github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #29 from RfidResearchGroup/master

Browse source 
Update
This commit is contained in:
mwalker33 2020-04-05 19:14:19 +10:00 committed by GitHub
commit 108b426c98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 261 additions and 297 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/lfops.c
View file

@ -2405,7 +2405,7 @@ void SendForward(uint8_t fwd_bit_count) {
WaitUS(32 * 8);
} else {
TurnReadLF_off(23 * 8);
TurnReadLFOn(32-23 * 8);
TurnReadLFOn((32-23) * 8);
}
}
}

2
client/cmdhf.c
View file

@ -127,7 +127,7 @@ int CmdHFSearch(const char *Cmd) {
PrintAndLogEx(INPLACE, "Searching for LEGIC tag...");
if (IfPm3Legicrf()) {
if (readLegicUid(false) == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("LEGIC tag") "found\n");
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("LEGIC Prime tag") "found\n");
res = PM3_SUCCESS;
}
}

39
client/cmdhflegic.c
View file

@ -111,7 +111,7 @@ static int usage_legic_dump(void) {
PrintAndLogEx(NORMAL, " x : deobfuscate dump data (xor with MCC)");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic dump -- uses UID as filename"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic dump - uses UID as filename"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic dump f myfile"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic dump x"));
return PM3_SUCCESS;
@ -154,7 +154,7 @@ static int usage_legic_esave(void) {
PrintAndLogEx(NORMAL, " f <filename> : filename w/o .bin to load");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic esave 2 -- uses UID as filename"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic esave 2 - uses UID as filename"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf legic esave 2 f myfile"));
return PM3_SUCCESS;
}
@ -217,7 +217,7 @@ static int CmdLegicInfo(const char *Cmd) {
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "Reading full tag memory of %d bytes...", card.cardsize);
PrintAndLogEx(SUCCESS, "Reading full tag memory of " _YELLOW_("%d") "bytes...", card.cardsize);
// allocate receiver buffer
uint8_t *data = calloc(card.cardsize, sizeof(uint8_t));
@ -235,15 +235,13 @@ static int CmdLegicInfo(const char *Cmd) {
// Output CDF System area (9 bytes) plus remaining header area (12 bytes)
crc = data[4];
uint32_t calc_crc = CRC8Legic(data, 4);
uint32_t calc_crc = CRC8Legic(data, 4);
PrintAndLogEx(SUCCESS, _YELLOW_("CDF: System Area"));
PrintAndLogEx(SUCCESS, " " _CYAN_("CDF: System Area"));
PrintAndLogEx(NORMAL, "------------------------------------------------------");
PrintAndLogEx(NORMAL, "MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
PrintAndLogEx(SUCCESS, "MCD: " _GREEN_("%02X") " MSN: " _GREEN_("%s") " MCC: " _GREEN_("%02X") " ( %s)",
data[0],
data[1],
data[2],
data[3],
sprint_hex(data +1, 3),
data[4],
(calc_crc == crc) ? _GREEN_("OK") : _RED_("Fail")
