From b300899f8c1977ef085227dba45e743f2b7753fb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 27 Jun 2020 18:14:29 +0200 Subject: [PATCH 1/3] hf 14a info - MIFARE DESFire MF3ICD40 detection --- client/src/cmdhf14a.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index b41dabb7f..6ce4d077e 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -1328,6 +1328,7 @@ static int detect_nxp_card(uint8_t sak, uint16_t atqa) { if ((sak & 0x20) == 0x20) { if (atqa == 0x0344) { + printTag("MIFARE DESFire MF3ICD40"); printTag("MIFARE DESFire EV1 2K/4K/8K / DESFire EV1 CL2 2K/4K/8K"); printTag("MIFARE NTAG424DNA"); type |= MTDESFIRE; @@ -1431,6 +1432,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(SUCCESS, "------ " _CYAN_("ISO14443-a Information") "------------------"); PrintAndLogEx(SUCCESS, "-------------------------------------------------------------"); } + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02x %02x"), card.atqa[1], card.atqa[0]); PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]); From c3a833b10184c0d3183006a0e67fe61f6b314bdc Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 27 Jun 2020 22:22:15 +0200 Subject: [PATCH 2/3] text --- client/resources/aid_desfire.json | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 926bb1475..4dddc2a52 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -20,9 +20,17 @@ "Vendor": "HID", "Country": "US", "Name": "Access control", - "Description": "Genuine HID", + "Description": "Field Encoder", "Type": "pacs" - }, + }, + { + "AID": "53494F", + "Vendor": "HID", + "Country": "US", + "Name": "Access control", + "Description": "HID Factory", + "Type": "pacs" + }, { "AID": "4F5931", "Vendor": "Transport of London", @@ -54,7 +62,7 @@ "Name": "Legic", "Description": "(FID 02: EF-CONF)", "Type": "" - }, + }, { "AID": "578000", "Vendor": "NORTIC", @@ -329,5 +337,4 @@ FFFFFF General Issuer Information (FIDs 00: MAD Version; 01: Card Holder; 02: Ca "Description": "CAR2GO - Member Card", "Type": "carsharing" } - ] From fe3e77915deb83e411f9ab69191360c42d2d4196 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 28 Jun 2020 19:13:01 +0200 Subject: [PATCH 3/3] hf iclass reader - output redesign --- client/src/cmdhficlass.c | 71 ++++++++++++++++++++++++++-------------- 1 file changed, 46 insertions(+), 25 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 0505ecb80..501190170 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -388,9 +388,9 @@ static void fuse_config(const picopass_hdr *hdr) { uint8_t fuses = hdr->conf.fuses; if (isset(fuses, FUSE_FPERS)) - PrintAndLogEx(SUCCESS, " Mode: " _GREEN_("Personalization [programmable]")); + PrintAndLogEx(SUCCESS, " Mode: " _GREEN_("Personalization (programmable)")); else - PrintAndLogEx(SUCCESS, " Mode: " _YELLOW_("Application [locked]")); + PrintAndLogEx(SUCCESS, " Mode: " _YELLOW_("Application (locked)")); if (isset(fuses, FUSE_CODING1)) { PrintAndLogEx(SUCCESS, "Coding: RFU"); @@ -414,9 +414,20 @@ static void fuse_config(const picopass_hdr *hdr) { else PrintAndLogEx(INFO, " RA: Read access not enabled"); - PrintAndLogEx(INFO, " Block write lock 0x%02X", hdr->conf.block_writelock); - PrintAndLogEx(INFO, " EAS 0x%02X", hdr->conf.eas); - + PrintAndLogEx(INFO, + "App limit " _YELLOW_("0x%02X") ", OTP " _YELLOW_("0x%02X%02X") ", Block write lock " _YELLOW_("0x%02X") + , hdr->conf.app_limit + , hdr->conf.otp[1] + , hdr->conf.otp[0] + , hdr->conf.block_writelock + ); + PrintAndLogEx(INFO, + " Chip " _YELLOW_("0x%02X") ", Mem " _YELLOW_("0x%02X") ", EAS " _YELLOW_("0x%02X") ", Fuses " _YELLOW_("0x%02X") + , hdr->conf.chip_config + , hdr->conf.mem_config + , hdr->conf.eas + , hdr->conf.fuses + ); } static void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) { @@ -467,9 +478,8 @@ static void mem_app_config(const picopass_hdr *hdr) { PrintAndLogEx(INFO, "------ " _CYAN_("Memory") " ------"); PrintAndLogEx(INFO, " %u KBits/%u App Areas (%u bytes), max blocks 0x%02X (%02d)", kb, app_areas, max_blk * 8, mem, mem); - PrintAndLogEx(INFO, " AA1 blocks 0x06 - 0x%02X (06 - %02d)", applimit, applimit); - PrintAndLogEx(INFO, " AA2 blocks 0x%02X - 0x%02X (%02d - %02d)", applimit + 1, max_blk, applimit + 1, max_blk); - PrintAndLogEx(INFO, " OTP 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]); + PrintAndLogEx(INFO, " AA1 blocks %u { 0x06 - 0x%02X (06 - %02d) }", applimit - 5 , applimit, applimit); + PrintAndLogEx(INFO, " AA2 blocks %u { 0x%02X - 0x%02X (%02d - %02d) }", max_blk - applimit, applimit + 1, max_blk, applimit + 1, max_blk); PrintAndLogEx(INFO, "------ " _CYAN_("KeyAccess") " ------"); PrintAndLogEx(INFO, " Kd = Debit key (AA1), Kc = Credit key (AA2)"); @@ -492,6 +502,7 @@ static void mem_app_config(const picopass_hdr *hdr) { } static void print_picopass_info(const picopass_hdr *hdr) { + PrintAndLogEx(INFO, "------ " _CYAN_("card configuration") " ------"); fuse_config(hdr); mem_app_config(hdr); } @@ -2923,7 +2934,7 @@ int readIclass(bool loop, bool verbose) { uint32_t res = PM3_ETIMEOUT; // loop in client not device - else on windows have a communication error - while (!kbd_enter_pressed()) { + while (kbd_enter_pressed() == false) { clearCommandBuffer(); SendCommandMIX(CMD_HF_ICLASS_READER, flags, 0, 0, NULL, 0); @@ -2932,34 +2943,49 @@ int readIclass(bool loop, bool verbose) { if (WaitForResponseTimeout(CMD_ACK, &resp, 4500)) { uint8_t readStatus = resp.oldarg[0] & 0xff; - uint8_t *data = resp.data.asBytes; - -// if (verbose) PrintAndLogEx(INFO, "Readstatus:%02x", readStatus); // no tag found or button pressed if ((readStatus == 0 && !loop) || readStatus == 0xFF) { - // abort DropField(); return PM3_EOPABORTED; } + + uint8_t *data = resp.data.asBytes; + picopass_hdr *hdr = (picopass_hdr *)data; + uint16_t length = resp.length; + if ( length != sizeof(picopass_hdr)) + continue; + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " --------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------"); if (readStatus & FLAG_ICLASS_READER_CSN) { - PrintAndLogEx(SUCCESS, " CSN: " _YELLOW_("%s"), sprint_hex(data, 8)); + PrintAndLogEx(SUCCESS, " CSN: " _GREEN_("%s") " (uid)", sprint_hex(hdr->csn, sizeof(hdr->csn))); tagFound = true; } - if (readStatus & FLAG_ICLASS_READER_CC) { - PrintAndLogEx(SUCCESS, " CC: %s", sprint_hex(data + 16, 8)); + if (readStatus & FLAG_ICLASS_READER_CONF) { + PrintAndLogEx(SUCCESS, " Config: %s (Card configuration)", sprint_hex((uint8_t *)&hdr->conf, sizeof(hdr->conf))); } + if (readStatus & FLAG_ICLASS_READER_CC) { + PrintAndLogEx(SUCCESS, "E-purse: %s (Card challenge, CC)", sprint_hex(hdr->epurse, sizeof(hdr->epurse))); + } + + PrintAndLogEx(SUCCESS, " Kd: %s (Debit key, hidden)", sprint_hex(hdr->key_d, sizeof(hdr->key_d))); + PrintAndLogEx(SUCCESS, " Kc: %s (Credit key, hidden)", sprint_hex(hdr->key_c, sizeof(hdr->key_c))); + + if (readStatus & FLAG_ICLASS_READER_AIA) { +// PrintAndLogEx(INFO, "--------- " _CYAN_("AIA") " ---------"); + PrintAndLogEx(SUCCESS, " AIA: %s (Application Issuer area)", sprint_hex(hdr->app_issuer_area, sizeof(hdr->app_issuer_area))); + } + if (readStatus & FLAG_ICLASS_READER_CONF) { printIclassDumpInfo(data); } - + // if CSN ends with FF12E0, it's inside HID CSN range. bool isHidRange = (memcmp((uint8_t *)(data + 5), "\xFF\x12\xE0", 3) == 0); @@ -2967,20 +2993,15 @@ int readIclass(bool loop, bool verbose) { bool legacy = (memcmp((uint8_t *)(data + 8 * 5), "\xff\xff\xff\xff\xff\xff\xff\xff", 8) == 0); bool se_enabled = (memcmp((uint8_t *)(data + 8 * 5), "\xff\xff\xff\x00\x06\xff\xff\xff", 8) == 0); - - PrintAndLogEx(INFO, "--------- " _CYAN_("AIA") " ---------"); - PrintAndLogEx(SUCCESS, " App IA: %s", sprint_hex(data + 8 * 5, 8)); - PrintAndLogEx(INFO, "------ " _CYAN_("fingerprint") " ------"); + PrintAndLogEx(INFO, "------ " _CYAN_("Fingerprint") " ------"); if (isHidRange) { - PrintAndLogEx(SUCCESS, _YELLOW_("iClass")" (CSN is in HID range)"); - if (legacy) - PrintAndLogEx(SUCCESS, " possible "_YELLOW_("iClass legacy")" credential"); + PrintAndLogEx(SUCCESS, _GREEN_("iCLASS legacy")" credential"); if (se_enabled) - PrintAndLogEx(SUCCESS, " possible "_YELLOW_("iClass SE")" credential"); + PrintAndLogEx(SUCCESS, _GREEN_("iCLASS SE")" credential"); } else { PrintAndLogEx(SUCCESS, _YELLOW_("PicoPass")" (CSN is not in HID range)");