X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0194ce8fc842da0e40b9d7bbfcb1837f508de9ce..25d52dd261bc454dafeedc31c9b3d62b8832b23a:/client/cmdhf14a.c?ds=sidebyside diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index d0486bd1..fe308746 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -23,6 +23,7 @@ #include "common.h" #include "cmdmain.h" #include "mifare.h" +#include "cmdhfmf.h" #include "cmdhfmfu.h" #include "nonce2key/nonce2key.h" #include "cmdhf.h" @@ -142,9 +143,9 @@ int usage_hf_14a_sim(void) { // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); - PrintAndLog("\n sample : hf 14a sim t 1 u 1122344 x"); - PrintAndLog(" : hf 14a sim t 1 u 1122344"); - PrintAndLog(" : hf 14a sim t 1 u 1122344556677"); + PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); + PrintAndLog(" : hf 14a sim t 1 u 11223344"); + PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); // PrintAndLog(" : hf 14a sim t 1 u 11223445566778899AA\n"); return 0; } @@ -178,6 +179,7 @@ int CmdHF14AList(const char *Cmd) { } int CmdHF14AReader(const char *Cmd) { + UsbCommand cDisconnect = {CMD_READER_ISO_14443a, {0,0,0}}; UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; clearCommandBuffer(); SendCommand(&c); @@ -191,22 +193,14 @@ int CmdHF14AReader(const char *Cmd) { if(select_status == 0) { if (Cmd[0] != 's') PrintAndLog("iso14443a card select failed"); - // disconnect - c.arg[0] = 0; - c.arg[1] = 0; - c.arg[2] = 0; - SendCommand(&c); + SendCommand(&cDisconnect); return 0; } if(select_status == 3) { PrintAndLog("Card doesn't support standard iso14443-3 anticollision"); PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]); - // disconnect - c.arg[0] = 0; - c.arg[1] = 0; - c.arg[2] = 0; - SendCommand(&c); + SendCommand(&cDisconnect); return 0; } @@ -217,13 +211,13 @@ int CmdHF14AReader(const char *Cmd) { switch (card.sak) { case 0x00: - //***************************************test**************** + // ******** is card of the MFU type (UL/ULC/NTAG/ etc etc) ul_switch_off_field(); uint32_t tagT = GetHF14AMfU_Type(); ul_print_type(tagT, 0); - //reconnect for further tests + // reconnect for further tests c.arg[0] = ISO14A_CONNECT | ISO14A_NO_DISCONNECT; c.arg[1] = 0; c.arg[2] = 0; @@ -232,7 +226,7 @@ int CmdHF14AReader(const char *Cmd) { SendCommand(&c); UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); + WaitForResponse(CMD_ACK, &resp); memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t)); @@ -242,27 +236,6 @@ int CmdHF14AReader(const char *Cmd) { ul_switch_off_field(); return 0; } - - /* orig - // check if the tag answers to GETVERSION (0x60) - c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT; - c.arg[1] = 1; - c.arg[2] = 0; - c.d.asBytes[0] = 0x60; - SendCommand(&c); - WaitForResponse(CMD_ACK,&resp); - - uint8_t version[10] = {0}; - memcpy(version, resp.d.asBytes, resp.arg[0] < sizeof(version) ? resp.arg[0] : sizeof(version)); - uint8_t len = resp.arg[0] & 0xff; - switch ( len){ - // todo, identify "Magic UL-C tags". // they usually have a static nonce response to 0x1A command. - // UL-EV1, size, check version[6] == 0x0b (smaller) 0x0b * 4 == 48 - case 0x0A:PrintAndLog("TYPE : NXP MIFARE Ultralight EV1 %d bytes", (version[6] == 0xB) ? 48 : 128); break; - case 0x01:PrintAndLog("TYPE : NXP MIFARE Ultralight C");break; - case 0x00:PrintAndLog("TYPE : NXP MIFARE Ultralight");break; - } - */ break; case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break; case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break; @@ -378,59 +351,29 @@ int CmdHF14AReader(const char *Cmd) { PrintAndLog(" %02x -> Length is %d bytes", card.ats[pos + 1], card.ats[pos + 1]); switch (card.ats[pos + 2] & 0xf0) { - case 0x10: - PrintAndLog(" 1x -> MIFARE DESFire"); - break; - case 0x20: - PrintAndLog(" 2x -> MIFARE Plus"); - break; + case 0x10: PrintAndLog(" 1x -> MIFARE DESFire"); break; + case 0x20: PrintAndLog(" 2x -> MIFARE Plus"); break; } switch (card.ats[pos + 2] & 0x0f) { - case 0x00: - PrintAndLog(" x0 -> <1 