);
@ -350,7 +348,7 @@ static int CmdLegicInfo(const char *Cmd) {
if (dcf > 60000)
goto out;
PrintAndLogEx(SUCCESS, _YELLOW_("\nADF: User Area"));
PrintAndLogEx(SUCCESS, _CYAN_("ADF: User Area"));
PrintAndLogEx(NORMAL, "------------------------------------------------------");
if (bIsSegmented) {
@ -383,7 +381,7 @@ static int CmdLegicInfo(const char *Cmd) {
segCalcCRC = CRC8Legic(segCrcBytes, 8);
segCRC = data[i + 4] ^ crc;
PrintAndLogEx(SUCCESS, "Segment | %02u ", segmentNum);
PrintAndLogEx(SUCCESS, "Segment | " _YELLOW_("%02u"), segmentNum);
PrintAndLogEx(SUCCESS, "raw header | 0x%02X 0x%02X 0x%02X 0x%02X",
data[i] ^ crc,
data[i + 1] ^ crc,
@ -396,7 +394,7 @@ static int CmdLegicInfo(const char *Cmd) {
(segment_flag & 0x4) >> 2,
(segment_flag & 0x8) >> 3
);
PrintAndLogEx(SUCCESS, " | WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
PrintAndLogEx(SUCCESS, " | WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X ( %s)",
wrp,
wrc,
((data[i + 3] ^ crc) & 0x80) >> 7,
@ -821,16 +819,16 @@ int legic_read_mem(uint32_t offset, uint32_t len, uint32_t iv, uint8_t *out, uin
PacketResponseNG resp;
uint8_t timeout = 0;
while (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
while (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
++timeout;
printf(".");
fflush(stdout);
if (timeout > 7) {
if (timeout > 14) {
PrintAndLogEx(WARNING, "\ncommand execution time out");
return PM3_ETIMEOUT;
}
}
PrintAndLogEx(NORMAL, "\n");
PrintAndLogEx(NORMAL, "");
uint8_t isOK = resp.oldarg[0] & 0xFF;
*outlen = resp.oldarg[1];
@ -856,13 +854,13 @@ int legic_print_type(uint32_t tagtype, uint8_t spaces) {
char *spacer = spc + (10 - spaces);
if (tagtype == 22)
PrintAndLogEx(SUCCESS, "%sTYPE : MIM%d card (outdated)", spacer, tagtype);
PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIM%d card (outdated)"), spacer, tagtype);
else if (tagtype == 256)
PrintAndLogEx(SUCCESS, "%sTYPE : MIM%d card (234 bytes)", spacer, tagtype);
PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIM%d card (234 bytes)"), spacer, tagtype);
else if (tagtype == 1024)
PrintAndLogEx(SUCCESS, "%sTYPE : MIM%d card (1002 bytes)", spacer, tagtype);
PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIM%d card (1002 bytes)"), spacer, tagtype);
else
PrintAndLogEx(INFO, "%sTYPE : Unknown %06x", spacer, tagtype);
PrintAndLogEx(INFO, "%sTYPE: " _YELLOW_("Unknown %06x"), spacer, tagtype);
return PM3_SUCCESS;
}
int legic_get_type(legic_card_select_t *card) {
@ -1393,7 +1391,8 @@ int readLegicUid(bool verbose) {
break;
}
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, " UID : %s", sprint_hex(card.uid, sizeof(card.uid)));
PrintAndLogEx(SUCCESS, " MCD: " _GREEN_("%02X"), card.uid[0]);
PrintAndLogEx(SUCCESS, " MSN: " _GREEN_("%s"), sprint_hex(card.uid + 1, sizeof(card.uid) - 1));
legic_print_type(card.cardsize, 0);
return PM3_SUCCESS;
}

