]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhficlass.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix typo error
[proxmark3-svn] / client / cmdhficlass.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>, Hagen Fritsch
3 // Copyright (C) 2011 Gerhard de Koning Gans
4 // Copyright (C) 2014 Midnitesnake & Andy Davies & Martin Holst Swende
5 //
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
8 // the license.
9 //-----------------------------------------------------------------------------
10 // High frequency iClass commands
11 //-----------------------------------------------------------------------------
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <sys/stat.h>
17 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
18 #include "data.h"
19 #include "proxmark3.h"
20 #include "ui.h"
21 #include "cmdparser.h"
22 #include "cmdhficlass.h"
23 #include "common.h"
24 #include "util.h"
25 #include "cmdmain.h"
26 #include "loclass/des.h"
27 #include "loclass/cipherutils.h"
28 #include "loclass/cipher.h"
29 #include "loclass/ikeys.h"
30 #include "loclass/elite_crack.h"
31 #include "loclass/fileutils.h"
32 #include "protocols.h"
33 #include "usb_cmd.h"
34 #include "cmdhfmfu.h"
35
36 static int CmdHelp(const char *Cmd);
37
38 #define ICLASS_KEYS_MAX 8
39 static uint8_t iClass_Key_Table[ICLASS_KEYS_MAX][8] = {
40 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
41 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
42 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
43 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
44 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
45 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
46 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
47 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
48 };
49
50 typedef struct iclass_block {
51 uint8_t d[8];
52 } iclass_block_t;
53
54 int xorbits_8(uint8_t val) {
55 uint8_t res = val ^ (val >> 1); //1st pass
56 res = res ^ (res >> 1); // 2nd pass
57 res = res ^ (res >> 2); // 3rd pass
58 res = res ^ (res >> 4); // 4th pass
59 return res & 1;
60 }
61
62 int CmdHFiClassList(const char *Cmd) {
63 PrintAndLog("Deprecated command, use 'hf list iclass' instead");
64 return 0;
65 }
66
67 int CmdHFiClassSnoop(const char *Cmd) {
68 UsbCommand c = {CMD_SNOOP_ICLASS};
69 SendCommand(&c);
70 return 0;
71 }
72
73 int usage_hf_iclass_sim(void) {
74 PrintAndLog("Usage: hf iclass sim <option> [CSN]");
75 PrintAndLog(" options");
76 PrintAndLog(" 0 <CSN> simulate the given CSN");
77 PrintAndLog(" 1 simulate default CSN");
78 PrintAndLog(" 2 Reader-attack, gather reader responses to extract elite key");
79 PrintAndLog(" 3 Full simulation using emulator memory (see 'hf iclass eload')");
80 PrintAndLog(" example: hf iclass sim 0 031FEC8AF7FF12E0");
81 PrintAndLog(" example: hf iclass sim 2");
82 PrintAndLog(" example: hf iclass eload 'tagdump.bin'");
83 PrintAndLog(" hf iclass sim 3");
84 return 0;
85 }
86
87 #define NUM_CSNS 15
88 int CmdHFiClassSim(const char *Cmd) {
89 uint8_t simType = 0;
90 uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
91
92 if (strlen(Cmd)<1) {
93 return usage_hf_iclass_sim();
94 }
95 simType = param_get8ex(Cmd, 0, 0, 10);
96
97 if(simType == 0)
98 {
99 if (param_gethex(Cmd, 1, CSN, 16)) {
100 PrintAndLog("A CSN should consist of 16 HEX symbols");
101 return usage_hf_iclass_sim();
102 }
103
104 PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
105 }
106 if(simType > 3)
107 {
108 PrintAndLog("Undefined simptype %d", simType);
109 return usage_hf_iclass_sim();
110 }
111
112 uint8_t numberOfCSNs=0;
113 if(simType == 2)
114 {
115 UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
116 UsbCommand resp = {0};
117
118 uint8_t csns[8*NUM_CSNS] = {
119 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
120 0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
121 0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
122 0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
123 0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
124 0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
125 0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
126 0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
127 0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
128 0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
129 0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
130 0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
131 0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
132 0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
133 0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
134
135 memcpy(c.d.asBytes, csns, 8*NUM_CSNS);
136
137 SendCommand(&c);
138 if (!WaitForResponseTimeout(CMD_ACK, &resp, -1)) {
139 PrintAndLog("Command timed out");
140 return 0;
141 }
142
143 uint8_t num_mac_responses = resp.arg[1];
144 PrintAndLog("Mac responses: %d MACs obtained (should be %d)", num_mac_responses,NUM_CSNS);
145
146 size_t datalen = NUM_CSNS*24;
147 /*
148 * Now, time to dump to file. We'll use this format:
149 * <8-byte CSN><8-byte CC><4 byte NR><4 byte MAC>....
150 * So, it should wind up as
151 * 8 * 24 bytes.
152 *
153 * The returndata from the pm3 is on the following format
154 * <4 byte NR><4 byte MAC>
155 * CC are all zeroes, CSN is the same as was sent in
156 **/
157 void* dump = malloc(datalen);
158 memset(dump,0,datalen);//<-- Need zeroes for the CC-field
159 uint8_t i = 0;
160 for(i = 0 ; i < NUM_CSNS ; i++)
161 {
162 memcpy(dump+i*24, csns+i*8,8); //CSN
163 //8 zero bytes here...
164 //Then comes NR_MAC (eight bytes from the response)
165 memcpy(dump+i*24+16,resp.d.asBytes+i*8,8);
166
167 }
168 /** Now, save to dumpfile **/
169 saveFile("iclass_mac_attack", "bin", dump,datalen);
170 free(dump);
171 }else
172 {
173 UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,numberOfCSNs}};
174 memcpy(c.d.asBytes, CSN, 8);
175 SendCommand(&c);
176 }
177
178 return 0;
179 }
180
181 int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
182 bool tagFound = false;
183 UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
184 FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA |
185 FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY } };
186 // loop in client not device - else on windows have a communication error
187 UsbCommand resp;
188 while(!ukbhit()){
189 SendCommand(&c);
190 if (WaitForResponseTimeout(CMD_ACK,&resp, 4500)) {
191 uint8_t readStatus = resp.arg[0] & 0xff;
192 uint8_t *data = resp.d.asBytes;
193
194 // no tag found
195 if( readStatus == 0) continue;
196
197 if( readStatus & FLAG_ICLASS_READER_CSN) {
198 PrintAndLog(" CSN: %s",sprint_hex(data,8));
199 tagFound = true;
200 }
201 if( readStatus & FLAG_ICLASS_READER_CC) {
202 PrintAndLog(" CC: %s",sprint_hex(data+16,8));
203 }
204 if( readStatus & FLAG_ICLASS_READER_CONF) {
205 printIclassDumpInfo(data);
206 }
207 if (readStatus & FLAG_ICLASS_READER_AA) {
208 bool legacy = true;
209 PrintAndLog(" AppIA: %s",sprint_hex(data+8*5,8));
210 for (int i = 0; i<8; i++) {
211 if (data[8*5+i] != 0xFF) {
