]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhfmfdes.c
CHG: Script now also test to read block 0 via the chinese magic command if the normal...
[proxmark3-svn] / client / cmdhfmfdes.c
CommitLineData
f38a1528 1//-----------------------------------------------------------------------------
2// Copyright (C) 2014 Iceman
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency MIFARE Desfire commands
9//-----------------------------------------------------------------------------
10
11#include <stdio.h>
12#include <stdlib.h>
13#include <string.h>
14#include <ctype.h>
0ec548dc 15//#include <openssl/des.h>
16#include "loclass/des.h"
f38a1528 17#include "cmdmain.h"
18#include "proxmark3.h"
19#include "../include/common.h"
20#include "../include/mifare.h"
21#include "../common/iso14443crc.h"
22#include "data.h"
23#include "ui.h"
24#include "cmdparser.h"
25#include "util.h"
26#include "cmdhfmfdes.h"
27
f6c18637 28uint8_t CMDPOS = 0;
29uint8_t LENPOS = 1;
f38a1528 30
95e63594 31uint8_t key_zero_data[16] = { 0x00 };
32uint8_t key_ones_data[16] = { 0x01 };
f38a1528 33uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
f6c18637 34uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
f38a1528 35
36static int CmdHelp(const char *Cmd);
37static void xor(unsigned char * dst, unsigned char * src, size_t len);
38static int32_t le24toh (uint8_t data[3]);
39
40
41int CmdHF14ADesWb(const char *Cmd)
42{
43/* uint8_t blockNo = 0;
44 uint8_t keyType = 0;
45 uint8_t key[6] = {0, 0, 0, 0, 0, 0};
46 uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
47
48 char cmdp = 0x00;
49
50 if (strlen(Cmd)<3) {
51 PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
52 PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
53 return 0;
54 }
55
56 blockNo = param_get8(Cmd, 0);
57 cmdp = param_getchar(Cmd, 1);
58 if (cmdp == 0x00) {
59 PrintAndLog("Key type must be A or B");
60 return 1;
61 }
62 if (cmdp != 'A' && cmdp != 'a') keyType = 1;
63 if (param_gethex(Cmd, 2, key, 12)) {
64 PrintAndLog("Key must include 12 HEX symbols");
65 return 1;
66 }
67 if (param_gethex(Cmd, 3, bldata, 32)) {
68 PrintAndLog("Block data must include 32 HEX symbols");
69 return 1;
70 }
71 PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
72 PrintAndLog("--data: %s", sprint_hex(bldata, 16));
73
74 UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
75 memcpy(c.d.asBytes, key, 6);
76 memcpy(c.d.asBytes + 10, bldata, 16);
77 SendCommand(&c);
78
79 UsbCommand resp;
80 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
81 uint8_t isOK = resp.arg[0] & 0xff;
82 PrintAndLog("isOk:%02x", isOK);
83 } else {
84 PrintAndLog("Command execute timeout");
85 }
86 */
87 return 0;
88}
89
90int CmdHF14ADesRb(const char *Cmd)
91{
92 // uint8_t blockNo = 0;
93 // uint8_t keyType = 0;
94 // uint8_t key[6] = {0, 0, 0, 0, 0, 0};
95
96 // char cmdp = 0x00;
97
98
99 // if (strlen(Cmd)<3) {
100 // PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");
101 // PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
102 // return 0;
103 // }
104
105 // blockNo = param_get8(Cmd, 0);
106 // cmdp = param_getchar(Cmd, 1);
107 // if (cmdp == 0x00) {
108 // PrintAndLog("Key type must be A or B");
109 // return 1;
110 // }
111 // if (cmdp != 'A' && cmdp != 'a') keyType = 1;
112 // if (param_gethex(Cmd, 2, key, 12)) {
113 // PrintAndLog("Key must include 12 HEX symbols");
114 // return 1;
115 // }
116 // PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
117
118 // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
119 // memcpy(c.d.asBytes, key, 6);
120 // SendCommand(&c);
121
122 // UsbCommand resp;
123 // if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
124 // uint8_t isOK = resp.arg[0] & 0xff;
125 // uint8_t * data = resp.d.asBytes;
126
127 // if (isOK)
128 // PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
129 // else
130 // PrintAndLog("isOk:%02x", isOK);
131 // } else {
