]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhficlass.c
ADD: Enio's intuative function for the command: "hw tune", where you plot the tunin...
[proxmark3-svn] / client / cmdhficlass.c
index 01bdfc11bb3b9c17ed0dae22e9c9ae8b0866d7d8..7bbf26b27a1bd7750ca3a5ff3606d9f406757a87 100644 (file)
 #include <sys/stat.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
 #include "data.h"
 #include <sys/stat.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
 #include "data.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhficlass.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhficlass.h"
-#include "common.h"
+#include "../include/common.h"
 #include "util.h"
 #include "cmdmain.h"
 #include "loclass/des.h"
 #include "util.h"
 #include "cmdmain.h"
 #include "loclass/des.h"
@@ -35,11 +34,11 @@ static int CmdHelp(const char *Cmd);
 
 int xorbits_8(uint8_t val)
 {
 
 int xorbits_8(uint8_t val)
 {
-    uint8_t res = val ^ (val >> 1); //1st pass
-    res = res ^ (res >> 1);            // 2nd pass
-    res = res ^ (res >> 2);            // 3rd pass
-    res = res ^ (res >> 4);                    // 4th pass
-    return res & 1;
+       uint8_t res = val ^ (val >> 1); //1st pass
+       res = res ^ (res >> 1);                 // 2nd pass
+       res = res ^ (res >> 2);                 // 3rd pass
+       res = res ^ (res >> 4);                         // 4th pass
+       return res & 1;
 }
 
 int CmdHFiClassList(const char *Cmd)
 }
 
 int CmdHFiClassList(const char *Cmd)
@@ -56,7 +55,7 @@ int CmdHFiClassList(const char *Cmd)
                return 0;
        }
 
                return 0;
        }
 
-       uint8_t got[1920];
+       uint8_t got[TRACE_BUFFER_SIZE];
        GetFromBigBuf(got,sizeof(got),0);
        WaitForResponse(CMD_ACK,NULL);
 
        GetFromBigBuf(got,sizeof(got),0);
        WaitForResponse(CMD_ACK,NULL);
 
@@ -78,7 +77,7 @@ int CmdHFiClassList(const char *Cmd)
        uint32_t EndOfTransmissionTimestamp = 0;
 
 
        uint32_t EndOfTransmissionTimestamp = 0;
 
 
-       for( i=0; i < 1900;)
+       for( i=0; i < TRACE_BUFFER_SIZE;)
        {
                //First 32 bits contain
                // isResponse (1 bit)
        {
                //First 32 bits contain
                // isResponse (1 bit)
@@ -88,7 +87,7 @@ int CmdHFiClassList(const char *Cmd)
                timestamp = *((uint32_t *)(got+i));
                parityBits = *((uint32_t *)(got+i+4));
                len = got[i+8];
                timestamp = *((uint32_t *)(got+i));
                parityBits = *((uint32_t *)(got+i+4));
                len = got[i+8];
-        frame = (got+i+9);
+               frame = (got+i+9);
                uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff;
 
                tagToReader = timestamp & 0x80000000;
                uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff;
 
                tagToReader = timestamp & 0x80000000;
@@ -401,19 +400,30 @@ int CmdHFiClassSim(const char *Cmd)
 
 int CmdHFiClassReader(const char *Cmd)
 {
 
 int CmdHFiClassReader(const char *Cmd)
 {
-  uint8_t readerType = 0;
-
-  if (strlen(Cmd)<1) {
-       PrintAndLog("Usage:  hf iclass reader    <reader type>");
-       PrintAndLog("        sample: hf iclass reader 0");
-       return 0;
-  }    
-
-  readerType = param_get8(Cmd, 0);
-  PrintAndLog("--readertype:%02x", readerType);
-
-  UsbCommand c = {CMD_READER_ICLASS, {readerType}};
+  UsbCommand c = {CMD_READER_ICLASS, {0}};
   SendCommand(&c);
   SendCommand(&c);
+    UsbCommand resp;
+  while(!ukbhit()){
+      if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
+            uint8_t isOK    = resp.arg[0] & 0xff;
+            uint8_t * data  = resp.d.asBytes;
+
+            PrintAndLog("isOk:%02x", isOK);
+
+            if(isOK > 0)
+            {
+                PrintAndLog("CSN: %s",sprint_hex(data,8));
+            }
+            if(isOK >= 1)
+            {
+                PrintAndLog("CC: %s",sprint_hex(data+8,8));
+            }else{
+                PrintAndLog("No CC obtained");
+            }
+        } else {
+            PrintAndLog("Command execute timeout");
+        }
+    }
 
