From 72900d1bf9de16ae610fd73d70882436a8a22d67 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 6 Sep 2024 22:36:44 +0200 Subject: [PATCH] fix and style --- armsrc/mifarecmd.c | 3 +- client/src/cmdhflist.c | 3 +- client/src/cmdhflist.h | 2 ++ client/src/cmdhfmf.c | 47 ++++++++++++++++++++++++------- client/src/crypto/libpcrypto.c | 6 ++-- client/src/mifare/mifaredefault.h | 2 ++ client/src/mifare/mifarehost.c | 8 ++++-- client/src/uart/uart_win32.c | 3 +- common/cardhelper.c | 20 +++++++------ common/lfdemod.c | 13 +++++++-- 10 files changed, 79 insertions(+), 28 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index d4152cfb6..38c8a5a6f 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2341,6 +2341,7 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) { uint64_t ui64Key = emlGetKey(s, keytype); + // MIFARE Classic 1K Ev1 , MIFARE Classic MINI Ev1 if (sectorcnt == 18) { // MFC 1K EV1, skip sector 16 since its lockdown if (s == 16) { @@ -2355,7 +2356,7 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) { // ICEMAN: ugly hack, we don't want to trigger the partial load message // MFC 1K EV1 sector 17 don't use key A. // not mention we don't save signatures in our MFC dump files. - if (s == 17 && keytype == 0) { + if (s == 17 && keytype == MF_KEY_A) { ui64Key = 0x4B791BEA7BCC; keytype = 1; } diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index bc2fdce02..aa83bc20b 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -30,6 +30,7 @@ #include "crapto1/crapto1.h" #include "protocols.h" #include "cmdhficlass.h" +#include "mifare/mifaredefault.h" // mifare consts enum MifareAuthSeq { masNone, @@ -382,7 +383,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i snprintf(exp, size, "WRITEBLOCK(" _MAGENTA_("%d") ")", cmd[1]); else // outside limits, useful for some tags... - snprintf(exp, size, "WRITEBLOCK(" _MAGENTA_("%d") ") (?)", cmd[1]); + snprintf(exp, size, "WRITEBLOCK(" _MAGENTA_("%d") ") (%s)", cmd[1], sprint_hex_inrow(cmd + 2, 4)); break; } case MIFARE_ULEV1_READ_CNT : { diff --git a/client/src/cmdhflist.h b/client/src/cmdhflist.h index ab544a86f..cbe18e92c 100644 --- a/client/src/cmdhflist.h +++ b/client/src/cmdhflist.h @@ -19,6 +19,7 @@ #define CMDHFLIST_H #include "common.h" +#include "mifare/mifaredefault.h" // mifare consts typedef struct { uint32_t uid; // UID @@ -34,6 +35,7 @@ typedef struct { bool first_auth; // is first authentication uint32_t ks2; // ar ^ ar_enc uint32_t ks3; // at ^ at_enc + uint8_t mem[MIFARE_4K_MAX_BYTES]; } AuthData_t; void ClearAuthData(void); diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 70990be0b..7e31a78d4 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -898,12 +898,12 @@ static int CmdHF14AMfDarkside(const char *Cmd) { arg_param_begin, arg_int0(NULL, "blk", " ", "Target block"), arg_lit0("b", NULL, "Target key B instead of default key A"), + arg_int0("c", NULL, "", "Target Auth 6x"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); - uint8_t blockno = arg_get_u32_def(ctx, 1, 0); - + uint8_t blockno = arg_get_u32_def(ctx, 1, 0) & 0xFF; uint8_t key_type = MIFARE_AUTH_KEYA; if (arg_get_lit(ctx, 2)) { @@ -911,6 +911,11 @@ static int CmdHF14AMfDarkside(const char *Cmd) { key_type = MIFARE_AUTH_KEYB; } + uint8_t ctype = arg_get_u32_def(ctx, 3, 0) & 0xFF; + if ((ctype & 0x60) == 0x60) { + key_type = ctype; + } + CLIParserFree(ctx); uint64_t key = 0; @@ -3610,26 +3615,34 @@ static int CmdHF14AMfSmartBrute(const char *Cmd) { // generate block of keys from generator memset(keyBlock, 0, MIFARE_KEY_SIZE * chunksize); + for (i = 0; i < chunksize; i++) { + ret = bf_generate(&bctx); + if (ret == BF_GENERATOR_ERROR) { PrintAndLogEx(ERR, "Internal bruteforce generator error"); free(keyBlock); free(e_sector); return PM3_EFAILED; + } else if (ret == BF_GENERATOR_END) { + lastChunk = true; break; + } else if (ret == BF_GENERATOR_NEXT) { generator_key = bf_get_key48(&bctx); num_to_bytes(generator_key, MIFARE_KEY_SIZE, keyBlock + (i * MIFARE_KEY_SIZE)); keycnt++; if (smart_mode_stage != bctx.smart_mode_stage) { + smart_mode_stage = bctx.smart_mode_stage; PrintAndLogEx(INFO, "Running bruteforce stage %d", smart_mode_stage); if (msclock() - t1 > 0 && keys_checked > 0) { + PrintAndLogEx(INFO, "Current cracking speed (keys/s): %lu", keys_checked / ((msclock() - t1) / 1000)); @@ -3661,11 +3674,13 @@ out: uint8_t found_keys = 0; for (i = 0; i < sectorsCnt; ++i) { - if (e_sector[i].foundKey[0]) + if (e_sector[i].foundKey[0]) { found_keys++; + } - if (e_sector[i].foundKey[1]) + if (e_sector[i].foundKey[1]) { found_keys++; + } } if (found_keys == 0) { @@ -6469,12 +6484,16 @@ int CmdHFMFNDEFRead(const char *Cmd) { res = NDEFRecordsDecodeAndPrint(data, datalen, verbose); } + // if given a filename, save it + if (fnlen) { // get total NDEF length before save. If fails, we save it all size_t n = 0; - if (NDEFGetTotalLength(data, datalen, &n) != PM3_SUCCESS) + if (NDEFGetTotalLength(data, datalen, &n) != PM3_SUCCESS) { n = datalen; + } pm3_save_dump(filename, data, n, jsfNDEF); + } if (verbose == false) { PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mf ndefread -v`") " for more details"); @@ -7564,6 +7583,14 @@ static int CmdHF14AMfWipe(const char *Cmd) { memcpy(mf, "\x11\x22\x33\x44\x44\x09\x04\x00\x62\x63\x64\x65\x66\x67\x68\x69", MFBLOCK_SIZE); break; } + case (MIFARE_1K_EV1_MAX_KEY_SIZE): { + PrintAndLogEx(INFO, "Loaded keys matching MIFARE Classic 1K Ev1"); + memcpy(keyA, keys, MIFARE_1K_EV1_MAXSECTOR * MIFARE_KEY_SIZE); + memcpy(keyB, keys + (MIFARE_1K_EV1_MAXSECTOR * MIFARE_KEY_SIZE), (MIFARE_1K_EV1_MAXSECTOR * MIFARE_KEY_SIZE)); + num_sectors = NumOfSectors('1'); + memcpy(mf, "\x11\x22\x33\x44\x44\x08\x04\x00\x62\x63\x64\x65\x66\x67\x68\x69", MFBLOCK_SIZE); + break; + } case (MIFARE_1K_MAX_KEY_SIZE): { PrintAndLogEx(INFO, "Loaded keys matching MIFARE Classic 1K"); memcpy(keyA, keys, (MIFARE_1K_MAXSECTOR * MIFARE_KEY_SIZE)); @@ -7582,7 +7609,7 @@ static int CmdHF14AMfWipe(const char *Cmd) { break; } default: { - PrintAndLogEx(INFO, "wrong key file size"); + PrintAndLogEx(INFO, "wrong key file size. got %zu", keyslen); goto out; } } @@ -7641,12 +7668,12 @@ static int CmdHF14AMfWipe(const char *Cmd) { SendCommandMIX(CMD_HF_MIFARE_WRITEBL, mfFirstBlockOfSector(s) + b, kt, 0, data, sizeof(data)); PacketResponseNG resp; if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - int isOK = resp.oldarg[0]; - if (isOK > 0) { - PrintAndLogEx(NORMAL, "( " _GREEN_("ok") " )"); + int8_t isOK = resp.oldarg[0]; + if (isOK == 1) { + PrintAndLogEx(NORMAL, "- key %c ( " _GREEN_("ok") " )", (kt== MF_KEY_A) ? 