132 // PrintAndLog("Command execute timeout");
133 // }
134
135 return 0;
136}
137
138int CmdHF14ADesInfo(const char *Cmd){
139
313ee67e 140 UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
f38a1528 141 SendCommand(&c);
142 UsbCommand resp;
143
313ee67e 144 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
f38a1528 145 PrintAndLog("Command execute timeout");
146 return 0;
313ee67e 147 }
148 uint8_t isOK = resp.arg[0] & 0xff;
149 if ( !isOK ){
3d93d4f9 150 PrintAndLog("Command unsuccessful");
313ee67e 151 return 0;
f38a1528 152 }
f6c18637 153 PrintAndLog("");
154 PrintAndLog("-- Desfire Information --------------------------------------");
f38a1528 155 PrintAndLog("-------------------------------------------------------------");
156 PrintAndLog(" UID : %s",sprint_hex(resp.d.asBytes, 7));
157 PrintAndLog(" Batch number : %s",sprint_hex(resp.d.asBytes+28,5));
158 PrintAndLog(" Production date : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
f6c18637 159 PrintAndLog(" -----------------------------------------------------------");
f38a1528 160 PrintAndLog(" Hardware Information");
161 PrintAndLog(" Vendor Id : %s", GetVendorStr(resp.d.asBytes[7]));
162 PrintAndLog(" Type : 0x%02X",resp.d.asBytes[8]);
163 PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[9]);
164 PrintAndLog(" Version : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
165 PrintAndLog(" Storage size : %s",GetCardSizeStr(resp.d.asBytes[12]));
166 PrintAndLog(" Protocol : %s",GetProtocolStr(resp.d.asBytes[13]));
f6c18637 167 PrintAndLog(" -----------------------------------------------------------");
f38a1528 168 PrintAndLog(" Software Information");
169 PrintAndLog(" Vendor Id : %s",GetVendorStr(resp.d.asBytes[14]));
170 PrintAndLog(" Type : 0x%02X",resp.d.asBytes[15]);
171 PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[16]);
172 PrintAndLog(" Version : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
173 PrintAndLog(" storage size : %s", GetCardSizeStr(resp.d.asBytes[19]));
174 PrintAndLog(" Protocol : %s", GetProtocolStr(resp.d.asBytes[20]));
175 PrintAndLog("-------------------------------------------------------------");
176
f6c18637 177 // Master Key settings
178 GetKeySettings(NULL);
313ee67e 179
f6c18637 180 // Free memory on card
181 c.cmd = CMD_MIFARE_DESFIRE;
182 c.arg[0] = (INIT | DISCONNECT);
183 c.arg[1] = 0x01;
184 c.d.asBytes[0] = GET_FREE_MEMORY;
185 SendCommand(&c);
313ee67e 186 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
187 return 0;
188 }
189
f38a1528 190 uint8_t tmp[3];
313ee67e 191 memcpy(tmp, resp.d.asBytes+3,3);
f38a1528 192
f6c18637 193 PrintAndLog(" Available free memory on card : %d bytes", le24toh( tmp ));
f38a1528 194 PrintAndLog("-------------------------------------------------------------");
3d93d4f9 195
f38a1528 196 /*
75465377 197 Card Master key (CMK) 0x00 AID = 00 00 00 (card level)
198 Application Master Key (AMK) 0x00 AID != 00 00 00
199 Application keys (APK) 0x01-0x0D
200 Application free 0x0E
201 Application never 0x0F
f38a1528 202
203 ACCESS RIGHTS:
204 keys 0,1,2,3 C
205 keys 4,5,6,7 RW
206 keys 8,9,10,11 W
207 keys 12,13,14,15 R
f6c18637 208
f38a1528 209 */
210
f38a1528 211 return 1;
212}
213
214char * GetVendorStr( uint8_t id){
215 static char buf[30];
216 char *retStr = buf;
217
218 if ( id == 0x04 )
219 sprintf(retStr, "0x%02X (NXP)",id);
220 else
221 sprintf(retStr,"0x%02X (Unknown)",id);
222 return buf;
223}
224
225/*
226 The 7 MSBits (= n) code the storage size itself based on 2^n,
227 the LSBit is set to '0' if the size is exactly 2^n
228 and set to '1' if the storage size is between 2^n and 2^(n+1).
229 For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
230*/
231char * GetCardSizeStr( uint8_t fsize ){
232
233 static char buf[30];
234 char *retStr = buf;
235
236 uint16_t usize = 1 << ((fsize >>1) + 1);
237 uint16_t lsize = 1 << (fsize >>1);
238
239 // is LSB set?