212 legacy = false;
213 }
214 }
215 PrintAndLog(" : Possible iClass %s",(legacy) ? "(legacy tag)" : "(NOT legacy tag)");
216 }
217
218 if (tagFound && !loop) return 1;
219 } else {
220 if (verbose) PrintAndLog("Command execute timeout");
221 }
222 if (!loop) break;
223 }
224 return 0;
225 }
226
227 int CmdHFiClassReader(const char *Cmd) {
228 return HFiClassReader(Cmd, true, true);
229 }
230
231 int CmdHFiClassReader_Replay(const char *Cmd) {
232 uint8_t readerType = 0;
233 uint8_t MAC[4]={0x00, 0x00, 0x00, 0x00};
234
235 if (strlen(Cmd)<1) {
236 PrintAndLog("Usage: hf iclass replay <MAC>");
237 PrintAndLog(" sample: hf iclass replay 00112233");
238 return 0;
239 }
240
241 if (param_gethex(Cmd, 0, MAC, 8)) {
242 PrintAndLog("MAC must include 8 HEX symbols");
243 return 1;
244 }
245
246 UsbCommand c = {CMD_READER_ICLASS_REPLAY, {readerType}};
247 memcpy(c.d.asBytes, MAC, 4);
248 SendCommand(&c);
249
250 return 0;
251 }
252
253 int iclassEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
254 UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, 0}};
255 memcpy(c.d.asBytes, data, blocksCount * 16);
256 SendCommand(&c);
257 return 0;
258 }
259
260 int hf_iclass_eload_usage(void) {
261 PrintAndLog("Loads iclass tag-dump into emulator memory on device");
262 PrintAndLog("Usage: hf iclass eload f <filename>");
263 PrintAndLog("");
264 PrintAndLog("Example: hf iclass eload f iclass_tagdump-aa162d30f8ff12f1.bin");
265 return 0;
266 }
267
268 int CmdHFiClassELoad(const char *Cmd) {
269
270 char opt = param_getchar(Cmd, 0);
271 if (strlen(Cmd)<1 || opt == 'h')
272 return hf_iclass_eload_usage();
273
274 //File handling and reading
275 FILE *f;
276 char filename[FILE_PATH_SIZE];
277 if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0)
278 {
279 f = fopen(filename, "rb");
280 }else{
281 return hf_iclass_eload_usage();
282 }
283
284 if(!f) {
285 PrintAndLog("Failed to read from file '%s'", filename);
286 return 1;
287 }
288
289 fseek(f, 0, SEEK_END);
290 long fsize = ftell(f);
291 fseek(f, 0, SEEK_SET);
292
293 if (fsize < 0) {
294 PrintAndLog("Error, when getting filesize");
295 fclose(f);
296 return 1;
297 }
298
299 uint8_t *dump = malloc(fsize);
300
301 size_t bytes_read = fread(dump, 1, fsize, f);
302 fclose(f);
303
304 printIclassDumpInfo(dump);
305 //Validate
306
307 if (bytes_read < fsize)
308 {
309 prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize );
310 free(dump);
311 return 1;
312 }
313 //Send to device
314 uint32_t bytes_sent = 0;
315 uint32_t bytes_remaining = bytes_read;
316
317 while(bytes_remaining > 0){
318 uint32_t bytes_in_packet = MIN(USB_CMD_DATA_SIZE, bytes_remaining);
319 UsbCommand c = {CMD_ICLASS_EML_MEMSET, {bytes_sent,bytes_in_packet,0}};
320 memcpy(c.d.asBytes, dump, bytes_in_packet);
321 SendCommand(&c);
322 bytes_remaining -= bytes_in_packet;
323 bytes_sent += bytes_in_packet;
324 }
325 free(dump);
326 PrintAndLog("Sent %d bytes of data to device emulator memory", bytes_sent);
327 return 0;
328 }
329
330 static int readKeyfile(const char *filename, size_t len, uint8_t* buffer) {
331 FILE *f = fopen(filename, "rb");
332 if(!f) {
333 PrintAndLog("Failed to read from file '%s'", filename);
334 return 1;
335 }
336 fseek(f, 0, SEEK_END);
337 long fsize = ftell(f);
338 fseek(f, 0, SEEK_SET);
339 size_t bytes_read = fread(buffer, 1, len, f);
340 fclose(f);
341 if(fsize != len)
342 {
343 PrintAndLog("Warning, file size is %d, expected %d", fsize, len);
344 return 1;
345 }
346 if(bytes_read != len)
347 {
348 PrintAndLog("Warning, could only read %d bytes, expected %d" ,bytes_read, len);
349 return 1;
350 }
351 return 0;
352 }
353
354 int usage_hf_iclass_decrypt(void) {
355 PrintAndLog("Usage: hf iclass decrypt f <tagdump>");
356 PrintAndLog("");
357 PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
358 PrintAndLog("in the working directory. The file should be 16 bytes binary data");
359 PrintAndLog("");
360 PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin");
361 PrintAndLog("");
362 PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
363 PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
364 PrintAndLog("which is defined by the configuration block.");
365 return 1;
366 }
367
368 int CmdHFiClassDecrypt(const char *Cmd) {
369 uint8_t key[16] = { 0 };
370 if(readKeyfile("iclass_decryptionkey.bin", 16, key))
371 {
372 usage_hf_iclass_decrypt();
373 return 1;
374 }
375 PrintAndLog("Decryption file found... ");
376 char opt = param_getchar(Cmd, 0);
377 if (strlen(Cmd)<1 || opt == 'h')
378 return usage_hf_iclass_decrypt();
379
380 //Open the tagdump-file
381 FILE *f;
382 char filename[FILE_PATH_SIZE];
383 if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) {
384 f = fopen(filename, "rb");
385 if ( f == NULL ) {
386 PrintAndLog("Could not find file %s", filename);
387 return 1;
388 }
389 } else {
390 return usage_hf_iclass_decrypt();
391 }
392
393 fseek(f, 0, SEEK_END);
394 long fsize = ftell(f);
395 fseek(f, 0, SEEK_SET);
396 uint8_t enc_dump[8] = {0};
397 uint8_t *decrypted = malloc(fsize);
398 des3_context ctx = { DES_DECRYPT ,{ 0 } };
399 des3_set2key_dec( &ctx, key);
400 size_t bytes_read = fread(enc_dump, 1, 8, f);
401
402 //Use the first block (CSN) for filename
403 char outfilename[FILE_PATH_SIZE] = { 0 };
404 snprintf(outfilename,FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x-decrypted",
405 enc_dump[0],enc_dump[1],enc_dump[2],enc_dump[3],
406 enc_dump[4],enc_dump[5],enc_dump[6],enc_dump[7]);
407
408 size_t blocknum =0;
409 while(bytes_read == 8)
410 {
411 if(blocknum < 7)
412 {
413 memcpy(decrypted+(blocknum*8), enc_dump, 8);
414 }else{
415 des3_crypt_ecb(&ctx, enc_dump,decrypted +(blocknum*8) );
416 }
417 printvar("decrypted block", decrypted +(blocknum*8), 8);
418 bytes_read = fread(enc_dump, 1, 8, f);
419 blocknum++;
420 }
421 fclose(f);
422
423 saveFile(outfilename,"bin", decrypted, blocknum*8);
424 free(decrypted);
425 return 0;
426 }
427
428 int usage_hf_iclass_encrypt(void) {
429 PrintAndLog("Usage: hf iclass encrypt <BlockData>");
430 PrintAndLog("");
431 PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
432 PrintAndLog("in the working directory. The file should be 16 bytes binary data");
433 PrintAndLog("");
434 PrintAndLog("example: hf iclass encrypt 0102030405060708");
435 PrintAndLog("");
436 return 0;
437 }
438
439 static int iClassEncryptBlkData(uint8_t *blkData) {
440 uint8_t key[16] = { 0 };
441 if(readKeyfile("iclass_decryptionkey.bin", 16, key))
442 {
443 usage_hf_iclass_encrypt();
444 return 1;
445 }
446 PrintAndLog("Decryption file found... ");
447
448 uint8_t encryptedData[16];
449 uint8_t *encrypted = encryptedData;
450 des3_context ctx = { DES_DECRYPT ,{ 0 } };
451 des3_set2key_enc( &ctx, key);
452
453 des3_crypt_ecb(&ctx, blkData,encrypted);
454 //printvar("decrypted block", decrypted, 8);
455 memcpy(blkData,encrypted,8);
456
457 return 1;
458 }
459
460 int CmdHFiClassEncryptBlk(const char *Cmd) {
461 uint8_t blkData[8] = {0};
462 char opt = param_getchar(Cmd, 0);
463 if (strlen(Cmd)<1 || opt == 'h')
464 return usage_hf_iclass_encrypt();
465
466 //get the bytes to encrypt
