From 3253e2c2884c34bf876151381c6a943b0896568a Mon Sep 17 00:00:00 2001
From: Antiklesys <syselkitna@gmail.com>
Date: Mon, 9 Sep 2024 22:46:49 +0800
Subject: [PATCH] Reverted buggy changes to hf iclass dump

Reverted code back to the original as it would "read" a card's AA1 without the correct keys.
---
 CHANGELOG.md             |  1 -
 client/src/cmdhficlass.c | 88 ++++++++++++++++++++--------------------
 2 files changed, 43 insertions(+), 46 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b76c41939..1583b1c9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,6 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
-- Fixed `hf iclass dump` to dump AA2 when only providing Kc (@antiklesys)
 - Fixed `hf felica raw -s` - dont check crc for select tag response,  thanks @RebornedBrian! (@iceman1001)
 - Added a multi-threaded of ht2crack2search (@iceman1001)
 - Fixed ISO14443a bounds-checking because @doegex found cards not following ISO14443a when fuzzed (@iceman1001)
diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c
index 647cf189f..2c900fffc 100644
--- a/client/src/cmdhficlass.c
+++ b/client/src/cmdhficlass.c
@@ -2029,6 +2029,28 @@ static int CmdHFiClassDump(const char *Cmd) {
         payload.start_block = 5;
     }
 
+    clearCommandBuffer();
+    SendCommandNG(CMD_HF_ICLASS_DUMP, (uint8_t *)&payload, sizeof(payload));
+
+    while (true) {
+
+        PrintAndLogEx(NORMAL, "." NOLF);
+        if (kbd_enter_pressed()) {
+            PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
+            DropField();
+            return PM3_EOPABORTED;
+        }
+
+        if (WaitForResponseTimeout(CMD_HF_ICLASS_DUMP, &resp, 2000))
+            break;
+    }
+
+    PrintAndLogEx(NORMAL, "");
+    if (resp.status != PM3_SUCCESS) {
+        PrintAndLogEx(ERR, "failed to communicate with card");
+        return resp.status;
+    }
+
     struct p_resp {
         bool isOK;
         uint16_t block_cnt;
@@ -2036,58 +2058,34 @@ static int CmdHFiClassDump(const char *Cmd) {
     } PACKED;
     struct p_resp *packet = (struct p_resp *)resp.data.asBytes;
 
+    if (packet->isOK == false) {
+        PrintAndLogEx(WARNING, "read AA1 blocks failed");
+        return PM3_ESOFT;
+    }
+
     uint32_t startindex = packet->bb_offset;
     uint32_t blocks_read = packet->block_cnt;
 
     uint8_t tempbuf[0x100 * 8];
-    uint16_t bytes_got = (app_limit1 + 1) * 8;
 
-    if(key_len > 0 && deb_key_nr >= 0){
-
-        clearCommandBuffer();
-        SendCommandNG(CMD_HF_ICLASS_DUMP, (uint8_t *)&payload, sizeof(payload));
-
-        while (true) {
-
-            PrintAndLogEx(NORMAL, "." NOLF);
-            if (kbd_enter_pressed()) {
-                PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
-                DropField();
-                return PM3_EOPABORTED;
-            }
-
-            if (WaitForResponseTimeout(CMD_HF_ICLASS_DUMP, &resp, 2000))
-                break;
-        }
-
-        PrintAndLogEx(NORMAL, "");
-        if (resp.status != PM3_SUCCESS) {
-            PrintAndLogEx(ERR, "failed to communicate with card");
-            return resp.status;
-        }
-
-        if (packet->isOK == false) {
-            PrintAndLogEx(WARNING, "read AA1 blocks failed");
-            return PM3_ESOFT;
-        }
-
-        // response ok - now get bigbuf content of the dump
-        if (!GetFromDevice(BIG_BUF, tempbuf, sizeof(tempbuf), startindex, NULL, 0, NULL, 2500, false)) {
-            PrintAndLogEx(WARNING, "command execution time out");
-            return PM3_ETIMEOUT;
-        }
-
-        if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
-            // div key KD
-            memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 3),
-                tempbuf + (PICOPASS_BLOCK_SIZE * 3), PICOPASS_BLOCK_SIZE);
-        }
-        // all memory available
-        memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
-            tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
-            blocks_read * PICOPASS_BLOCK_SIZE);
+    // response ok - now get bigbuf content of the dump
+    if (!GetFromDevice(BIG_BUF, tempbuf, sizeof(tempbuf), startindex, NULL, 0, NULL, 2500, false)) {
+        PrintAndLogEx(WARNING, "command execution time out");
+        return PM3_ETIMEOUT;
     }
 
+    if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
+        // div key KD
+        memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 3),
+               tempbuf + (PICOPASS_BLOCK_SIZE * 3), PICOPASS_BLOCK_SIZE);
+    }
+    // all memory available
+    memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
+           tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
+           blocks_read * PICOPASS_BLOCK_SIZE);
+
+    uint16_t bytes_got = (app_limit1 + 1) * 8;
+
     // try AA2 Kc, Credit
     bool aa2_success = false;