github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implemented a hf iclass sim variation

Browse source 
hf iclass sim -t 3 variation that glitches specific block responses during read/write operations based on the value of the last byte of block 31.
This commit is contained in:
Antiklesys 2025-06-07 02:15:01 +08:00
commit 94794f7519
4 changed files with 35 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

8
client/src/cmdhficlass.c
View file

@ -844,7 +844,8 @@ static int CmdHFiClassSim(const char *Cmd) {
"hf iclass sim -t 1 --> simulate with default CSN\n"
"hf iclass sim -t 2 --> execute loclass attack online part\n"
"hf iclass sim -t 3 --> simulate full iCLASS 2k tag\n"
"hf iclass sim -t 4 --> Reader-attack, adapted for KeyRoll mode, gather reader responses to extract elite key");
"hf iclass sim -t 4 --> Reader-attack, adapted for KeyRoll mode, gather reader responses to extract elite key\n"
"hf iclass sim -t 6 --> same as -t 3, but doesn't respond to r/w for the block specified in last byte of blk 31");
void *argtable[] = {
arg_param_begin,
@ -875,7 +876,7 @@ static int CmdHFiClassSim(const char *Cmd) {
CLIParserFree(ctx);
if (sim_type > 4) {
if (sim_type > 4 && sim_type != 6) {
PrintAndLogEx(ERR, "Undefined simtype %d", sim_type);
return PM3_EINVARG;
}
@ -1028,6 +1029,7 @@ static int CmdHFiClassSim(const char *Cmd) {
case ICLASS_SIM_MODE_CSN:
case ICLASS_SIM_MODE_CSN_DEFAULT:
case ICLASS_SIM_MODE_FULL:
case ICLASS_SIM_MODE_FULL_GLITCH:
default: {
PrintAndLogEx(INFO, "Starting iCLASS simulation");
PrintAndLogEx(INFO, "Press " _GREEN_("`pm3 button`") " to abort");
@ -1035,7 +1037,7 @@ static int CmdHFiClassSim(const char *Cmd) {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ICLASS_SIMULATE, sim_type, numberOfCSNs, 1, csn, 8);
if (sim_type == ICLASS_SIM_MODE_FULL)
if (sim_type == ICLASS_SIM_MODE_FULL || ICLASS_SIM_MODE_FULL_GLITCH)
PrintAndLogEx(HINT, "Hint: Try `" _YELLOW_("hf iclass esave -h") "` to save the emulator memory to file");
break;
}