467 if (param_gethex(Cmd, 0, blkData, 16))
468 {
469 PrintAndLog("BlockData must include 16 HEX symbols");
470 return 0;
471 }
472 if (!iClassEncryptBlkData(blkData)) return 0;
473
474 printvar("encrypted block", blkData, 8);
475 return 1;
476 }
477
478 void Calc_wb_mac(uint8_t blockno, uint8_t *data, uint8_t *div_key, uint8_t MAC[4]) {
479 uint8_t WB[9];
480 WB[0] = blockno;
481 memcpy(WB + 1,data,8);
482 doMAC_N(WB,sizeof(WB),div_key,MAC);
483 //printf("Cal wb mac block [%02x][%02x%02x%02x%02x%02x%02x%02x%02x] : MAC [%02x%02x%02x%02x]",WB[0],WB[1],WB[2],WB[3],WB[4],WB[5],WB[6],WB[7],WB[8],MAC[0],MAC[1],MAC[2],MAC[3]);
484 }
485
486 static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool verbose) {
487 UsbCommand resp;
488
489 UsbCommand c = {CMD_READER_ICLASS, {0}};
490 c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_ONE_TRY;
491 if (use_credit_key)
492 c.arg[0] |= FLAG_ICLASS_READER_CEDITKEY;
493
494 clearCommandBuffer();
495 SendCommand(&c);
496 if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
497 {
498 PrintAndLog("Command execute timeout");
499 return false;
500 }
501
502 uint8_t isOK = resp.arg[0] & 0xff;
503 uint8_t *data = resp.d.asBytes;
504
505 memcpy(CSN,data,8);
506 if (CCNR!=NULL)memcpy(CCNR,data+16,8);
507 if(isOK > 0)
508 {
509 if (verbose) PrintAndLog("CSN: %s",sprint_hex(CSN,8));
510 }
511 if(isOK <= 1){
512 PrintAndLog("Failed to obtain CC! Aborting");
513 return false;
514 }
515 return true;
516 }
517
518 static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
519 uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
520 uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
521
522 if (!select_only(CSN, CCNR, use_credit_key, verbose))
523 return false;
524
525 //get div_key
526 if(rawkey)
527 memcpy(div_key, KEY, 8);
528 else
529 HFiClassCalcDivKey(CSN, KEY, div_key, elite);
530 PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]);
531
532 doMAC(CCNR, div_key, MAC);
533 UsbCommand resp;
534 UsbCommand d = {CMD_ICLASS_AUTHENTICATION, {0}};
535 memcpy(d.d.asBytes, MAC, 4);
536 clearCommandBuffer();
537 SendCommand(&d);
538 if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
539 {
540 PrintAndLog("Auth Command execute timeout");
541 return false;
542 }
543 uint8_t isOK = resp.arg[0] & 0xff;
544 if (!isOK) {
545 PrintAndLog("Authentication error");
546 return false;
547 }
548 return true;
549 }
550
551 int usage_hf_iclass_dump(void) {
552 PrintAndLog("Usage: hf iclass dump f <fileName> k <Key> c <CreditKey> e|r\n");
553 PrintAndLog("Options:");
554 PrintAndLog(" f <filename> : specify a filename to save dump to");
555 PrintAndLog(" k <Key> : *Access Key as 16 hex symbols or 1 hex to select key from memory");
556 PrintAndLog(" c <CreditKey>: Credit Key as 16 hex symbols or 1 hex to select key from memory");
557 PrintAndLog(" e : If 'e' is specified, the key is interpreted as the 16 byte");
558 PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack");
559 PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format");
560 PrintAndLog(" r : If 'r' is specified, the key is interpreted as raw block 3/4");
561 PrintAndLog(" NOTE: * = required");
562 PrintAndLog("Samples:");
563 PrintAndLog(" hf iclass dump k 001122334455667B");
564 PrintAndLog(" hf iclass dump k AAAAAAAAAAAAAAAA c 001122334455667B");
565 PrintAndLog(" hf iclass dump k AAAAAAAAAAAAAAAA e");
566 return 0;
567 }
568
569 int CmdHFiClassReader_Dump(const char *Cmd) {
570
571 uint8_t MAC[4] = {0x00,0x00,0x00,0x00};
572 uint8_t div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
573 uint8_t c_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
574 uint8_t blockno = 0;
575 uint8_t numblks = 0;
576 uint8_t maxBlk = 31;
577 uint8_t app_areas = 1;
578 uint8_t kb = 2;
579 uint8_t KEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
580 uint8_t CreditKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
581 uint8_t keyNbr = 0;
582 uint8_t dataLen = 0;
583 uint8_t fileNameLen = 0;
584 char filename[FILE_PATH_SIZE]={0};
585 char tempStr[50] = {0};
586 bool have_debit_key = false;
587 bool have_credit_key = false;
588 bool use_credit_key = false;
589 bool elite = false;
590 bool rawkey = false;
591 bool errors = false;
592 uint8_t cmdp = 0;
593
594 while(param_getchar(Cmd, cmdp) != 0x00)
595 {
596 switch(param_getchar(Cmd, cmdp))
597 {
598 case 'h':
599 case 'H':
600 return usage_hf_iclass_dump();
601 case 'c':
602 case 'C':
603 have_credit_key = true;
604 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
605 if (dataLen == 16) {
606 errors = param_gethex(tempStr, 0, CreditKEY, dataLen);
607 } else if (dataLen == 1) {
608 keyNbr = param_get8(Cmd, cmdp+1);
609 if (keyNbr < ICLASS_KEYS_MAX) {
610 memcpy(CreditKEY, iClass_Key_Table[keyNbr], 8);
611 } else {
612 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
613 errors = true;
614 }
615 } else {
616 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
617 errors = true;
618 }
619 cmdp += 2;
620 break;
621 case 'e':
622 case 'E':
623 elite = true;
624 cmdp++;
625 break;
626 case 'f':
627 case 'F':
628 fileNameLen = param_getstr(Cmd, cmdp+1, filename);
629 if (fileNameLen < 1) {
630 PrintAndLog("No filename found after f");
631 errors = true;
632 }
633 cmdp += 2;
634 break;
635 case 'k':
636 case 'K':
637 have_debit_key = true;
638 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
639 if (dataLen == 16) {
640 errors = param_gethex(tempStr, 0, KEY, dataLen);
641 } else if (dataLen == 1) {
642 keyNbr = param_get8(Cmd, cmdp+1);
643 if (keyNbr < ICLASS_KEYS_MAX) {
644 memcpy(KEY, iClass_Key_Table[keyNbr], 8);
645 } else {
646 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
647 errors = true;
648 }
649 } else {
650 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
651 errors = true;
652 }
653 cmdp += 2;
654 break;
655 case 'r':
656 case 'R':
657 rawkey = true;
658 cmdp++;
659 break;
660 default:
661 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
662 errors = true;
663 break;
664 }
665 if(errors) return usage_hf_iclass_dump();
666 }
667
668 if (cmdp < 2) return usage_hf_iclass_dump();
669 // if no debit key given try credit key on AA1 (not for iclass but for some picopass this will work)
670 if (!have_debit_key && have_credit_key) use_credit_key = true;
671
672 //get config and first 3 blocks
673 UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
674 FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY}};
675 UsbCommand resp;
676 uint8_t tag_data[255*8];
677
678 clearCommandBuffer();
679 SendCommand(&c);
680 if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
681 PrintAndLog("Command execute timeout");
682 ul_switch_off_field();
683 return 0;
684 }
685 uint8_t readStatus = resp.arg[0] & 0xff;
686 uint8_t *data = resp.d.asBytes;
687
688 if(readStatus == 0){
689 PrintAndLog("No tag found...");
690 ul_switch_off_field();
691 return 0;
692 }
693 if( readStatus & (FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_CC)){
694 memcpy(tag_data, data, 8*3);
695 blockno+=2; // 2 to force re-read of block 2 later. (seems to respond differently..)
