From: Martin Holst Swende <martin@swende.se>
Date: Sun, 29 Mar 2015 19:49:58 +0000 (+0200)
Subject: Minor mod to 'hf iclass read', it now also reads and prints the configuration of... 
X-Git-Tag: v2.1.0~24
X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/caaf9618aeb941fd3166f8fced5077d243c498a1?ds=inline;hp=--cc

Minor mod to 'hf iclass read', it now also reads and prints the configuration of the tag found
---

caaf9618aeb941fd3166f8fced5077d243c498a1
diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 260e6a60..7b4daa36 100644
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -1627,7 +1627,10 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
 	static uint8_t act_all[]     = { 0x0a };
 	static uint8_t identify[]    = { 0x0c };
 	static uint8_t select[]      = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	static uint8_t readcheck_cc[]= { 0x88, 0x02 };
+
+
+	static uint8_t readcheck_cc[]= { 0x88, 0x02,};
+
 	uint8_t resp[ICLASS_BUFFER_SIZE];
 
 	uint8_t read_status = 0;
@@ -1662,28 +1665,33 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
 	if(ReaderReceiveIClass(resp) == 8) {
 		//Save CC (e-purse) in response data
 		memcpy(card_data+8,resp,8);
-
-		//Got both
-		read_status = 2;
+		read_status++;
 	}
 
 	return read_status;
 }
 
+
 // Reader iClass Anticollission
 void ReaderIClass(uint8_t arg0) {
 
-    uint8_t card_data[24]={0};
+	uint8_t card_data[6 * 8]={0xFF};
     uint8_t last_csn[8]={0};
 	
+	//Read conf block CRC(0x01) => 0xfa 0x22
+	uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
+	//Read conf block CRC(0x05) => 0xde  0x64
+	uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
+
+
     int read_status= 0;
+	uint8_t result_status = 0;
     bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
-	bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC;
+
 	set_tracing(TRUE);
     setupIclassReader();
 
-    size_t datasize = 0;
-    while(!BUTTON_PRESS())
+	while(!BUTTON_PRESS())
     {
 
 		if(!tracing) {
@@ -1695,15 +1703,40 @@ void ReaderIClass(uint8_t arg0) {
 		read_status = handshakeIclassTag(card_data);
 
 		if(read_status == 0) continue;
-		if(read_status == 1) datasize = 8;
-		if(read_status == 2) datasize = 16;
+		if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
+		if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC;
+
+		// handshakeIclass returns CSN|CC, but the actual block
+		// layout is CSN|CONFIG|CC, so here we reorder the data,
+		// moving CC forward 8 bytes
+		memcpy(card_data+16,card_data+8, 8);
+		//Read block 1, config
+		if(arg0 & FLAG_ICLASS_READER_CONF)
+		{
+			if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
+			{
+				Dbprintf("Failed to dump config block");
+			}else
+			{
+				result_status |= FLAG_ICLASS_READER_CONF;
+			}
+		}
 
-		//Todo, read the public blocks 1,5 aswell:
-		//
-		// 0 : CSN (we already have)
+		//Read block 5, AA
+		if(arg0 & FLAG_ICLASS_READER_AA){
+			if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
+			{
+//				Dbprintf("Failed to dump AA block");
+			}else
+			{
+				result_status |= FLAG_ICLASS_READER_AA;
+			}
+		}
+
+		// 0 : CSN
 		// 1 : Configuration
-		// 2 : e-purse (we already have)
-		// (3,4 write-only)
+		// 2 : e-purse
+		// (3,4 write-only, kc and kd)
 		// 5 Application issuer area
 		//
 		//Then we can 'ship' back the 8 * 5 bytes of data,
@@ -1713,10 +1746,10 @@ void ReaderIClass(uint8_t arg0) {
 		//Send back to client, but don't bother if we already sent this
 		if(memcmp(last_csn, card_data, 8) != 0)
 		{
-
-			if(!get_cc || (get_cc && read_status == 2))
+			// If caller requires that we get CC, continue until we got it
+			if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
 			{
-				cmd_send(CMD_ACK,read_status,0,0,card_data,datasize);
+				cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
 				if(abort_after_read) {
 					LED_A_OFF();
 					return;
@@ -1724,7 +1757,7 @@ void ReaderIClass(uint8_t arg0) {
 				//Save that we already sent this....
 				memcpy(last_csn, card_data, 8);
 			}
-			//If 'get_cc' was specified and we didn't get a CC, we'll just keep trying...
+
 		}
 		LED_B_OFF();
     }
diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 31f7ba97..44b074b3 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -30,6 +30,7 @@
 #include "loclass/elite_crack.h"
 #include "loclass/fileutils.h"
 #include "protocols.h"
+#include "usb_cmd.h"
 
 static int CmdHelp(const char *Cmd);
 
@@ -166,29 +167,25 @@ int CmdHFiClassSim(const char *Cmd)
 
 int CmdHFiClassReader(const char *Cmd)
 {
-	UsbCommand c = {CMD_READER_ICLASS, {0}};
+	UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
+					FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
 	SendCommand(&c);
 	UsbCommand resp;
 	while(!ukbhit()){
 		if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
-			uint8_t isOK    = resp.arg[0] & 0xff;
+			uint8_t readStatus    = resp.arg[0] & 0xff;
 			uint8_t * data  = resp.d.asBytes;
 
-			PrintAndLog("isOk:%02x", isOK);
-			if( isOK == 0){
+			PrintAndLog("Readstatus:%02x", readStatus);
+			if( readStatus == 0){
 				//Aborted
 				PrintAndLog("Quitting...");
 				return 0;
 			}
-			if(isOK > 0)
-			{
-				PrintAndLog("CSN: %s",sprint_hex(data,8));
-			}
-			if(isOK >= 1)
-			{
-				PrintAndLog("CC: %s",sprint_hex(data+8,8));
-			}else{
-				PrintAndLog("No CC obtained");
+			if( readStatus & FLAG_ICLASS_READER_CSN) PrintAndLog("CSN: %s",sprint_hex(data,8));
+			if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("CC: %s",sprint_hex(data+16,8));
+			if( readStatus & FLAG_ICLASS_READER_CONF){
+				printIclassDumpInfo(data);
 			}
 		} else {
 			PrintAndLog("Command execute timeout");
@@ -269,7 +266,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 	uint8_t key_sel_p[8] = { 0 };
 
 	UsbCommand c = {CMD_READER_ICLASS, {0}};
-	c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
+	c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
 	SendCommand(&c);
 
 
@@ -284,7 +281,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 	uint8_t * data  = resp.d.asBytes;
 
 	memcpy(CSN,data,8);
-	memcpy(CCNR,data+8,8);
+	memcpy(CCNR,data+16,8);
 
 	PrintAndLog("isOk:%02x", isOK);
 
diff --git a/include/usb_cmd.h b/include/usb_cmd.h
index aab631da..62c3d949 100644
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@@ -199,7 +199,11 @@ typedef struct{
 
 //Iclass reader flags
 #define FLAG_ICLASS_READER_ONLY_ONCE    0x01
-#define FLAG_ICLASS_READER_GET_CC       0x02
+#define FLAG_ICLASS_READER_CC       0x02
+#define FLAG_ICLASS_READER_CSN		0x04
+#define FLAG_ICLASS_READER_CONF		0x08
+#define FLAG_ICLASS_READER_AA		0x10
+
 
 
 // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: