validate vivokey spark1, and more details

2025-07-16 10:03:04 -07:00 · 2020-09-24 13:15:23 +02:00 · 2020-09-24 13:15:23 +02:00 · a8185cc8d6
commit a8185cc8d6
parent 56c99d223c
1 changed files with 54 additions and 3 deletions
--- a/client/src/cmdhf15.c
+++ b/client/src/cmdhf15.c
@ -423,6 +423,16 @@ static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) {
        };
    */
    uint8_t i;
+    uint8_t revuid[8];
+    for (i = 0; i < sizeof(revuid); i++) {
+        revuid[i] = uid[7 - i];
+    }
+    uint8_t revsign[32];
+    for (i = 0; i < sizeof(revsign); i++) {
+        revsign[i] = signature[31 - i];
+    }
+    
+    int reason = 0;
    bool is_valid = false;
    for (i = 0; i < ARRAYLEN(nxp_15693_public_keys); i++) {

@ -432,15 +442,42 @@ static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) {

        int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, false);
        is_valid = (res == 0);
-        if (is_valid)
+        if (is_valid) {
+            reason = 1;
            break;
+        }
+        
+        // try with sha256
+        res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, true);
+        is_valid = (res == 0);
+        if (is_valid) {
+            reason = 2;
+            break;
+        }
+
+        // try with reversed uid / signature
+        res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), false);
+        is_valid = (res == 0);
+        if (is_valid) {
+            reason = 3;
+            break;
+        }
+
+        
+        // try with sha256
+        res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), true);
+        is_valid = (res == 0);
+        if (is_valid) {
+            reason = 4;
+            break;
+        }
    }

    PrintAndLogEx(NORMAL, "");
    PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature"));
    if (is_valid == false || i == ARRAYLEN(nxp_15693_public_keys)) {
        PrintAndLogEx(INFO, "    Elliptic curve parameters: NID_secp128r1");
-        PrintAndLogEx(INFO, "             TAG IC Signature: %s", sprint_hex(signature, 32));
+        PrintAndLogEx(INFO, "             TAG IC Signature: %s", sprint_hex_inrow(signature, 32));
        PrintAndLogEx(SUCCESS, "       Signature verification: " _RED_("failed"));
        return PM3_ESOFT;
    }
@ -448,8 +485,22 @@ static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) {
    PrintAndLogEx(INFO, " IC signature public key name: %s", nxp_15693_public_keys[i].desc);
    PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_15693_public_keys[i].value);
    PrintAndLogEx(INFO, "    Elliptic curve parameters: NID_secp128r1");
-    PrintAndLogEx(INFO, "             TAG IC Signature: %s", sprint_hex(signature, 32));
+    PrintAndLogEx(INFO, "             TAG IC Signature: %s", sprint_hex_inrow(signature, 32));
    PrintAndLogEx(SUCCESS, "       Signature verification: " _GREEN_("successful"));
+    switch(reason) {
+        case 1:
+            PrintAndLogEx(INFO, "                  Params used: UID and signature, plain");
+            break;
+        case 2:
+            PrintAndLogEx(INFO, "                  Params used: UID and signature, SHA256");
+            break;
+        case 3:
+            PrintAndLogEx(INFO, "                  Params used: reversed UID and signature, plain");
+            break;
+        case 4: 
+            PrintAndLogEx(INFO, "                  Params used: reversed UID and signature, SHA256");
+            break;
+    }
    return PM3_SUCCESS;
 }