X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/6fc68747f68c47b65215013545c7c551105a366a..fa5118e7308c1beebf84f4a6664be7923a6bea04:/client/cmdhf14a.c diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 577ee574..9f40e754 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -23,6 +23,7 @@ #include "common.h" #include "cmdmain.h" #include "mifare.h" +#include "cmdhfmf.h" #include "cmdhfmfu.h" #include "nonce2key/nonce2key.h" #include "cmdhf.h" @@ -126,9 +127,9 @@ char* getTagInfo(uint8_t uid) { return manufactureMapping[len-1].desc; } - int usage_hf_14a_sim(void) { - PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID\n"); +// PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n"); + PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 byte UID\n"); PrintAndLog("Usage: hf 14a sim t u x"); PrintAndLog(" Options : "); PrintAndLog(" h : this help"); @@ -139,10 +140,13 @@ int usage_hf_14a_sim(void) { PrintAndLog(" 5 = MIFARE Tnp3xxx"); PrintAndLog(" 6 = MIFARE Mini"); PrintAndLog(" 7 = AMIIBO (NTAG 215), pack 0x8080"); - PrintAndLog(" u : 4 or 7 byte UID"); +// PrintAndLog(" u : 4, 7 or 10 byte UID"); + PrintAndLog(" u : 4, 7 byte UID"); PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); - PrintAndLog("\n sample : hf 14a sim t 1 u 1122344"); - PrintAndLog(" : hf 14a sim t 1 u 1122344 x\n"); + PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); + PrintAndLog(" : hf 14a sim t 1 u 11223344"); + PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); +// PrintAndLog(" : hf 14a sim t 1 u 11223445566778899AA\n"); return 0; } int usage_hf_14a_sniff(void){ @@ -168,15 +172,13 @@ int usage_hf_14a_raw(void){ return 0; } -int CmdHF14AList(const char *Cmd) -{ +int CmdHF14AList(const char *Cmd) { //PrintAndLog("Deprecated command, use 'hf list 14a' instead"); CmdHFList("14a"); return 0; } -int CmdHF14AReader(const char *Cmd) -{ +int CmdHF14AReader(const char *Cmd) { UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; clearCommandBuffer(); SendCommand(&c); @@ -462,8 +464,7 @@ int CmdHF14AReader(const char *Cmd) } // Collect ISO14443 Type A UIDs -int CmdHF14ACUIDs(const char *Cmd) -{ +int CmdHF14ACUIDs(const char *Cmd) { // requested number of UIDs int n = atoi(Cmd); // collect at least 1 (e.g. if no parameter was given) @@ -494,24 +495,23 @@ int CmdHF14ACUIDs(const char *Cmd) } } PrintAndLog("End: %u", time(NULL)); - return 1; } // ## simulate iso14443a tag // ## greg - added ability to specify tag UID -int CmdHF14ASim(const char *Cmd) -{ +int CmdHF14ASim(const char *Cmd) { + #define ATTACK_KEY_COUNT 8 bool errors = FALSE; uint8_t flags = 0; - uint8_t tagtype = 1; - uint64_t uid = 0; + uint8_t tagtype = 1; uint8_t cmdp = 0; + uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; + int uidlen = 0; + bool useUIDfromEML = TRUE; - while(param_getchar(Cmd, cmdp) != 0x00) - { - switch(param_getchar(Cmd, cmdp)) - { + while(param_getchar(Cmd, cmdp) != 0x00) { + switch(param_getchar(Cmd, cmdp)) { case 'h': case 'H': return usage_hf_14a_sim(); @@ -525,17 +525,17 @@ int CmdHF14ASim(const char *Cmd) break; case 'u': case 'U': - // Retrieve the full 4 or 7 byte long uid - uid = param_get64ex(Cmd, cmdp+1, 0, 16); - if (uid == 0 ) - errors = TRUE; - - if (uid > 0xffffffff) { - PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",uid); - flags |= FLAG_7B_UID_IN_DATA; - } else { - PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",uid); - flags |= FLAG_4B_UID_IN_DATA; + // Retrieve the full 4,7,10 byte long uid + param_gethex_ex(Cmd, cmdp+1, uid, &uidlen); + switch(uidlen) { + //case 20: flags |= FLAG_10B_UID_IN_DATA; break; + case 14: flags |= FLAG_7B_UID_IN_DATA; break; + case 8: flags |= FLAG_4B_UID_IN_DATA; break; + default: errors = TRUE; break; + } + if (!errors) { + PrintAndLog("Emulating ISO/IEC 14443 type A tag with %d byte UID (%s)", uidlen>>1, sprint_hex(uid, uidlen>>1)); + useUIDfromEML = FALSE; } cmdp += 2; break; @@ -555,37 +555,33 @@ int CmdHF14ASim(const char *Cmd) //Validations if (errors) return usage_hf_14a_sim(); - PrintAndLog("Press pm3-button to abort simulation"); + if ( useUIDfromEML ) + flags |= FLAG_UID_IN_EMUL; - UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }}; + PrintAndLog("Press pm3-button to abort simulation"); - num_to_bytes(uid, 7, c.d.asBytes); + UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }}; + memcpy(c.d.asBytes, uid, uidlen>>1); clearCommandBuffer(); SendCommand(&c); - uint8_t data[40]; - uint8_t key[6]; + nonces_t data[ATTACK_KEY_COUNT*2]; UsbCommand resp; - while(!ukbhit()){ - if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){ - memset(data, 0x00, sizeof(data)); - memset(key, 0x00, sizeof(key)); - int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1]; - memcpy(data, resp.d.asBytes, len); - tryMfk32(uid, data, key); - //tryMfk32_moebius(uid, data, key); - //tryMfk64(uid, data, key); - PrintAndLog("--"); - } - } + + while( !ukbhit() ){ + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; + + if ( !(flags & FLAG_NR_AR_ATTACK) ) break; + if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; + + memcpy( data, resp.d.asBytes, sizeof(data) ); + readerAttack(data, TRUE); } return 0; } int CmdHF14ASniff(const char *Cmd) { - int param = 0; - + int param = 0; uint8_t ctmp = param_getchar(Cmd, 0) ; if (ctmp == 'h' || ctmp == 'H') return usage_hf_14a_sniff(); @@ -763,8 +759,7 @@ static void waitCmd(uint8_t iSelect) { } } -static command_t CommandTable[] = -{ +static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"}, {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"}, @@ -776,17 +771,12 @@ static command_t CommandTable[] = }; int CmdHF14A(const char *Cmd) { - // flush clearCommandBuffer(); - //WaitForResponseTimeout(CMD_ACK,NULL,100); - - // parse CmdsParse(CommandTable, Cmd); return 0; } -int CmdHelp(const char *Cmd) -{ +int CmdHelp(const char *Cmd) { CmdsHelp(CommandTable); return 0; }