From ea7ace0ad2110f6f33344f5de2a82a959c2d58d1 Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Tue, 19 Nov 2024 08:43:26 +1100 Subject: [PATCH 01/10] Update Inner Range AID and Added PT AIDs aid_desfire.json - Updated Inner Range AID's - Vendor to include company's legal name - Name for stylisation - Added DEN MyRide - Added GDL Mi Movilidad Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index b3dc2bcfd..6b46f5615 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1,4 +1,4 @@ -[ +n[ { "AID": "EEEE10", "Vendor": "NFC Forum", @@ -201,10 +201,10 @@ }, { "AID": "F47300", - "Vendor": "Inner Range", + "Vendor": "Inner Range Pty Ltd", "Country": "AU", - "Name": "Sifer-P, Sifer-U Credential", - "Description": "Inner Range access control", + "Name": "SIFER-P / SIFER-U Credential", + "Description": "Inner Range Access Control", "Type": "pacs" }, { @@ -699,7 +699,7 @@ "AID": "F33480", "Vendor": "Besucherausweis", "Country": "DE", - "Name": "Visitor's Pass", + "Name": "Visitor Badge", "Description": "Besucherausweis", "Type": "student" }, @@ -943,6 +943,14 @@ "Description": "DUB Leap Card // Transport for Ireland // FIDs: 01,1F: Backup Data; 02-0A: Standard Data", "Type": "transport" }, + { + "AID": "484000", + "Vendor": "Sistema de Tren Elétrico Urbano (SITEUR)", + "Country": "MX", + "Name": "Mi Movilidad Card (GDL)", + "Description": "GDL Mi Movilidad Card", + "Type": "transport" + }, { "AID": "4F5931", "Vendor": "Transport for London (TfL)", @@ -1047,6 +1055,14 @@ "Description": "SOF Sofia City Card", "Type": "transport" }, + { + "AID": "DD00DD", + "Vendor": "Regional Transporation District (RTD) via masabi justride", + "Country": "US", + "Name": "MyRide Card (DEN)", + "Description": "DEN MyRide Card", + "Type": "transport" + }, { "AID": "EF2011", "Vendor": "Helsinki Region Transport (HRT)", @@ -1215,4 +1231,4 @@ "Description": "Used by AKL AT HOP, DXB nol, and SEA ORCA", "Type": "transport" } -] \ No newline at end of file +] From 3c6d1267065547deef184a4f894dc75f1671815c Mon Sep 17 00:00:00 2001 From: ry4000 <154689120+ry4000@users.noreply.github.com> Date: Tue, 19 Nov 2024 08:43:45 +1100 Subject: [PATCH 02/10] Update aid_desfire.json Fixed typo Signed-off-by: ry4000 <154689120+ry4000@users.noreply.github.com> --- client/resources/aid_desfire.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 6b46f5615..9a6fdcade 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1,4 +1,4 @@ -n[ +[ { "AID": "EEEE10", "Vendor": "NFC Forum", From 18805ccb01590ea3e45e9c2df7d75189a2862626 Mon Sep 17 00:00:00 2001 From: Korin Date: Tue, 19 Nov 2024 09:38:16 -0700 Subject: [PATCH 03/10] Added keys to mfc_default_keys.dic from Metro Q cards from Huston, TX. --- client/dictionaries/mfc_default_keys.dic | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 99717cc50..6bc6f0265 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2698,3 +2698,36 @@ F14D329CBDBE # Hotel cards from Austria AB287B3B4903 7B0DEDA7E162 +# +#Metro Q transit cards from Huston, Texas +373B72D34B80 +BF3FFC245C9b +7D1D9E7CF8A7 +6A917BF357E6 +B1D461EC62CA +C6BECABEBE8A +66026782D435 +4547E34E40D9 +753897b99AAE +1C36761E8ABD +6D8FBD8CC524 +5A3274779706 +23F13602CC1A +5C8FF9990DA2 +75CCB59C9BED +511C1C2C9804 +F8B2B926555E +2593E37D9B2E +41A1F17EE990 +64DD48AEDE88 +7915ED4D9903 +D139DD71DB92 +216D97D46E88 +D9D1C447E427 +911E789433CB +93B43D689F85 +525A869053F1 +69B25667E0B4 +6AACA2D97645 +D01AFEEB890A +4B791BEA7BCC \ No newline at end of file From a54a59998b08243a2e1cab340cea33ba7f68905b Mon Sep 17 00:00:00 2001 From: Korin Date: Tue, 19 Nov 2024 09:50:06 -0700 Subject: [PATCH 04/10] Updating CHANGELOG.md to reflect added keys. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94ab07612..a075cdfe6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -69,6 +69,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `hf 14a aidsim` - simulates a PICC (like `14a sim`), and allows you to respond to specific AIDs and getData responses (@evildaemond) - Fixed arguments for `SimulateIso14443aTag` and `SimulateIso14443aInit` in `hf_young.c`, `hf_aveful.c`, `hf_msdsal.c`, `hf_cardhopper.c`, `hf_reblay.c`, `hf_tcprst.c` and `hf_craftbyte.c` (@archi) - Added `mf_backdoor_dump.py` script that dumps FM11RF08S and similar (Mifare Classic 1k) tag data that can be directly read by known backdoor keys. (@Aptimex) +- Added keys for Metro Q transit cards in Huston, TX. (@Anarchothulhu) ## [Backdoor.4.18994][2024-09-10] - Changed flashing messages to be less scary (@iceman1001) From 5c9783cdc40d28030cf43c3d41d836cd285a712d Mon Sep 17 00:00:00 2001 From: Korin Date: Tue, 19 Nov 2024 10:08:36 -0700 Subject: [PATCH 05/10] Removing duplicate keys. --- client/dictionaries/mfc_default_keys.dic | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 6bc6f0265..eec6aea94 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2713,8 +2713,6 @@ C6BECABEBE8A 6D8FBD8CC524 5A3274779706 23F13602CC1A -5C8FF9990DA2 -75CCB59C9BED 511C1C2C9804 F8B2B926555E 2593E37D9B2E @@ -2728,6 +2726,4 @@ D9D1C447E427 93B43D689F85 525A869053F1 69B25667E0B4 -6AACA2D97645 -D01AFEEB890A -4B791BEA7BCC \ No newline at end of file +6AACA2D97645 \ No newline at end of file From e205829af2f621d90a0994f1488f40d34af177e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Nov=C3=BD?= Date: Tue, 19 Nov 2024 22:42:28 +0100 Subject: [PATCH 06/10] Add new Mifare Classic keys from MifareClassicTool project. --- CHANGELOG.md | 1 + client/dictionaries/mfc_default_keys.dic | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a075cdfe6..52d49ce79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,6 +70,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Fixed arguments for `SimulateIso14443aTag` and `SimulateIso14443aInit` in `hf_young.c`, `hf_aveful.c`, `hf_msdsal.c`, `hf_cardhopper.c`, `hf_reblay.c`, `hf_tcprst.c` and `hf_craftbyte.c` (@archi) - Added `mf_backdoor_dump.py` script that dumps FM11RF08S and similar (Mifare Classic 1k) tag data that can be directly read by known backdoor keys. (@Aptimex) - Added keys for Metro Q transit cards in Huston, TX. (@Anarchothulhu) +- Add new Mifare Classic keys from MifareClassicTool project. (@onovy) ## [Backdoor.4.18994][2024-09-10] - Changed flashing messages to be less scary (@iceman1001) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index eec6aea94..6a791568e 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2726,4 +2726,25 @@ D9D1C447E427 93B43D689F85 525A869053F1 69B25667E0B4 -6AACA2D97645 \ No newline at end of file +6AACA2D97645 +# UK London Office +435DF6296EC4 +2338B4913222 +# Acces card of students, and more in Occitanie, France +E9A553102EA5 +F982E971CFED +1F42AB9159EE +BBFB836A48B8 +B5D170B2E8F5 +E76978A05F10 +0B1A995DD007 +650DB9CEDB6B +13E54B4448B7 +3E3540C2C273 +A76152840117 +066CCC7666BC +3C0B3AC3AFA3 +CCB541598D72 +1988B5D48EC3 +892EEF0D30FB +0FE5CE5CC640 From d6c966ac4b4e6a9c7618508989700c2ebaf2de50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Nov=C3=BD?