minor textual changes \n and added support for bambu kdf.

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Added support for a new KDF (@iceman1001)
 - Added Inner range aid and mad entries (@iceman1001)
 - Changed `mem spiffs` - Use all available space in SPI flash (@ANTodorov)
 - Fixed wrong size check in MifareSim (@iceman1001)

client/src/cmdhfmf.c

@@ -797,7 +797,7 @@ static int mf_load_keys(uint8_t **pkeyBlock, uint32_t *pkeycnt, uint8_t *userkey
             PrintAndLogEx(DEBUG, _YELLOW_("%2d") " - %s", *pkeycnt + i, sprint_hex(*pkeyBlock + (*pkeycnt + i) * MIFARE_KEY_SIZE, MIFARE_KEY_SIZE));
         }
         *pkeycnt += ARRAYLEN(g_mifare_default_keys);
-        PrintAndLogEx(SUCCESS, "loaded " _GREEN_("%zu") " keys from hardcoded default array", ARRAYLEN(g_mifare_default_keys));
+        PrintAndLogEx(SUCCESS, "loaded " _GREEN_("%zu") " hardcoded keys", ARRAYLEN(g_mifare_default_keys));
     }
 
     // Handle user supplied dictionary file
@@ -883,7 +883,7 @@ static int CmdHF14AMfDarkside(const char *Cmd) {
         arg_param_begin,
         arg_int0(NULL, "blk", "<dec> ", "Target block"),
         arg_lit0("b", NULL, "Target key B instead of default key A"),
-        arg_int0("c", NULL, "<dec>", "Target key type is key A + offset"),
+        arg_int0("c", NULL, "<dec>", "Target Auth 6x"),
         arg_param_end
     };
     CLIExecWithReturn(ctx, Cmd, argtable, true);
@@ -9697,7 +9697,8 @@ static int CmdHF14AMfInfo(const char *Cmd) {
     }
 
     if (fKeyType != 0xFF) {
-        PrintAndLogEx(SUCCESS, "Block 0.......... %s", sprint_hex_ascii(blockdata, MFBLOCK_SIZE));
+            PrintAndLogEx(SUCCESS, "Block 0.... %s | " NOLF, sprint_hex_inrow(blockdata, MFBLOCK_SIZE));
+            PrintAndLogEx(NORMAL, "%s", sprint_ascii(blockdata + 8, 8));
     }
 
     PrintAndLogEx(NORMAL, "");

client/src/cmdhfmfu.c

@@ -4126,7 +4126,7 @@ static int CmdHF14AMfUCSetUid(const char *Cmd) {
 
     // save old block2.
     uint8_t oldblock2[4] = {0x00};
-    memcpy(resp.data.asBytes, oldblock2, 4);
+    memcpy(oldblock2, resp.data.asBytes, 4);
 
     // Enforce bad BCC handling temporarily as BCC will be wrong between
     // block 1 write and block2 write
@@ -4431,6 +4431,9 @@ static int CmdHF14AMfUPwdGen(const char *Cmd) {
     PrintAndLogEx(INFO, " Dorma Kaba algo");
     PrintAndLogEx(INFO, " STiD algo");
     PrintAndLogEx(INFO, "-------------------------------------");
+    key = 0;
+    mfc_algo_bambu_one(uid, 0, MF_KEY_A, &key);
+    PrintAndLogEx(INFO, " Bambu........ %012" PRIX64, key);
     return PM3_SUCCESS;
 }
 

common/commonutil.c

@@ -567,3 +567,35 @@ size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_of
 
     return dest_offset + nbits;
 }
+
+int char2int(char c) {
+    if (c >= '0' && c <= '9') return c - '0';
+    if (c >= 'A' && c <= 'F') return c - 'A' + 10;
+    if (c >= 'a' && c <= 'f') return c - 'a' + 10;
+    return -1; // Invalid character for hex
+}
+
+ // returns the number of bytes written
+int hexstr2ByteArr(const char *hexstr, unsigned char *array, size_t asize) {
+    size_t n = 0;
+    while (hexstr[n] != '\0') {
+        n++;
+    }
+
+    // Check if the input is valid and fits in the output array
+    if (n % 2 != 0 || asize < n >> 1) {
+        return -1; // Error: invalid length or insufficient byte array size
+    }
+
+    for (size_t i = 0; i < n; i += 2) {
+        int high = char2int(hexstr[i]);
+        int low = char2int(hexstr[i + 1]);
+
+        if (high == -1 || low == -1) {
+            return -1; // Error: invalid hex character
+        }
+
+        array[i >> 1] = (high << 4) | low;
+    }
+    return n >> 1;
+}

common/commonutil.h

@@ -65,6 +65,20 @@
 #define REV64(x)        (REV32(x) + ((uint64_t)(REV32((x) >> 32) << 32)))
 #endif
 
