From fce8affd4881883d96cd8dbaf162efd2eb57b77f Mon Sep 17 00:00:00 2001
From: merlokk <807634+merlokk@users.noreply.github.com>
Date: Sun, 4 Jul 2021 15:43:57 +0300
Subject: [PATCH] fix des authentication

---
 client/src/crypto/libpcrypto.c  | 12 ++++++++
 client/src/crypto/libpcrypto.h  |  2 ++
 client/src/mifare/desfirecore.c | 51 ++++++++++++++++++++++++---------
 3 files changed, 51 insertions(+), 14 deletions(-)

diff --git a/client/src/crypto/libpcrypto.c b/client/src/crypto/libpcrypto.c
index f80eedcf0..d3df5dfda 100644
--- a/client/src/crypto/libpcrypto.c
+++ b/client/src/crypto/libpcrypto.c
@@ -41,6 +41,18 @@ void des_decrypt(void *out, const void *in, const void *key) {
     mbedtls_des_crypt_ecb(&ctx, in, out);
 }
 
+void des_encrypt_cbc(void *out, const void *in, const int length, const void *key, uint8_t *iv) {
+    mbedtls_des_context ctx;
+    mbedtls_des_setkey_enc(&ctx, key);
+    mbedtls_des_crypt_cbc(&ctx, MBEDTLS_DES_ENCRYPT, length, iv, in, out);
+}
+
+void des_decrypt_cbc(void *out, const void *in, const int length, const void *key, uint8_t *iv) {
+    mbedtls_des_context ctx;
+    mbedtls_des_setkey_dec(&ctx, key);
+    mbedtls_des_crypt_cbc(&ctx, MBEDTLS_DES_DECRYPT, length, iv, in, out);
+}
+
 // NIST Special Publication 800-38A — Recommendation for block cipher modes of operation: methods and techniques, 2001.
 int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length) {
     uint8_t iiv[16] = {0};
diff --git a/client/src/crypto/libpcrypto.h b/client/src/crypto/libpcrypto.h
index b1c4b4eee..1c7c745dc 100644
--- a/client/src/crypto/libpcrypto.h
+++ b/client/src/crypto/libpcrypto.h
@@ -18,6 +18,8 @@
 
 void des_encrypt(void *out, const void *in, const void *key);
 void des_decrypt(void *out, const void *in, const void *key);
+void des_encrypt_cbc(void *out, const void *in, const int length, const void *key, uint8_t *iv);
+void des_decrypt_cbc(void *out, const void *in, const int length, const void *key, uint8_t *iv);
 
 int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
 int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c
index 6fead2fdb..118e30109 100644
--- a/client/src/mifare/desfirecore.c
+++ b/client/src/mifare/desfirecore.c
@@ -688,9 +688,12 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
             return 5;
         }
         mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, rndlen, IV, encRndB, RndB);
-    } else if (dctx->keyType == T_DES)
-        des_decrypt(RndB, encRndB, key->data);
-    else if (dctx->keyType == T_3DES)
+    } else if (dctx->keyType == T_DES) {
+        if (dctx->secureChannel == DACd40)
+            des_decrypt(RndB, encRndB, key->data);
+        if (dctx->secureChannel == DACEV1)
+            des_decrypt_cbc(RndB, encRndB, rndlen, key->data, IV);
+    } else if (dctx->keyType == T_3DES)
         tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 2);
     else if (dctx->keyType == T_3K3DES) {
         tdes_nxp_receive(encRndB, RndB, rndlen, key->data, IV, 3);
@@ -709,17 +712,33 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
 
     // - Encrypt our response
     if (dctx->secureChannel == DACd40) {
-        des_decrypt(encRndA, RndA, key->data);
-        memcpy(both, encRndA, rndlen);
+        if (dctx->keyType == T_DES) {
+            des_decrypt(encRndA, RndA, key->data);
+            memcpy(both, encRndA, rndlen);
 
-        for (uint32_t x = 0; x < rndlen; x++) {
-            rotRndB[x] = rotRndB[x] ^ encRndA[x];
+            for (uint32_t x = 0; x < rndlen; x++) {
+                rotRndB[x] = rotRndB[x] ^ encRndA[x];
+            }
+
+            des_decrypt(encRndB, rotRndB, key->data);
+            memcpy(both + rndlen, encRndB, rndlen);
+        } else if (dctx->keyType == T_3DES) {
+            //TODO
         }
-
-        des_decrypt(encRndB, rotRndB, key->data);
-        memcpy(both + rndlen, encRndB, rndlen);
     } else if (dctx->secureChannel == DACEV1 && dctx->keyType != T_AES) {
-        if (dctx->keyType == T_3DES) {
+        if (dctx->keyType == T_DES) {
+            uint8_t tmp[16] = {0x00};
+            memcpy(tmp, RndA, rndlen);
+            memcpy(tmp + rndlen, rotRndB, rndlen);
+            if (g_debugMode > 1) {
+                PrintAndLogEx(DEBUG, "rotRndB: %s", sprint_hex(rotRndB, rndlen));
+                PrintAndLogEx(DEBUG, "Both: %s", sprint_hex(tmp, 16));
+            }
+            des_encrypt_cbc(both, tmp, 16, key->data, IV);
+            if (g_debugMode > 1) {
+                PrintAndLogEx(DEBUG, "EncBoth: %s", sprint_hex(both, 16));
+            }
+        } else if (dctx->keyType == T_3DES) {
             uint8_t tmp[16] = {0x00};
             memcpy(tmp, RndA, rndlen);
             memcpy(tmp + rndlen, rotRndB, rndlen);
@@ -790,9 +809,13 @@ int DesfireAuthenticate(DesfireContext *dctx, DesfireSecureChannel secureChannel
     memcpy(dctx->sessionKeyEnc, sesskey.data, desfire_get_key_length(dctx->keyType));
 
 PrintAndLogEx(INFO, "encRndA : %s", sprint_hex(encRndA, rndlen));
-    if (dctx->keyType == T_DES)
-        des_decrypt(encRndA, encRndA, key->data);
-    else if (dctx->keyType == T_3DES)
+PrintAndLogEx(INFO, "IV : %s", sprint_hex(IV, rndlen));
+    if (dctx->keyType == T_DES){
+        if (dctx->secureChannel == DACd40)
+            des_decrypt(encRndA, encRndA, key->data);
+        if (dctx->secureChannel == DACEV1)
+            des_decrypt_cbc(encRndA, encRndA, rndlen, key->data, IV);
+    } else if (dctx->keyType == T_3DES)
         tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV, 2);
     else if (dctx->keyType == T_3K3DES)
         tdes_nxp_receive(encRndA, encRndA, rndlen, key->data, IV, 3);