= Date: Tue, 19 Nov 2024 22:57:28 +0100 Subject: [PATCH 07/10] Add new Mifare Classic keys from Flipper project --- CHANGELOG.md | 2 +- client/dictionaries/mfc_default_keys.dic | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52d49ce79..21bfa0822 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,7 +70,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Fixed arguments for `SimulateIso14443aTag` and `SimulateIso14443aInit` in `hf_young.c`, `hf_aveful.c`, `hf_msdsal.c`, `hf_cardhopper.c`, `hf_reblay.c`, `hf_tcprst.c` and `hf_craftbyte.c` (@archi) - Added `mf_backdoor_dump.py` script that dumps FM11RF08S and similar (Mifare Classic 1k) tag data that can be directly read by known backdoor keys. (@Aptimex) - Added keys for Metro Q transit cards in Huston, TX. (@Anarchothulhu) -- Add new Mifare Classic keys from MifareClassicTool project. (@onovy) +- Add new Mifare Classic keys from MifareClassicTool and Flipper projects. (@onovy) ## [Backdoor.4.18994][2024-09-10] - Changed flashing messages to be less scary (@iceman1001) diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 6a791568e..e1d425b80 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -2748,3 +2748,10 @@ CCB541598D72 1988B5D48EC3 892EEF0D30FB 0FE5CE5CC640 +# Volgograd (Russia) Volna transport cards keys +2B787A063D5D +D37C8F1793F7 +# H World Hotel Chain Room Keys +543071543071 +5F01015F0101 +200510241234 From 86e8792f34e8a2eda734d8d8ab06b5993a0e1b0f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 20 Nov 2024 01:49:45 +0100 Subject: [PATCH 08/10] minor textual changes \n and added support for bambu kdf. --- CHANGELOG.md | 1 + client/src/cmdhfmf.c | 7 +++-- client/src/cmdhfmfu.c | 5 +++- common/commonutil.c | 32 ++++++++++++++++++++ common/commonutil.h | 16 ++++++++++ common/generator.c | 65 ++++++++++++++++++++++++++++++++++------- common/generator.h | 2 ++ common/mbedtls/Makefile | 1 + common/mbedtls/config.h | 2 +- 9 files changed, 115 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 21bfa0822..472a9d51e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added support for a new KDF (@iceman1001) - Added Inner range aid and mad entries (@iceman1001) - Changed `mem spiffs` - Use all available space in SPI flash (@ANTodorov) - Fixed wrong size check in MifareSim (@iceman1001) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index c93093dea..33a308b5a 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -797,7 +797,7 @@ static int mf_load_keys(uint8_t **pkeyBlock, uint32_t *pkeycnt, uint8_t *userkey PrintAndLogEx(DEBUG, _YELLOW_("%2d") " - %s", *pkeycnt + i, sprint_hex(*pkeyBlock + (*pkeycnt + i) * MIFARE_KEY_SIZE, MIFARE_KEY_SIZE)); } *pkeycnt += ARRAYLEN(g_mifare_default_keys); - PrintAndLogEx(SUCCESS, "loaded " _GREEN_("%zu") " keys from hardcoded default array", ARRAYLEN(g_mifare_default_keys)); + PrintAndLogEx(SUCCESS, "loaded " _GREEN_("%zu") " hardcoded keys", ARRAYLEN(g_mifare_default_keys)); } // Handle user supplied dictionary file @@ -883,7 +883,7 @@ static int CmdHF14AMfDarkside(const char *Cmd) { arg_param_begin, arg_int0(NULL, "blk", " ", "Target block"), arg_lit0("b", NULL, "Target key B instead of default key A"), - arg_int0("c", NULL, "", "Target key type is key A + offset"), + arg_int0("c", NULL, "", "Target Auth 6x"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -9697,7 +9697,8 @@ static int CmdHF14AMfInfo(const char *Cmd) { } if (fKeyType != 0xFF) { - PrintAndLogEx(SUCCESS, "Block 0.......... %s", sprint_hex_ascii(blockdata, MFBLOCK_SIZE)); + PrintAndLogEx(SUCCESS, "Block 0.... %s | " NOLF, sprint_hex_inrow(blockdata, MFBLOCK_SIZE)); + PrintAndLogEx(NORMAL, "%s", sprint_ascii(blockdata + 8, 