]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmfu.c
CHG, modified the configuration script
[proxmark3-svn] / client / cmdhfmfu.c
index d1b810a562cf7ddf4389ce14acf312a10021154f..cc2e05d6b45c303790e8bef4ca619aa746bd74a9 100644 (file)
@@ -100,6 +100,25 @@ uint32_t ul_ev1_pwdgenB(uint8_t* uid) {
        return (uint32_t)bytes_to_num(pwd, 4);
 }
 
+// Certain pwd generation algo nickname C.
+uint32_t ul_ev1_pwdgenC(uint8_t* uid){
+       uint32_t pwd = 0;
+       uint8_t base[] = {
+               0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x28,
+               0x63, 0x29, 0x20, 0x43, 0x6f, 0x70, 0x79, 0x72,
+               0x69, 0x67, 0x68, 0x74, 0x20, 0x4c, 0x45, 0x47,
+               0x4f, 0x20, 0x32, 0x30, 0x31, 0x34, 0xaa, 0xaa
+       };
+
+       memcpy(base, uid, 7);
+
+       for (int i = 0; i < 32; i += 4) {
+               uint32_t b = *(uint32_t *)(base + i);
+               pwd = b + ROTR(pwd, 25) + ROTR(pwd, 10) - pwd;
+       }
+       return BSWAP_32(pwd);
+}
+
 void ul_ev1_pwdgen_selftest(){
        
        uint8_t uid1[] = {0x04,0x11,0x12,0x11,0x12,0x11,0x10};
@@ -109,6 +128,10 @@ void ul_ev1_pwdgen_selftest(){
        uint8_t uid2[] = {0x04,0x1f,0x98,0xea,0x1e,0x3e,0x81};          
        uint32_t pwd2 = ul_ev1_pwdgenB(uid2);
        PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid2,7), pwd2, (pwd2 == 0x5fd37eca)?"OK":"->5fd37eca<--");
+
+       uint8_t uid3[] = {0x04,0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80};
+       uint32_t pwd3 = ul_ev1_pwdgenC(uid3);
+       PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid3,7), pwd3, (pwd3 == 0x5a349515)?"OK":"->5a349515<--");
        return;
 }
 
@@ -915,6 +938,14 @@ int CmdHF14AMfUInfo(const char *Cmd){
                                PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
                        }
                        if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
+
+                       // test pwd gen C
+                       num_to_bytes( ul_ev1_pwdgenC(card.uid), 4, key);
+                       len = ulev1_requestAuthentication(key, pack, sizeof(pack));
+                       if (len >= 1) {
+                               PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
+                       }
+                       if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;                    
                        
                        for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ) {
                                key = default_pwd_pack[i];
@@ -1403,6 +1434,7 @@ int CmdHF14AMfUDump(const char *Cmd){
        //Validations
        if(errors) return usage_hf_mfu_dump();
 
+       //if we entered a key in little endian and set the swapEndian switch - switch it...
        if (swapEndian && hasAuthKey) 
                authKeyPtr = SwapEndian64(authenticationkey, dataLen, (dataLen == 16) ? 8 : 4);
 
@@ -1469,28 +1501,8 @@ int CmdHF14AMfUDump(const char *Cmd){
                }
        }
 
-       // add keys to block dump
-       if (hasAuthKey) {
-               if (tagtype & UL_C){ //add 4 pages
-                       memcpy(data + Pages*4, authKeyPtr, dataLen);
-                       Pages += dataLen/4;  
-               } else { // 2nd page from end
-                       memcpy(data + (Pages*4) - 8, authenticationkey, dataLen);
-               }
-       }
-
        uint8_t get_pack[] = {0,0};
        iso14a_card_select_t card;
-       //attempt to read pack
-       if (!ul_auth_select( &card, tagtype, hasAuthKey, authKeyPtr, get_pack, sizeof(get_pack))) {
-               //reset pack
-               get_pack[0]=0;
-               get_pack[1]=0;
-       }
-       ul_switch_off_field();
-       // add pack to block read
-       memcpy(data + (Pages*4) - 4, get_pack, sizeof(get_pack));
-
        uint8_t dump_file_data[1024+DUMP_PREFIX_LENGTH] = {0x00};
        uint8_t get_version[] = {0,0,0,0,0,0,0,0,0};
        uint8_t get_tearing[] = {0,0,0};
@@ -1499,6 +1511,17 @@ int CmdHF14AMfUDump(const char *Cmd){
        uint8_t get_signature[32];
        memset( get_signature, 0, sizeof(get_signature) );
 