+typedef struct {
+    int Year;
+    int Month;
+    int Day;
+    int Hour;
+    int Minute;
+} Date_t;
+
+
+int calculate_hours_between_dates(const Date_t s, Date_t *e);
+void add_hours(Date_t *d, int hours_to_add);
+void add_days(Date_t *d, int days_to_add);
+uint8_t days_in_month(int year, int month);
+
 
 extern struct version_information_t g_version_information;
 void FormatVersionInformation(char *dst, int len, const char *prefix, const void *version_info);
@@ -136,4 +150,6 @@ void reverse_arraybytes(uint8_t *arr, size_t len);
 void reverse_arraybytes_copy(uint8_t *arr, uint8_t *dest, size_t len);
 
 size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_offset, size_t nbits);
+int char2int(char c);
+int hexstr2ByteArr(const char *hexstr, unsigned char *array, size_t asize);
 #endif

common/generator.c

@@ -25,7 +25,7 @@
 #include <string.h>
 #include "commonutil.h"   //BSWAP_16
 #include "common.h"       //BSWAP_32/64
-#include "util.h"
+
 #include "pm3_cmd.h"
 #include "crc16.h"        // crc16 ccitt
 #include "mbedtls/sha1.h"
@@ -33,9 +33,11 @@
 #include "mbedtls/cmac.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/md.h"
+#include "mbedtls/hkdf.h"
 
 #ifndef ON_DEVICE
 #include "ui.h"
+#include "util.h"
 # define prnt(args...) PrintAndLogEx(DEBUG, ## args );
 #else
 # include "dbprint.h"
@@ -351,12 +353,11 @@ int mfc_algo_saflok_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t
             0xda3e3fd649ddULL, 0x58dded078e3eULL, 0x5cd005cfd907ULL, 0x118dd00187d0ULL
         };
 
-        uint8_t h = ((uid[3] >> 4) & 0xF);
-        h += ((uid[2] >> 4) & 0xF);
+        uint8_t h = (NIBBLE_HIGH(uid[3]) & 0xF);
+        h += (NIBBLE_HIGH(uid[2]) & 0xF);
         h += uid[0] & 0xF;
 
         uint64_t m = lut[h & 0xF];
-
         uint64_t id = (bytes_to_num(uid, 4) << 8);
 
         *key = (h + (id + m + ((uint64_t)h << 40ULL))) & 0xFFFFFFFFFFFFULL;
@@ -540,6 +541,41 @@ int mfc_algo_sky_all(uint8_t *uid, uint8_t *keys) {
     return PM3_SUCCESS;
 }
 
+
+static const uint8_t bambu_salt[] = { 0x9a, 0x75, 0x9c, 0xf2, 0xc4, 0xf7, 0xca, 0xff, 0x22, 0x2c, 0xb9, 0x76, 0x9b, 0x41, 0xbc, 0x96 };
+static const uint8_t bambu_context_a[] = "RFID-A";
+static const uint8_t bambu_context_b[] = "RFID-B";
+
+int mfc_algo_bambu_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key) {
+    if (uid == NULL) return PM3_EINVARG;
+    if (key == NULL) return PM3_EINVARG;
+
+    uint8_t keys[16 * 6] = {0};
+
+    // prepare hmac context
+    const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+
+    if (keytype == 0) {
+        mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_a, sizeof(bambu_context_a), keys, sizeof(keys) );
+    } else {
+        mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_b, sizeof(bambu_context_b), keys, sizeof(keys));
+    }
+
+    *key = bytes_to_num(keys + (sector * 6), 6);
+    return PM3_SUCCESS;
+}
+
+int mfc_algo_bambu_all(uint8_t *uid, uint8_t *keys) {
+    if (uid == NULL) return PM3_EINVARG;
+    if (keys == NULL) return PM3_EINVARG;
+
+    // prepare hmac context
+    const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+    mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_a, sizeof(bambu_context_a), keys, (16 * 6) );
+    mbedtls_hkdf(info, bambu_salt, sizeof(bambu_salt), uid, 4, bambu_context_b, sizeof(bambu_context_b), keys + (16 * 6), (16 * 6));
+    return PM3_SUCCESS;
+}
+
 // LF T55x7 White gun cloner algo
 uint32_t lf_t55xx_white_pwdgen(uint32_t id) {
     uint32_t r1 = rotl(id & 0x000000ec, 8);
@@ -617,10 +653,9 @@ int mfc_algo_touch_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *
 
 int generator_selftest(void) {
 #ifndef ON_DEVICE
-#define NUM_OF_TEST     10
+#define NUM_OF_TEST     11
 