267
client/cmdhfmfdes.c
View file

@ -38,6 +38,30 @@ typedef enum {
static int CmdHelp(const char *Cmd);
static int SendDesfireCmd(uint8_t *c, size_t len, int p0, int p1, int p2, PacketResponseNG *response, int timeout) {
PacketResponseNG resp;
if (response == NULL)
response = &resp;
clearCommandBuffer();
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, p0, p1, p2, c, len);
if (!WaitForResponseTimeout(CMD_ACK, response, timeout)) {
PrintAndLogEx(WARNING, "[SendDesfireCmd] Timed-out: " _RED_("%s"), sprint_hex(c, len));
DropField();
return PM3_ETIMEOUT;
}
uint8_t isOK = response->data.asBytes[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, "[SendDesfireCmd] Unsuccessful: " _RED_("%s"), sprint_hex(c, len));
return PM3_ESOFT;
}
return PM3_SUCCESS;
}
static desfire_cardtype_t getCardType(uint8_t major, uint8_t minor) {
if (major == 0x00)
@ -81,6 +105,14 @@ static int test_desfire_authenticate_iso() {
}
//none
static int test_desfire_authenticate_aes() {
/* Just left here for future use, from TI TRF7970A sloa213 document
const static u08_t CustomKey1[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
const static u08_t CustomKey2[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
const static u08_t CustomKey3[16] = {0x79, 0x70, 0x25, 0x53, 0x79, 0x70, 0x25,
0x53, 0x79, 0x70, 0x25, 0x53, 0x79, 0x70, 0x25, 0x53};
*/
uint8_t c[] = {AUTHENTICATE_AES, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0xAA, KEY 0
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
@ -124,79 +156,21 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
// DESFire Ev3 - wanted
// ref: MIFARE Desfire Originality Signature Validation
#define PUBLIC_DESFIRE_ECDA_KEYLEN 57
#define PUBLIC_DESFIRE_ECDA_KEYLEN 57
const ecdsa_publickey_t nxp_desfire_public_keys[] = {
{"NTAG42x 1-3 NTAG 424 DNA TagTamper, NTAG426 TT, NTAG424DNA, DESFire EV2", "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"},
{"NTAG42x 4, NTAG426, DESFire Ev2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"},
{"NTAG42x 3, NTAG 424 DNA, DESFire Light EV1", "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"},
{"NTAG424DNA, DESFire EV2", "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"},
{"NTAG413DNA, DESFire EV1", "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"},
{"Mifare Plus", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"},
{"NTAG424DNA, NTAG424DNATT (Tag Tamper), DESFire Light EV2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3B"},
{"DESFire EV2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"},
{"NTAG424DNA,NTAG424DNATT, DESFire Light EV2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3B"},
{"DESFire Light EV1", "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"},
{"Mifare Plus", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}
};
/*
uint8_t nxp_desfire_keys[][PUBLIC_DESFIRE_ECDA_KEYLEN] = {
// NTAG42x 3 - NTAG 424 DNA, DESFire Light
{
0x04, 0x0E, 0x98, 0xE1, 0x17, 0xAA, 0xA3, 0x64,
0x57, 0xF4, 0x31, 0x73, 0xDC, 0x92, 0x0A, 0x87,
0x57, 0x26, 0x7F, 0x44, 0xCE, 0x4E, 0xC5, 0xAD,
0xD3, 0xC5, 0x40, 0x75, 0x57, 0x1A, 0xEB, 0xBF,
0x7B, 0x94, 0x2A, 0x97, 0x74, 0xA1, 0xD9, 0x4A,
0xD0, 0x25, 0x72, 0x42, 0x7E, 0x5A, 0xE0, 0xA2,
0xDD, 0x36, 0x59, 0x1B, 0x1F, 0xB3, 0x4F, 0xCF, 0x3D
},
// NTAG42x 1-3 NTAG 424 DNA TagTamper, NTAG426 TT
{
0x04, 0x8A, 0x9B, 0x38, 0x0A, 0xF2, 0xEE, 0x1B,
