diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 98a587cf1..89cb68023 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -6915,9 +6915,15 @@ static int CmdHF14AMfView(const char *Cmd) { return res; } + typedef union UDATA + { + uint8_t *bytes; + mfc_vigik_t *vigik; + } UDATA; // allocate memory - uint8_t *d = calloc(bytes_read, sizeof(uint8_t)); - if (d == NULL) { + UDATA d; + d.bytes = calloc(bytes_read, sizeof(uint8_t)); + if (d.bytes == NULL) { return PM3_EMALLOC; } uint16_t dlen = 0; @@ -6925,14 +6931,14 @@ static int CmdHF14AMfView(const char *Cmd) { // vigik struture sector 0 uint8_t *pdump = dump; - memcpy(d + dlen, pdump, MFBLOCK_SIZE * 3); + memcpy(d.bytes + dlen, pdump, MFBLOCK_SIZE * 3); dlen += MFBLOCK_SIZE * 3; pdump += (MFBLOCK_SIZE * 4); // skip sectortrailer // extract memory from MAD sectors for (int i = 0; i <= madlen; i++) { if (0x4910 == mad[i] || 0x4916 == mad[i]) { - memcpy(d + dlen, pdump, MFBLOCK_SIZE * 3); + memcpy(d.bytes + dlen, pdump, MFBLOCK_SIZE * 3); dlen += MFBLOCK_SIZE * 3; } @@ -6940,8 +6946,8 @@ static int CmdHF14AMfView(const char *Cmd) { } // convert_mfc_2_arr(pdump, bytes_read, d, &dlen); - vigik_annotate(d); - free(d); + vigik_annotate(d.vigik); + free(d.bytes); } free(dump); diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 0c8c8b274..56d10c608 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1499,7 +1499,7 @@ static void reverse_array(const uint8_t *src, int src_len, uint8_t *dest) { } }; -int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len) { +int vigik_verify(mfc_vigik_t *d) { // iso9796 // Exponent V = 2 @@ -1507,16 +1507,16 @@ int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature if (g_debugMode == DEBUG) { PrintAndLogEx(INFO, "Raw"); - print_hex_noascii_break(uid, uidlen, MFBLOCK_SIZE * 2); + print_hex_noascii_break((uint8_t *)d, sizeof(*d) - sizeof(d->rsa_signature), MFBLOCK_SIZE * 2); PrintAndLogEx(INFO, "Raw signature"); - print_hex_noascii_break(signature, signature_len, MFBLOCK_SIZE * 2); + print_hex_noascii_break(d->rsa_signature, sizeof(d->rsa_signature), MFBLOCK_SIZE * 2); } uint8_t rev_sig[128]; - reverse_array(signature, signature_len, rev_sig); + reverse_array(d->rsa_signature, sizeof(d->rsa_signature), rev_sig); PrintAndLogEx(INFO, "Raw signature reverse"); - print_hex_noascii_break(rev_sig, signature_len, MFBLOCK_SIZE * 2); + print_hex_noascii_break(rev_sig, sizeof(d->rsa_signature), MFBLOCK_SIZE * 2); // t = 0xBC = Implicitly known // t = 0xCC = look at byte before to determine hash function @@ -1566,7 +1566,7 @@ int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature mbedtls_mpi_read_binary(&N, (const unsigned char *)n, PUBLIC_VIGIK_KEYLEN); //mbedtls_mpi_read_binary(&s, (const unsigned char*)signature, signature_len); - mbedtls_mpi_read_binary(&s, (const unsigned char *)rev_sig, signature_len); + mbedtls_mpi_read_binary(&s, (const unsigned char *)rev_sig, sizeof(d->rsa_signature)); // check is sign < (N/2) @@ -1725,7 +1725,7 @@ int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature if (is_valid == false || i == ARRAYLEN(vigik_rsa_pk)) { PrintAndLogEx(INFO, "Signature:"); - print_hex_noascii_break(signature, signature_len, MFBLOCK_SIZE * 2); + print_hex_noascii_break(d->rsa_signature, sizeof(d->rsa_signature), MFBLOCK_SIZE * 2); PrintAndLogEx(SUCCESS, "Signature verification: " _RED_("failed")); return PM3_ESOFT; } @@ -1738,37 +1738,35 @@ int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature PrintAndLogEx(INFO, "%.64s", vigik_rsa_pk[i].n + 192); PrintAndLogEx(INFO, "Signature:"); - print_hex_noascii_break(signature, signature_len, MFBLOCK_SIZE * 2); + print_hex_noascii_break(d->rsa_signature, sizeof(d->rsa_signature), MFBLOCK_SIZE * 2); PrintAndLogEx(SUCCESS, "Signature verification: " _GREEN_("successful")); return PM3_SUCCESS; } -int vigik_annotate(uint8_t *d) { +int vigik_annotate(mfc_vigik_t *d) { if (d == NULL) return PM3_EINVARG; - mfc_vigik_t *foo = (mfc_vigik_t *)d; - - PrintAndLogEx(INFO, "Manufacture......... %s", sprint_hex(foo->b0, sizeof(foo->b0))); - PrintAndLogEx(INFO, "MAD................. %s", sprint_hex(foo->mad, sizeof(foo->mad))); - PrintAndLogEx(INFO, "Counters............ %u", foo->counters); - PrintAndLogEx(INFO, "rtf................. %s", sprint_hex(foo->rtf, sizeof(foo->rtf))); - PrintAndLogEx(INFO, "Service code........ 0x%08x / %u - " _YELLOW_("%s"), foo->service_code, foo->service_code, vigik_get_service(foo->service_code)); - PrintAndLogEx(INFO, "Info flag........... %u -", foo->info_flag); // , sprint_bin(foo->info_flag, 1)); - PrintAndLogEx(INFO, "Key version......... %u", foo->key_version); - PrintAndLogEx(INFO, "PTR Counter......... %u", foo->ptr_counter); - PrintAndLogEx(INFO, "Counter num......... %u", foo->counter_num); - PrintAndLogEx(INFO, "Slot access date.... %s", sprint_hex(foo->slot_access_date, sizeof(foo->slot_access_date))); - PrintAndLogEx(INFO, "Slot dst duration... %u", foo->slot_dst_duration); - PrintAndLogEx(INFO, "Other Slots......... %s", sprint_hex(foo->other_slots, sizeof(foo->other_slots))); - PrintAndLogEx(INFO, "Services counter.... %u", foo->services_counter); - PrintAndLogEx(INFO, "Loading date........ %s", sprint_hex(foo->loading_date, sizeof(foo->loading_date))); - PrintAndLogEx(INFO, "Reserved null....... %u", foo->reserved_null); + PrintAndLogEx(INFO, "Manufacture......... %s", sprint_hex(d->b0, sizeof(d->b0))); + PrintAndLogEx(INFO, "MAD................. %s", sprint_hex(d->mad, sizeof(d->mad))); + PrintAndLogEx(INFO, "Counters............ %u", d->counters); + PrintAndLogEx(INFO, "rtf................. %s", sprint_hex(d->rtf, sizeof(d->rtf))); + PrintAndLogEx(INFO, "Service code........ 0x%08x / %u - " _YELLOW_("%s"), d->service_code, d->service_code, vigik_get_service(d->service_code)); + PrintAndLogEx(INFO, "Info flag........... %u -", d->info_flag); // , sprint_bin(d->info_flag, 1)); + PrintAndLogEx(INFO, "Key version......... %u", d->key_version); + PrintAndLogEx(INFO, "PTR Counter......... %u", d->ptr_counter); + PrintAndLogEx(INFO, "Counter num......... %u", d->counter_num); + PrintAndLogEx(INFO, "Slot access date.... %s", sprint_hex(d->slot_access_date, sizeof(d->slot_access_date))); + PrintAndLogEx(INFO, "Slot dst duration... %u", d->slot_dst_duration); + PrintAndLogEx(INFO, "Other Slots......... %s", sprint_hex(d->other_slots, sizeof(d->other_slots))); + PrintAndLogEx(INFO, "Services counter.... %u", d->services_counter); + PrintAndLogEx(INFO, "Loading date........ %s", sprint_hex(d->loading_date, sizeof(d->loading_date))); + PrintAndLogEx(INFO, "Reserved null....... %u", d->reserved_null); PrintAndLogEx(INFO, "----------------------------------------------------------------"); PrintAndLogEx(INFO, ""); - vigik_verify(d, 96, foo->rsa_signature, sizeof(foo->rsa_signature)); + vigik_verify(d); PrintAndLogEx(INFO, "----------------------------------------------------------------"); PrintAndLogEx(INFO, ""); return PM3_SUCCESS; diff --git a/client/src/mifare/mifarehost.h b/client/src/mifare/mifarehost.h index 0212dd4f0..ccefbbd40 100644 --- a/client/src/mifare/mifarehost.h +++ b/client/src/mifare/mifarehost.h @@ -23,6 +23,7 @@ #include "common.h" #include "util.h" // FILE_PATH_SIZE +#include "protocol_vigik.h" #define MIFARE_SECTOR_RETRY 10 @@ -113,6 +114,6 @@ void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool i // remove all sector trailers in a MFC dump int convert_mfc_2_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen); const char *vigik_get_service(uint16_t service_code); -int vigik_verify(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len); -int vigik_annotate(uint8_t *d); +int vigik_verify(mfc_vigik_t *d); +int vigik_annotate(mfc_vigik_t *d); #endif