   return 0;
 }
 
   return 0;
 }
@@ -426,7 +436,7 @@ int CmdHFiClassReader_Replay(const char *Cmd)
   if (strlen(Cmd)<1) {
     PrintAndLog("Usage:  hf iclass replay <MAC>");
     PrintAndLog("        sample: hf iclass replay 00112233");
   if (strlen(Cmd)<1) {
     PrintAndLog("Usage:  hf iclass replay <MAC>");
     PrintAndLog("        sample: hf iclass replay 00112233");
-    return 0;
+       return 0;
   }
 
   if (param_gethex(Cmd, 0, MAC, 8)) {
   }
 
   if (param_gethex(Cmd, 0, MAC, 8)) {
@@ -450,11 +460,20 @@ int CmdHFiClassReader_Dump(const char *Cmd)
   uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
   //uint8_t CC_temp[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
   uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
   uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
   //uint8_t CC_temp[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
   uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-
+  uint8_t keytable[128] = {0};
+  int elite = 0;
+  uint8_t *used_key;
+  int i;
   if (strlen(Cmd)<1) 
   {
   if (strlen(Cmd)<1) 
   {
-    PrintAndLog("Usage:  hf iclass dump <Key>");
+    PrintAndLog("Usage:  hf iclass dump <Key> [e]");
+    PrintAndLog("        Key    - A 16 byte master key");
+    PrintAndLog("        e      - If 'e' is specified, the key is interpreted as the 16 byte");
+    PrintAndLog("                 Custom Key (KCus), which can be obtained via reader-attack");
+    PrintAndLog("                 See 'hf iclass sim 2'. This key should be on iclass-format");
     PrintAndLog("        sample: hf iclass dump 0011223344556677");
     PrintAndLog("        sample: hf iclass dump 0011223344556677");
+
+
     return 0;
   }
 
     return 0;
   }
 
@@ -463,18 +482,32 @@ int CmdHFiClassReader_Dump(const char *Cmd)
     PrintAndLog("KEY must include 16 HEX symbols");
     return 1;
   }
     PrintAndLog("KEY must include 16 HEX symbols");
     return 1;
   }
-    
-  UsbCommand c = {CMD_ICLASS_ISO14443A_GETPUBLIC, {0}};
+
+  if (param_getchar(Cmd, 1) == 'e')
+  {
+    PrintAndLog("Elite switch on");
+    elite = 1;
+
+    //calc h2
+    hash2(KEY, keytable);
+    printarr_human_readable("keytable", keytable, 128);
+
+  }
+
+
+  UsbCommand c = {CMD_READER_ICLASS, {0}};
+  c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE;
 
   SendCommand(&c);
   
   UsbCommand resp;
 
   SendCommand(&c);
   
   UsbCommand resp;
-
+  uint8_t key_sel[8] = {0x00};
+  uint8_t key_sel_p[8] = {0x00};
+                               
   if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
         uint8_t isOK    = resp.arg[0] & 0xff;
         uint8_t * data  = resp.d.asBytes;
 
   if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
         uint8_t isOK    = resp.arg[0] & 0xff;
         uint8_t * data  = resp.d.asBytes;
 
-
         memcpy(CSN,data,8);
         memcpy(CCNR,data+8,8);
 
         memcpy(CSN,data,8);
         memcpy(CCNR,data+8,8);
 