696 numblks = data[8];
697 getMemConfig(data[13], data[12], &maxBlk, &app_areas, &kb);
698 // large memory - not able to dump pages currently
699 if (numblks > maxBlk) numblks = maxBlk;
700 }
701 ul_switch_off_field();
702 // authenticate debit key and get div_key - later store in dump block 3
703 if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
704 //try twice - for some reason it sometimes fails the first time...
705 if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
706 ul_switch_off_field();
707 return 0;
708 }
709 }
710
711 // begin dump
712 UsbCommand w = {CMD_ICLASS_DUMP, {blockno, numblks-blockno+1}};
713 clearCommandBuffer();
714 SendCommand(&w);
715 if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
716 PrintAndLog("Command execute time-out 1");
717 ul_switch_off_field();
718 return 1;
719 }
720 uint32_t blocksRead = resp.arg[1];
721 uint8_t isOK = resp.arg[0] & 0xff;
722 if (!isOK && !blocksRead) {
723 PrintAndLog("Read Block Failed");
724 ul_switch_off_field();
725 return 0;
726 }
727 uint32_t startindex = resp.arg[2];
728 if (blocksRead*8 > sizeof(tag_data)-(blockno*8)) {
729 PrintAndLog("Data exceeded Buffer size!");
730 blocksRead = (sizeof(tag_data)/8) - blockno;
731 }
732 // response ok - now get bigbuf content of the dump
733 GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
734 WaitForResponse(CMD_ACK,NULL);
735 size_t gotBytes = blocksRead*8 + blockno*8;
736
737 // try AA2
738 if (have_credit_key) {
739 //turn off hf field before authenticating with different key
740 ul_switch_off_field();
741 memset(MAC,0,4);
742 // AA2 authenticate credit key and git c_div_key - later store in dump block 4
743 if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
744 //try twice - for some reason it sometimes fails the first time...
745 if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
746 ul_switch_off_field();
747 return 0;
748 }
749 }
750 // do we still need to read more block? (aa2 enabled?)
751 if (maxBlk > blockno+numblks+1) {
752 // setup dump and start
753 w.arg[0] = blockno + blocksRead;
754 w.arg[1] = maxBlk - (blockno + blocksRead);
755 clearCommandBuffer();
756 SendCommand(&w);
757 if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
758 PrintAndLog("Command execute timeout 2");
759 ul_switch_off_field();
760 return 0;
761 }
762 uint8_t isOK = resp.arg[0] & 0xff;
763 blocksRead = resp.arg[1];
764 if (!isOK && !blocksRead) {
765 PrintAndLog("Read Block Failed 2");
766 ul_switch_off_field();
767 return 0;
768 }
769
770 startindex = resp.arg[2];
771 if (blocksRead*8 > sizeof(tag_data)-gotBytes) {
772 PrintAndLog("Data exceeded Buffer size!");
773 blocksRead = (sizeof(tag_data) - gotBytes)/8;
774 }
775 // get dumped data from bigbuf
776 GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
777 WaitForResponse(CMD_ACK,NULL);
778
779 gotBytes += blocksRead*8;
780 } else { //field is still on - turn it off...
781 ul_switch_off_field();
782 }
783 }
784
785 // add diversified keys to dump
786 if (have_debit_key) memcpy(tag_data+(3*8),div_key,8);
787 if (have_credit_key) memcpy(tag_data+(4*8),c_div_key,8);
788 // print the dump
789 printf("------+--+-------------------------+\n");
790 printf("CSN |00| %s|\n",sprint_hex(tag_data, 8));
791 printIclassDumpContents(tag_data, 1, (gotBytes/8), gotBytes);
792
793 if (filename[0] == 0){
794 snprintf(filename, FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
795 tag_data[0],tag_data[1],tag_data[2],tag_data[3],
796 tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
797 }
798
799 // save the dump to .bin file
800 PrintAndLog("Saving dump file - %d blocks read", gotBytes/8);
801 saveFile(filename, "bin", tag_data, gotBytes);
802 return 1;
803 }
804
805 static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
806 uint8_t MAC[4]={0x00,0x00,0x00,0x00};
807 uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
808 if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose))
809 return 0;
810
811 UsbCommand resp;
812
813 Calc_wb_mac(blockno,bldata,div_key,MAC);
814 UsbCommand w = {CMD_ICLASS_WRITEBLOCK, {blockno}};
815 memcpy(w.d.asBytes, bldata, 8);
816 memcpy(w.d.asBytes + 8, MAC, 4);
817
818 clearCommandBuffer();
819 SendCommand(&w);
820 if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
821 {
822 PrintAndLog("Write Command execute timeout");
823 return 0;
824 }
825 uint8_t isOK = resp.arg[0] & 0xff;
826 if (!isOK) {
827 PrintAndLog("Write Block Failed");
828 return 0;
829 }
830 PrintAndLog("Write Block Successful");
831 return 1;
832 }
833
834 int usage_hf_iclass_writeblock(void) {
835 PrintAndLog("Options:");
836 PrintAndLog(" b <Block> : The block number as 2 hex symbols");
837 PrintAndLog(" d <data> : Set the Data to write as 16 hex symbols");
838 PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
839 PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
840 PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
841 PrintAndLog(" r : If 'r' is specified, no computations applied to key");
842 PrintAndLog("Samples:");
843 PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B");
844 PrintAndLog(" hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c");
845 PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA n 0");
846 return 0;
847 }
848
849 int CmdHFiClass_WriteBlock(const char *Cmd) {
850 uint8_t blockno=0;
851 uint8_t bldata[8]={0,0,0,0,0,0,0,0};
852 uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
853 uint8_t keyNbr = 0;
854 uint8_t dataLen = 0;
855 char tempStr[50] = {0};
856 bool use_credit_key = false;
857 bool elite = false;
858 bool rawkey= false;
859 bool errors = false;
860 uint8_t cmdp = 0;
861 while(param_getchar(Cmd, cmdp) != 0x00)
862 {
863 switch(param_getchar(Cmd, cmdp))
864 {
865 case 'h':
866 case 'H':
867 return usage_hf_iclass_writeblock();
868 case 'b':
869 case 'B':
870 if (param_gethex(Cmd, cmdp+1, &blockno, 2)) {
871 PrintAndLog("Block No must include 2 HEX symbols\n");
872 errors = true;
873 }
874 cmdp += 2;
875 break;
876 case 'c':
877 case 'C':
878 use_credit_key = true;
879 cmdp++;
880 break;
881 case 'd':
882 case 'D':
883 if (param_gethex(Cmd, cmdp+1, bldata, 16))
884 {
885 PrintAndLog("KEY must include 16 HEX symbols\n");
886 errors = true;
887 }
888 cmdp += 2;
889 break;
890 case 'e':
891 case 'E':
892 elite = true;
893 cmdp++;
894 break;
895 case 'k':
896 case 'K':
897 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
898 if (dataLen == 16) {
899 errors = param_gethex(tempStr, 0, KEY, dataLen);
900 } else if (dataLen == 1) {
901 keyNbr = param_get8(Cmd, cmdp+1);
902 if (keyNbr < ICLASS_KEYS_MAX) {
