github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

lf search - now tries to read out hitag2 data with the paxton key.

Browse source
This commit is contained in:
iceman1001 2024-09-15 18:19:28 +02:00
commit 805dc99b97
6 changed files with 95 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Changed `lf search` - it now tries to read and decode paxton id (@iceman1001)
- Changed `lf search` - to identify hitag2/s/82xx in chipset detection to preserve their EM4100 or other outputs (@iceman1001) - Changed `lf search` - to identify hitag2/s/82xx in chipset detection to preserve their EM4100 or other outputs (@iceman1001)
- Added `lf hitag hts reader` - to act as a HitagS / 82xx reader (@iceman1001) - Added `lf hitag hts reader` - to act as a HitagS / 82xx reader (@iceman1001)
- Changed `lf hitag hts write` -> ´lf hitag hts wdbl` to fit rest of client command names (@iceman1001) - Changed `lf hitag hts write` -> ´lf hitag hts wdbl` to fit rest of client command names (@iceman1001)

15
client/src/cmdlf.c
View file

@ -1719,9 +1719,22 @@ int CmdLFfind(const char *Cmd) {
PrintAndLogEx(INFO, _CYAN_("Checking for known tags...")); PrintAndLogEx(INFO, _CYAN_("Checking for known tags..."));
PrintAndLogEx(INFO, ""); PrintAndLogEx(INFO, "");
int retval = PM3_SUCCESS;
// only run these tests if device is online // only run these tests if device is online
if (is_online) { if (is_online) {
if (IfPm3Hitag()) {
if (ht2_read_paxton() == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Paxton ID") " found!");
if (search_cont) {
found++;
} else {
goto out;
}
}
}
#if !defined ICOPYX #if !defined ICOPYX
if (IfPm3EM4x50()) { if (IfPm3EM4x50()) {
if (read_em4x50_uid() == PM3_SUCCESS) { if (read_em4x50_uid() == PM3_SUCCESS) {
@ -1769,8 +1782,6 @@ int CmdLFfind(const char *Cmd) {
} }
} }
int retval = PM3_SUCCESS;
// ask / man // ask / man
if (demodEM410x(true) == PM3_SUCCESS) { if (demodEM410x(true) == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("EM410x ID") " found!"); PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("EM410x ID") " found!");

47
client/src/cmdlfhitag.c
View file

@ -35,6 +35,10 @@
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
static const uint8_t ht2_default_keys[] = {
0xBD, 0xF5, 0xE8, 0x46 // PAXTON
};
static const char *getHitagTypeStr(uint32_t uid) { static const char *getHitagTypeStr(uint32_t uid) {
//uid s/n ******** //uid s/n ********
uint8_t type = (uid >> 4) & 0xF; uint8_t type = (uid >> 4) & 0xF;
@ -205,7 +209,7 @@ static int CmdLFHitagList(const char *Cmd) {
*/ */
} }
static void print_hitag2_paxton(const uint8_t *data) { static void print_hitag2_paxton(bool show_header, const uint8_t *data) {
// if the pwd isn't.. // if the pwd isn't..
if (memcmp(data + 4, "\xBD\xF5\xE8\x46", 4)) { if (memcmp(data + 4, "\xBD\xF5\xE8\x46", 4)) {
@ -263,11 +267,15 @@ static void print_hitag2_paxton(const uint8_t *data) {
} }
} }
if (show_header) {
PrintAndLogEx(INFO, ""); PrintAndLogEx(INFO, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Possible de-scramble patterns") " -------------"); PrintAndLogEx(INFO, "--- " _CYAN_("Possible de-scramble patterns") " -------------");
}
PrintAndLogEx(SUCCESS, "Paxton id... %" PRIu64 " | 0x%" PRIx64 " ( %s )", paxton_id, paxton_id, formfactor); PrintAndLogEx(SUCCESS, "Paxton id... %" PRIu64 " | 0x%" PRIx64 " ( %s )", paxton_id, paxton_id, formfactor);
if (show_header) {
PrintAndLogEx(INFO, ""); PrintAndLogEx(INFO, "");
} }
}
static void print_hitag2_configuration(uint32_t uid, uint8_t config) { static void print_hitag2_configuration(uint32_t uid, uint8_t config) {
@ -1079,7 +1087,7 @@ static int CmdLFHitagRd(const char *Cmd) {
if (use_ht2) { if (use_ht2) {
print_hitag2_blocks(data, HITAG2_MAX_BYTE_SIZE); print_hitag2_blocks(data, HITAG2_MAX_BYTE_SIZE);
print_hitag2_paxton(data); print_hitag2_paxton(true, data);
} else { } else {
print_hex_break(data, HITAG_MAX_BYTE_SIZE, HITAG_BLOCK_SIZE); print_hex_break(data, HITAG_MAX_BYTE_SIZE, HITAG_BLOCK_SIZE);
} }
@ -1624,7 +1632,7 @@ out:
if (use_ht2) { if (use_ht2) {
print_hitag2_configuration(uid, data[HITAG_BLOCK_SIZE * 3]); print_hitag2_configuration(uid, data[HITAG_BLOCK_SIZE * 3]);
print_hitag2_blocks(data, HITAG2_MAX_BYTE_SIZE); print_hitag2_blocks(data, HITAG2_MAX_BYTE_SIZE);
print_hitag2_paxton(data); print_hitag2_paxton(true, data);
} else { } else {
PrintAndLogEx(INFO, "No memory printing available"); PrintAndLogEx(INFO, "No memory printing available");
} }
@ -1685,7 +1693,7 @@ static int CmdLFHitagView(const char *Cmd) {
uint8_t config = dump[HITAG2_CONFIG_OFFSET]; uint8_t config = dump[HITAG2_CONFIG_OFFSET];
uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE); uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE);
print_hitag2_configuration(uid, config); print_hitag2_configuration(uid, config);
print_hitag2_paxton(dump); print_hitag2_paxton(true, dump);
} }
print_hitag2_blocks(dump, HITAG2_MAX_BYTE_SIZE); print_hitag2_blocks(dump, HITAG2_MAX_BYTE_SIZE);
free(dump); free(dump);
@ -1800,7 +1808,7 @@ static int CmdLFHitagEview(const char *Cmd) {
uint8_t config = dump[HITAG2_CONFIG_OFFSET]; uint8_t config = dump[HITAG2_CONFIG_OFFSET];
uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE); uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE);
print_hitag2_configuration(uid, config); print_hitag2_configuration(uid, config);
print_hitag2_paxton(dump); print_hitag2_paxton(true, dump);
} }
print_hitag2_blocks(dump, HITAG2_MAX_BYTE_SIZE); print_hitag2_blocks(dump, HITAG2_MAX_BYTE_SIZE);
free(dump); free(dump);
@ -2486,6 +2494,35 @@ int ht2_read_uid(void) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
int ht2_read_paxton(void) {
// read block 4,5,6,7
lf_hitag_data_t packet;
memset(&packet, 0, sizeof(packet));
packet.cmd = RHT2F_PASSWORD;
memcpy(packet.pwd, ht2_default_keys, sizeof(packet.pwd));
clearCommandBuffer();
SendCommandNG(CMD_LF_HITAG_READER, (uint8_t *)&packet, sizeof(packet));
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 2000) == false) {
SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
return PM3_ETIMEOUT;
}
if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - hitag failed");
return PM3_ESOFT;
}
uint8_t *data = resp.data.asBytes;
print_hitag2_paxton(false, data);
return PM3_SUCCESS;
}
static command_t CommandTable[] = { static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"}, {"help", CmdHelp, AlwaysAvailable, "This help"},
{"list", CmdLFHitagList, AlwaysAvailable, "List Hitag trace history"}, {"list", CmdLFHitagList, AlwaysAvailable, "List Hitag trace history"},