'A' : 'B'); break; } else { - PrintAndLogEx(NORMAL, "( " _RED_("fail") " )"); + PrintAndLogEx(NORMAL, "- key %c ( " _RED_("fail") " )", (kt== MF_KEY_A) ? 'A' : 'B'); } } else { PrintAndLogEx(WARNING, "Command execute timeout"); diff --git a/client/src/crypto/libpcrypto.c b/client/src/crypto/libpcrypto.c index 02627a872..21f03ed79 100644 --- a/client/src/crypto/libpcrypto.c +++ b/client/src/crypto/libpcrypto.c @@ -468,14 +468,16 @@ int ecdsa_signature_verify(mbedtls_ecp_group_id curveid, uint8_t *key_xy, uint8_ uint8_t shahash[32] = {0}; if (hash) { res = sha256hash(input, length, shahash); - if (res) + if (res) { return res; + } } mbedtls_ecdsa_context ctx; res = ecdsa_init(&ctx, curveid, NULL, key_xy); - if (res) + if (res) { return res; + } res = mbedtls_ecdsa_read_signature( &ctx, diff --git a/client/src/mifare/mifaredefault.h b/client/src/mifare/mifaredefault.h index ccccf124c..3b9119a83 100644 --- a/client/src/mifare/mifaredefault.h +++ b/client/src/mifare/mifaredefault.h @@ -38,6 +38,7 @@ #define MIFARE_4K_MAXSECTOR 40 #define MIFARE_2K_MAXSECTOR 32 #define MIFARE_1K_MAXSECTOR 16 +#define MIFARE_1K_EV1_MAXSECTOR (MIFARE_1K_MAXSECTOR + 2) #define MIFARE_MINI_MAXSECTOR 5 #define MIFARE_4K_MAX_BYTES 4096 @@ -49,6 +50,7 @@ #define MIFARE_MINI_MAX_KEY_SIZE (MIFARE_MINI_MAXSECTOR * 2 * MIFARE_KEY_SIZE) #define MIFARE_1K_MAX_KEY_SIZE (MIFARE_1K_MAXSECTOR * 2 * MIFARE_KEY_SIZE) +#define MIFARE_1K_EV1_MAX_KEY_SIZE (MIFARE_1K_EV1_MAXSECTOR * 2 * MIFARE_KEY_SIZE) #define MIFARE_2K_MAX_KEY_SIZE (MIFARE_2K_MAXSECTOR * 2 * MIFARE_KEY_SIZE) #define MIFARE_4K_MAX_KEY_SIZE (MIFARE_4K_MAXSECTOR * 2 * MIFARE_KEY_SIZE) diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index c5c7c91e7..df44938d9 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -221,7 +221,7 @@ int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keyc SendCommandNG(CMD_HF_MIFARE_CHKKEYS, data, (5 + 6 * keycnt)); PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_HF_MIFARE_CHKKEYS, &resp, 2500)) { + if (WaitForResponseTimeout(CMD_HF_MIFARE_CHKKEYS, &resp, 2500) == false) { return PM3_ETIMEOUT; } if (resp.status != PM3_SUCCESS) { @@ -233,11 +233,13 @@ int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keyc bool found; } PACKED; struct kr *keyresult = (struct kr *)&resp.data.asBytes; - if (!keyresult->found) { + if (keyresult->found == false) { return PM3_ESOFT; } - *key = bytes_to_num(keyresult->key, sizeof(keyresult->key)); + if (key) { + *key = bytes_to_num(keyresult->key, sizeof(keyresult->key)); + } return PM3_SUCCESS; } diff --git a/client/src/uart/uart_win32.c b/client/src/uart/uart_win32.c index ac3d73dc4..b96013368 100644 --- a/client/src/uart/uart_win32.c +++ b/client/src/uart/uart_win32.c @@ -62,8 +62,9 @@ uint32_t