903 memcpy(KEY, iClass_Key_Table[keyNbr], 8);
904 } else {
905 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
906 errors = true;
907 }
908 } else {
909 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
910 errors = true;
911 }
912 cmdp += 2;
913 break;
914 case 'r':
915 case 'R':
916 rawkey = true;
917 cmdp++;
918 break;
919 default:
920 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
921 errors = true;
922 break;
923 }
924 if(errors) return usage_hf_iclass_writeblock();
925 }
926
927 if (cmdp < 6) return usage_hf_iclass_writeblock();
928 int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, true);
929 ul_switch_off_field();
930 return ans;
931 }
932
933 int usage_hf_iclass_clone(void) {
934 PrintAndLog("Usage: hf iclass clone f <tagfile.bin> b <first block> l <last block> k <KEY> c e|r");
935 PrintAndLog("Options:");
936 PrintAndLog(" f <filename>: specify a filename to clone from");
937 PrintAndLog(" b <Block> : The first block to clone as 2 hex symbols");
938 PrintAndLog(" l <Last Blk>: Set the Data to write as 16 hex symbols");
939 PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
940 PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
941 PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
942 PrintAndLog(" r : If 'r' is specified, no computations applied to key");
943 PrintAndLog("Samples:");
944 PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e");
945 PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0");
946 PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 06 l 19 k 0 e");
947 return -1;
948 }
949
950 int CmdHFiClassCloneTag(const char *Cmd) {
951 char filename[FILE_PATH_SIZE] = {0};
952 char tempStr[50]={0};
953 uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
954 uint8_t keyNbr = 0;
955 uint8_t fileNameLen = 0;
956 uint8_t startblock = 0;
957 uint8_t endblock = 0;
958 uint8_t dataLen = 0;
959 bool use_credit_key = false;
960 bool elite = false;
961 bool rawkey = false;
962 bool errors = false;
963 uint8_t cmdp = 0;
964 while(param_getchar(Cmd, cmdp) != 0x00)
965 {
966 switch(param_getchar(Cmd, cmdp))
967 {
968 case 'h':
969 case 'H':
970 return usage_hf_iclass_clone();
971 case 'b':
972 case 'B':
973 if (param_gethex(Cmd, cmdp+1, &startblock, 2)) {
974 PrintAndLog("Start Block No must include 2 HEX symbols\n");
975 errors = true;
976 }
977 cmdp += 2;
978 break;
979 case 'c':
980 case 'C':
981 use_credit_key = true;
982 cmdp++;
983 break;
984 case 'e':
985 case 'E':
986 elite = true;
987 cmdp++;
988 break;
989 case 'f':
990 case 'F':
991 fileNameLen = param_getstr(Cmd, cmdp+1, filename);
992 if (fileNameLen < 1) {
993 PrintAndLog("No filename found after f");
994 errors = true;
995 }
996 cmdp += 2;
997 break;
998 case 'k':
999 case 'K':
1000 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
1001 if (dataLen == 16) {
1002 errors = param_gethex(tempStr, 0, KEY, dataLen);
1003 } else if (dataLen == 1) {
1004 keyNbr = param_get8(Cmd, cmdp+1);
1005 if (keyNbr < ICLASS_KEYS_MAX) {
1006 memcpy(KEY, iClass_Key_Table[keyNbr], 8);
1007 } else {
1008 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
1009 errors = true;
1010 }
1011 } else {
1012 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
1013 errors = true;
1014 }
1015 cmdp += 2;
1016 break;
1017 case 'l':
1018 case 'L':
1019 if (param_gethex(Cmd, cmdp+1, &endblock, 2)) {
1020 PrintAndLog("Start Block No must include 2 HEX symbols\n");
1021 errors = true;
1022 }
1023 cmdp += 2;
1024 break;
1025 case 'r':
1026 case 'R':
1027 rawkey = true;
1028 cmdp++;
1029 break;
1030 default:
1031 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
1032 errors = true;
1033 break;
1034 }
1035 if(errors) return usage_hf_iclass_clone();
1036 }
1037
1038 if (cmdp < 8) return usage_hf_iclass_clone();
1039
1040 FILE *f;
1041
1042 iclass_block_t tag_data[USB_CMD_DATA_SIZE/12];
1043
1044 if ((endblock-startblock+1)*12 > USB_CMD_DATA_SIZE) {
1045 PrintAndLog("Trying to write too many blocks at once. Max: %d", USB_CMD_DATA_SIZE/8);
1046 }
1047 // file handling and reading
1048 f = fopen(filename,"rb");
1049 if(!f) {
1050 PrintAndLog("Failed to read from file '%s'", filename);
1051 return 1;
1052 }
1053
1054 if (startblock<5) {
1055 PrintAndLog("You cannot write key blocks this way. yet... make your start block > 4");
1056 fclose(f);
1057 return 0;
1058 }
1059 // now read data from the file from block 6 --- 19
1060 // ok we will use this struct [data 8 bytes][MAC 4 bytes] for each block calculate all mac number for each data
1061 // then copy to usbcommand->asbytes; the max is 32 - 6 = 24 block 12 bytes each block 288 bytes then we can only accept to clone 21 blocks at the time,
1062 // else we have to create a share memory
1063 int i;
1064 fseek(f,startblock*8,SEEK_SET);
1065 if ( fread(tag_data,sizeof(iclass_block_t),endblock - startblock + 1,f) == 0 ) {
1066 PrintAndLog("File reading error.");
1067 fclose(f);
1068 return 2;
1069 }
1070
1071 uint8_t MAC[4]={0x00,0x00,0x00,0x00};
1072 uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1073
1074 if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, true))
1075 return 0;
1076
1077 UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock}};
1078 uint8_t *ptr;
1079 // calculate all mac for every the block we will write
1080 for (i = startblock; i <= endblock; i++){
1081 Calc_wb_mac(i,tag_data[i - startblock].d,div_key,MAC);
1082 // usb command d start pointer = d + (i - 6) * 12
1083 // memcpy(pointer,tag_data[i - 6],8) 8 bytes
1084 // memcpy(pointer + 8,mac,sizoof(mac) 4 bytes;
1085 // next one
1086 ptr = w.d.asBytes + (i - startblock) * 12;
1087 memcpy(ptr, &(tag_data[i - startblock].d[0]), 8);
1088 memcpy(ptr + 8,MAC, 4);
1089 }
1090 uint8_t p[12];
1091 for (i = 0; i <= endblock - startblock;i++){
1092 memcpy(p,w.d.asBytes + (i * 12),12);
1093 printf("Block |%02x|",i + startblock);
1094 printf(" %02x%02x%02x%02x%02x%02x%02x%02x |",p[0],p[1],p[2],p[3],p[4],p[5],p[6],p[7]);
1095 printf(" MAC |%02x%02x%02x%02x|\n",p[8],p[9],p[10],p[11]);
1096 }
1097 UsbCommand resp;
1098 SendCommand(&w);
1099 if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
1100 {
1101 PrintAndLog("Command execute timeout");
1102 return 0;
1103 }
1104 return 1;
1105 }
1106
1107 static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose, bool auth) {
1108 uint8_t MAC[4]={0x00,0x00,0x00,0x00};
1109 uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1110
1111 if (auth) {
1112 if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
1113 return 0;
1114 } else {