0ec548dc 240 if ( fsize & 1 )
f38a1528 241 sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
242 else
243 sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
244 return buf;
245}
246
247char * GetProtocolStr(uint8_t id){
248
249 static char buf[30];
250 char *retStr = buf;
251
252 if ( id == 0x05)
253 sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
254 else
0ec548dc 255 sprintf(retStr,"0x%02X (Unknown)", id);
f38a1528 256 return buf;
257}
258
f6c18637 259void GetKeySettings( uint8_t *aid){
3d93d4f9 260
f6c18637 261 char messStr[512] = {0x00};
262 char *str = messStr;
263 uint8_t isOK = 0;
264 uint32_t options = NONE;
265 UsbCommand c;
266 UsbCommand resp;
267
268 //memset(messStr, 0x00, 512);
75465377 269
f6c18637 270 c.cmd = CMD_MIFARE_DESFIRE;
271
272 if ( aid == NULL ){
273 PrintAndLog(" CMK - PICC, Card Master Key settings ");
274 PrintAndLog("");
275 c.arg[CMDPOS] = (INIT | DISCONNECT);
276 c.arg[LENPOS] = 0x01;
277 c.d.asBytes[0] = GET_KEY_SETTINGS; // 0x45
278 SendCommand(&c);
279 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
280 isOK = resp.arg[0] & 0xff;
281 if ( !isOK ){
282 PrintAndLog(" Can't select master application");
283 return;
284 }
285
286 str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";
287 PrintAndLog(" [0x08] Configuration changeable : %s", str);
288 str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
289 PrintAndLog(" [0x04] CMK required for create/delete : %s",str);
290 str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
291 PrintAndLog(" [0x02] Directory list access with CMK : %s",str);
292 str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
293 PrintAndLog(" [0x01] CMK is changeable : %s", str);
294
295 c.arg[LENPOS] = 0x02; //LEN
296 c.d.asBytes[0] = GET_KEY_VERSION; //0x64
297 c.d.asBytes[1] = 0x00;
298 SendCommand(&c);
299 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {
300 return;
301 }
302 isOK = resp.arg[0] & 0xff;
303 if ( !isOK ){
304 PrintAndLog(" Can't read key-version");
305 return;
306 }
307 PrintAndLog("");
308 PrintAndLog(" Max number of keys : %d", resp.d.asBytes[4]);
309 PrintAndLog(" Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
310 PrintAndLog(" ----------------------------------------------------------");
311
312 c.arg[LENPOS] = 0x02; //LEN
313 c.d.asBytes[0] = AUTHENTICATE; //0x0A
314 c.d.asBytes[1] = 0x00; // KEY 0
315 SendCommand(&c);
316 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
317 isOK = resp.d.asBytes[2] & 0xff;
318 PrintAndLog(" [0x0A] Authenticate : %s", ( isOK==0xAE ) ? "NO":"YES");
319
320 c.d.asBytes[0] = AUTHENTICATE_ISO; //0x1A
321 SendCommand(&c);
322 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
323 isOK = resp.d.asBytes[2] & 0xff;
324 PrintAndLog(" [0x1A] Authenticate ISO : %s", ( isOK==0xAE ) ? "NO":"YES");
325
326 c.d.asBytes[0] = AUTHENTICATE_AES; //0xAA
327 SendCommand(&c);
328 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
329 isOK = resp.d.asBytes[2] & 0xff;
330 PrintAndLog(" [0xAA] Authenticate AES : %s", ( isOK==0xAE ) ? "NO":"YES");
331 PrintAndLog("");
332 PrintAndLog(" ----------------------------------------------------------");
333
334 } else {
335 PrintAndLog(" AMK - Application Master Key settings");
336
337 // SELECT AID
338 c.arg[0] = (INIT | CLEARTRACE);
339 c.arg[LENPOS] = 0x04;
340 c.d.asBytes[0] = SELECT_APPLICATION; // 0x5a
341 memcpy(c.d.asBytes+1, aid, 3);
342 SendCommand(&c);
343
344 if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
345 PrintAndLog(" Timed-out");
346 return;
347 }
348 isOK = resp.arg[0] & 0xff;
349 if ( !isOK ){
350 PrintAndLog(" Can't select AID: %s",sprint_hex(aid,3));
351 return;
352 }
353
354 // KEY SETTINGS
355 options = NONE;
356 c.arg[0] = options;
357 c.arg[LENPOS] = 0x01;
358 c.d.asBytes[0] = GET_KEY_SETTINGS; // 0x45
359 SendCommand(&c);
360 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
361 return;
362 }
363 isOK = resp.arg[0] & 0xff;
364 if ( !isOK ){
365 PrintAndLog(" Can't read Application Master key settings");
366 } else {
367 // Access rights.
