]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhfmfdes.c
BUG: Read the wrong page(2) as Capability container, should be 3.
[proxmark3-svn] / client / cmdhfmfdes.c
CommitLineData
f38a1528 1//-----------------------------------------------------------------------------
2// Copyright (C) 2014 Iceman
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency MIFARE Desfire commands
9//-----------------------------------------------------------------------------
10
11#include <stdio.h>
12#include <stdlib.h>
13#include <string.h>
14#include <ctype.h>
0ec548dc 15//#include <openssl/des.h>
16#include "loclass/des.h"
f38a1528 17#include "cmdmain.h"
18#include "proxmark3.h"
19#include "../include/common.h"
20#include "../include/mifare.h"
21#include "../common/iso14443crc.h"
22#include "data.h"
23#include "ui.h"
24#include "cmdparser.h"
25#include "util.h"
26#include "cmdhfmfdes.h"
5e336f53 27#include "cmdhf14a.h"
28
f38a1528 29
f6c18637 30uint8_t CMDPOS = 0;
31uint8_t LENPOS = 1;
f38a1528 32
95e63594 33uint8_t key_zero_data[16] = { 0x00 };
34uint8_t key_ones_data[16] = { 0x01 };
f38a1528 35uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
f6c18637 36uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
f38a1528 37
38static int CmdHelp(const char *Cmd);
39static void xor(unsigned char * dst, unsigned char * src, size_t len);
40static int32_t le24toh (uint8_t data[3]);
41
42
43int CmdHF14ADesWb(const char *Cmd)
44{
45/* uint8_t blockNo = 0;
46 uint8_t keyType = 0;
47 uint8_t key[6] = {0, 0, 0, 0, 0, 0};
48 uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
49
50 char cmdp = 0x00;
51
52 if (strlen(Cmd)<3) {
53 PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
54 PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
55 return 0;
56 }
57
58 blockNo = param_get8(Cmd, 0);
59 cmdp = param_getchar(Cmd, 1);
60 if (cmdp == 0x00) {
61 PrintAndLog("Key type must be A or B");
62 return 1;
63 }
64 if (cmdp != 'A' && cmdp != 'a') keyType = 1;
65 if (param_gethex(Cmd, 2, key, 12)) {
66 PrintAndLog("Key must include 12 HEX symbols");
67 return 1;
68 }
69 if (param_gethex(Cmd, 3, bldata, 32)) {
70 PrintAndLog("Block data must include 32 HEX symbols");
71 return 1;
72 }
73 PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
74 PrintAndLog("--data: %s", sprint_hex(bldata, 16));
75
76 UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
77 memcpy(c.d.asBytes, key, 6);
78 memcpy(c.d.asBytes + 10, bldata, 16);
79 SendCommand(&c);
80
81 UsbCommand resp;
82 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
83 uint8_t isOK = resp.arg[0] & 0xff;
84 PrintAndLog("isOk:%02x", isOK);
85 } else {
86 PrintAndLog("Command execute timeout");
87 }
88 */
89 return 0;
90}
91
92int CmdHF14ADesRb(const char *Cmd)
93{
94 // uint8_t blockNo = 0;
95 // uint8_t keyType = 0;
96 // uint8_t key[6] = {0, 0, 0, 0, 0, 0};
97
98 // char cmdp = 0x00;
99
100
101 // if (strlen(Cmd)<3) {
102 // PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");
103 // PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
104 // return 0;
105 // }
106
107 // blockNo = param_get8(Cmd, 0);
108 // cmdp = param_getchar(Cmd, 1);
109 // if (cmdp == 0x00) {
110 // PrintAndLog("Key type must be A or B");
111 // return 1;
112 // }
113 // if (cmdp != 'A' && cmdp != 'a') keyType = 1;
114 // if (param_gethex(Cmd, 2, key, 12)) {
115 // PrintAndLog("Key must include 12 HEX symbols");
116 // return 1;
117 // }
118 // PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
119
120 // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
121 // memcpy(c.d.asBytes, key, 6);
122 // SendCommand(&c);
123
124 // UsbCommand resp;
125 // if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
126 // uint8_t isOK = resp.arg[0] & 0xff;
127 // uint8_t * data = resp.d.asBytes;
128
129 // if (isOK)