0x98, 0xDC, 0x41, 0x7F, 0xEC, 0xC2, 0x63, 0xF8,
0x44, 0x9C, 0x76, 0x25, 0xCE, 0xCE, 0x82, 0xD9,
0xB9, 0x16, 0xC9, 0x92, 0xDA, 0x20, 0x9D, 0x68,
0x42, 0x2B, 0x81, 0xEC, 0x20, 0xB6, 0x5A, 0x66,
0xB5, 0x10, 0x2A, 0x61, 0x59, 0x6A, 0xF3, 0x37,
0x92, 0x00, 0x59, 0x93, 0x16, 0xA0, 0x0A, 0x14, 0x10
},
// Unknown - needs identification
{
0x04, 0x44, 0x09, 0xAD, 0xC4, 0x2F, 0x91, 0xA8,
0x39, 0x40, 0x66, 0xBA, 0x83, 0xD8, 0x72, 0xFB,
0x1D, 0x16, 0x80, 0x37, 0x34, 0xE9, 0x11, 0x17,
0x04, 0x12, 0xDD, 0xF8, 0xBA, 0xD1, 0xA4, 0xDA,
0xDF, 0xD0, 0x41, 0x62, 0x91, 0xAF, 0xE1, 0xC7,
0x48, 0x25, 0x39, 0x25, 0xDA, 0x39, 0xA5, 0xF3,
0x9A, 0x1C, 0x55, 0x7F, 0xFA, 0xCD, 0x34, 0xC6, 0x2E
},
// NTAG42x 4 - NTAG426, DESFire Ev2
{
0x04, 0xB3, 0x04, 0xDC, 0x4C, 0x61, 0x5F, 0x53,
0x26, 0xFE, 0x93, 0x83, 0xDD, 0xEC, 0x9A, 0xA8,
0x92, 0xDF, 0x3A, 0x57, 0xFA, 0x7F, 0xFB, 0x32,
0x76, 0x19, 0x2B, 0xC0, 0xEA, 0xA2, 0x52, 0xED,
0x45, 0xA8, 0x65, 0xE3, 0xB0, 0x93, 0xA3, 0xD0,
0xDC, 0xE5, 0xBE, 0x29, 0xE9, 0x2F, 0x13, 0x92,
0xCE, 0x7D, 0xE3, 0x21, 0xE3, 0xE5, 0xC5, 0x2B, 0x3A
},
// Unknown - needs identification
{
0x04, 0xBB, 0x5D, 0x51, 0x4F, 0x70, 0x50, 0x02,
0x5C, 0x7D, 0x0F, 0x39, 0x73, 0x10, 0x36, 0x0E,
0xEC, 0x91, 0xEA, 0xF7, 0x92, 0xE9, 0x6F, 0xC7,
0xE0, 0xF4, 0x96, 0xCB, 0x4E, 0x66, 0x9D, 0x41,
0x4F, 0x87, 0x7B, 0x7B, 0x27, 0x90, 0x1F, 0xE6,
0x7C, 0x2E, 0x3B, 0x33, 0xCD, 0x39, 0xD1, 0xC7,
0x97, 0x71, 0x51, 0x89, 0xAC, 0x95, 0x1C, 0x2A, 0xDD
}
};
*/
uint8_t i;
int res;
bool is_valid = false;
for (i = 0; i< ARRAYLEN(nxp_desfire_public_keys); i++) {
for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) {
int dl = 0;
uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN];
@ -212,31 +186,13 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
return PM3_ESOFT;
}
/*
char *publickeyname;
switch(i) {
case 0:
publickeyname = "NTAG42x 3 - NTAG 424 DNA / DESFire Light";
break;
case 1:
publickeyname = "NTAG42x 1-3 NTAG 424 DNA TagTamper, NTAG426 TT";
break;
case 3:
publickeyname = "NTAG42x 4 - NTAG426, DESFire Ev2";
break;
default:
publickeyname = "Unknown DESFire, post on forum";
break;
}
*/
PrintAndLogEx(NORMAL,"");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature"));
PrintAndLogEx(INFO, " IC signature public key name: %s", nxp_desfire_public_keys[i].desc);
PrintAndLogEx(INFO, "IC signature public key value: %.16s", nxp_desfire_public_keys[i].value);
PrintAndLogEx(INFO, " : %.16s", nxp_desfire_public_keys[i].value + 16);
PrintAndLogEx(INFO, " : %.16s", nxp_desfire_public_keys[i].value + 32);
PrintAndLogEx(INFO, " : %.16s", nxp_desfire_public_keys[i].value + 48);
PrintAndLogEx(INFO, "IC signature public key value: %.32s", nxp_desfire_public_keys[i].value);
PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 16);
PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 32);
PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 48);
PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1");
PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex(signature, 16));
PrintAndLogEx(INFO, " : %s", sprint_hex(signature + 16, 16));
@ -268,8 +224,8 @@ static int get_desfire_signature(uint8_t *signature, size_t *signature_len) {
// --- KEY SETTING
static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys) {
PrintAndLogEx(SUCCESS, " AID Key settings : %02x", key_settings);
PrintAndLogEx(SUCCESS, " Max number of keys in AID : %d", num_keys);