kByte"); - break; - case 0x01: - PrintAndLog(" x1 -> 1 kByte"); - break; - case 0x02: - PrintAndLog(" x2 -> 2 kByte"); - break; - case 0x03: - PrintAndLog(" x3 -> 4 kByte"); - break; - case 0x04: - PrintAndLog(" x4 -> 8 kByte"); - break; + case 0x00: PrintAndLog(" x0 -> <1 kByte"); break; + case 0x01: PrintAndLog(" x1 -> 1 kByte"); break; + case 0x02: PrintAndLog(" x2 -> 2 kByte"); break; + case 0x03: PrintAndLog(" x3 -> 4 kByte"); break; + case 0x04: PrintAndLog(" x4 -> 8 kByte"); break; } switch (card.ats[pos + 3] & 0xf0) { - case 0x00: - PrintAndLog(" 0x -> Engineering sample"); - break; - case 0x20: - PrintAndLog(" 2x -> Released"); - break; + case 0x00: PrintAndLog(" 0x -> Engineering sample"); break; + case 0x20: PrintAndLog(" 2x -> Released"); break; } switch (card.ats[pos + 3] & 0x0f) { - case 0x00: - PrintAndLog(" x0 -> Generation 1"); - break; - case 0x01: - PrintAndLog(" x1 -> Generation 2"); - break; - case 0x02: - PrintAndLog(" x2 -> Generation 3"); - break; + case 0x00: PrintAndLog(" x0 -> Generation 1"); break; + case 0x01: PrintAndLog(" x1 -> Generation 2"); break; + case 0x02: PrintAndLog(" x2 -> Generation 3"); break; } switch (card.ats[pos + 4] & 0x0f) { - case 0x00: - PrintAndLog(" x0 -> Only VCSL supported"); - break; - case 0x01: - PrintAndLog(" x1 -> VCS, VCSL, and SVC supported"); - break; - case 0x0E: - PrintAndLog(" xE -> no VCS command supported"); - break; + case 0x00: PrintAndLog(" x0 -> Only VCSL supported"); break; + case 0x01: PrintAndLog(" x1 -> VCS, VCSL, and SVC supported"); break; + case 0x0E: PrintAndLog(" xE -> no VCS command supported"); break; } } } @@ -453,11 +396,7 @@ int CmdHF14AReader(const char *Cmd) { PrintAndLog("Answers to magic commands (GEN1): %s", (isOK ? "YES" : "NO") ); // disconnect - c.cmd = CMD_READER_ISO_14443a; - c.arg[0] = 0; - c.arg[1] = 0; - c.arg[2] = 0; - SendCommand(&c); + SendCommand(&cDisconnect); return select_status; } @@ -500,15 +439,13 @@ int CmdHF14ACUIDs(const char *Cmd) { // ## simulate iso14443a tag // ## greg - added ability to specify tag UID int CmdHF14ASim(const char *Cmd) { + #define ATTACK_KEY_COUNT 8 bool errors = FALSE; uint8_t flags = 0; uint8_t tagtype = 1; uint8_t cmdp = 0; uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; - uint8_t data[40]; - uint8_t key[6] = {0,0,0,0,0,0}; - UsbCommand resp; bool useUIDfromEML = TRUE; while(param_getchar(Cmd, cmdp) != 0x00) { @@ -562,30 +499,27 @@ int CmdHF14ASim(const char *Cmd) { PrintAndLog("Press pm3-button to abort simulation"); UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }}; - memcpy(c.d.asBytes, uid, uidlen); + memcpy(c.d.asBytes, uid, uidlen>>1); clearCommandBuffer(); SendCommand(&c); - while(!ukbhit()){ - if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){ - memset(data, 0x00, sizeof(data)); - memset(key, 0x00, sizeof(key)); - int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1]; - memcpy(data, resp.d.asBytes, len); - uint32_t cuid = bytes_to_num(data, 4); - tryMfk32(cuid, data, key); // 201604, iceman, errors! - //tryMfk32_moebius(cuid, data, key); - //tryMfk64(cuid, data, key); - } - } + nonces_t data[ATTACK_KEY_COUNT*2]; + UsbCommand resp; + + while( !ukbhit() ){ + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; + + if ( !(flags & FLAG_NR_AR_ATTACK) ) break; + if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; + + memcpy( data, resp.d.asBytes, sizeof(data) ); + readerAttack(data, TRUE); } return 0; } int CmdHF14ASniff(const char *Cmd) { - int param = 0; - + int param = 0; uint8_t ctmp = param_getchar(Cmd, 0) ; if (ctmp == 'h' || ctmp == 'H') return usage_hf_14a_sniff(); @@ -763,8 +697,7 @@ static void waitCmd(uint8_t iSelect) { } } -static command_t CommandTable[] = -{ +static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, @@ -776,11 +709,7 @@ static command_t CommandTable[] = }; int CmdHF14A(const char *Cmd) { - // flush clearCommandBuffer(); - //WaitForResponseTimeout(CMD_ACK,NULL,100); - - // parse CmdsParse(CommandTable, Cmd); return 0; }