130 // PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
131 // else
132 // PrintAndLog("isOk:%02x", isOK);
133 // } else {
134 // PrintAndLog("Command execute timeout");
135 // }
136
137 return 0;
138}
139
140int CmdHF14ADesInfo(const char *Cmd){
141
313ee67e 142 UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
f38a1528 143 SendCommand(&c);
144 UsbCommand resp;
145
313ee67e 146 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
f38a1528 147 PrintAndLog("Command execute timeout");
148 return 0;
313ee67e 149 }
150 uint8_t isOK = resp.arg[0] & 0xff;
151 if ( !isOK ){
3d93d4f9 152 PrintAndLog("Command unsuccessful");
313ee67e 153 return 0;
f38a1528 154 }
f6c18637 155 PrintAndLog("");
156 PrintAndLog("-- Desfire Information --------------------------------------");
f38a1528 157 PrintAndLog("-------------------------------------------------------------");
158 PrintAndLog(" UID : %s",sprint_hex(resp.d.asBytes, 7));
159 PrintAndLog(" Batch number : %s",sprint_hex(resp.d.asBytes+28,5));
160 PrintAndLog(" Production date : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
f6c18637 161 PrintAndLog(" -----------------------------------------------------------");
f38a1528 162 PrintAndLog(" Hardware Information");
5e336f53 163 PrintAndLog(" Vendor Id : %s", getTagInfo(resp.d.asBytes[7]));
f38a1528 164 PrintAndLog(" Type : 0x%02X",resp.d.asBytes[8]);
165 PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[9]);
166 PrintAndLog(" Version : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
167 PrintAndLog(" Storage size : %s",GetCardSizeStr(resp.d.asBytes[12]));
168 PrintAndLog(" Protocol : %s",GetProtocolStr(resp.d.asBytes[13]));
f6c18637 169 PrintAndLog(" -----------------------------------------------------------");
f38a1528 170 PrintAndLog(" Software Information");
5e336f53 171 PrintAndLog(" Vendor Id : %s", getTagInfo(resp.d.asBytes[14]));
f38a1528 172 PrintAndLog(" Type : 0x%02X",resp.d.asBytes[15]);
173 PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[16]);
174 PrintAndLog(" Version : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
175 PrintAndLog(" storage size : %s", GetCardSizeStr(resp.d.asBytes[19]));
176 PrintAndLog(" Protocol : %s", GetProtocolStr(resp.d.asBytes[20]));
177 PrintAndLog("-------------------------------------------------------------");
178
f6c18637 179 // Master Key settings
180 GetKeySettings(NULL);
313ee67e 181
f6c18637 182 // Free memory on card
183 c.cmd = CMD_MIFARE_DESFIRE;
184 c.arg[0] = (INIT | DISCONNECT);
185 c.arg[1] = 0x01;
186 c.d.asBytes[0] = GET_FREE_MEMORY;
187 SendCommand(&c);
313ee67e 188 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
189 return 0;
190 }
191
f38a1528 192 uint8_t tmp[3];
313ee67e 193 memcpy(tmp, resp.d.asBytes+3,3);
f38a1528 194
f6c18637 195 PrintAndLog(" Available free memory on card : %d bytes", le24toh( tmp ));
f38a1528 196 PrintAndLog("-------------------------------------------------------------");
3d93d4f9 197
f38a1528 198 /*
75465377 199 Card Master key (CMK) 0x00 AID = 00 00 00 (card level)
200 Application Master Key (AMK) 0x00 AID != 00 00 00
201 Application keys (APK) 0x01-0x0D
202 Application free 0x0E
203 Application never 0x0F
f38a1528 204
205 ACCESS RIGHTS:
206 keys 0,1,2,3 C
207 keys 4,5,6,7 RW
208 keys 8,9,10,11 W
209 keys 12,13,14,15 R
f6c18637 210
f38a1528 211 */
212
f38a1528 213 return 1;
214}
215
f38a1528 216/*
217 The 7 MSBits (= n) code the storage size itself based on 2^n,
218 the LSBit is set to '0' if the size is exactly 2^n
219 and set to '1' if the storage size is between 2^n and 2^(n+1).
220 For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
221*/
222char * GetCardSizeStr( uint8_t fsize ){
223
224 static char buf[30];
225 char *retStr = buf;
226
227 uint16_t usize = 1 << ((fsize >>1) + 1);
228 uint16_t lsize = 1 << (fsize >>1);
229
230 // is LSB set?
