github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-15 19:17:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated hf iclass legrec with a fast option and improved AA2 selection

Browse source 
1- Added a --fast option for hf iclass legrec that further increases the speed from 4.6 key updates/second to 7.4 key updates/second. This is achieved by skipping some safety checks and is a very fast but more risky operation.
2- Automated AA2 block selection based on the values in the config block
3- Other minor code cleanups
This commit is contained in:
Antiklesys 2025-06-05 20:44:58 +08:00
commit 083a9ce945
3 changed files with 172 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

13
client/src/cmdhficlass.c
View file

@ -4524,7 +4524,7 @@ void picopass_elite_nextKey(uint8_t *key) {
memcpy(key, key_state, 8);
}
static int iclass_recover(uint8_t key[8], uint32_t index_start, uint32_t loop, uint8_t no_first_auth[8], bool debug, bool test, bool allnight) {
static int iclass_recover(uint8_t key[8], uint32_t index_start, uint32_t loop, uint8_t no_first_auth[8], bool debug, bool test, bool fast, bool allnight) {
int runs = 1;
int cycle = 1;
@ -4556,6 +4556,7 @@ static int iclass_recover(uint8_t key[8], uint32_t index_start, uint32_t loop, u
payload->loop = loop;
payload->debug = debug;
payload->test = test;
payload->fast = fast;
memcpy(payload->nfa, no_first_auth, PICOPASS_BLOCK_SIZE);
memcpy(payload->req.key, key, PICOPASS_BLOCK_SIZE);
memcpy(payload->req2.key, aa2_standard_key, PICOPASS_BLOCK_SIZE);
@ -4841,8 +4842,9 @@ static int CmdHFiClassLegacyRecSim(void) {
bits_found = index;
PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key)));
PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key)));
PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index);
PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index / 17800);
PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key :" _GREEN_("%d"), index);
PrintAndLogEx(SUCCESS, "Estimated Time (default mode) : ~" _GREEN_("%d")" hours", index / 17800);
PrintAndLogEx(SUCCESS, "Estimated Time (--fast mode) : ~" _GREEN_("%d")" hours", index / 26860);
}
index++;
@ -4870,6 +4872,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) {
arg_lit0(NULL, "debug", "Re-enables tracing for debugging. Limits cycles to 1."),
arg_lit0(NULL, "notest", "Perform real writes on the card!"),
arg_lit0(NULL, "allnight", "Loops the loop for 10 times, recommended loop value of 5000."),
arg_lit0(NULL, "fast", "Increases the speed (4.6->7.4 key updates/second), higher risk to brick the card."),
arg_lit0(NULL, "est", "Estimates the key updates based on the card's CSN assuming standard key."),
arg_param_end
};
@ -4885,7 +4888,8 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) {
bool test = true;
bool no_test = arg_get_lit(ctx, 5);
bool allnight = arg_get_lit(ctx, 6);
bool sim = arg_get_lit(ctx, 7);
bool fast = arg_get_lit(ctx, 7);
bool sim = arg_get_lit(ctx, 8);
if (sim) {
CmdHFiClassLegacyRecSim();
@ -4902,6 +4906,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) {
return PM3_EINVARG;
} else if (debug || test) {
loop = 1;
fast = false;
}
uint8_t csn[PICOPASS_BLOCK_SIZE] = {0};