368 uint8_t rights = (resp.d.asBytes[3] >> 4 && 0xff);
369 switch (rights){
370 case 0x00:
371 str = "AMK authentication is necessary to change any key (default)";
372 break;
373 case 0x0e:
374 str = "Authentication with the key to be changed (same KeyNo) is necessary to change a key";
375 break;
376 case 0x0f:
377 str = "All keys (except AMK,see Bit0) within this application are frozen";
378 break;
379 default:
380 str = "Authentication with the specified key is necessary to change any ley. A change key and a PICC master key (CMK) can only be changed after authentication with the master key. For keys other then the master or change key, an authentication with the same key is needed.";
381 break;
382 }
383 PrintAndLog("Changekey Access rights");
384 PrintAndLog("-- %s",str);
385 PrintAndLog("");
386 // same as CMK
387 str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";
388 PrintAndLog(" 0x08 Configuration changeable : %s", str);
389 str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
390 PrintAndLog(" 0x04 AMK required for create/delete : %s",str);
391 str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
392 PrintAndLog(" 0x02 Directory list access with AMK : %s",str);
393 str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
394 PrintAndLog(" 0x01 AMK is changeable : %s", str);
395 }
396
397 // KEY VERSION - AMK
398 c.arg[0] = NONE;
399 c.arg[LENPOS] = 0x02;
400 c.d.asBytes[0] = GET_KEY_VERSION; //0x64
401 c.d.asBytes[1] = 0x00;
402 SendCommand(&c);
403 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
404 PrintAndLog(" Timed-out");
405 return;
406 }
407
408 int numOfKeys;
409
410 isOK = resp.arg[0] & 0xff;
411 if ( !isOK ){
412 PrintAndLog(" Can't read Application Master key version. Trying all keys");
413 numOfKeys = MAX_NUM_KEYS;
414 }
415 else{
416 numOfKeys = resp.d.asBytes[4];
417 PrintAndLog("");
418 PrintAndLog(" Max number of keys : %d", numOfKeys );
419 PrintAndLog(" Application Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
420 PrintAndLog("-------------------------------------------------------------");
421 }
422
423 // LOOP over numOfKeys that we got before.
424 // From 0x01 to numOfKeys. We already got 0x00. (AMK)
425 for(int i=0x01; i<=0x0f; ++i){
426
427 }
428
429
430 }
431}
432
433int CmdHF14ADesEnumApplications(const char *Cmd){
434
435 uint8_t isOK = 0x00;
436 uint8_t aid[3];
437 uint32_t options = (INIT | DISCONNECT);
75465377 438
439 UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }};
440 c.d.asBytes[0] = GET_APPLICATION_IDS; //0x6a
f6c18637 441
3d93d4f9 442 SendCommand(&c);
443 UsbCommand resp;
444
445 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
446 return 0;
447 }
f6c18637 448 isOK = resp.arg[0] & 0xff;
3d93d4f9 449 if ( !isOK ){
450 PrintAndLog("Command unsuccessful");
451 return 0;
452 }
f6c18637 453 PrintAndLog("");
454 PrintAndLog("-- Desfire Enumerate Applications ---------------------------");
3d93d4f9 455 PrintAndLog("-------------------------------------------------------------");
456
75465377 457 UsbCommand respAid;
458 UsbCommand respFiles;
3d93d4f9 459
460 uint8_t num = 0;
461 int max = resp.arg[1] -3 -2;
462
463 for(int i=3; i<=max; i+=3){
75465377 464 PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]);
3d93d4f9 465 num++;
466
f6c18637 467 aid[0] = resp.d.asBytes[i];
468 aid[1] = resp.d.asBytes[i+1];
469 aid[2] = resp.d.asBytes[i+2];
470 GetKeySettings(aid);
471
472 // Select Application
473 c.arg[CMDPOS] = INIT;
474 c.arg[LENPOS] = 0x04;
475 c.d.asBytes[0] = SELECT_APPLICATION; // 0x5a
476 c.d.asBytes[1] = resp.d.asBytes[i];
477 c.d.asBytes[2] = resp.d.asBytes[i+1];
478 c.d.asBytes[3] = resp.d.asBytes[i+2];
479 SendCommand(&c);
75465377 480