1115 uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1116 uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1117 if (!select_only(CSN, CCNR, (keyType==0x18), verbose))
1118 return 0;
1119 }
1120
1121 UsbCommand resp;
1122 UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno}};
1123 clearCommandBuffer();
1124 SendCommand(&w);
1125 if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
1126 {
1127 PrintAndLog("Command execute timeout");
1128 return 0;
1129 }
1130 uint8_t isOK = resp.arg[0] & 0xff;
1131 if (!isOK) {
1132 PrintAndLog("Read Block Failed");
1133 return 0;
1134 }
1135 //data read is stored in: resp.d.asBytes[0-15]
1136 if (verbose) PrintAndLog("Block %02X: %s\n",blockno, sprint_hex(resp.d.asBytes,8));
1137 return 1;
1138 }
1139
1140 int usage_hf_iclass_readblock(void) {
1141 PrintAndLog("Usage: hf iclass readblk b <Block> k <Key> c e|r\n");
1142 PrintAndLog("Options:");
1143 PrintAndLog(" b <Block> : The block number as 2 hex symbols");
1144 PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
1145 PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
1146 PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
1147 PrintAndLog(" r : If 'r' is specified, no computations applied to key");
1148 PrintAndLog("Samples:");
1149 PrintAndLog(" hf iclass readblk b 06 k 0011223344556677");
1150 PrintAndLog(" hf iclass readblk b 1B k 0011223344556677 c");
1151 PrintAndLog(" hf iclass readblk b 0A k 0");
1152 return 0;
1153 }
1154
1155 int CmdHFiClass_ReadBlock(const char *Cmd) {
1156 uint8_t blockno=0;
1157 uint8_t keyType = 0x88; //debit key
1158 uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1159 uint8_t keyNbr = 0;
1160 uint8_t dataLen = 0;
1161 char tempStr[50] = {0};
1162 bool elite = false;
1163 bool rawkey = false;
1164 bool errors = false;
1165 bool auth = false;
1166 uint8_t cmdp = 0;
1167 while(param_getchar(Cmd, cmdp) != 0x00)
1168 {
1169 switch(param_getchar(Cmd, cmdp))
1170 {
1171 case 'h':
1172 case 'H':
1173 return usage_hf_iclass_readblock();
1174 case 'b':
1175 case 'B':
1176 if (param_gethex(Cmd, cmdp+1, &blockno, 2)) {
1177 PrintAndLog("Block No must include 2 HEX symbols\n");
1178 errors = true;
1179 }
1180 cmdp += 2;
1181 break;
1182 case 'c':
1183 case 'C':
1184 keyType = 0x18;
1185 cmdp++;
1186 break;
1187 case 'e':
1188 case 'E':
1189 elite = true;
1190 cmdp++;
1191 break;
1192 case 'k':
1193 case 'K':
1194 auth = true;
1195 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
1196 if (dataLen == 16) {
1197 errors = param_gethex(tempStr, 0, KEY, dataLen);
1198 } else if (dataLen == 1) {
1199 keyNbr = param_get8(Cmd, cmdp+1);
1200 if (keyNbr < ICLASS_KEYS_MAX) {
1201 memcpy(KEY, iClass_Key_Table[keyNbr], 8);
1202 } else {
1203 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
1204 errors = true;
1205 }
1206 } else {
1207 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
1208 errors = true;
1209 }
1210 cmdp += 2;
1211 break;
1212 case 'r':
1213 case 'R':
1214 rawkey = true;
1215 cmdp++;
1216 break;
1217 default:
1218 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
1219 errors = true;
1220 break;
1221 }
1222 if(errors) return usage_hf_iclass_readblock();
1223 }
1224
1225 if (cmdp < 2) return usage_hf_iclass_readblock();
1226 if (!auth)
1227 PrintAndLog("warning: no authentication used with read, only a few specific blocks can be read accurately without authentication.");
1228 return ReadBlock(KEY, blockno, keyType, elite, rawkey, true, auth);
1229 }
1230
1231 int CmdHFiClass_loclass(const char *Cmd) {
1232 char opt = param_getchar(Cmd, 0);
1233
1234 if (strlen(Cmd)<1 || opt == 'h') {
1235 PrintAndLog("Usage: hf iclass loclass [options]");
1236 PrintAndLog("Options:");
1237 PrintAndLog("h Show this help");
1238 PrintAndLog("t Perform self-test");
1239 PrintAndLog("f <filename> Bruteforce iclass dumpfile");
1240 PrintAndLog(" An iclass dumpfile is assumed to consist of an arbitrary number of");
1241 PrintAndLog(" malicious CSNs, and their protocol responses");
1242 PrintAndLog(" The binary format of the file is expected to be as follows: ");
1243 PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
1244 PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
1245 PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
1246 PrintAndLog(" ... totalling N*24 bytes");
1247 return 0;
1248 }
1249 char fileName[255] = {0};
1250 if(opt == 'f')
1251 {
1252 if(param_getstr(Cmd, 1, fileName) > 0)
1253 {
1254 return bruteforceFileNoKeys(fileName);
1255 }else
1256 {
1257 PrintAndLog("You must specify a filename");
1258 }
1259 }
1260 else if(opt == 't')
1261 {
1262 int errors = testCipherUtils();
1263 errors += testMAC();
1264 errors += doKeyTests(0);
1265 errors += testElite();
1266 if(errors)
1267 {
1268 prnlog("OBS! There were errors!!!");
1269 }
1270 return errors;
1271 }
1272
1273 return 0;
1274 }
1275
1276 void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize) {
1277 uint8_t mem_config;
1278 memcpy(&mem_config, iclass_dump + 13,1);
1279 uint8_t maxmemcount;
1280 uint8_t filemaxblock = filesize / 8;
1281 if (mem_config & 0x80)
1282 maxmemcount = 255;
1283 else
1284 maxmemcount = 31;
1285 //PrintAndLog ("endblock: %d, filesize: %d, maxmemcount: %d, filemaxblock: %d", endblock,filesize, maxmemcount, filemaxblock);
1286
1287 if (startblock == 0)
1288 startblock = 6;
1289 if ((endblock > maxmemcount) || (endblock == 0))
1290 endblock = maxmemcount;
1291
1292 // remember endblock need to relate to zero-index arrays.
1293 if (endblock > filemaxblock-1)
1294 endblock = filemaxblock;
1295
1296 int i = startblock;
1297 printf("------+--+-------------------------+\n");
1298 while (i <= endblock) {
1299 uint8_t *blk = iclass_dump + (i * 8);
1300 printf("Block |%02X| %s|\n", i, sprint_hex(blk, 8) );
1301 i++;
1302 }
1303 printf("------+--+-------------------------+\n");
1304 }
1305
1306 int usage_hf_iclass_readtagfile() {
1307 PrintAndLog("Usage: hf iclass readtagfile <filename> [startblock] [endblock]");
1308 return 1;
1309 }
1310
1311 int CmdHFiClassReadTagFile(const char *Cmd) {
1312 int startblock = 0;
1313 int endblock = 0;
1314 char tempnum[5];
1315 FILE *f;
1316 char filename[FILE_PATH_SIZE];
1317 if (param_getstr(Cmd, 0, filename) < 1)
1318 return usage_hf_iclass_readtagfile();
1319 if (param_getstr(Cmd,1,(char *)&tempnum) < 1)
1320 startblock = 0;
1321 else
1322 sscanf(tempnum,"%d",&startblock);
1323
1324 if (param_getstr(Cmd,2,(char *)&tempnum) < 1)
1325 endblock = 0;
1326 else
1327 sscanf(tempnum,"%d",&endblock);
1328 // file handling and reading
1329 f = fopen(filename,"rb");
1330 if(!f) {
1331 PrintAndLog("Failed to read from file '%s'", filename);