PrintAndLogEx(SUCCESS, " AID Key settings : %02x", key_settings);
PrintAndLogEx(SUCCESS, " Max number of keys in AID : %d", num_keys);
PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(SUCCESS, " Changekey Access rights");
@ -301,19 +257,11 @@ static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys) {
static int get_desfire_keysettings(uint8_t *key_settings, uint8_t *num_keys) {
PacketResponseNG resp;
uint8_t c[] = {MFDES_GET_KEY_SETTINGS, 0x00, 0x00, 0x00}; // 0x45
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xFF;
if (isOK == false) {
return PM3_ESOFT;
}
int ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 1500);
if (ret != PM3_SUCCESS) return ret;
if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0xae) {
PrintAndLogEx(WARNING, _RED_(" authentication error"));
PrintAndLogEx(WARNING, _RED_("[get_desfire_keysettings] Authentication error"));
return PM3_ESOFT;
}
// PrintAndLogEx(INFO, "ICE: KEYSETTING resp :: %s", sprint_hex(resp.data.asBytes, resp.length));
@ -324,7 +272,7 @@ static int get_desfire_keysettings(uint8_t *key_settings, uint8_t *num_keys) {
// --- KEY VERSION
static int desfire_print_keyversion(uint8_t key_idx, uint8_t key_version) {
PrintAndLogEx(SUCCESS, " Key [%u] Version : %d (0x%02x)", key_idx, key_version, key_version);
PrintAndLogEx(SUCCESS, " Key [%u] Version : %d (0x%02x)", key_idx, key_version, key_version);
return PM3_SUCCESS;
}
@ -332,18 +280,10 @@ static int desfire_print_keyversion(uint8_t key_idx, uint8_t key_version) {
static int get_desfire_keyversion(uint8_t curr_key, uint8_t *num_versions) {
PacketResponseNG resp;
uint8_t c[] = {MFDES_GET_KEY_VERSION, 0x00, 0x00, 0x01, curr_key, 0x00}; // 0x64
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
int ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 1500);
if (ret != PM3_SUCCESS) return ret;
uint8_t isOK = resp.oldarg[0] & 0xFF;
if (isOK == false) {
return PM3_ESOFT;
}
if ( resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x40) {
if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x40) {
return PM3_ESOFT;
}
@ -357,18 +297,13 @@ static int get_desfire_select_application(uint8_t *aid) {
if (aid == NULL) return PM3_ESOFT;
uint8_t c[] = {SELECT_APPLICATION, 0x00, 0x00, 0x03, aid[0], aid[1], aid[2], 0x00}; // 0x5a
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
PrintAndLogEx(WARNING, _RED_(" timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, " Can't select AID: " _RED_("%s"), sprint_hex(aid, 3));
return PM3_ESOFT;
int ret = SendDesfireCmd(c, sizeof(c), INIT, sizeof(c), 0, &resp, 3000);
if (ret != PM3_SUCCESS) {
if (ret == PM3_ESOFT) {
PrintAndLogEx(WARNING, "[get_desfire_select_application] Can't select AID: " _RED_("%s"), sprint_hex(aid, 3));
}
return ret;
}
if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x00) {
@ -383,17 +318,9 @@ static int get_desfire_select_application(uint8_t *aid) {
static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) {
uint8_t c[] = {GET_APPLICATION_IDS, 0x00, 0x00, 0x00}; //0x6a
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | CLEARTRACE | DISCONNECT , sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
int ret = SendDesfireCmd(c, sizeof(c), INIT | CLEARTRACE | DISCONNECT, sizeof(c), 0, &resp, 1500);
if (ret != PM3_SUCCESS) return ret;
*app_ids_len = resp.length - 5;