uart_get_timeouts(void) { } static int uart_reconfigure_timeouts_polling(serial_port sp) { - if (newtimeout_pending == false) + if (newtimeout_pending == false) { return PM3_SUCCESS; + } newtimeout_pending = false; serial_port_windows_t *spw = (serial_port_windows_t *)sp; diff --git a/common/cardhelper.c b/common/cardhelper.c index fc4fe2503..388cb955d 100644 --- a/common/cardhelper.c +++ b/common/cardhelper.c @@ -131,17 +131,18 @@ bool Encrypt(uint8_t *src, uint8_t *dest) { // Call with block6 void DecodeBlock6(uint8_t *src) { - int resp_len = 0; - uint8_t resp[254] = {0}; uint8_t c[] = {0x96, CARD_INS_DECODE, 0x00, 0x00, 0x09, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; memcpy(c + 6, src, 8); + int resp_len = 0; + uint8_t resp[254] = {0}; + // first part ExchangeAPDUSC(false, c, sizeof(c), false, true, resp, sizeof(resp), &resp_len); - if (resp_len < 11) { + PrintAndLogEx(DEBUG, "decodeblock6, wrong response len, expected 11 got ( " _RED_("%d") " )", resp_len); return; } @@ -151,10 +152,11 @@ void DecodeBlock6(uint8_t *src) { c[5] = 0x02; ExchangeAPDUSC(false, c, sizeof(c), false, false, resp, sizeof(resp), &resp_len); - if (resp_len < 11) { + PrintAndLogEx(DEBUG, "decodeblock6, wrong response len, expected 11 got ( " _RED_("%d") " )", resp_len); return; } + PrintAndLogEx(SUCCESS, "%.*s", resp_len - 11, resp + 9); } @@ -166,7 +168,6 @@ uint8_t GetNumberBlocksForUserId(uint8_t *src) { memcpy(c + 5, src, 8); ExchangeAPDUSC(false, c, sizeof(c), false, false, resp, sizeof(resp), &resp_len); - if (resp_len < 8) { return 0; } @@ -192,8 +193,9 @@ uint8_t GetPinSize(uint8_t *src) { } int GetConfigCardByIdx(uint8_t typ, uint8_t *blocks) { - if (blocks == NULL) + if (blocks == NULL) { return PM3_EINVARG; + } int resp_len = 0; uint8_t resp[254] = {0}; @@ -212,8 +214,9 @@ int GetConfigCardByIdx(uint8_t typ, uint8_t *blocks) { } int GetConfigCardStrByIdx(uint8_t typ, uint8_t *out) { - if (out == NULL) + if (out == NULL) { return PM3_EINVARG; + } int resp_len = 0; uint8_t resp[254] = {0}; @@ -232,8 +235,9 @@ int GetConfigCardStrByIdx(uint8_t typ, uint8_t *out) { } int VerifyRdv4Signature(uint8_t *memid, uint8_t *signature) { - if (memid == NULL || signature == NULL) + if (memid == NULL || signature == NULL) { return PM3_EINVARG; + } int resp_len = 0; uint8_t resp[254] = {0}; diff --git a/common/lfdemod.c b/common/lfdemod.c index 1e3e9d661..6a4dbdf73 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -152,7 +152,9 @@ void computeSignalProperties(const uint8_t *samples, uint32_t size) { } void removeSignalOffset(uint8_t *samples, uint32_t size) { - if (samples == NULL || size < SIGNAL_MIN_SAMPLES) return; + if (samples == NULL || size < SIGNAL_MIN_SAMPLES) { + return; + } int acc_off = 0; uint32_t offset_size = size - SIGNAL_IGNORE_FIRST_SAMPLES; @@ -458,7 +460,14 @@ static size_t findModStart(const uint8_t *src, size_t size, uint8_t expWaveSize) } else { waveSizeCnt++; } - if (thresholdCnt > 10) break; + + if (thresholdCnt > 10) { + break; + } + } + + if (g_debugMode == 2) { + prnt("DEBUG: threshold Count reached at index %zu, count: %u", i, thresholdCnt); } return i; }