@@ -486,9 +519,38 @@ int CmdHFiClassReader_Dump(const char *Cmd)
         }
         if(isOK > 1)
         {
         }
         if(isOK > 1)
         {
-            PrintAndLog("CC: %s",sprint_hex(CCNR,8));
-            diversifyKey(CSN,KEY, div_key);
-            doMAC(CCNR,div_key, MAC);
+            if(elite)
+            {
+
+                //Get the key index (hash1)
+                uint8_t key_index[8] = {0};
+
+                hash1(CSN, key_index);
+                printvar("hash1", key_index,8);
+                for(i = 0; i < 8 ; i++)
+                    key_sel[i] = keytable[key_index[i]] & 0xFF;
+                printvar("k_sel", key_sel,8);
+                //Permute from iclass format to standard format
+                permutekey_rev(key_sel,key_sel_p);
+                used_key = key_sel_p;
+            }else{
+                //Perhaps this should also be permuted to std format?
+                // Something like the code below? I have no std system
+                // to test this with /Martin
+
+                //uint8_t key_sel_p[8] = { 0 };
+                //permutekey_rev(KEY,key_sel_p);
+                //used_key = key_sel_p;
+
+                used_key = KEY;
+
+            }
+            printvar("Used key",used_key,8);
+            diversifyKey(CSN,used_key, div_key);
+            printvar("Div key", div_key, 8);
+            printvar("CC_NR:",CCNR,12);
+            doMAC(CCNR,12,div_key, MAC);
+            printvar("MAC", MAC, 4);
 
             UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
             memcpy(d.d.asBytes, MAC, 4);
 
             UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
             memcpy(d.d.asBytes, MAC, 4);
@@ -541,7 +603,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
         return 1;
   }
   
         return 1;
   }
   
-  UsbCommand c = {CMD_ICLASS_ISO14443A_GETPUBLIC, {0}};
+  UsbCommand c = {CMD_ICLASS_ISO14443A_WRITE, {0}};
   SendCommand(&c);
   UsbCommand resp;
 
   SendCommand(&c);
   UsbCommand resp;
 
@@ -561,7 +623,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
   diversifyKey(CSN,KEY, div_key);
 
   PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
   diversifyKey(CSN,KEY, div_key);
 
   PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
-  doMAC(CCNR, div_key, MAC);
+  doMAC(CCNR, 12,div_key, MAC);
 
   UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
   memcpy(c2.d.asBytes, bldata, 8);
 
   UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
   memcpy(c2.d.asBytes, bldata, 8);
@@ -585,14 +647,17 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
 
 static command_t CommandTable[] = 
 {
 
 static command_t CommandTable[] = 
 {
-  {"help",     CmdHelp,                        1,      "This help"},
-  {"list",     CmdHFiClassList,        0,      "List iClass history"},
-  {"snoop",    CmdHFiClassSnoop,       0,      "Eavesdrop iClass communication"},
-  {"sim",      CmdHFiClassSim,         0,      "Simulate iClass tag"},
+  {"help",    CmdHelp,        1, "This help"},
+  {"list",    CmdHFiClassList,   0, "List iClass history"},
+  {"snoop",   CmdHFiClassSnoop,  0, "Eavesdrop iClass communication"},
+  {"sim",     CmdHFiClassSim,    0, "Simulate iClass tag"},
   {"reader",CmdHFiClassReader, 0,      "Read an iClass tag"},
   {"replay",CmdHFiClassReader_Replay,  0,      "Read an iClass tag via Reply Attack"},
   {"dump",     CmdHFiClassReader_Dump, 0,              "Authenticate and Dump iClass tag"},
   {"write",    CmdHFiClass_iso14443A_write,    0,      "Authenticate and Write iClass block"},
   {"reader",CmdHFiClassReader, 0,      "Read an iClass tag"},
   {"replay",CmdHFiClassReader_Replay,  0,      "Read an iClass tag via Reply Attack"},
   {"dump",     CmdHFiClassReader_Dump, 0,              "Authenticate and Dump iClass tag"},
   {"write",    CmdHFiClass_iso14443A_write,    0,      "Authenticate and Write iClass block"},
+  {"replay",  CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
+  {"dump",       CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
+  {"write",    CmdHFiClass_iso14443A_write,    0,      "Authenticate and Write iClass block"},
   {NULL, NULL, 0, NULL}
 };
 
   {NULL, NULL, 0, NULL}
 };
 
@@ -605,5 +670,5 @@ int CmdHFiClass(const char *Cmd)
 int CmdHelp(const char *Cmd)
 {
   CmdsHelp(CommandTable);
 int CmdHelp(const char *Cmd)
 {
   CmdsHelp(CommandTable);
-  return 0;
+       return 0;
 }
 }
Impressum, Datenschutz