1332 return 1;
1333 }
1334 fseek(f, 0, SEEK_END);
1335 long fsize = ftell(f);
1336 fseek(f, 0, SEEK_SET);
1337
1338 if ( fsize < 0 ) {
1339 PrintAndLog("Error, when getting filesize");
1340 fclose(f);
1341 return 1;
1342 }
1343
1344 uint8_t *dump = malloc(fsize);
1345
1346 size_t bytes_read = fread(dump, 1, fsize, f);
1347 fclose(f);
1348 uint8_t *csn = dump;
1349 printf("------+--+-------------------------+\n");
1350 printf("CSN |00| %s|\n", sprint_hex(csn, 8) );
1351 // printIclassDumpInfo(dump);
1352 printIclassDumpContents(dump,startblock,endblock,bytes_read);
1353 free(dump);
1354 return 0;
1355 }
1356
1357 /*
1358 uint64_t xorcheck(uint64_t sdiv,uint64_t hdiv) {
1359 uint64_t new_div = 0x00;
1360 new_div ^= sdiv;
1361 new_div ^= hdiv;
1362 return new_div;
1363 }
1364
1365 uint64_t hexarray_to_uint64(uint8_t *key) {
1366 char temp[17];
1367 uint64_t uint_key;
1368 for (int i = 0;i < 8;i++)
1369 sprintf(&temp[(i *2)],"%02X",key[i]);
1370 temp[16] = '\0';
1371 if (sscanf(temp,"%016" SCNx64,&uint_key) < 1)
1372 return 0;
1373 return uint_key;
1374 }
1375 */
1376 void HFiClassCalcDivKey(uint8_t *CSN, uint8_t *KEY, uint8_t *div_key, bool elite){
1377 uint8_t keytable[128] = {0};
1378 uint8_t key_index[8] = {0};
1379 if (elite) {
1380 uint8_t key_sel[8] = { 0 };
1381 uint8_t key_sel_p[8] = { 0 };
1382 hash2(KEY, keytable);
1383 hash1(CSN, key_index);
1384 for(uint8_t i = 0; i < 8 ; i++)
1385 key_sel[i] = keytable[key_index[i]] & 0xFF;
1386
1387 //Permute from iclass format to standard format
1388 permutekey_rev(key_sel, key_sel_p);
1389 diversifyKey(CSN, key_sel_p, div_key);
1390 } else {
1391 diversifyKey(CSN, KEY, div_key);
1392 }
1393 }
1394
1395 //when told CSN, oldkey, newkey, if new key is elite (elite), and if old key was elite (oldElite)
1396 //calculate and return xor_div_key (ready for a key write command)
1397 //print all div_keys if verbose
1398 static void HFiClassCalcNewKey(uint8_t *CSN, uint8_t *OLDKEY, uint8_t *NEWKEY, uint8_t *xor_div_key, bool elite, bool oldElite, bool verbose){
1399 uint8_t old_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1400 uint8_t new_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1401 //get old div key
1402 HFiClassCalcDivKey(CSN, OLDKEY, old_div_key, oldElite);
1403 //get new div key
1404 HFiClassCalcDivKey(CSN, NEWKEY, new_div_key, elite);
1405
1406 for (uint8_t i = 0; i < sizeof(old_div_key); i++){
1407 xor_div_key[i] = old_div_key[i] ^ new_div_key[i];
1408 }
1409 if (verbose) {
1410 printf("Old Div Key : %s\n",sprint_hex(old_div_key,8));
1411 printf("New Div Key : %s\n",sprint_hex(new_div_key,8));
1412 printf("Xor Div Key : %s\n",sprint_hex(xor_div_key,8));
1413 }
1414 }
1415
1416 int usage_hf_iclass_calc_newkey(void) {
1417 PrintAndLog("HELP : Manage iClass Keys in client memory:\n");
1418 PrintAndLog("Usage: hf iclass calc_newkey o <Old key> n <New key> s [csn] e");
1419 PrintAndLog(" Options:");
1420 PrintAndLog(" o <oldkey> : *specify a key as 16 hex symbols or a key number as 1 symbol");
1421 PrintAndLog(" n <newkey> : *specify a key as 16 hex symbols or a key number as 1 symbol");
1422 PrintAndLog(" s <csn> : specify a card Serial number to diversify the key (if omitted will attempt to read a csn)");
1423 PrintAndLog(" e : specify new key as elite calc");
1424 PrintAndLog(" ee : specify old and new key as elite calc");
1425 PrintAndLog("Samples:");
1426 PrintAndLog(" e key to e key given csn : hf iclass calcnewkey o 1122334455667788 n 2233445566778899 s deadbeafdeadbeaf ee");
1427 PrintAndLog(" std key to e key read csn: hf iclass calcnewkey o 1122334455667788 n 2233445566778899 e");
1428 PrintAndLog(" std to std read csn : hf iclass calcnewkey o 1122334455667788 n 2233445566778899");
1429 PrintAndLog("NOTE: * = required\n");
1430
1431 return 1;
1432 }
1433
1434 int CmdHFiClassCalcNewKey(const char *Cmd) {
1435 uint8_t OLDKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1436 uint8_t NEWKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1437 uint8_t xor_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1438 uint8_t CSN[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1439 uint8_t CCNR[12] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1440 uint8_t keyNbr = 0;
1441 uint8_t dataLen = 0;
1442 char tempStr[50] = {0};
1443 bool givenCSN = false;
1444 bool oldElite = false;
1445 bool elite = false;
1446 bool errors = false;
1447 uint8_t cmdp = 0;
1448 while(param_getchar(Cmd, cmdp) != 0x00)
1449 {
1450 switch(param_getchar(Cmd, cmdp))
1451 {
1452 case 'h':
1453 case 'H':
1454 return usage_hf_iclass_calc_newkey();
1455 case 'e':
1456 case 'E':
1457 dataLen = param_getstr(Cmd, cmdp, tempStr);
1458 if (dataLen==2)
1459 oldElite = true;
1460 elite = true;
1461 cmdp++;
1462 break;
1463 case 'n':
1464 case 'N':
1465 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
1466 if (dataLen == 16) {
1467 errors = param_gethex(tempStr, 0, NEWKEY, dataLen);
1468 } else if (dataLen == 1) {
1469 keyNbr = param_get8(Cmd, cmdp+1);
1470 if (keyNbr < ICLASS_KEYS_MAX) {
1471 memcpy(NEWKEY, iClass_Key_Table[keyNbr], 8);
1472 } else {
1473 PrintAndLog("\nERROR: NewKey Nbr is invalid\n");
1474 errors = true;
1475 }
1476 } else {
1477 PrintAndLog("\nERROR: NewKey is incorrect length\n");
1478 errors = true;
1479 }
1480 cmdp += 2;
1481 break;
1482 case 'o':
1483 case 'O':
1484 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
1485 if (dataLen == 16) {
1486 errors = param_gethex(tempStr, 0, OLDKEY, dataLen);
1487 } else if (dataLen == 1) {
1488 keyNbr = param_get8(Cmd, cmdp+1);
1489 if (keyNbr < ICLASS_KEYS_MAX) {
1490 memcpy(OLDKEY, iClass_Key_Table[keyNbr], 8);
1491 } else {
1492 PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
1493 errors = true;
1494 }
1495 } else {
1496 PrintAndLog("\nERROR: Credit Key is incorrect length\n");
1497 errors = true;
1498 }
1499 cmdp += 2;
1500 break;
1501 case 's':
1502 case 'S':
1503 givenCSN = true;
1504 if (param_gethex(Cmd, cmdp+1, CSN, 16))
1505 return usage_hf_iclass_calc_newkey();
1506 cmdp += 2;
1507 break;
1508 default:
1509 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
1510 errors = true;
1511 break;
1512 }
1513 if(errors) return usage_hf_iclass_calc_newkey();
1514 }
1515
1516 if (cmdp < 4) return usage_hf_iclass_calc_newkey();
1517
1518 if (!givenCSN)
1519 if (!select_only(CSN, CCNR, false, true))
1520 return 0;
1521
1522 HFiClassCalcNewKey(CSN, OLDKEY, NEWKEY, xor_div_key, elite, oldElite, true);
1523 return 0;
1524 }
1525
1526 static int loadKeys(char *filename) {
1527 FILE *f;
1528 f = fopen(filename,"rb");
1529 if(!f) {