1
client/src/cmdlfhitag.h
View file

@ -28,6 +28,7 @@
int CmdLFHitag(const char *Cmd); int CmdLFHitag(const char *Cmd);
int ht2_read_uid(void); int ht2_read_uid(void);
int ht2_read_paxton(void);
void annotateHitag1(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response); void annotateHitag1(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response);
void annotateHitag2(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, uint8_t bits, bool is_response, const uint64_t *keys, uint32_t keycount, bool isdecrypted); void annotateHitag2(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, uint8_t bits, bool is_response, const uint64_t *keys, uint32_t keycount, bool isdecrypted);
void annotateHitagS(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response); void annotateHitagS(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response);

12
doc/commands.json
View file

@ -9731,7 +9731,7 @@
"description": "Read Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", "description": "Read Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399",
"notes": [ "notes": [
"lf hitag hts rdbl -> Hitag S/8211, plain mode", "lf hitag hts rdbl -> Hitag S/8211, plain mode",
"lf hitag hts rdbl --8 -k BBDD3399 -> 8268/8310, password mode", "lf hitag hts rdbl --82xx -k BBDD3399 -> 8268/8310, password mode",
"lf hitag hts rdbl --nrar 0102030411223344 -> Hitag S, challenge mode", "lf hitag hts rdbl --nrar 0102030411223344 -> Hitag S, challenge mode",
"lf hitag hts rdbl --crypto -> Hitag S, crypto mode, def key", "lf hitag hts rdbl --crypto -> Hitag S, crypto mode, def key",
"lf hitag hts rdbl -k 4F4E4D494B52 -> Hitag S, crypto mode" "lf hitag hts rdbl -k 4F4E4D494B52 -> Hitag S, crypto mode"
@ -9765,7 +9765,7 @@
"description": "Write a page in Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", "description": "Write a page in Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399",
"notes": [ "notes": [
"lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode", "lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode",
"lf hitag hts wrbl -p 6 -d 01020304 --8 -k BBDD3399 -> 8268/8310, password mode", "lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode",
"lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode", "lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode",
"lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key", "lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key",
"lf hitag hts wrbl -p 6 -d 01020304 -k 4F4E4D494B52 -> Hitag S, crypto mode" "lf hitag hts wrbl -p 6 -d 01020304 -k 4F4E4D494B52 -> Hitag S, crypto mode"
@ -9774,13 +9774,13 @@
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"--nrar <hex> nonce / answer writer, 8 hex bytes", "--nrar <hex> nonce / answer writer, 8 hex bytes",
"--8 8268/8310 mode", "-8, --82xx 8268/8310 mode",
"--crypto crypto mode", "--crypto crypto mode",
"-k, --key <hex> pwd or key, 4 or 6 hex bytes", "-k, --key <hex> pwd or key, 4 or 6 hex bytes",
"-p, --page <dec> page address to write to", "-p, --page <dec> page address to write to",
"-d, --data <hex> data, 4 hex bytes" "-d, --data <hex> data, 4 hex bytes"
], ],
"usage": "lf hitag hts wrbl [-h] [--nrar <hex>] [--8] [--crypto] [-k <hex>] -p <dec> -d <hex>" "usage": "lf hitag hts wrbl [-h8] [--nrar <hex>] [--crypto] [-k <hex>] -p <dec> -d <hex>"
}, },
"lf hitag info": { "lf hitag info": {
"command": "lf hitag info", "command": "lf hitag info",
@ -12902,8 +12902,8 @@
} }
}, },
"metadata": { "metadata": {
"commands_extracted": 744, "commands_extracted": 745,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2024-09-15T09:53:32" "extracted_on": "2024-09-15T16:16:09"
} }
} }