From 5c5a53963a36fade8c6ad37d4ab207506ad312a1 Mon Sep 17 00:00:00 2001 From: nvx Date: Fri, 22 Jul 2022 13:52:09 +1000 Subject: [PATCH 1/2] Fixed incorrect card config bit being checked for iClass key access flag --- CHANGELOG.md | 1 + client/src/cmdhficlass.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9757a2952..4584826d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fixed `hf iclass info` and `hf iclass view` key access info looking at the wrong card config bit (@nvx) - Added `hf gallagher decode` command and fix Gallagher diversification for card master key (@nvx) - Added mmbit-002 (kibi-002, kb5004xk1) russian tag to `hf texkom read` command (@merlokk) - Added `hf sniff --smode` skip/group adc data to consume less memory. Now it can sniff very long signals (@merlokk) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index ea16de75c..03f9a4b3a 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -588,8 +588,8 @@ static void mem_app_config(const picopass_hdr_t *hdr) { PrintAndLogEx(INFO, "------------------------- " _CYAN_("KeyAccess") " ------------------------"); PrintAndLogEx(INFO, " * Kd, Debit key, AA1 Kc, Credit key, AA2 *"); - uint8_t book = isset(mem, 0x20); - if (book) { + uint8_t keyAccess = isset(mem, 0x01); + if (keyAccess) { PrintAndLogEx(INFO, " Read A....... debit"); PrintAndLogEx(INFO, " Read B....... credit"); PrintAndLogEx(INFO, " Write A...... debit"); From 30cc57d3aa33abae1dbe99a003854b3556159cb0 Mon Sep 17 00:00:00 2001 From: nvx Date: Fri, 22 Jul 2022 14:06:47 +1000 Subject: [PATCH 2/2] Fix some bugs in the iClass SIO detection and printing --- client/src/cmdhficlass.c | 63 ++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 35 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index ea16de75c..c562263f0 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -2443,8 +2443,9 @@ static int CmdHFiClass_loclass(const char *Cmd) { } static void detect_credential(uint8_t *data, bool *legacy, bool *se, bool *sr) { - char* r1 = strstr((char*)data + (5 * 8), "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"); - char* r2 = strstr((char*)data + (11 * 8), "\x05\x00\x05\x00"); + bool r1 = !memcmp(data + (5 * 8), "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8); + uint8_t pattern[] = {0x05, 0x00, 0x05, 0x00}; + bool r2 = byte_strstr(data + (11 * 8), 6 * 8, pattern, sizeof(pattern)) != -1; *legacy = (r1) && (data[6 * 8] != 0x30); *se = (r2) && (data[6 * 8] == 0x30); @@ -2458,40 +2459,31 @@ static void printIclassSIO(uint8_t *iclass_dump) { bool isLegacy, isSE, isSR; detect_credential(iclass_dump, &isLegacy, &isSE, &isSR); - uint8_t pattern[] = {0x05, 0x00, 0x05, 0x00}; + uint8_t *sio_start; if (isSE) { - - int dlen = byte_strstr(iclass_dump + (6 * 8), 8*8, pattern, sizeof(pattern)); - if (dlen) { - - dlen += sizeof(pattern); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "---------------------------- " _CYAN_("SIO - RAW") " ----------------------------"); - print_hex_noascii_break(iclass_dump + (6*8), dlen, 32); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "------------------------- " _CYAN_("SIO - ASN1 TLV") " --------------------------"); - asn1_print(iclass_dump + (6 * 8), dlen, " "); - PrintAndLogEx(NORMAL, ""); - } + sio_start = iclass_dump + (6 * 8); + } else if (isSR) { + sio_start = iclass_dump + (10 * 8); + } else { + return; } - if (isSR) { - - int dlen = byte_strstr(iclass_dump + (10 * 8), 8*8, pattern, sizeof(pattern)); - - if (dlen) { - dlen += sizeof(pattern); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "---------------------------- " _CYAN_("SIO - RAW") " ----------------------------"); - print_hex_noascii_break(iclass_dump + (10*8), dlen, 32); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "------------------------- " _CYAN_("SIO - ASN1 TLV") " --------------------------"); - asn1_print(iclass_dump + (10 * 8), dlen, " "); - PrintAndLogEx(NORMAL, ""); - } + uint8_t pattern[] = {0x05, 0x00, 0x05, 0x00}; + int dlen = byte_strstr(sio_start, 8 * 8, pattern, sizeof(pattern)); + if (dlen == -1) { + return; } + + dlen += sizeof(pattern); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "---------------------------- " _CYAN_("SIO - RAW") " ----------------------------"); + print_hex_noascii_break(sio_start, dlen, 32); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "------------------------- " _CYAN_("SIO - ASN1 TLV") " --------------------------"); + asn1_print(sio_start, dlen, " "); + PrintAndLogEx(NORMAL, ""); + } void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize) { @@ -2536,8 +2528,10 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e */ uint8_t pagemap = get_pagemap(hdr); - bool isLegacy, isSE, isSR; - detect_credential(iclass_dump, &isLegacy, &isSE, &isSR); + bool isLegacy = false, isSE = false, isSR = false; + if (filemaxblock >= 17) { + detect_credential(iclass_dump, &isLegacy, &isSE, &isSR); + } int i = startblock; PrintAndLogEx(NORMAL, ""); @@ -4127,4 +4121,3 @@ int info_iclass(void) { return PM3_SUCCESS; } -