From 2a1e6dff80f9ea96d4fb260a0f8fe6f2683f590e Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 26 Aug 2019 13:36:37 +0200 Subject: [PATCH] hf iclass chk/lookup: load dic with searchFile and fail when errors in args --- client/cmdhficlass.c | 48 ++++++++++++++++------------ doc/cheatsheet.md | 74 ++++++++++++++++++++++---------------------- 2 files changed, 66 insertions(+), 56 deletions(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 51bc323fc..862dad13c 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -244,8 +244,8 @@ static int usage_hf_iclass_chk(void) { PrintAndLogEx(NORMAL, " e elite"); PrintAndLogEx(NORMAL, " c credit key (if not use, default is debit)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf iclass chk f dictionaries/iclass_default_keys.dic"); - PrintAndLogEx(NORMAL, " hf iclass chk f dictionaries/iclass_default_keys.dic e"); + PrintAndLogEx(NORMAL, " hf iclass chk f iclass_default_keys"); + PrintAndLogEx(NORMAL, " hf iclass chk f iclass_default_keys e"); return PM3_SUCCESS;; } static int usage_hf_iclass_lookup(void) { @@ -260,8 +260,8 @@ static int usage_hf_iclass_lookup(void) { PrintAndLogEx(NORMAL, " r raw"); PrintAndLogEx(NORMAL, " e elite"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f dictionaries/iclass_default_keys.dic"); - PrintAndLogEx(NORMAL, " hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f dictionaries/iclass_default_keys.dic e"); + PrintAndLogEx(NORMAL, " hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f iclass_default_keys"); + PrintAndLogEx(NORMAL, " hf iclass lookup u 9655a400f8ff12e0 p f0ffffffffffffff m 0000000089cb984b f iclass_default_keys e"); return PM3_SUCCESS; } static int usage_hf_iclass_permutekey(void) { @@ -2059,9 +2059,9 @@ static int CmdHFiClassCheckKeys(const char *Cmd) { // load keys into keyblock int res = LoadDictionaryKeyFile(filename, &keyBlock, &keycnt); - if (res > 0) { + if (res != PM3_SUCCESS) { free(keyBlock); - return PM3_EFILE; + return res; } pre = calloc(keycnt, sizeof(iclass_premac_t)); @@ -2312,33 +2312,33 @@ static int CmdHFiClassLookUp(const char *Cmd) { PrintAndLogEx(SUCCESS, "MAC_TAG | %s", sprint_hex(MAC_TAG, sizeof(MAC_TAG))); int res = LoadDictionaryKeyFile(filename, &keyBlock, &keycnt); - if (res > 0) { + if (res != PM3_SUCCESS) { free(keyBlock); - return 1; + return res; } //iclass_prekey_t prekey = calloc(keycnt, sizeof(iclass_prekey_t)); if (!prekey) { free(keyBlock); - return 1; + return PM3_EMALLOC; } - PrintAndLogEx(FAILED, "Generating diversified keys and MAC"); + PrintAndLogEx(INFO, "Generating diversified keys and MAC"); res = GenerateFromKeyFile(CSN, CCNR, use_raw, use_elite, keyBlock, keycnt, prekey); - if (res > 0) { + if (res != PM3_SUCCESS) { free(keyBlock); free(prekey); - return 1; + return PM3_ESOFT; } - PrintAndLogEx(FAILED, "Sorting"); + PrintAndLogEx(INFO, "Sorting"); // sort mac list. qsort(prekey, keycnt, sizeof(iclass_prekey_t), cmp_uint32); //PrintPreCalc(prekey, keycnt); - PrintAndLogEx(FAILED, "Searching"); + PrintAndLogEx(INFO, "Searching"); iclass_prekey_t *item; iclass_prekey_t lookup; memcpy(lookup.mac, MAC_TAG, 4); @@ -2377,10 +2377,19 @@ int LoadDictionaryKeyFile(char *filename, uint8_t **keys, int *keycnt) { uint8_t *p; int keyitems = 0; - if (!(f = fopen(filename, "r"))) { - PrintAndLogEx(FAILED, "File: " _YELLOW_("%s") ": not found or locked.", filename); - return 1; + + char *dict_path; + int res = searchFile(&dict_path, DICTIONARIES_SUBDIR, filename, ".dic"); + if (res != PM3_SUCCESS) { + return res; } + f = fopen(dict_path, "r"); + if (!f) { + PrintAndLogEx(FAILED, "File: " _YELLOW_("%s") ": not found or locked.", dict_path); + free(dict_path); + return PM3_EFILE; + } + free(dict_path); while (fgets(buf, sizeof(buf), f)) { if (strlen(buf) < 16 || buf[15] == '\n') @@ -2396,7 +2405,8 @@ int LoadDictionaryKeyFile(char *filename, uint8_t **keys, int *keycnt) { // doesn't this only test first char only? if (!isxdigit(buf[0])) { PrintAndLogEx(ERR, "file content error. '%s' must include 16 HEX symbols", buf); - continue; + fclose(f); + return PM3_EFILE; } // null terminator (skip the rest of the line) @@ -2406,7 +2416,7 @@ int LoadDictionaryKeyFile(char *filename, uint8_t **keys, int *keycnt) { if (!p) { PrintAndLogEx(ERR, "cannot allocate memory for default keys"); fclose(f); - return 2; + return PM3_EMALLOC; } *keys = p; diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index