481 if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) {
482 PrintAndLog(" Timed-out");
483 continue;
484 }
f6c18637 485 isOK = respAid.d.asBytes[2] & 0xff;
486 if ( isOK != 0x00 ){
75465377 487 PrintAndLog(" Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3));
488 continue;
489 }
490
f6c18637 491 // Get File IDs
492 c.arg[CMDPOS] = NONE;
493 c.arg[LENPOS] = 0x01;
494 c.d.asBytes[0] = GET_FILE_IDS; // 0x6f
495 SendCommand(&c);
75465377 496
497 if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
498 PrintAndLog(" Timed-out");
499 continue;
500 } else {
f6c18637 501 isOK = respFiles.d.asBytes[2] & 0xff;
75465377 502 if ( !isOK ){
f6c18637 503 PrintAndLog(" Can't get file ids ");
504 } else {
505 int respfileLen = resp.arg[1]-3-2;
506 for (int j=0; j< respfileLen; ++j){
507 PrintAndLog(" Fileid %d :", resp.d.asBytes[j+3]);
508 }
75465377 509 }
f6c18637 510 }
511
512 // Get ISO File IDs
513 c.arg[CMDPOS] = DISCONNECT;
514 c.arg[LENPOS] = 0x01;
515 c.d.asBytes[0] = GET_ISOFILE_IDS; // 0x61
516 SendCommand(&c);
3d93d4f9 517
f6c18637 518 if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
519 PrintAndLog(" Timed-out");
520 continue;
521 } else {
522 isOK = respFiles.d.asBytes[2] & 0xff;
523 if ( !isOK ){
524 PrintAndLog(" Can't get ISO file ids ");
525 } else {
526 int respfileLen = resp.arg[1]-3-2;
527 for (int j=0; j< respfileLen; ++j){
528 PrintAndLog(" ISO Fileid %d :", resp.d.asBytes[j+3]);
529 }
75465377 530 }
531 }
3d93d4f9 532
f6c18637 533
3d93d4f9 534 }
535 PrintAndLog("-------------------------------------------------------------");
536
537
f38a1528 538 return 1;
539}
540
f38a1528 541// MIAFRE DesFire Authentication
542//
f6c18637 543#define BUFSIZE 256
f38a1528 544int CmdHF14ADesAuth(const char *Cmd){
545
546 // NR DESC KEYLENGHT
547 // ------------------------
548 // 1 = DES 8
549 // 2 = 3DES 16
550 // 3 = 3K 3DES 24
551 // 4 = AES 16
f6c18637 552
f38a1528 553 uint8_t keylength = 8;
f6c18637 554 unsigned char key[24];
f38a1528 555
556 if (strlen(Cmd)<3) {
557 PrintAndLog("Usage: hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
f6c18637 558 PrintAndLog(" Auth modes");
559 PrintAndLog(" 1 = normal, 2 = iso, 3 = aes");
560 PrintAndLog(" Crypto");
561 PrintAndLog(" 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
562 PrintAndLog("");
f38a1528 563 PrintAndLog(" sample: hf mfdes auth 1 1 0 11223344");
f6c18637 564 PrintAndLog(" sample: hf mfdes auth 3 4 0 404142434445464748494a4b4c4d4e4f");
f38a1528 565 return 0;
566 }
567 uint8_t cmdAuthMode = param_get8(Cmd,0);
568 uint8_t cmdAuthAlgo = param_get8(Cmd,1);
569 uint8_t cmdKeyNo = param_get8(Cmd,2);
570
571 switch (cmdAuthMode)
572 {
573 case 1:
574 if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
575 PrintAndLog("Crypto algo not valid for the auth mode");
576 return 1;
577 }
578 break;
579 case 2:
580 if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
581 PrintAndLog("Crypto algo not valid for the auth mode");
582 return 1;
583 }
584 break;
585 case 3:
586 if ( cmdAuthAlgo != 4) {
587 PrintAndLog("Crypto algo not valid for the auth mode");
588 return 1;
589 }
590 break;
591 default:
592 PrintAndLog("Wrong Auth mode");
593 return 1;
594 break;
595 }
596
597 switch (cmdAuthAlgo){
598 case 2:
599 keylength = 16;
600 PrintAndLog("3DES selected");
601 break;
602 case 3:
603 keylength = 24;
604 PrintAndLog("3 key 3DES selected");
605 break;
606 case 4:
607 keylength = 16;
608 PrintAndLog("AES selected");
609 break;
610 default:
611 cmdAuthAlgo = 1;
612 keylength = 8;
613 PrintAndLog("DES selected");
614 break;
615 }
616
617 // key
618 if (param_gethex(Cmd, 3, key, keylength*2)) {
619 PrintAndLog("Key must include %d HEX symbols", keylength);
620 return 1;
621 }
622