detect desfire rudimentary

2025-08-21 05:43:48 -07:00 · 2024-02-03 16:58:03 +01:00 · 2024-02-03 16:58:03 +01:00 · 8f896940b0
commit 8f896940b0
parent bb57d6885b
1 changed files with 118 additions and 94 deletions
--- a/client/src/cmdhfict.c
+++ b/client/src/cmdhfict.c
@ -87,12 +87,12 @@ static int derive_app_key(uint8_t *uid, uint8_t *app_key) {
        return PM3_EINVARG;
    }

-    /*
+/*
    c = b'\x88' + uid
    ch, cl = c[0:4], c[4:8]
    payload = (ch + cl + cl + ch) * 2
    AES.new(ICT_DESFIRE_MASTER_APPKEY, AES.MODE_CBC, iv=b'\0'*16).decrypt(payload)[16:]
-    */
+*/
    uint8_t input[] = {0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
    memcpy(input + 1, uid, 7);

@ -133,7 +133,7 @@ static int diversify_mifare_key(uint8_t *uid, uint8_t *app_key) {
    num_to_bytes(big, 4, input + 4);

    uint8_t key[AES_KEY_LEN];
-    memset(key, 0, sizeof(key));
+    memset(key, 0 , sizeof(key));
 //    memcpy(key, ICT_DESFIRE_FILEKEY, AES_KEY_LEN);

    uint8_t iv[16] = {0};
@ -188,7 +188,7 @@ static int derive_mifare_key(uint8_t *uid, const uint8_t *base_key, uint8_t *app
    uint8_t diverse[MIFARE_KEY_SIZE];
    diversify_mifare_key(uid, diverse);

-    for (uint8_t i = 0; i < MIFARE_KEY_SIZE; i++) {
+    for (uint8_t i=0; i < MIFARE_KEY_SIZE; i++) {
        app_key[i] = base_key[i] ^ diverse[i];
    }

@ -266,7 +266,7 @@ static void itc_decode_card_blob(uint8_t *data, uint8_t card_type) {
    if (data == NULL) {
        return;
    }
-    /*
+/*
    uint8_t block[16];
    if (card_type == ICT_CT_NFC)
        memcpy(block, data+16, sizeof(block));
@ -300,14 +300,14 @@ static void itc_decode_card_blob(uint8_t *data, uint8_t card_type) {
    */
 }
 static void itc_encode_card_blob(uint8_t facility_code, uint16_t card_number, uint8_t bit_count) {
-    /*
+/*
    // encode wiegand ..
    uint8_t wiegand[] = {0,0,0,0,0};
    if (bit_count == 26) {
-    //        wiegand_data = encode_wiegand_26(facility_code, card_number)
+//        wiegand_data = encode_wiegand_26(facility_code, card_number)
    }
    if (bit_count == 34) {
-    //        wiegand_data = encode_wiegand_34(facility_code, card_number)
+//        wiegand_data = encode_wiegand_34(facility_code, card_number)
    }

    // card binary blog
@ -463,7 +463,7 @@ static int CmdHfIctRead(const char *Cmd) {
    return PM3_SUCCESS;
 }

-static int CmdHfIctCredential(const char *Cmd) {
+static int CmdHfIctCredential(const char * Cmd) {

    CLIParserContext *ctx;
    CLIParserInit(&ctx, "hf ict credential",
@ -479,6 +479,29 @@ static int CmdHfIctCredential(const char *Cmd) {
    bool verbose = arg_get_lit(ctx, 5);
    CLIParserFree(ctx);

+    SetAPDULogging(false);
+    DropField();
+
+    iso14a_card_select_t card;
+    if (ict_select_card(&card) != PM3_SUCCESS) {
+        return PM3_ESOFT;
+    }
+
+    bool isdesfire = false;
+    if ((card.sak & 0x24) == 0x24) {
+        isdesfire = true;
+    } else if ((card.sak & 0x20) == 0x20) {
+        if (card.atqa[0] == 0x003&& card.atqa[1] == 0x40) {
+            isdesfire = true;
+        }
+    }
+
+    if (isdesfire) {
+
+        // read file in desfire application 
+        // add decrypt sector
+
+    } else {
        uint16_t sc_size = mfNumBlocksPerSector(ICT_MIFARE_SECTOR) * MFBLOCK_SIZE;
        uint8_t *data = calloc(sc_size, sizeof(uint8_t));
        if (data == NULL) {
@ -503,6 +526,7 @@ static int CmdHfIctCredential(const char *Cmd) {
        // add decrypt sector

        free(data);
+    }
    return PM3_SUCCESS;
 }