1530 PrintAndLog("Failed to read from file '%s'", filename);
1531 return 0;
1532 }
1533 fseek(f, 0, SEEK_END);
1534 long fsize = ftell(f);
1535 fseek(f, 0, SEEK_SET);
1536
1537 if ( fsize < 0 ) {
1538 PrintAndLog("Error, when getting filesize");
1539 fclose(f);
1540 return 1;
1541 }
1542
1543 uint8_t *dump = malloc(fsize);
1544
1545 size_t bytes_read = fread(dump, 1, fsize, f);
1546 fclose(f);
1547 if (bytes_read > ICLASS_KEYS_MAX * 8){
1548 PrintAndLog("File is too long to load - bytes: %u", bytes_read);
1549 free(dump);
1550 return 0;
1551 }
1552 uint8_t i = 0;
1553 for (; i < bytes_read/8; i++){
1554 memcpy(iClass_Key_Table[i],dump+(i*8),8);
1555 }
1556 free(dump);
1557 PrintAndLog("%u keys loaded", i);
1558 return 1;
1559 }
1560
1561 static int saveKeys(char *filename) {
1562 FILE *f;
1563 f = fopen(filename,"wb");
1564 if (f == NULL) {
1565 printf("error opening file %s\n",filename);
1566 return 0;
1567 }
1568 for (uint8_t i = 0; i < ICLASS_KEYS_MAX; i++){
1569 if (fwrite(iClass_Key_Table[i],8,1,f) != 1){
1570 PrintAndLog("save key failed to write to file: %s", filename);
1571 break;
1572 }
1573 }
1574 fclose(f);
1575 return 0;
1576 }
1577
1578 static int printKeys(void) {
1579 PrintAndLog("");
1580 for (uint8_t i = 0; i < ICLASS_KEYS_MAX; i++){
1581 PrintAndLog("%u: %s",i,sprint_hex(iClass_Key_Table[i],8));
1582 }
1583 PrintAndLog("");
1584 return 0;
1585 }
1586
1587 int usage_hf_iclass_managekeys(void) {
1588 PrintAndLog("HELP : Manage iClass Keys in client memory:\n");
1589 PrintAndLog("Usage: hf iclass managekeys n [keynbr] k [key] f [filename] s l p\n");
1590 PrintAndLog(" Options:");
1591 PrintAndLog(" n <keynbr> : specify the keyNbr to set in memory");
1592 PrintAndLog(" k <key> : set a key in memory");
1593 PrintAndLog(" f <filename>: specify a filename to use with load or save operations");
1594 PrintAndLog(" s : save keys in memory to file specified by filename");
1595 PrintAndLog(" l : load keys to memory from file specified by filename");
1596 PrintAndLog(" p : print keys loaded into memory\n");
1597 PrintAndLog("Samples:");
1598 PrintAndLog(" set key : hf iclass managekeys n 0 k 1122334455667788");
1599 PrintAndLog(" save key file: hf iclass managekeys f mykeys.bin s");
1600 PrintAndLog(" load key file: hf iclass managekeys f mykeys.bin l");
1601 PrintAndLog(" print keys : hf iclass managekeys p\n");
1602 return 0;
1603 }
1604
1605 int CmdHFiClassManageKeys(const char *Cmd) {
1606 uint8_t keyNbr = 0;
1607 uint8_t dataLen = 0;
1608 uint8_t KEY[8] = {0};
1609 char filename[FILE_PATH_SIZE];
1610 uint8_t fileNameLen = 0;
1611 bool errors = false;
1612 uint8_t operation = 0;
1613 char tempStr[20];
1614 uint8_t cmdp = 0;
1615
1616 while(param_getchar(Cmd, cmdp) != 0x00)
1617 {
1618 switch(param_getchar(Cmd, cmdp))
1619 {
1620 case 'h':
1621 case 'H':
1622 return usage_hf_iclass_managekeys();
1623 case 'f':
1624 case 'F':
1625 fileNameLen = param_getstr(Cmd, cmdp+1, filename);
1626 if (fileNameLen < 1) {
1627 PrintAndLog("No filename found after f");
1628 errors = true;
1629 }
1630 cmdp += 2;
1631 break;
1632 case 'n':
1633 case 'N':
1634 keyNbr = param_get8(Cmd, cmdp+1);
1635 if (keyNbr >= ICLASS_KEYS_MAX) {
1636 PrintAndLog("Invalid block number");
1637 errors = true;
1638 }
1639 cmdp += 2;
1640 break;
1641 case 'k':
1642 case 'K':
1643 operation += 3; //set key
1644 dataLen = param_getstr(Cmd, cmdp+1, tempStr);
1645 if (dataLen == 16) { //ul-c or ev1/ntag key length
1646 errors = param_gethex(tempStr, 0, KEY, dataLen);
1647 } else {
1648 PrintAndLog("\nERROR: Key is incorrect length\n");
1649 errors = true;
1650 }
1651 cmdp += 2;
1652 break;
1653 case 'p':
1654 case 'P':
1655 operation += 4; //print keys in memory
1656 cmdp++;
1657 break;
1658 case 'l':
1659 case 'L':
1660 operation += 5; //load keys from file
1661 cmdp++;
1662 break;
1663 case 's':
1664 case 'S':
1665 operation += 6; //save keys to file
1666 cmdp++;
1667 break;
1668 default:
1669 PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
1670 errors = true;
1671 break;
1672 }
1673 if(errors) return usage_hf_iclass_managekeys();
1674 }
1675 if (operation == 0){
1676 PrintAndLog("no operation specified (load, save, or print)\n");
1677 return usage_hf_iclass_managekeys();
1678 }
1679 if (operation > 6){
1680 PrintAndLog("Too many operations specified\n");
1681 return usage_hf_iclass_managekeys();
1682 }
1683 if (operation > 4 && fileNameLen == 0){
1684 PrintAndLog("You must enter a filename when loading or saving\n");
1685 return usage_hf_iclass_managekeys();
1686 }
1687
1688 switch (operation){
1689 case 3: memcpy(iClass_Key_Table[keyNbr], KEY, 8); return 1;
1690 case 4: return printKeys();
1691 case 5: return loadKeys(filename);
1692 case 6: return saveKeys(filename);
1693 break;
1694 }
1695 return 0;
1696 }
1697
1698 static command_t CommandTable[] =
1699 {
1700 {"help", CmdHelp, 1, "This help"},
1701 {"calcnewkey", CmdHFiClassCalcNewKey, 1, "[options..] Calc Diversified keys (blocks 3 & 4) to write new keys"},
1702 {"clone", CmdHFiClassCloneTag, 0, "[options..] Authenticate and Clone from iClass bin file"},
1703 {"decrypt", CmdHFiClassDecrypt, 1, "[f <fname>] Decrypt tagdump" },
1704 {"dump", CmdHFiClassReader_Dump, 0, "[options..] Authenticate and Dump iClass tag's AA1"},
1705 {"eload", CmdHFiClassELoad, 0, "[f <fname>] (experimental) Load data into iClass emulator memory"},
1706 {"encryptblk", CmdHFiClassEncryptBlk, 1, "<BlockData> Encrypt given block data"},
1707 {"list", CmdHFiClassList, 0, " (Deprecated) List iClass history"},
1708 {"loclass", CmdHFiClass_loclass, 1, "[options..] Use loclass to perform bruteforce of reader attack dump"},
1709 {"managekeys", CmdHFiClassManageKeys, 1, "[options..] Manage the keys to use with iClass"},
1710 {"readblk", CmdHFiClass_ReadBlock, 0, "[options..] Authenticate and Read iClass block"},
1711 {"reader", CmdHFiClassReader, 0, " Read an iClass tag"},
1712 {"readtagfile", CmdHFiClassReadTagFile, 1, "[options..] Display Content from tagfile"},
1713 {"replay", CmdHFiClassReader_Replay, 0, "<mac> Read an iClass tag via Reply Attack"},
1714 {"sim", CmdHFiClassSim, 0, "[options..] Simulate iClass tag"},
1715 {"snoop", CmdHFiClassSnoop, 0, " Eavesdrop iClass communication"},
1716 {"writeblk", CmdHFiClass_WriteBlock, 0, "[options..] Authenticate and Write iClass block"},
1717 {NULL, NULL, 0, NULL}
1718 };
1719
1720 int CmdHFiClass(const char *Cmd)
1721 {
1722 CmdsParse(CommandTable, Cmd);
1723 return 0;
1724 }
1725
1726 int CmdHelp(const char *Cmd)
1727 {
1728 CmdsHelp(CommandTable);
1729 return 0;
1730 }
Proxmark3 GIT tracking
Impressum, Datenschutz