    s[t].word(uid ^ chal2);
+    s[t].word(rchal2, true);
+    if (rresp2 === (s[t].word() ^ prng_successor(chal2, 64))) {
+        console.log(`Found Key: [${key.toString(16).padStart(12, "0")}]`);
         break;
     }
 }

examples/mfkey32.ts

@@ -1,33 +1,21 @@
-import fs from "fs"
+import { readFileSync } from "fs";
 import { recovery32 } from "../src";
 
 if (process.argv.length < 3) {
-    console.log('Usage: [bun/node] ' + process.argv[1] + ' /path/to/.mfkey32.log')
-    console.log('Example: [bun/node] mfkey32_flipper.ts .mfkey32.log')
-    process.exit(1)
+    console.log('Usage: [bun/node] ' + process.argv[1] + ' /path/to/.mfkey32.log');
+    console.log('Example: [bun/node] mfkey32_flipper.ts .mfkey32.log');
+    process.exit(1);
 }
 
-const nonces = new TextDecoder().decode(fs.readFileSync(process.argv[2])).split('\n')
-if (nonces[nonces.length - 1]!.length === 0) {
-    nonces.pop()
-}
+const nonces = new TextDecoder().decode(readFileSync(process.argv[2])).split('\n');
+if (nonces[nonces.length - 1]!.length === 0) nonces.pop();
+const keys = new Set<string>();
 
-const keys = new Set<string>()
 for (let i = 0; i < nonces.length; i++) {
-    const args = nonces[i]!.slice(nonces[i]!.indexOf('cuid')).split(' ').filter((e, i) => i % 2 === 1)
-    console.log(`Cracking nonce ${i + 1} of ${nonces.length}`)
-    const key = recovery32(
-        parseInt(args[0], 16),
-        parseInt(args[1], 16),
-        parseInt(args[2], 16),
-        parseInt(args[3], 16),
-        parseInt(args[4], 16),
-        parseInt(args[5], 16),
-        parseInt(args[6], 16),
-    )
-    if(key !== -1n) {
-        keys.add(key.toString(16).padStart(12, "0"))
-    }
+    const args = nonces[i]!.slice(nonces[i]!.indexOf('cuid')).split(' ').filter((e, i) => i % 2 === 1);
+    console.log(`Cracking nonce ${i + 1} of ${nonces.length}`);
+    const key = recovery32(parseInt(args[0], 16), parseInt(args[1], 16), parseInt(args[2], 16), parseInt(args[3], 16), parseInt(args[4], 16), parseInt(args[5], 16), parseInt(args[6], 16));
+    if(key !== -1n) keys.add(key.toString(16).padStart(12, "0"));
 }
 
-console.log(`\nKeys: ${keys.size != 0 ? Array.from(keys).join(", ") : "-"}`)
+console.log(`\nKeys: ${keys.size != 0 ? Array.from(keys).join(", ") : "-"}`);

examples/mfkey32_flipper.ts

@@ -4,27 +4,20 @@
  * Ported from https://github.com/RfidResearchGroup/proxmark3/blob/master/tools/mfc/card_reader/mfkey32nested.c by li0ard
  */
 
-import { crypto1_word, lfsr_recovery32, lfsr_rollback_word, prng_successor } from "../src";
+import { lfsr_recovery32, prng_successor } from "../src";
 
 if (process.argv.length < 7) {
-    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <nt> <{nt}> <{nr}> <{ar}>')
-    console.log('Example: [bun/node] mfkey32nested.ts 5c467f63 4bbf8a12 abb30bd1 46033966 adc18162')
-    process.exit(1)
+    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <nt> <{nt}> <{nr}> <{ar}>');
+    console.log('Example: [bun/node] mfkey32nested.ts 5c467f63 4bbf8a12 abb30bd1 46033966 adc18162');
+    process.exit(1);
 }
 