@ -403,17 +330,8 @@ static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) {
if (resp.data.asBytes[resp.length - 3] == MFDES_ADDITIONAL_FRAME) {
c[0] = MFDES_ADDITIONAL_FRAME; //0xAF
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
return PM3_ETIMEOUT;
}
isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 1500);
if (ret != PM3_SUCCESS) return ret;
memcpy(dest + *app_ids_len, resp.data.asBytes + 1, resp.length - 5);
@ -426,18 +344,9 @@ static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) {
// none
static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) {
uint8_t c[] = {MFDES_GET_FILE_IDS, 0x00, 0x00, 0x00}; // 0x6f
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
return PM3_ETIMEOUT;
}
uint8_t isOK = resp.oldarg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_("Command unsuccessful"));
return PM3_ESOFT;
}
int ret = SendDesfireCmd(c, sizeof(c), NONE, sizeof(c), 0, &resp, 1500);
if (ret != PM3_SUCCESS) return ret;
if (resp.data.asBytes[resp.length - 4] == 0x91 && resp.data.asBytes[resp.length - 3] == 0x00) {
*file_ids_len = resp.length - 5;
@ -643,7 +552,7 @@ void getKeySettings(uint8_t *aid) {
uint8_t key_setting = 0;
if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) {
// number of Master keys (0x01)
PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), (num_keys & 0x3F) );
PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), (num_keys & 0x3F));
PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", (key_setting & (1 << 3)) ? _GREEN_("YES") : "NO");
PrintAndLogEx(SUCCESS, " [0x04] CMK required for create/delete : %s", (key_setting & (1 << 2)) ? _GREEN_("YES") : "NO");
@ -765,7 +674,7 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
aid[1] = app_ids[i + 1];
aid[2] = app_ids[i + 2];
PrintAndLogEx(SUCCESS, " AID %d : " _GREEN_("%02X %02X %02X"), i, app_ids[i], app_ids[i+1], app_ids[i+2]);
PrintAndLogEx(SUCCESS, " AID %d : " _GREEN_("%02X %02X %02X"), i, app_ids[i], app_ids[i + 1], app_ids[i + 2]);
getKeySettings(aid);
@ -777,28 +686,28 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
}
}
/*
// Get ISO File IDs
{
uint8_t data[] = {GET_ISOFILE_IDS, 0x00, 0x00, 0x00}; // 0x61
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, DISCONNECT, sizeof(data), 0, data, sizeof(data));
}
if (!WaitForResponseTimeout(CMD_ACK, &respFiles, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
continue;
} else {
isOK = respFiles.data.asBytes[2] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_(" Can't get ISO file ids"));
} else {
int respfileLen = resp.oldarg[1] - 3 - 2;
for (int j = 0; j < respfileLen; ++j) {
PrintAndLogEx(SUCCESS, " ISO Fileid %d :", resp.data.asBytes[j + 3]);
/*
// Get ISO File IDs
{
uint8_t data[] = {GET_ISOFILE_IDS, 0x00, 0x00, 0x00}; // 0x61
SendCommandMIX(CMD_HF_DESFIRE_COMMAND, DISCONNECT, sizeof(data), 0, data, sizeof(data));
}
}
}
*/
if (!WaitForResponseTimeout(CMD_ACK, &respFiles, 1500)) {
PrintAndLogEx(WARNING, _RED_(" Timed-out"));
continue;
} else {
isOK = respFiles.data.asBytes[2] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, _RED_(" Can't get ISO file ids"));
} else {
int respfileLen = resp.oldarg[1] - 3 - 2;
for (int j = 0; j < respfileLen; ++j) {
PrintAndLogEx(SUCCESS, " ISO Fileid %d :", resp.data.asBytes[j + 3]);
}
}
}
*/
}
PrintAndLogEx(INFO, "-------------------------------------------------------------");
DropField();