-    PrintAndLogEx(INFO, "PWD / KEY generator selftest");
-    PrintAndLogEx(INFO, "----------------------------");
+    PrintAndLogEx(INFO, "------- " _CYAN_("PWD / KEY generator self tests") " --------");
 
     uint8_t testresult = 0;
 
@@ -629,7 +664,6 @@ int generator_selftest(void) {
     bool success = (pwd1 == 0x8432EB17);
     if (success)
         testresult++;
-
     PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid1, 7), pwd1, success ?  _GREEN_("ok") : "->8432EB17<-");
 
     uint8_t uid2[] = {0x04, 0x1f, 0x98, 0xea, 0x1e, 0x3e, 0x81};
@@ -687,7 +721,7 @@ int generator_selftest(void) {
     success = (key8 == 0x82c7e64bc565);
     if (success)
         testresult++;
-    PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s          | %"PRIx64" - %s", sprint_hex(uid8, 4), key8, success ?  _GREEN_("ok") : "->82C7E64BC565<--");
+    PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s          | %012"PRIx64" - %s", sprint_hex(uid8, 4), key8, success ?  _GREEN_("ok") : "->82C7E64BC565<--");
 
     // MFC SAFLOK
     uint8_t uid9[] = {0x11, 0x22, 0x33, 0x44};
@@ -696,13 +730,22 @@ int generator_selftest(void) {
     success = (key9 == 0xD1E2AA68E39A);
     if (success)
         testresult++;
-    PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s          | %"PRIX64" - %s", sprint_hex(uid9, 4), key9, success ? _GREEN_("ok") : _RED_(">> D1E2AA68E39A <<"));
+    PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s          | %012"PRIX64" - %s", sprint_hex(uid9, 4), key9, success ? _GREEN_("ok") : _RED_(">> D1E2AA68E39A <<"));
 
     uint32_t lf_id = lf_t55xx_white_pwdgen(0x00000080);
     success = (lf_id == 0x00018383);
     if (success)
         testresult++;
-    PrintAndLogEx(success ? SUCCESS : WARNING, "ID  | 0x00000080            | %08"PRIx32 " - %s", lf_id, success ?  _GREEN_("ok") : "->00018383<--");
+    PrintAndLogEx(success ? SUCCESS : WARNING, "ID  | 0x00000080            | %08"PRIx32 " - %s", lf_id, success ?  _GREEN_("ok") : ">> 00018383 <<");
+
+    // MFC Bambu
+    uint64_t key13 = 0;
+    mfc_algo_bambu_one(uid9, 0, 0, &key13);
+    success = (key13 == 0x0729F3B2D37A);
+    if (success)
+        testresult++;
+    PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s          | %012"PRIX64" - %s", sprint_hex(uid9, 4), key13, success ? _GREEN_("ok") : _RED_(">> 0729F3B2D37A <<"));
+
 
     PrintAndLogEx(SUCCESS, "------------------- Selftest %s", (testresult == NUM_OF_TEST) ? _GREEN_("ok") : _RED_("fail"));
 

common/generator.h

@@ -62,6 +62,8 @@ int mfc_generate4b_nuid(uint8_t *uid, uint8_t *nuid);
 
 int mfc_algo_touch_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key);
 
+int mfc_algo_bambu_one(uint8_t *uid, uint8_t sector, uint8_t keytype, uint64_t *key);
+int mfc_algo_bambu_all(uint8_t *uid, uint8_t *keys);
 uint32_t lf_t55xx_white_pwdgen(uint32_t id);
 
 int mfdes_kdf_input_gallagher(uint8_t *uid, uint8_t uidLen, uint8_t keyNo, uint32_t aid, uint8_t *kdfInputOut, uint8_t *kdfInputLen);

common/mbedtls/Makefile

@@ -25,6 +25,7 @@ MYSRCS = \
 	ecdh.c \
 	ecdsa.c \
 	gcm.c \
+	hkdf.c \
 	md.c \
 	md5.c \
 	oid.c \

common/mbedtls/config.h

@@ -2849,7 +2849,7 @@
  * This module adds support for the Hashed Message Authentication Code
  * (HMAC)-based key derivation function (HKDF).
  */
-//#define MBEDTLS_HKDF_C
+#define MBEDTLS_HKDF_C
 
 /**
  * \def MBEDTLS_HMAC_DRBG_C