0ec548dc 231 if ( fsize & 1 )
f38a1528 232 sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
233 else
234 sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
235 return buf;
236}
237
238char * GetProtocolStr(uint8_t id){
239
240 static char buf[30];
241 char *retStr = buf;
242
243 if ( id == 0x05)
244 sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
245 else
0ec548dc 246 sprintf(retStr,"0x%02X (Unknown)", id);
f38a1528 247 return buf;
248}
249
f6c18637 250void GetKeySettings( uint8_t *aid){
3d93d4f9 251
f6c18637 252 char messStr[512] = {0x00};
253 char *str = messStr;
254 uint8_t isOK = 0;
255 uint32_t options = NONE;
256 UsbCommand c;
257 UsbCommand resp;
258
259 //memset(messStr, 0x00, 512);
75465377 260
f6c18637 261 c.cmd = CMD_MIFARE_DESFIRE;
262
263 if ( aid == NULL ){
264 PrintAndLog(" CMK - PICC, Card Master Key settings ");
265 PrintAndLog("");
266 c.arg[CMDPOS] = (INIT | DISCONNECT);
267 c.arg[LENPOS] = 0x01;
268 c.d.asBytes[0] = GET_KEY_SETTINGS; // 0x45
269 SendCommand(&c);
270 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
271 isOK = resp.arg[0] & 0xff;
272 if ( !isOK ){
273 PrintAndLog(" Can't select master application");
274 return;
275 }
276
277 str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";
278 PrintAndLog(" [0x08] Configuration changeable : %s", str);
279 str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
280 PrintAndLog(" [0x04] CMK required for create/delete : %s",str);
281 str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
282 PrintAndLog(" [0x02] Directory list access with CMK : %s",str);
283 str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
284 PrintAndLog(" [0x01] CMK is changeable : %s", str);
285
286 c.arg[LENPOS] = 0x02; //LEN
287 c.d.asBytes[0] = GET_KEY_VERSION; //0x64
288 c.d.asBytes[1] = 0x00;
289 SendCommand(&c);
290 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {
291 return;
292 }
293 isOK = resp.arg[0] & 0xff;
294 if ( !isOK ){
295 PrintAndLog(" Can't read key-version");
296 return;
297 }
298 PrintAndLog("");
299 PrintAndLog(" Max number of keys : %d", resp.d.asBytes[4]);
300 PrintAndLog(" Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
301 PrintAndLog(" ----------------------------------------------------------");
302
303 c.arg[LENPOS] = 0x02; //LEN
304 c.d.asBytes[0] = AUTHENTICATE; //0x0A
305 c.d.asBytes[1] = 0x00; // KEY 0
306 SendCommand(&c);
307 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
308 isOK = resp.d.asBytes[2] & 0xff;
309 PrintAndLog(" [0x0A] Authenticate : %s", ( isOK==0xAE ) ? "NO":"YES");
310
311 c.d.asBytes[0] = AUTHENTICATE_ISO; //0x1A
312 SendCommand(&c);
313 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
314 isOK = resp.d.asBytes[2] & 0xff;
315 PrintAndLog(" [0x1A] Authenticate ISO : %s", ( isOK==0xAE ) ? "NO":"YES");
316
317 c.d.asBytes[0] = AUTHENTICATE_AES; //0xAA
318 SendCommand(&c);
319 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
320 isOK = resp.d.asBytes[2] & 0xff;
321 PrintAndLog(" [0xAA] Authenticate AES : %s", ( isOK==0xAE ) ? "NO":"YES");
322 PrintAndLog("");
323 PrintAndLog(" ----------------------------------------------------------");
324
325 } else {
326 PrintAndLog(" AMK - Application Master Key settings");
327
328 // SELECT AID
329 c.arg[0] = (INIT | CLEARTRACE);
330 c.arg[LENPOS] = 0x04;
331 c.d.asBytes[0] = SELECT_APPLICATION; // 0x5a
332 memcpy(c.d.asBytes+1, aid, 3);
333 SendCommand(&c);
334
335 if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
336 PrintAndLog(" Timed-out");
337 return;
338 }
339 isOK = resp.arg[0] & 0xff;
340 if ( !isOK ){
341 PrintAndLog(" Can't select AID: %s",sprint_hex(aid,3));
342 return;
343 }
344
345 // KEY SETTINGS
346 options = NONE;
347 c.arg[0] = options;
348 c.arg[LENPOS] = 0x01;
349 c.d.asBytes[0] = GET_KEY_SETTINGS; // 0x45
350 SendCommand(&c);
351 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
352 return;
353 }
354 isOK = resp.arg[0] & 0xff;
355 if ( !isOK ){
356 PrintAndLog(" Can't read Application Master key settings");
357 } else {
358 // Access rights.