+       // not ul_c and not std ul then attempt to get deeper info
+       if (!(tagtype & UL_C || tagtype & UL)) {
+               //attempt to read pack
+               if (!ul_auth_select( &card, tagtype, true, authKeyPtr, get_pack, sizeof(get_pack))) {
+                       //reset pack
+                       get_pack[0]=0;
+                       get_pack[1]=0;
+               }
+               ul_switch_off_field();
+               // add pack to block read
+               memcpy(data + (Pages*4) - 4, get_pack, sizeof(get_pack));
        if ( hasAuthKey )
                ul_auth_select( &card, tagtype, hasAuthKey, authKeyPtr, dummy_pack, sizeof(dummy_pack));
        else
@@ -1516,6 +1539,28 @@ int CmdHF14AMfUDump(const char *Cmd){
                ul_select(&card);
        ulev1_readSignature( get_signature, sizeof(get_signature));
        ul_switch_off_field();
+       }
+
+       // format and add keys to block dump output
+       if (hasAuthKey) {
+               // if we didn't swapendian before - do it now for the sprint_hex call
+               // NOTE: default entry is bigendian (unless swapped), sprint_hex outputs little endian
+               //       need to swap to keep it the same
+               if (!swapEndian){
+                       authKeyPtr = SwapEndian64(authenticationkey, dataLen, (dataLen == 16) ? 8 : 4);
+               } else {
+                       authKeyPtr = authenticationkey;
+               }
+
+               if (tagtype & UL_C){ //add 4 pages
+                       memcpy(data + Pages*4, authKeyPtr, dataLen);
+                       Pages += dataLen/4;  
+               } else { // 2nd page from end
+                       memcpy(data + (Pages*4) - 8, authenticationkey, dataLen);
+               }
+       }
+
+       //add *special* blocks to dump
        //get version
        memcpy(dump_file_data, get_version, sizeof(get_version));
        //tearing
@@ -1524,9 +1569,10 @@ int CmdHF14AMfUDump(const char *Cmd){
        memcpy(dump_file_data+13, get_pack, sizeof(get_pack));
        //signature
        memcpy(dump_file_data+16, get_signature, sizeof(get_signature));
-       //block read data
+       //add regular block read data to dump
        memcpy(dump_file_data+DUMP_PREFIX_LENGTH, data, Pages*4);
 
+       PrintAndLog("\n*Special* block data:");
        PrintAndLog("\nDataType| Data        |   | Ascii");
        PrintAndLog("---------------------------------");
        PrintAndLog("GetVer-1| %s|   | %.4s", sprint_hex(dump_file_data, 4), dump_file_data);
@@ -1543,7 +1589,6 @@ int CmdHF14AMfUDump(const char *Cmd){
        PrintAndLog("Sig-6   | %s|   | %.4s", sprint_hex(dump_file_data+36, 4), dump_file_data+36);
        PrintAndLog("Sig-7   | %s|   | %.4s", sprint_hex(dump_file_data+40, 4), dump_file_data+40);
        PrintAndLog("Sig-8   | %s|   | %.4s", sprint_hex(dump_file_data+44, 4), dump_file_data+44);
-       
        PrintAndLog("\nBlock#  | Data        |lck| Ascii");
        PrintAndLog("---------------------------------");
        for (i = 0; i < Pages; ++i) {
@@ -1636,7 +1681,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
        //Change key to user defined one
        if (cmdp == 'k' || cmdp == 'K'){
                keyNo = param_get8(Cmd, 1);
-               if(keyNo > KEYS_3DES_COUNT) 
+               if(keyNo >= KEYS_3DES_COUNT) 
                        errors = true;
        }
 
@@ -1794,6 +1839,7 @@ int CmdHF14AMfucSetUid(const char *Cmd){
        UsbCommand resp;
        uint8_t uid[7] = {0x00};
        char cmdp = param_getchar(Cmd, 0);
+       
        if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_ucsetuid();
 
        if (param_gethex(Cmd, 0, uid, 14)) {
@@ -1861,7 +1907,6 @@ int CmdHF14AMfucSetUid(const char *Cmd){
 int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
 
        uint8_t uid[4]; 
-       
        char cmdp = param_getchar(Cmd, 0);
        if (strlen(Cmd) == 0  || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_gendiverse();
 
@@ -1980,7 +2025,8 @@ static command_t CommandTable[] =
 };
 
 int CmdHFMFUltra(const char *Cmd){
-       WaitForResponseTimeout(CMD_ACK,NULL,100);
+       clearCommandBuffer();
+       //WaitForResponseTimeout(CMD_ACK,NULL,100);
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
Impressum, Datenschutz