github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #2493 from Antiklesys/master

Browse source 
Reverted changes to hf iclass dump due to buggy behavior
This commit is contained in:
Iceman 2024-09-09 21:01:14 +02:00 committed by GitHub
commit a47ed1c7a7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 43 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,7 +3,6 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Fixed `hf iclass dump` to dump AA2 when only providing Kc (@antiklesys)
- Fixed `hf felica raw -s` - dont check crc for select tag response, thanks @RebornedBrian! (@iceman1001) - Fixed `hf felica raw -s` - dont check crc for select tag response, thanks @RebornedBrian! (@iceman1001)
- Added a multi-threaded of ht2crack2search (@iceman1001) - Added a multi-threaded of ht2crack2search (@iceman1001)
- Fixed ISO14443a bounds-checking because @doegex found cards not following ISO14443a when fuzzed (@iceman1001) - Fixed ISO14443a bounds-checking because @doegex found cards not following ISO14443a when fuzzed (@iceman1001)

88
client/src/cmdhficlass.c
View file

@ -2029,6 +2029,28 @@ static int CmdHFiClassDump(const char *Cmd) {
payload.start_block = 5; payload.start_block = 5;
} }
clearCommandBuffer();
SendCommandNG(CMD_HF_ICLASS_DUMP, (uint8_t *)&payload, sizeof(payload));
while (true) {
PrintAndLogEx(NORMAL, "." NOLF);
if (kbd_enter_pressed()) {
PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
DropField();
return PM3_EOPABORTED;
}
if (WaitForResponseTimeout(CMD_HF_ICLASS_DUMP, &resp, 2000))
break;
}
PrintAndLogEx(NORMAL, "");
if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(ERR, "failed to communicate with card");
return resp.status;
}
struct p_resp { struct p_resp {
bool isOK; bool isOK;
uint16_t block_cnt; uint16_t block_cnt;
@ -2036,58 +2058,34 @@ static int CmdHFiClassDump(const char *Cmd) {
} PACKED; } PACKED;
struct p_resp *packet = (struct p_resp *)resp.data.asBytes; struct p_resp *packet = (struct p_resp *)resp.data.asBytes;
if (packet->isOK == false) {
PrintAndLogEx(WARNING, "read AA1 blocks failed");
return PM3_ESOFT;
}
uint32_t startindex = packet->bb_offset; uint32_t startindex = packet->bb_offset;
uint32_t blocks_read = packet->block_cnt; uint32_t blocks_read = packet->block_cnt;
uint8_t tempbuf[0x100 * 8]; uint8_t tempbuf[0x100 * 8];
uint16_t bytes_got = (app_limit1 + 1) * 8;
if(key_len > 0 && deb_key_nr >= 0){ // response ok - now get bigbuf content of the dump
if (!GetFromDevice(BIG_BUF, tempbuf, sizeof(tempbuf), startindex, NULL, 0, NULL, 2500, false)) {
clearCommandBuffer(); PrintAndLogEx(WARNING, "command execution time out");
SendCommandNG(CMD_HF_ICLASS_DUMP, (uint8_t *)&payload, sizeof(payload)); return PM3_ETIMEOUT;
while (true) {
PrintAndLogEx(NORMAL, "." NOLF);
if (kbd_enter_pressed()) {
PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
DropField();
return PM3_EOPABORTED;
}
if (WaitForResponseTimeout(CMD_HF_ICLASS_DUMP, &resp, 2000))
break;
}
PrintAndLogEx(NORMAL, "");
if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(ERR, "failed to communicate with card");
return resp.status;
}
if (packet->isOK == false) {
PrintAndLogEx(WARNING, "read AA1 blocks failed");
return PM3_ESOFT;
}
// response ok - now get bigbuf content of the dump
if (!GetFromDevice(BIG_BUF, tempbuf, sizeof(tempbuf), startindex, NULL, 0, NULL, 2500, false)) {
PrintAndLogEx(WARNING, "command execution time out");
return PM3_ETIMEOUT;
}
if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
// div key KD
memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 3),
tempbuf + (PICOPASS_BLOCK_SIZE * 3), PICOPASS_BLOCK_SIZE);
}
// all memory available
memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
blocks_read * PICOPASS_BLOCK_SIZE);
} }
if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
// div key KD
memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 3),
tempbuf + (PICOPASS_BLOCK_SIZE * 3), PICOPASS_BLOCK_SIZE);
}
// all memory available
memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
blocks_read * PICOPASS_BLOCK_SIZE);
uint16_t bytes_got = (app_limit1 + 1) * 8;
// try AA2 Kc, Credit // try AA2 Kc, Credit
bool aa2_success = false; bool aa2_success = false;