]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhficlass.c
Update list of known EMV AIDs. Source: https://www.eftlab.co.uk/index.php/site-map...
[proxmark3-svn] / client / cmdhficlass.c
index 60713a01fad681a0129367a2bda4ff45d07ae17a..55804cf8c20e75a90c6983e56d357cc682bf1e69 100644 (file)
 #include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
+#include <ctype.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
-#include "data.h"
-#include "proxmark3.h"
+#include "comms.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhficlass.h"
 #include "common.h"
 #include "util.h"
 #include "cmdmain.h"
-#include "polarssl/des.h"
+#include "mbedtls/des.h"
 #include "loclass/cipherutils.h"
 #include "loclass/cipher.h"
 #include "loclass/ikeys.h"
@@ -32,6 +32,7 @@
 #include "protocols.h"
 #include "usb_cmd.h"
 #include "cmdhfmfu.h"
+#include "util_posix.h"
 
 static int CmdHelp(const char *Cmd);
 
@@ -51,6 +52,20 @@ typedef struct iclass_block {
     uint8_t d[8];
 } iclass_block_t;
 
+int usage_hf_iclass_chk(void) {
+       PrintAndLog("Checkkeys loads a dictionary text file with 8byte hex keys to test authenticating against a iClass tag");  
+       PrintAndLog("Usage: hf iclass chk [h|e|r] <f  (*.dic)>");
+       PrintAndLog("Options:");
+       PrintAndLog("h             Show this help");
+       PrintAndLog("f <filename>  Dictionary file with default iclass keys");
+       PrintAndLog("      e             target Elite / High security key scheme");
+       PrintAndLog("      r             interpret dictionary file as raw (diversified keys)");
+       PrintAndLog("Samples:");
+       PrintAndLog("            hf iclass chk f default_iclass_keys.dic");     
+       PrintAndLog("            hf iclass chk f default_iclass_keys.dic e");   
+       return 0;
+}
+
 int xorbits_8(uint8_t val) {
        uint8_t res = val ^ (val >> 1); //1st pass
        res = res ^ (res >> 1);                 // 2nd pass
@@ -399,8 +414,8 @@ int CmdHFiClassDecrypt(const char *Cmd) {
        fseek(f, 0, SEEK_SET);
        uint8_t enc_dump[8] = {0};
        uint8_t *decrypted = malloc(fsize);
-       des3_context ctx = { DES_DECRYPT ,{ 0 } };
-       des3_set2key_dec( &ctx, key);
+       mbedtls_des3_context ctx = { {0} };
+       mbedtls_des3_set2key_dec( &ctx, key);
        size_t bytes_read = fread(enc_dump, 1, 8, f);
 
        //Use the first block (CSN) for filename
@@ -416,7 +431,7 @@ int CmdHFiClassDecrypt(const char *Cmd) {
                {
                        memcpy(decrypted+(blocknum*8), enc_dump, 8);
                }else{
-                       des3_crypt_ecb(&ctx, enc_dump,decrypted +(blocknum*8) );
+                       mbedtls_des3_crypt_ecb(&ctx, enc_dump,decrypted +(blocknum*8) );
                }
                printvar("decrypted block", decrypted +(blocknum*8), 8);
                bytes_read = fread(enc_dump, 1, 8, f);
@@ -451,10 +466,10 @@ static int iClassEncryptBlkData(uint8_t *blkData) {
 
        uint8_t encryptedData[16];
        uint8_t *encrypted = encryptedData;
-       des3_context ctx = { DES_DECRYPT ,{ 0 } };
-       des3_set2key_enc( &ctx, key);
+       mbedtls_des3_context ctx = { {0} };
+       mbedtls_des3_set2key_enc( &ctx, key);
        
-       des3_crypt_ecb(&ctx, blkData,encrypted);
+       mbedtls_des3_crypt_ecb(&ctx, blkData,encrypted);
        //printvar("decrypted block", decrypted, 8);
        memcpy(blkData,encrypted,8);
 
@@ -531,7 +546,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
                memcpy(div_key, KEY, 8);
        else
                HFiClassCalcDivKey(CSN, KEY, div_key, elite);
-       PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]);
+        if (verbose) PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]);
 
        doMAC(CCNR, div_key, MAC);
        UsbCommand resp;
@@ -541,12 +556,12 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
        SendCommand(&d);
        if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
        {
-               PrintAndLog("Auth Command execute timeout");
+               if (verbose) PrintAndLog("Auth Command execute timeout");
                return false;
        }
        uint8_t isOK = resp.arg[0] & 0xff;
        if (!isOK) {
-               PrintAndLog("Authentication error");
+               if (verbose) PrintAndLog("Authentication error");
                return false;
        }
        return true;
@@ -734,8 +749,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
                blocksRead = (sizeof(tag_data)/8) - blockno;
        }
        // response ok - now get bigbuf content of the dump
-       GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
-       WaitForResponse(CMD_ACK,NULL);
+       GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex, NULL, -1, false);
        size_t gotBytes = blocksRead*8 + blockno*8;
 
        // try AA2
@@ -777,8 +791,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
                                blocksRead = (sizeof(tag_data) - gotBytes)/8;
                        }
                        // get dumped data from bigbuf
-                       GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
-                       WaitForResponse(CMD_ACK,NULL);
+                       GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex, NULL, -1, false);
 
                        gotBytes += blocksRead*8;                       
                } else { //field is still on - turn it off...
@@ -1699,10 +1712,152 @@ int CmdHFiClassManageKeys(const char *Cmd) {
        return 0;
 }
 