14
client/luascripts/14araw.lua
View file

@ -1,10 +1,11 @@
local cmds = require('commands')
local getopt = require('getopt')
local lib14a = require('read14a')
local ansicolors = require('ansicolors')
copyright = ''
author = "Martin Holst Swende"
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script to allow raw 1444a commands to be sent and received.
]]
@ -23,8 +24,8 @@ example = [[
]]
usage = [[
script run 14araw -x 6000F57b
Arguments:
]]
arguments = [[
-o do not connect - use this only if you previously used -p to stay connected
-r do not read response
-c calculate and append CRC
@ -79,9 +80,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- The main entry point

15
client/luascripts/brutesim.lua
View file

@ -1,8 +1,9 @@
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Kenzy Carey'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
.-----------------------------------------------------------------.
@ -34,10 +35,9 @@ example = [[
script run brutesim -r pyramid -f 10 -b 1000 -c 10 -t 1 -d down
]]
usage = [[
script run brutesim -r rfid_tag -f facility_code -b base_card_number -c count -t timeout -d direction
Arguments:
]]
arguments = [[
-h this help
-r *see below RFID Tag: the RFID tag to emulate
pyramid
@ -89,9 +89,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

14
client/luascripts/calc_di.lua
View file

@ -2,10 +2,11 @@ local bin = require('bin')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = "Iceman"
version = 'v1.0.0'
version = 'v1.0.1'
desc = [[
This script calculates mifare keys based on uid diversification for DI.
Algo not found by me.
@ -19,8 +20,8 @@ example = [[
]]
usage = [[
script run calc_di -h -u <uid>
Arguments:
]]
arguments = [[
-h : this help
-u <UID> : UID
]]
@ -57,9 +58,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- Exit message

14
client/luascripts/calc_ev1_it.lua
View file

@ -2,10 +2,11 @@ local bin = require('bin')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = "Iceman"
version = 'v1.0.0'
version = 'v1.0.1'
desc = [[
This script calculates mifare Ultralight-EV1 pwd based on uid diversification for an Italian ticketsystem
Algo not found by me.
@ -19,8 +20,8 @@ example =[[
]]
usage = [[
script run calc_ev1_it -h -u <uid> "
Arguments:
]]
arguments = [[
-h : this help
-u <UID> : UID
]]
@ -55,9 +56,12 @@ local function help()
print(author)
print(version)
print(desc)
print("Example usage")
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

14
client/luascripts/calc_mizip.lua
View file

@ -2,10 +2,11 @@ local bin = require('bin')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script calculates mifare keys based on uid diversification for mizip.
Algo not found by me.
@ -19,8 +20,8 @@ example = [[
]]
usage = [[
script run calc_mizip -h -u <uid>
Arguments:
]]
arguments = [[
-h : this help
-u <UID> : UID
]]
@ -62,9 +63,12 @@ local function help()
print(author)
print(version)
print(desc)
print("Example usage")
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

14
client/luascripts/calypso.lua
View file

@ -3,10 +3,11 @@ local getopt = require('getopt')
local lib14b = require('read14b')
local utils = require('utils')
local iso7816 = require('7816_error')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script to communicate with a CALYSPO / 14443b tag using the '14b raw' commands
]]
@ -16,8 +17,8 @@ example = [[
]]
usage = [[
script run calypso -h -b
Arguments:
]]
arguments = [[
h this helptext
b raw bytes to send
]]
@ -66,9 +67,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- helper function, give current count of items in lua-table.