8)); } PrintAndLogEx(NORMAL, ""); diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index de2489dba..658e028e5 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -4126,7 +4126,7 @@ static int CmdHF14AMfUCSetUid(const char *Cmd) { // save old block2. uint8_t oldblock2[4] = {0x00}; - memcpy(resp.data.asBytes, oldblock2, 4); + memcpy(oldblock2, resp.data.asBytes, 4); // Enforce bad BCC handling temporarily as BCC will be wrong between // block 1 write and block2 write @@ -4431,6 +4431,9 @@ static int CmdHF14AMfUPwdGen(const char *Cmd) { PrintAndLogEx(INFO, " Dorma Kaba algo"); PrintAndLogEx(INFO, " STiD algo"); PrintAndLogEx(INFO, "-------------------------------------"); + key = 0; + mfc_algo_bambu_one(uid, 0, MF_KEY_A, &key); + PrintAndLogEx(INFO, " Bambu........ %012" PRIX64, key); return PM3_SUCCESS; } diff --git a/common/commonutil.c b/common/commonutil.c index 15c79d248..023ba67ca 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -567,3 +567,35 @@ size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_of return dest_offset + nbits; } + +int char2int(char c) { + if (c >= '0' && c <= '9') return c - '0'; + if (c >= 'A' && c <= 'F') return c - 'A' + 10; + if (c >= 'a' && c <= 'f') return c - 'a' + 10; + return -1; // Invalid character for hex +} + + // returns the number of bytes written +int hexstr2ByteArr(const char *hexstr, unsigned char *array, size_t asize) { + size_t n = 0; + while (hexstr[n] != '\0') { + n++; + } + + // Check if the input is valid and fits in the output array + if (n % 2 != 0 || asize < n >> 1) { + return -1; // Error: invalid length or insufficient byte array size + } + + for (size_t i = 0; i < n; i += 2) { + int high = char2int(hexstr[i]); + int low = char2int(hexstr[i + 1]); + + if (high == -1 || low == -1) { + return -1; // Error: invalid hex character + } + + array[i >> 1] = (high << 4) | low; + } + return n >> 1; +} \ No newline at end of file diff --git a/common/commonutil.h b/common/commonutil.h index b2d560f3d..0b187ef10 100644 --- a/common/commonutil.h +++ b/common/commonutil.h @@ -65,6 +65,20 @@ #define REV64(x) (REV32(x) + ((uint64_t)(REV32((x) >> 32) << 32))) #endif +typedef struct { + int Year; + int Month; + int Day; + int Hour; + int Minute; +} Date_t; + + +int calculate_hours_between_dates(const Date_t s, Date_t *e); +void add_hours(Date_t *d, int hours_to_add); +void add_days(Date_t *d, int days_to_add); +uint8_t days_in_month(int year, int month); + extern struct version_information_t g_version_information; void FormatVersionInformation(char *dst, int len, const char *prefix, const void *version_info); @@ -136,4 +150,6 @@ void reverse_arraybytes(uint8_t *arr, size_t len); void reverse_arraybytes_copy(uint8_t *arr, uint8_t *dest, size_t len); size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_offset, size_t nbits); +int char2int(char c); +int hexstr2ByteArr(const char *hexstr, unsigned char *array, size_t asize); #endif diff --git a/common/generator.c b/common/generator.c index f7a53ed1e..6338fa33c 100644 --- a/common/generator.c +++ b/common/generator.c @@ -25,7 +25,7 @@ #include #include "commonutil.h" //BSWAP_16 #include "common.h" //BSWAP_32/64 -#include "util.h" + #include "pm3_cmd.h" #include "crc16.h" // crc16 ccitt #include "mbedtls/sha1.h" @@ -33,9 +33,11 @@ #include "mbedtls/cmac.h" #include "mbedtls/cipher.h" #include "mbedtls/md.h" +#include "mbedtls/hkdf.h" #ifndef ON_DEVICE #include "ui.h" +#include "util.h" # define prnt(args...) PrintAndLogEx(DEBUG, ## args ); #else # include "dbprint.h" @@ -351,12 +353,11 @@ int