+int CmdHFiClassCheckKeys(const char *Cmd) {
+
+       uint8_t mac[4] = {0x00,0x00,0x00,0x00};
+       uint8_t key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+
+       // elite key,  raw key, standard key
+       bool use_elite = false;
+       bool use_raw = false;   
+       bool found_debit = false;
+       bool found_credit = false;      
+       bool errors = false;
+       uint8_t cmdp = 0x00;
+       FILE * f;
+       char filename[FILE_PATH_SIZE] = {0};
+       uint8_t fileNameLen = 0;
+       char buf[17];
+       uint8_t *keyBlock = NULL, *p;
+       int keyitems = 0, keycnt = 0;
+
+       while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
+               switch (param_getchar(Cmd, cmdp)) {
+               case 'h':
+               case 'H':
+                       return usage_hf_iclass_chk();
+               case 'f':
+               case 'F':
+                       fileNameLen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename)); 
+                       if (fileNameLen < 1) {
+                               PrintAndLog("No filename found after f");
+                               errors = true;
+                       }
+                       cmdp += 2;
+                       break;
+               case 'e':
+               case 'E':
+                       use_elite = true;
+                       cmdp++;
+                       break;
+               case 'r':
+               case 'R':
+                       use_raw = true;
+                       cmdp++;
+                       break;
+               default:
+                       PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
+                       errors = true;
+                       break;
+               }
+       }
+       if (errors) return usage_hf_iclass_chk();       
+                       
+       if ( !(f = fopen( filename , "r")) ) {
+               PrintAndLog("File: %s: not found or locked.", filename);
+               return 1;
+       }
+
+       while( fgets(buf, sizeof(buf), f) ){
+               if (strlen(buf) < 16 || buf[15] == '\n')
+                       continue;
+       
+               while (fgetc(f) != '\n' && !feof(f)) ;  //goto next line
+               
+               if( buf[0]=='#' ) continue;     //The line start with # is comment, skip
+
+               if (!isxdigit(buf[0])){
+                       PrintAndLog("File content error. '%s' must include 16 HEX symbols",buf);
+                       continue;
+               }
+               
+               buf[16] = 0;
+
+               p = realloc(keyBlock, 8 * (keyitems += 64));
+               if (!p) {
+                       PrintAndLog("Cannot allocate memory for default keys");
+                       free(keyBlock);
+                       fclose(f);
+                       return 2;
+               }
+               keyBlock = p;
+
+               memset(keyBlock + 8 * keycnt, 0, 8);
+               num_to_bytes(strtoull(buf, NULL, 16), 8, keyBlock + 8 * keycnt);
+
+               //PrintAndLog("check key[%2d] %016" PRIx64, keycnt, bytes_to_num(keyBlock + 8*keycnt, 8));
+               keycnt++;
+               memset(buf, 0, sizeof(buf));
+       }
+       fclose(f);
+       PrintAndLog("Loaded %2d keys from %s", keycnt, filename);
+       
+       // time
+       uint64_t t1 = msclock();
+                               
+       for (uint32_t c = 0; c < keycnt; c += 1) {
+                       printf("."); fflush(stdout);                    
+                       if (ukbhit()) {
+                               int gc = getchar(); (void)gc;
+                               printf("\naborted via keyboard!\n");
+                               break;
+                       }
+                       
+                       memcpy(key, keyBlock + 8 * c , 8); 
+
+                       // debit key. try twice
+                       for (int foo = 0; foo < 2 && !found_debit; foo++) {
+                               if (!select_and_auth(key, mac, div_key, false, use_elite, use_raw, false))
+                                       continue;
+
+                               // key found.
+                               PrintAndLog("\n--------------------------------------------------------");
+                       PrintAndLog("   Found AA1 debit key\t\t[%s]", sprint_hex(key, 8));
+                               found_debit = true;
+                       }
+                       
+                       // credit key. try twice
+                       for (int foo = 0; foo < 2 && !found_credit; foo++) {
+                               if (!select_and_auth(key, mac, div_key, true, use_elite, use_raw, false))
+                                       continue;
+                               
+                               // key found
+                               PrintAndLog("\n--------------------------------------------------------");
+                               PrintAndLog("   Found AA2 credit key\t\t[%s]", sprint_hex(key, 8));
+                               found_credit = true;
+                       }
+                       
+                       // both keys found.
+                       if ( found_debit && found_credit )
+                               break;
+       }
+
+       t1 = msclock() - t1;
+
+       PrintAndLog("\nTime in iclass checkkeys: %.0f seconds\n", (float)t1/1000.0);
+       
+       DropField();
+       free(keyBlock);
+       PrintAndLog("");
+       return 0;
+}
+
 static command_t CommandTable[] = 
 {
        {"help",        CmdHelp,                        1,      "This help"},
        {"calcnewkey",  CmdHFiClassCalcNewKey,          1,      "[options..] Calc Diversified keys (blocks 3 & 4) to write new keys"},
+       {"chk",         CmdHFiClassCheckKeys,           0,      "            Check keys"},      
        {"clone",       CmdHFiClassCloneTag,            0,      "[options..] Authenticate and Clone from iClass bin file"},
        {"decrypt",     CmdHFiClassDecrypt,             1,      "[f <fname>] Decrypt tagdump" },
        {"dump",        CmdHFiClassReader_Dump,         0,      "[options..] Authenticate and Dump iClass tag's AA1"},
@@ -1723,6 +1878,7 @@ static command_t CommandTable[] =
 
 int CmdHFiClass(const char *Cmd)
 {
+       clearCommandBuffer();   
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
Impressum, Datenschutz