14
client/luascripts/didump.lua
View file

@ -6,10 +6,11 @@ local utils = require('utils')
local lib14a = require('read14a')
local json = require('dkjson')
local toys = require('default_toys_di')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script to dump and decrypt the data of a specific type of Mifare Mini token.
The dump is decrypted. If a raw dump is wanted, use the -r parameter
@ -28,8 +29,8 @@ example = [[
]]
usage = [[
script run didump -h -t -r -d -e -v -i dumpdata.json
Arguments:
]]
arguments = [[
h this helptext
r raw
t selftest
@ -88,9 +89,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--

14
client/luascripts/dumptoemul-mfu.lua
View file

@ -2,10 +2,11 @@
-- Have a look there for further details
getopt = require('getopt')
bin = require('bin')
local ansicolors = require('ansicolors')
copyright = ''
author = "Martin Holst Swende \n @Marshmellow \n @iceman"
version = 'v1.0.1'
version = 'v1.0.2'
desc =[[
This script takes a dumpfile from 'hf mfu dump' and converts it to a format that can be used
by the emulator
@ -15,8 +16,8 @@ example = [[
]]
usage = [[
script run dumptoemul-mfu [-i <file>] [-o <file>]
Arguments:
]]
arguments = [[
-h This help
-i <file> Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
-o <filename> Specifies the output file. If omitted, <uid>.eml is used.
@ -53,9 +54,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function convert_to_ascii(hexdata)

16
client/luascripts/dumptoemul.lua
View file

@ -2,10 +2,11 @@
-- Have a look there for further details
getopt = require('getopt')
bin = require('bin')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Martin Holst Swende'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script takes a dumpfile from 'hf mf dump' and converts it to a format that can be used
by the emulator
@ -14,9 +15,9 @@ example = [[
script run dumptoemul -i dumpdata-foobar.bin
]]
usage = [[
_script run dumptoemul [-i <file>] [-o <file>]
Arguments:
script run dumptoemul [-i <file>] [-o <file>]
]]
arguments = [[
-h This help
-i <file> Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
-o <filename> Specifies the output file. If omitted, <uid>.eml is used.
@ -56,9 +57,12 @@ function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function convert_to_ascii(hexdata)

14
client/luascripts/e.lua
View file

@ -1,9 +1,10 @@
local getopt = require('getopt')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script calculates many checksums (CRC) over the provided hex input.
]]
@ -12,7 +13,9 @@ example = [[
script run e -b 010203040506070809 -w 16
]]
usage = [[
Arguments:
script run e [-b <hex bytes] [-w <width>]
]]
arguments = [[
-b data in hex
-w bitwidth of the CRC family of algorithm. <optional> defaults to all known CRC presets.
]]
@ -44,9 +47,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- The main entry point

23
client/luascripts/emul2dump.lua
View file

@ -1,10 +1,11 @@
local getopt = require('getopt')
local bin = require('bin')
local dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc =[[
This script takes an dumpfile on EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore`
]]
@ -15,8 +16,8 @@ example =[[
]]
usage = [[
script run emul2dump [-i <file>] [-o <file>]
Arguments:
]]
arguments = [[
-h This help
-i <filename> Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used
-o <filename> Specifies the output file. If omitted, <currdate>.bin is used.
@ -24,7 +25,7 @@ Arguments:
]]
---
-- This is only meant to be used when errors occur
local function oops(err)
local function dbg(err)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1
@ -37,15 +38,25 @@ local function oops(err)
end
end
---
-- This is only meant to be used when errors occur
local function oops(err)
print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

14
client/luascripts/emul2html.lua
View file

@ -3,10 +3,11 @@
getopt = require('getopt')
bin = require('bin')
dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Martin Holst Swende'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script takes a dumpfile on EML (ASCII) format and produces a html based dump, which is a
bit more easily analyzed.
@ -16,8 +17,8 @@ example = [[
]]
usage = [[
script run htmldump [-i <file>] [-o <file>]
Arguments:
]]
arguments = [[
-h This help
-i <file> Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used
-o <filename> Speciies the output file. If omitted, <curdate>.html is used.
@ -54,9 +55,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function main(args)