mfc_algo_saflok_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t 0xda3e3fd649ddULL, 0x58dded078e3eULL, 0x5cd005cfd907ULL, 0x118dd00187d0ULL }; - uint8_t h = ((uid[3] >> 4) & 0xF); - h += ((uid[2] >> 4) & 0xF); + uint8_t h = (NIBBLE_HIGH(uid[3]) & 0xF); + h += (NIBBLE_HIGH(uid[2]) & 0xF); h += uid[0] & 0xF; uint64_t m = lut[h & 0xF]; - uint64_t id = (bytes_to_num(uid, 4) << 8); *key = (h + (id + m + ((uint64_t)h << 40ULL))) & 0xFFFFFFFFFFFFULL; @@ -540,6 +541,41 @@ int mfc_algo_sky_all(uint8_t *uid, uint8_t *keys) { return PM3_SUCCESS; } + +static const uint8_t bambu_salt[] = { 0x9a, 0x75, 0x9c, 0xf2, 0xc4, 0xf7, 0xca, 0xff, 0x22, 0x2c, 0xb9, 0x76, 0x9b, 0x41, 0xbc, 0x96 }; +static const uint8_t bambu_context_a[] = "RFID-A"; +static const uint8_t bambu_context_b[] = "RFID-B"; + +int mfc_algo_bambu_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key) { + if (uid == NULL) return PM3_EINVARG; + if (key == NULL) return PM3_EINVARG; + + uint8_t keys[16 * 6] = {0}; + + // prepare hmac context + const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + + if (keytype == 0) { + mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_a, sizeof(bambu_context_a), keys, sizeof(keys) ); + } else { + mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_b, sizeof(bambu_context_b), keys, sizeof(keys)); + } + + *key = bytes_to_num(keys + (sector * 6), 6); + return PM3_SUCCESS; +} + +int mfc_algo_bambu_all(uint8_t *uid, uint8_t *keys) { + if (uid == NULL) return PM3_EINVARG; + if (keys == NULL) return PM3_EINVARG; + + // prepare hmac context + const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_a, sizeof(bambu_context_a), keys, (16 * 6) ); + mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_b, sizeof(bambu_context_b), keys + (16 * 6), (16 * 6)); + return PM3_SUCCESS; +} + // LF T55x7 White gun cloner algo uint32_t lf_t55xx_white_pwdgen(uint32_t id) { uint32_t r1 = rotl(id & 0x000000ec, 8); @@ -617,10 +653,9 @@ int mfc_algo_touch_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t * int generator_selftest(void) { #ifndef ON_DEVICE -#define NUM_OF_TEST 10 +#define NUM_OF_TEST 11 - PrintAndLogEx(INFO, "PWD / KEY generator selftest"); - PrintAndLogEx(INFO, "----------------------------"); + PrintAndLogEx(INFO, "------- " _CYAN_("PWD / KEY generator self tests") " --------"); uint8_t testresult = 0; @@ -629,7 +664,6 @@ int generator_selftest(void) { bool success = (pwd1 == 0x8432EB17); if (success) testresult++; - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid1, 7), pwd1, success ? _GREEN_("ok") : "->8432EB17<-"); uint8_t uid2[] = {0x04, 0x1f, 0x98, 0xea, 0x1e, 0x3e, 0x81}; @@ -687,7 +721,7 @@ int generator_selftest(void) { success = (key8 == 0x82c7e64bc565); if (success) testresult++; - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" - %s", sprint_hex(uid8, 4), key8, success ? _GREEN_("ok") : "->82C7E64BC565<--"); + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %012"PRIx64" - %s", sprint_hex(uid8, 4), key8, success ? _GREEN_("ok") : "->82C7E64BC565<--"); // MFC SAFLOK uint8_t uid9[] = {0x11, 0x22, 0x33, 0x44}; @@ -696,13 +730,22 @@ int generator_selftest(void) { success = (key9 == 0xD1E2AA68E39A); if (success) testresult++; - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIX64" - %s", sprint_hex(uid9, 4), key9, success ? _GREEN_("ok") : _RED_(">> D1E2AA68E39A <<")); + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %012"PRIX64" - %s", sprint_hex(uid9, 4), key9, success ? _GREEN_("ok") : _RED_(">> D1E2AA68E39A <<")); uint32_t lf_id = lf_t55xx_white_pwdgen(0x00000080); success = (lf_id == 0x00018383); if (success) testresult++; - PrintAndLogEx(success ? SUCCESS : WARNING, "ID | 0x00000080 | %08"PRIx32 " - %s", lf_id, success ? _GREEN_("ok") : "->00018383<--"); + PrintAndLogEx(success ? SUCCESS : WARNING, "ID | 0x00000080 | %08"PRIx32 " - %s", lf_id, success ? _GREEN_("ok") : ">> 00018383 <<"); + + // MFC Bambu + uint64_t key13 = 0; + mfc_algo_bambu_one(uid9, 0, 0, &key13); + success = (key13 == 0x0729F3B2D37A); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %012"PRIX64" - %s", sprint_hex(uid9, 4), key13, success ? _GREEN_("ok") : _RED_(">> 0729F3B2D37A <<")); + PrintAndLogEx(SUCCESS, "------------------- Selftest %s", (testresult == NUM_OF_TEST) ? _GREEN_("ok") : _RED_("fail")); diff --git a/common/generator.h b/common/generator.h index ce2601f26..b98731f19 100644 --- a/common/generator.h +++ b/common/generator.h @@ -62,6 +62,8 @@ int mfc_generate4b_nuid(uint8_t *uid, uint8_t *nuid); int mfc_algo_touch_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key); +int mfc_algo_bambu_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key); +int mfc_algo_bambu_all(uint8_t *uid, uint8_t *keys); uint32_t lf_t55xx_white_pwdgen(uint32_t id); int mfdes_kdf_input_gallagher(uint8_t *uid, uint8_t uidLen, uint8_t keyNo, uint32_t aid, uint8_t *kdfInputOut, uint8_t *kdfInputLen); diff --git a/common/mbedtls/Makefile b/common/mbedtls/Makefile index 0413bdff7..07c047ffb 100644 --- a/common/mbedtls/Makefile +++ b/common/mbedtls/Makefile @@ -25,6 +25,7 @@ MYSRCS = \ ecdh.c \ ecdsa.c \ gcm.c \ + hkdf.c \ md.c \ md5.c \ oid.c \ diff --git a/common/mbedtls/config.h b/common/mbedtls/config.h index a3faef146..954817edc 100644 --- a/common/mbedtls/config.h +++ b/common/mbedtls/config.h @@ -2849,7 +2849,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -//#define MBEDTLS_HKDF_C +#define MBEDTLS_HKDF_C /** * \def MBEDTLS_HMAC_DRBG_C From dd6d9ea5ee3ff3fa303ba4e056b8df8174fff626 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 20 Nov 2024 09:44:05 +0100 Subject: [PATCH 09/10] forget to update cmake --- client/deps/mbedtls.cmake | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/client/deps/mbedtls.cmake b/client/deps/mbedtls.cmake index c1ab8d880..49c141b68 100644 --- a/client/deps/mbedtls.cmake +++ b/client/deps/mbedtls.cmake @@ -22,7 +22,8 @@ add_library(pm3rrg_rdv4_mbedtls STATIC ../../common/mbedtls/des.c ../../common/mbedtls/ecdsa.c ../../common/mbedtls/md.c - ../../common/mbedtls/md5.c + ../../common/mbedtls/hkdf.c + ../../common/mbedtls/md5.c ../../common/mbedtls/oid.c ../../common/mbedtls/pem.c ../../common/mbedtls/arc4.c From d3e02092f7a51ee1dde56c87ab2a2cc2845c0729 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 20 Nov 2024 11:13:53 +0100 Subject: [PATCH 10/10] Makefile: display firmware size --- recovery/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/recovery/Makefile b/recovery/Makefile index 5d561c45b..e18e66c06 100644 --- a/recovery/Makefile +++ b/recovery/Makefile @@ -17,7 +17,10 @@ all: $(BINS) echo "ERROR: Firmware image too large for your platform! $$FWSIZE > $(FWMAXSIZE)"; \ echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; \ exit 1; \ - fi + fi; \ + echo "==================================================================="; \ + echo "Firmware size: $$FWSIZE bytes ($$((FWSIZE/1024))kb) = $$((FWSIZE*100/$(FWMAXSIZE)))% of $$(($(FWMAXSIZE)/1024))kb"; \ + echo "===================================================================" bootrom.bin: ../bootrom/obj/bootrom.elf $(info [=] GEN $@)