359 uint8_t rights = (resp.d.asBytes[3] >> 4 && 0xff);
360 switch (rights){
361 case 0x00:
362 str = "AMK authentication is necessary to change any key (default)";
363 break;
364 case 0x0e:
365 str = "Authentication with the key to be changed (same KeyNo) is necessary to change a key";
366 break;
367 case 0x0f:
368 str = "All keys (except AMK,see Bit0) within this application are frozen";
369 break;
370 default:
371 str = "Authentication with the specified key is necessary to change any ley. A change key and a PICC master key (CMK) can only be changed after authentication with the master key. For keys other then the master or change key, an authentication with the same key is needed.";
372 break;
373 }
374 PrintAndLog("Changekey Access rights");
375 PrintAndLog("-- %s",str);
376 PrintAndLog("");
377 // same as CMK
378 str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";
379 PrintAndLog(" 0x08 Configuration changeable : %s", str);
380 str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
381 PrintAndLog(" 0x04 AMK required for create/delete : %s",str);
382 str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
383 PrintAndLog(" 0x02 Directory list access with AMK : %s",str);
384 str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
385 PrintAndLog(" 0x01 AMK is changeable : %s", str);
386 }
387
388 // KEY VERSION - AMK
389 c.arg[0] = NONE;
390 c.arg[LENPOS] = 0x02;
391 c.d.asBytes[0] = GET_KEY_VERSION; //0x64
392 c.d.asBytes[1] = 0x00;
393 SendCommand(&c);
394 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
395 PrintAndLog(" Timed-out");
396 return;
397 }
398
399 int numOfKeys;
400
401 isOK = resp.arg[0] & 0xff;
402 if ( !isOK ){
403 PrintAndLog(" Can't read Application Master key version. Trying all keys");
404 numOfKeys = MAX_NUM_KEYS;
405 }
406 else{
407 numOfKeys = resp.d.asBytes[4];
408 PrintAndLog("");
409 PrintAndLog(" Max number of keys : %d", numOfKeys );
410 PrintAndLog(" Application Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
411 PrintAndLog("-------------------------------------------------------------");
412 }
413
414 // LOOP over numOfKeys that we got before.
415 // From 0x01 to numOfKeys. We already got 0x00. (AMK)
416 for(int i=0x01; i<=0x0f; ++i){
417
418 }
419
420
421 }
422}
423
424int CmdHF14ADesEnumApplications(const char *Cmd){
425
426 uint8_t isOK = 0x00;
427 uint8_t aid[3];
428 uint32_t options = (INIT | DISCONNECT);
75465377 429
430 UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }};
431 c.d.asBytes[0] = GET_APPLICATION_IDS; //0x6a
f6c18637 432
3d93d4f9 433 SendCommand(&c);
434 UsbCommand resp;
435
436 if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
437 return 0;
438 }
f6c18637 439 isOK = resp.arg[0] & 0xff;
3d93d4f9 440 if ( !isOK ){
441 PrintAndLog("Command unsuccessful");
442 return 0;
443 }
f6c18637 444 PrintAndLog("");
445 PrintAndLog("-- Desfire Enumerate Applications ---------------------------");
3d93d4f9 446 PrintAndLog("-------------------------------------------------------------");
447
75465377 448 UsbCommand respAid;
449 UsbCommand respFiles;
3d93d4f9 450
451 uint8_t num = 0;
452 int max = resp.arg[1] -3 -2;
453
454 for(int i=3; i<=max; i+=3){
75465377 455 PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]);
3d93d4f9 456 num++;
457
f6c18637 458 aid[0] = resp.d.asBytes[i];
459 aid[1] = resp.d.asBytes[i+1];
460 aid[2] = resp.d.asBytes[i+2];
461 GetKeySettings(aid);
462
463 // Select Application
464 c.arg[CMDPOS] = INIT;
465 c.arg[LENPOS] = 0x04;
466 c.d.asBytes[0] = SELECT_APPLICATION; // 0x5a
467 c.d.asBytes[1] = resp.d.asBytes[i];
468 c.d.asBytes[2] = resp.d.asBytes[i+1];
469 c.d.asBytes[3] = resp.d.asBytes[i+2];
470 SendCommand(&c);
75465377 471