dbd48d548..670ae1979 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -46,7 +46,7 @@ Reverse permute iClass master key ``` Options --- -r reverse permuted key +r reverse permuted key pm3 --> hf iclass permute r 3F90EBF0910F7B6F ``` @@ -166,7 +166,7 @@ p : EPURSE m : macs e : elite -pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b9 f dictionaries/iclass_default_keys.dic e +pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b9 f iclass_default_keys e ``` ## Mifare @@ -188,7 +188,7 @@ Check for default keys from local memory ``` Options --- -card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K +card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K m : use dictionary from flashmemory pm3 --> hf mf fchk 1 m @@ -245,7 +245,7 @@ pm3 --> hf mf eload 353C2AA6 pm3 --> hf mf eload 1 353C2AA6 ``` -Simulate Mifare +Simulate Mifare ``` u : (Optional) UID 4,7 or 10 bytes. If not specified, the UID 4B from emulator memory will be used @@ -285,10 +285,10 @@ Convert Site & Facility code to Wiegand ``` Options --- - -OEM : OEM number / site code -FC : facility code -CN : card number + +OEM : OEM number / site code +FC : facility code +CN : card number pm3 --> lf hid wiegand 0 56 150 ``` @@ -376,7 +376,7 @@ pm3 --> lf hitag 26 pm3 --> lf hitag 21 4D494B52 ``` -Sniff Hitag traffic +Sniff Hitag traffic ``` pm3 --> lf hitag sniff pm3 --> lf hitag list @@ -384,7 +384,7 @@ pm3 --> lf hitag list Simulate Hitag ``` -pm3 --> lf hitag sim c378181c_a8f7.ht2 +pm3 --> lf hitag sim c378181c_a8f7.ht2 ``` Write to Hitag block @@ -405,7 +405,7 @@ pm3 --> lf hitag writer 24 499602D2 1 00000000 Simulate Hitag2 sequence ``` pm3 --> lf hitag reader 21 56713368 -pm3 --> lf hitag sim c378181c_a8f7.ht2 +pm3 --> lf hitag sim c378181c_a8f7.ht2 ``` ## T55XX @@ -432,16 +432,16 @@ Set timings to default ``` Options --- -p : persist to flashmemory -z : Set default t55x7 timings (use p to save if required) +p : persist to flashmemory +z : Set default t55x7 timings (use p to save if required) pm3 --> lf t55xx deviceconfig z p ``` Write to T55xx block ``` -b : block number to write. Between 0-7 -d : 4 bytes of data to write (8 hex characters) +b : block number to write. Between 0-7 +d : 4 bytes of data to write (8 hex characters) pm3 --> lf t55xx wr b 0 d 00081040 ``` @@ -506,11 +506,11 @@ Load default keys into memory ``` Options --- -o : offset in memory -f : file name -m : upload 6 bytes keys (mifare key dictionary) -i : upload 8 bytes keys (iClass key dictionary) -t : upload 4 bytes keys (pwd dictionary) +o : offset in memory +f : file name +m : upload 6 bytes keys (mifare key dictionary) +i : upload 8 bytes keys (iClass key dictionary) +t : upload 4 bytes keys (pwd dictionary) pm3 --> mem load f mfc_default_keys m pm3 --> mem load f t55xx_default_pwds t @@ -522,7 +522,7 @@ pm3 --> mem load f iclass_default_keys i Upgrade Sim Module firmware ``` -pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN +pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN ``` ## Smart Card @@ -542,26 +542,26 @@ Set clock speed ``` Options --- -c : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz) - -pm3 --> sc setclock c 2 +c : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz) + +pm3 --> sc setclock c 2 ``` Send raw hex data ``` Options ---- -r : do not read response -a : active smartcard without select (reset sc module) -s : active smartcard with select (get ATR) -t : executes TLV decoder if it possible -0 : use protocol T=0 -d : bytes to send - -pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR -pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031 : 2PAY.SYS.DDF01 PPSE directory -pm3 --> sc raw 0 t d 00a4040007a0000000041010 : Mastercard -pm3 --> sc raw 0 t d 00a4040007a0000000031010 : Visa +--- +r : do not read response +a : active smartcard without select (reset sc module) +s : active smartcard with select (get ATR) +t : executes TLV decoder if it possible +0 : use protocol T=0 +d : bytes to send + +pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR +pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031 : 2PAY.SYS.DDF01 PPSE directory +pm3 --> sc raw 0 t d 00a4040007a0000000041010 : Mastercard +pm3 --> sc raw 0 t d 00a4040007a0000000031010 : Visa ```` Bruteforce SPI @@ -570,6 +570,6 @@ Options --- t : executes TLV decoder if it possible -pm3 --> sc brute +pm3 --> sc brute pm3 --> sc brute t ```