Updated hf iclass sim -t 6

Updates to the functionality of iclass sim -t 6 to specifically target the last SIO block and to do it automatically. It now checks the AIA to determine if the card is SR or SE and adjust the block to jam based on the SIO length declared in block 6 (if SE) or fixed length if SR.
2025-08-14 18:48:13 -07:00 · 2025-06-07 13:46:19 +08:00 · 2025-06-07 13:46:19 +08:00 · b4edcb9510
commit b4edcb9510
parent 32e29d9340
2 changed files with 30 additions and 9 deletions
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -608,10 +608,17 @@ int do_iclass_simulation(int simulationMode, uint8_t *reader_mac_buf) {
                    trace_data_size = sizeof(ff_data);
                } else { // use data from emulator memory
                    if (simulationMode == ICLASS_SIM_MODE_FULL_GLITCH){
-                        uint8_t block_check[8] ={0};
-                        memcpy(block_check, emulator + (current_page * page_size) + (31 * 8), 8);
-                        if (block == block_check[7]){
-                            goto send;
+                        //Jam the read based on the last SIO block
+                        if (memcmp(emulator + (current_page * page_size) + (5 * 8), ff_data, PICOPASS_BLOCK_SIZE) == 0){ //SR card
+                            if (block == 16){ //SR cards use a standard legth SIO
+                                goto send;
+                            }
+                        }else{ //For SE cards we have to account for different SIO lengths depending if a standard or custom key is used
+                            uint8_t sio_size[8] = {0};
+                            memcpy(sio_size,emulator + (current_page * page_size) + (6 * 8), PICOPASS_BLOCK_SIZE);
+                            if (block == 5 + ((sio_size[1]+12)/8)){
+                                goto send;
+                            }
                        }
                    }

@ -798,10 +805,24 @@ int do_iclass_simulation(int simulationMode, uint8_t *reader_mac_buf) {
            }

            if (simulationMode == ICLASS_SIM_MODE_FULL_GLITCH){
-                uint8_t block_check[8] ={0};
-                memcpy(block_check, emulator + (current_page * page_size) + (31 * 8), 8);
-                if (block == block_check[7]){
-                    goto send;
+                //Jam the read based on the last SIO block
+                if (memcmp(emulator + (current_page * page_size) + (5 * 8), ff_data, PICOPASS_BLOCK_SIZE) == 0){ //SR card
+                    if (block == 16){ //SR cards use a standard legth SIO
+                        //update block 6 byte 1 from 03 to A3
+                        uint8_t sr_update[8] = {0};
+                        memcpy(sr_update,emulator + (current_page * page_size) + (6 * 8), PICOPASS_BLOCK_SIZE);
+                        if(sr_update[0] == 0x03){
+                            sr_update[0] = 0xA3;
+                        }
+                        memcpy(emulator + (current_page * page_size) + (6 * 8), sr_update, PICOPASS_BLOCK_SIZE);
+                        goto send;
+                    }
+                }else{ //For SE cards we have to account for different SIO lengths depending if a standard or custom key is used
+                    uint8_t sio_size[8] = {0};
+                    memcpy(sio_size,emulator + (current_page * page_size) + (6 * 8), PICOPASS_BLOCK_SIZE);
+                    if (block == 5 + ((sio_size[1]+12)/8)){
+                        goto send;
+                    }
                }
            }