472 if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) {
473 PrintAndLog(" Timed-out");
474 continue;
475 }
f6c18637 476 isOK = respAid.d.asBytes[2] & 0xff;
477 if ( isOK != 0x00 ){
75465377 478 PrintAndLog(" Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3));
479 continue;
480 }
481
f6c18637 482 // Get File IDs
483 c.arg[CMDPOS] = NONE;
484 c.arg[LENPOS] = 0x01;
485 c.d.asBytes[0] = GET_FILE_IDS; // 0x6f
486 SendCommand(&c);
75465377 487
488 if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
489 PrintAndLog(" Timed-out");
490 continue;
491 } else {
f6c18637 492 isOK = respFiles.d.asBytes[2] & 0xff;
75465377 493 if ( !isOK ){
f6c18637 494 PrintAndLog(" Can't get file ids ");
495 } else {
496 int respfileLen = resp.arg[1]-3-2;
497 for (int j=0; j< respfileLen; ++j){
498 PrintAndLog(" Fileid %d :", resp.d.asBytes[j+3]);
499 }
75465377 500 }
f6c18637 501 }
502
503 // Get ISO File IDs
504 c.arg[CMDPOS] = DISCONNECT;
505 c.arg[LENPOS] = 0x01;
506 c.d.asBytes[0] = GET_ISOFILE_IDS; // 0x61
507 SendCommand(&c);
3d93d4f9 508
f6c18637 509 if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
510 PrintAndLog(" Timed-out");
511 continue;
512 } else {
513 isOK = respFiles.d.asBytes[2] & 0xff;
514 if ( !isOK ){
515 PrintAndLog(" Can't get ISO file ids ");
516 } else {
517 int respfileLen = resp.arg[1]-3-2;
518 for (int j=0; j< respfileLen; ++j){
519 PrintAndLog(" ISO Fileid %d :", resp.d.asBytes[j+3]);
520 }
75465377 521 }
522 }
3d93d4f9 523
f6c18637 524
3d93d4f9 525 }
526 PrintAndLog("-------------------------------------------------------------");
527
528
f38a1528 529 return 1;
530}
531
f38a1528 532// MIAFRE DesFire Authentication
533//
f6c18637 534#define BUFSIZE 256
f38a1528 535int CmdHF14ADesAuth(const char *Cmd){
536
537 // NR DESC KEYLENGHT
538 // ------------------------
539 // 1 = DES 8
540 // 2 = 3DES 16
541 // 3 = 3K 3DES 24
542 // 4 = AES 16
f6c18637 543
f38a1528 544 uint8_t keylength = 8;
f6c18637 545 unsigned char key[24];
f38a1528 546
547 if (strlen(Cmd)<3) {
548 PrintAndLog("Usage: hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
f6c18637 549 PrintAndLog(" Auth modes");
550 PrintAndLog(" 1 = normal, 2 = iso, 3 = aes");
551 PrintAndLog(" Crypto");
552 PrintAndLog(" 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
553 PrintAndLog("");
f38a1528 554 PrintAndLog(" sample: hf mfdes auth 1 1 0 11223344");
f6c18637 555 PrintAndLog(" sample: hf mfdes auth 3 4 0 404142434445464748494a4b4c4d4e4f");
f38a1528 556 return 0;
557 }
558 uint8_t cmdAuthMode = param_get8(Cmd,0);
559 uint8_t cmdAuthAlgo = param_get8(Cmd,1);
560 uint8_t cmdKeyNo = param_get8(Cmd,2);
561
562 switch (cmdAuthMode)
563 {
564 case 1:
565 if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
566 PrintAndLog("Crypto algo not valid for the auth mode");
567 return 1;
568 }
569 break;
570 case 2:
571 if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
572 PrintAndLog("Crypto algo not valid for the auth mode");
573 return 1;
574 }
575 break;
576 case 3:
577 if ( cmdAuthAlgo != 4) {
578 PrintAndLog("Crypto algo not valid for the auth mode");
579 return 1;
580 }
581 break;
582 default:
583 PrintAndLog("Wrong Auth mode");
584 return 1;
585 break;
586 }
587
588 switch (cmdAuthAlgo){
589 case 2:
590 keylength = 16;
591 PrintAndLog("3DES selected");
592 break;
593 case 3:
594 keylength = 24;
595 PrintAndLog("3 key 3DES selected");
596 break;
597 case 4:
598 keylength = 16;
599 PrintAndLog("AES selected");
600 break;
601 default:
602 cmdAuthAlgo = 1;
603 keylength = 8;
604 PrintAndLog("DES selected");
605 break;
606 }
607
608 // key
609 if (param_gethex(Cmd, 3, key, keylength*2)) {
610 PrintAndLog("Key must include %d HEX symbols", keylength);
611 return 1;
612 }
613