-const dec2hex = (dec: number, bits: number) => {
-    if (dec < 0) {
-        return (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0')
-    } else {
-        return dec.toString(16).padStart(bits / 4, '0');
-    }
-}
-
-const uid = parseInt(process.argv[2], 16)
-const chal = parseInt(process.argv[3], 16)
-const enc_chal = parseInt(process.argv[4], 16)
-const rchal = parseInt(process.argv[5], 16)
-const rresp = parseInt(process.argv[6], 16)
+const dec2hex = (dec: number, bits: number): string => (dec < 0) ? (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0') : dec.toString(16).padStart(bits / 4, '0');
+const uid = parseInt(process.argv[2], 16);
+const chal = parseInt(process.argv[3], 16);
+const enc_chal = parseInt(process.argv[4], 16);
+const rchal = parseInt(process.argv[5], 16);
+const rresp = parseInt(process.argv[6], 16);
 
 console.log(`MIFARE Classic key recovery - based 32 bits of keystream
 Recover key from one reader authentication answer only
@@ -34,28 +27,28 @@ Recovering key for:
      nt: ${dec2hex(chal, 32)}
    {nt}: ${dec2hex(enc_chal, 32)}
    {nr}: ${dec2hex(rchal, 32)}
-   {ar}: ${dec2hex(rresp, 32)}\n`)
+   {ar}: ${dec2hex(rresp, 32)}\n`);
 
-let ar = prng_successor(chal, 64);
-let ks0 = enc_chal ^ chal;
-let ks2 = rresp ^ ar;
+const ar = prng_successor(chal, 64);
+const ks0 = enc_chal ^ chal;
+const ks2 = rresp ^ ar;
 
-console.log(`\nLFSR successor of the tag challenge:`)
-console.log(`     ar: ${dec2hex(ar, 32)}`)
+console.log(`\nLFSR successor of the tag challenge:`);
+console.log(`     ar: ${dec2hex(ar, 32)}`);
 console.log(`\nKeystream used to generate {nt}:
-    ks0: ${dec2hex(ks0, 32)}`)
+    ks0: ${dec2hex(ks0, 32)}`);
 console.log(`\nKeystream used to generate {ar}:
-    ks2: ${dec2hex(ks2, 32)}`)
+    ks2: ${dec2hex(ks2, 32)}`);
 
-let s = lfsr_recovery32(ks0, uid ^ chal);
+const s = lfsr_recovery32(ks0, uid ^ chal);
 
 for (let t = 0; (s[t].odd !== 0) || (s[t].even !== 0); t++) {
-    crypto1_word(s[t], rchal, true);
-    if(ks2 == crypto1_word(s[t], 0)) {
-        lfsr_rollback_word(s[t], 0);
-        lfsr_rollback_word(s[t], rchal, true);
-        lfsr_rollback_word(s[t], uid ^ chal);
-        let key = s[t].lfsr
+    s[t].word(rchal, true);
+    if(ks2 == s[t].word()) {
+        s[t].rollback_word();
+        s[t].rollback_word(rchal, true);
+        s[t].rollback_word(uid ^ chal);
+        const key = s[t].lfsr;
         console.log(`\nFound Key: [${key.toString(16).padStart(12, "0")}]`)
         break;
     }

examples/mfkey32nested.ts

@@ -3,37 +3,29 @@
  * 
  * Ported from https://github.com/equipter/mfkey by li0ard
  */
-import { crypto1_byte, lfsr_recovery64, lfsr_rollback_byte, lfsr_rollback_word, prng_successor } from "../src"
+import { lfsr_recovery64, prng_successor } from "../src";
 
 if (process.argv.length < 7) {
-    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <tag challenge> <reader challenge> <reader response> <tag response>')
-    console.log('Example: [bun/node] mfkey64.ts 14579f69 ce844261 f8049ccb 0525c84f 9431cc40')
-    process.exit(1)
+    console.log('Usage: [bun/node] ' + process.argv[1] + ' <uid> <tag challenge> <reader challenge> <reader response> <tag response>');
+    console.log('Example: [bun/node] mfkey64.ts 14579f69 ce844261 f8049ccb 0525c84f 9431cc40');
+    process.exit(1);
 }
 
-const dec2hex = (dec: number, bits: number) => {
-    if (dec < 0) {
-        return (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0')
-    } else {
-        return dec.toString(16).padStart(bits / 4, '0');
-    }
-}
+const dec2hex = (dec: number, bits: number): string => (dec < 0) ? (Math.pow(2, bits) + dec).toString(16).padStart(bits / 4, '0') : dec.toString(16).padStart(bits / 4, '0');
 
-const uid = parseInt(process.argv[2], 16)
-const chal = parseInt(process.argv[3], 16)
-const rchal = parseInt(process.argv[4], 16)
-const rresp = parseInt(process.argv[5], 16)
-const tresp = parseInt(process.argv[6], 16)
+const uid = parseInt(process.argv[2], 16);
+const chal = parseInt(process.argv[3], 16);
+const rchal = parseInt(process.argv[4], 16);
+const rresp = parseInt(process.argv[5], 16);
+const tresp = parseInt(process.argv[6], 16);
 
-let encc = process.argv.length - 7
-let enclen: number[] = Array(encc)
-let enc: number[][] = Array.from({ length: encc }, () => new Array(120));
+const encc = process.argv.length - 7;
+const enclen: number[] = Array(encc);
+const enc: number[][] = Array.from({ length: encc }, () => new Array(120));
 
 for (let i = 0; i < encc; i++) {
     enclen[i] = (process.argv[i + 7].length) / 2;
-    for (let i2 = 0; i2 < enclen[i]; i2++) {
-        enc[i][i2] = parseInt(process.argv[i + 7].substring(i2 * 2, i2 * 2 + 2), 16)
-    }
+    for (let i2 = 0; i2 < enclen[i]; i2++) enc[i][i2] = parseInt(process.argv[i + 7].substring(i2 * 2, i2 * 2 + 2), 16);
 }
 
 console.log(`MIFARE Classic key recovery - based 64 bits of keystream
@@ -42,51 +34,47 @@ Recovering key for:
    nt: ${dec2hex(chal, 32)}
  {nr}: ${dec2hex(rchal, 32)}
  {ar}: ${dec2hex(rresp, 32)}
- {at}: ${dec2hex(tresp, 32)}\n`)
+ {at}: ${dec2hex(tresp, 32)}\n`);
 
 for (let i = 0; i < encc; i++) {
-    process.stdout.write(`{enc${i}}: `)
-    for (let i2 = 0; i2 < enclen[i]; i2++) {
-        process.stdout.write(dec2hex(enc[i][i2], 8))
-    }
-    console.log("")
+    process.stdout.write(`{enc${i}}: `);
+    for (let i2 = 0; i2 < enclen[i]; i2++) process.stdout.write(dec2hex(enc[i][i2], 8));
+    console.log("");
 }
 
-const p64 = prng_successor(chal, 64)
+const p64 = prng_successor(chal, 64);
 console.log(`\nLFSR successors of the tag challenge:
   nt': ${dec2hex(p64, 32)}
- nt'': ${dec2hex(prng_successor(p64, 32), 32)}\n`)
+ nt'': ${dec2hex(prng_successor(p64, 32), 32)}\n`);
 
-const ks2 = rresp ^ p64
-const ks3 = tresp ^ prng_successor(p64, 32)
+const ks2 = rresp ^ p64;
+const ks3 = tresp ^ prng_successor(p64, 32);
 
 console.log(`Keystream used to generate {ar} and {at}:
   ks2: ${dec2hex(ks2, 32)}
-  ks3: ${dec2hex(ks3, 32)}\n`)
+  ks3: ${dec2hex(ks3, 32)}\n`);
 
-let s = lfsr_recovery64(ks2, ks3)[0]
+const s = lfsr_recovery64(ks2, ks3)[0];
 
 if(process.argv.length > 7) {
-    console.log("Decrypted communication:")
+    console.log("Decrypted communication:");
     let ks4 = 0;
     let rollb = 0;
     for (let i = 0; i < encc; i++) {
-        process.stdout.write(`{dec${i}}: `)
+        process.stdout.write(`{dec${i}}: `);
         for (let i2 = 0; i2 < enclen[i]; i2++) {
-            ks4 = crypto1_byte(s, 0);
-            process.stdout.write(dec2hex(ks4 ^ enc[i][i2], 8))
+            ks4 = s.byte(0);
+            process.stdout.write(dec2hex(ks4 ^ enc[i][i2], 8));
             rollb += 1;
         }
-        console.log("")
+        console.log("");
     }
-    for (let i = 0; i < rollb; i++) lfsr_rollback_byte(s, 0)
+    for (let i = 0; i < rollb; i++) s.rollback_byte(0);
 }
-let postAuthState = s.lfsr
-
-lfsr_rollback_word(s, 0)
-lfsr_rollback_word(s, 0)
-lfsr_rollback_word(s, rchal, true)
-lfsr_rollback_word(s, uid^chal)
+const postAuthState = s.lfsr;
+s.rollback_word();
+s.rollback_word();
+s.rollback_word(rchal, true);
+s.rollback_word(uid^chal);
 
-console.log(`\nFound Key: [${s.lfsr.toString(16).padStart(12, "0")}]
-Post-auth state: [${postAuthState.toString(16).padStart(12, "0")}]`)
+console.log(`\nFound Key: [${s.lfsr.toString(16).padStart(12, "0")}]\nPost-auth state: [${postAuthState.toString(16).padStart(12, "0")}]`);