From 1defcf606f59d93d80fe45dc91d28cc552db0c51 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Thu, 19 Feb 2015 10:48:33 +0100 Subject: [PATCH] More work on iclass full simulation, and some work on iclass tag dump parsing --- armsrc/cipherutils.c | 4 +++- client/Makefile | 1 + client/cmdhficlass.c | 15 +++++++++------ client/loclass/elite_crack.c | 2 +- common/protocols.c | 28 ++++++++++++++++++---------- common/protocols.h | 12 ++++++++++++ 6 files changed, 44 insertions(+), 18 deletions(-) diff --git a/armsrc/cipherutils.c b/armsrc/cipherutils.c index a734ea7a..c00e2be2 100644 --- a/armsrc/cipherutils.c +++ b/armsrc/cipherutils.c @@ -39,8 +39,10 @@ #include #include #include -#include "fileutils.h" #include "cipherutils.h" +#ifndef ON_DEVICE +#include "fileutils.h" +#endif /** * * @brief Return and remove the first bit (x0) in the stream : diff --git a/client/Makefile b/client/Makefile index e63581ba..20e17d7d 100644 --- a/client/Makefile +++ b/client/Makefile @@ -94,6 +94,7 @@ CMDSRCS = nonce2key/crapto1.c\ cmdscript.c\ pm3_bitlib.c\ aes.c\ + protocols.c\ COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 7bc23e9b..31f7ba97 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -29,6 +29,7 @@ #include "loclass/ikeys.h" #include "loclass/elite_crack.h" #include "loclass/fileutils.h" +#include "protocols.h" static int CmdHelp(const char *Cmd); @@ -75,10 +76,9 @@ int CmdHFiClassSim(const char *Cmd) uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0}; if (strlen(Cmd)<1) { - usage_hf_iclass_sim(); + return usage_hf_iclass_sim(); } - - simType = param_get8(Cmd, 0); + simType = param_get8ex(Cmd, 0, 0, 10); if(simType == 0) { @@ -322,7 +322,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):"); printvar("Div key", div_key, 8); printvar("CC_NR:",CCNR,12); - doMAC(CCNR,12,div_key, MAC); + doMAC(CCNR,div_key, MAC); printvar("MAC", MAC, 4); uint8_t iclass_data[32000] = {0}; @@ -421,9 +421,12 @@ int CmdHFiClassELoad(const char *Cmd) fseek(f, 0, SEEK_SET); uint8_t *dump = malloc(fsize); + + size_t bytes_read = fread(dump, 1, fsize, f); fclose(f); + printIclassDumpInfo(dump); //Validate if (bytes_read < fsize) @@ -456,7 +459,7 @@ int usage_hf_iclass_decrypt() PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside"); PrintAndLog("in the working directory. The file should be 16 bytes binary data"); PrintAndLog(""); - PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin"); + PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin"); PrintAndLog(""); PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. "); PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,"); @@ -604,7 +607,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd) diversifyKey(CSN,KEY, div_key); PrintAndLog("Div Key: %s",sprint_hex(div_key,8)); - doMAC(CCNR, 12,div_key, MAC); + doMAC(CCNR, div_key, MAC); UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}}; memcpy(c2.d.asBytes, bldata, 8); diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index a8ab869e..c824eaa1 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -394,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[]) //Diversify diversifyKey(item.csn, key_sel_p, div_key); //Calc mac - doMAC(item.cc_nr,12, div_key,calculated_MAC); + doMAC(item.cc_nr, div_key,calculated_MAC); if(memcmp(calculated_MAC, item.mac, 4) == 0) { diff --git a/common/protocols.c b/common/protocols.c index bdaff3f1..6a4c9a10 100644 --- a/common/protocols.c +++ b/common/protocols.c @@ -1,7 +1,14 @@ #include #include +#include #include #include +#include "protocols.h" +#ifndef ON_DEVICE +#include "ui.h" +#define prnt PrintAndLog +#endif + typedef struct { @@ -25,17 +32,9 @@ typedef struct { }picopass_hdr; -#define FUSE_FPERS 0x80 -#define FUSE_CODING1 0x40 -#define FUSE_CODING0 0x20 -#define FUSE_CRYPT1 0x10 -#define FUSE_CRYPT0 0x08 -#define FUSE_FPROD1 0x04 -#define FUSE_FPROD0 0x02 -#define FUSE_RA 0x01 //#define prnt printf -void prnt(char *fmt,...) +/*void prnt(char *fmt,...) { va_list argptr; va_start(argptr, fmt); @@ -44,7 +43,7 @@ void prnt(char *fmt,...) va_end(argptr); printf("\n"); } - +*/ uint8_t isset(uint8_t val, uint8_t mask) { return (val & mask); @@ -95,6 +94,14 @@ void print_picopass_info(const picopass_hdr *hdr) mem_config(hdr); applimit_config(hdr); } +void printIclassDumpInfo(uint8_t* iclass_dump) +{ +// picopass_hdr hdr; +// memcpy(&hdr, iclass_dump, sizeof(picopass_hdr)); + print_picopass_info((picopass_hdr *) iclass_dump); +} + +/* void test() { picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c}; @@ -106,3 +113,4 @@ int main(int argc, char *argv[]) test(); return 0; } +*/ diff --git a/common/protocols.h b/common/protocols.h index af165c3a..1dd66185 100644 --- a/common/protocols.h +++ b/common/protocols.h @@ -170,5 +170,17 @@ NXP/Philips CUSTOM COMMANDS #define ICLASS 1 #define ISO_14443B 2 +//-- Picopass fuses +#define FUSE_FPERS 0x80 +#define FUSE_CODING1 0x40 +#define FUSE_CODING0 0x20 +#define FUSE_CRYPT1 0x10 +#define FUSE_CRYPT0 0x08 +#define FUSE_FPROD1 0x04 +#define FUSE_FPROD0 0x02 +#define FUSE_RA 0x01 + + +void printIclassDumpInfo(uint8_t* iclass_dump); #endif // PROTOCOLS_H -- 2.39.5