github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Viva la revolucion

Browse source
This commit is contained in:
Philippe Teuwen 2019-04-17 21:30:01 +02:00
commit be15ad7fec
53 changed files with 861 additions and 870 deletions
Download patch file Download diff file Expand all files Collapse all files

74
client/cmdhficlass.c
View file

@ -381,7 +381,7 @@ static int CmdHFiClassSim(const char *Cmd) {
PrintAndLogEx(INFO, "Starting iCLASS sim 2 attack (elite mode)");
PrintAndLogEx(INFO, "press keyboard to cancel");
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType, NUM_CSNS}, {{0}}};
UsbCommand resp;
UsbReplyNG resp;
memcpy(c.d.asBytes, csns, 8 * NUM_CSNS);
clearCommandBuffer();
SendCommand(&c);
@ -399,7 +399,7 @@ static int CmdHFiClassSim(const char *Cmd) {
return 0;
}
}
uint8_t num_mac = resp.arg[1];
uint8_t num_mac = resp.core.old.arg[1];
bool success = (NUM_CSNS == num_mac);
PrintAndLogEx(NORMAL, "[%c] %d out of %d MAC obtained [%s]", (success) ? '+' : '!', num_mac, NUM_CSNS, (success) ? "OK" : "FAIL");
@ -420,9 +420,9 @@ static int CmdHFiClassSim(const char *Cmd) {
//copy CSN
memcpy(dump + i * 24, csns + i * 8, 8);
//copy epurse
memcpy(dump + i * 24 + 8, resp.d.asBytes + i * 16, 8);
memcpy(dump + i * 24 + 8, resp.core.old.d.asBytes + i * 16, 8);
// NR_MAC (eight bytes from the response) ( 8b csn + 8b epurse == 16)
memcpy(dump + i * 24 + 16, resp.d.asBytes + i * 16 + 8, 8);
memcpy(dump + i * 24 + 16, resp.core.old.d.asBytes + i * 16 + 8, 8);
}
/** Now, save to dumpfile **/
saveFile("iclass_mac_attack", "bin", dump, datalen);
@ -434,7 +434,7 @@ static int CmdHFiClassSim(const char *Cmd) {
PrintAndLogEx(INFO, "Starting iCLASS sim 4 attack (elite mode, reader in key roll mode)");
PrintAndLogEx(INFO, "press keyboard to cancel");
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType, NUM_CSNS}, {{0}}};
UsbCommand resp;
UsbReplyNG resp;
memcpy(c.d.asBytes, csns, 8 * NUM_CSNS);
clearCommandBuffer();
SendCommand(&c);
@ -452,7 +452,7 @@ static int CmdHFiClassSim(const char *Cmd) {
return 0;
}
}
uint8_t num_mac = resp.arg[1];
uint8_t num_mac = resp.core.old.arg[1];
bool success = ((NUM_CSNS * 2) == num_mac);
PrintAndLogEx(NORMAL, "[%c] %d out of %d MAC obtained [%s]", (success) ? '+' : '!', num_mac, NUM_CSNS * 2, (success) ? "OK" : "FAIL");
@ -475,9 +475,9 @@ static int CmdHFiClassSim(const char *Cmd) {
// copy CSN
memcpy(dump + i * MAC_ITEM_SIZE, csns + i * 8, 8); //CSN
// copy EPURSE
memcpy(dump + i * MAC_ITEM_SIZE + 8, resp.d.asBytes + i * 16, 8);
memcpy(dump + i * MAC_ITEM_SIZE + 8, resp.core.old.d.asBytes + i * 16, 8);
// copy NR_MAC (eight bytes from the response) ( 8b csn + 8b epurse == 16)
memcpy(dump + i * MAC_ITEM_SIZE + 16, resp.d.asBytes + i * 16 + 8, 8);
memcpy(dump + i * MAC_ITEM_SIZE + 16, resp.core.old.d.asBytes + i * 16 + 8, 8);
}
saveFile("iclass_mac_attack_keyroll_A", "bin", dump, datalen);
@ -489,9 +489,9 @@ static int CmdHFiClassSim(const char *Cmd) {
// Copy CSN
memcpy(dump + i * MAC_ITEM_SIZE, csns + i * 8, 8);
// copy EPURSE
memcpy(dump + i * MAC_ITEM_SIZE + 8, resp.d.asBytes + resp_index, 8);
memcpy(dump + i * MAC_ITEM_SIZE + 8, resp.core.old.d.asBytes + resp_index, 8);
// copy NR_MAC (eight bytes from the response) ( 8b csn + 8 epurse == 16)
memcpy(dump + i * MAC_ITEM_SIZE + 16, resp.d.asBytes + resp_index + 8, 8);
memcpy(dump + i * MAC_ITEM_SIZE + 16, resp.core.old.d.asBytes + resp_index + 8, 8);
resp_index++;
}
saveFile("iclass_mac_attack_keyroll_B", "bin", dump, datalen);
@ -767,7 +767,7 @@ static void Calc_wb_mac(uint8_t blockno, uint8_t *data, uint8_t *div_key, uint8_
}
static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool verbose) {
UsbCommand resp;
UsbReplyNG resp;
UsbCommand c = {CMD_READER_ICLASS, {0}, {{0}}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_ONE_TRY;
@ -781,8 +781,8 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
return false;
}
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t *data = resp.d.asBytes;
uint8_t isOK = resp.core.old.arg[0] & 0xff;
uint8_t *data = resp.core.old.d.asBytes;
memcpy(CSN, data, 8);
@ -818,7 +818,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
if (verbose) PrintAndLogEx(SUCCESS, "authing with %s: %s", rawkey ? "raw key" : "diversified key", sprint_hex(div_key, 8));
doMAC(CCNR, div_key, MAC);
UsbCommand resp;
UsbReplyNG resp;
UsbCommand d = {CMD_ICLASS_AUTHENTICATION, {0, 0, 0}, {{0}}};
memcpy(d.d.asBytes, MAC, 4);
clearCommandBuffer();
@ -827,7 +827,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
if (verbose) PrintAndLogEx(FAILED, "auth command execute timeout");
return false;
}
uint8_t isOK = resp.arg[0] & 0xFF;
uint8_t isOK = resp.core.old.arg[0] & 0xFF;
if (!isOK) {
if (verbose) PrintAndLogEx(FAILED, "authentication error");
return false;
@ -940,7 +940,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
//get config and first 3 blocks
UsbCommand c = {CMD_READER_ICLASS, {flags, 0, 0}, {{0}}};
UsbCommand resp;
UsbReplyNG resp;
uint8_t tag_data[255 * 8];
clearCommandBuffer();
@ -952,8 +952,8 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
}
DropField();
uint8_t readStatus = resp.arg[0] & 0xff;
uint8_t *data = resp.d.asBytes;
uint8_t readStatus = resp.core.old.arg[0] & 0xff;
uint8_t *data = resp.core.old.d.asBytes;
if (readStatus == 0) {
PrintAndLogEx(FAILED, "no tag found");
@ -1000,14 +1000,14 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
}
// dump cmd switch off at device when finised.
uint32_t blocksRead = resp.arg[1];
uint8_t isOK = resp.arg[0] & 0xff;
uint32_t blocksRead = resp.core.old.arg[1];
uint8_t isOK = resp.core.old.arg[0] & 0xff;
if (!isOK && !blocksRead) {
PrintAndLogEx(WARNING, "read block failed");
return 0;
}
uint32_t startindex = resp.arg[2];
uint32_t startindex = resp.core.old.arg[2];
if (blocksRead * 8 > sizeof(tag_data) - (blockno * 8)) {
PrintAndLogEx(FAILED, "data exceeded buffer size!");
blocksRead = (sizeof(tag_data) / 8) - blockno;
@ -1046,14 +1046,14 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
PrintAndLogEx(WARNING, "command execute timeout 2");
return 0;
}
isOK = resp.arg[0] & 0xff;
blocksRead = resp.arg[1];
isOK = resp.core.old.arg[0] & 0xff;
blocksRead = resp.core.old.arg[1];
if (!isOK && !blocksRead) {
PrintAndLogEx(WARNING, "read block failed 2");
return 0;
}
startindex = resp.arg[2];
startindex = resp.core.old.arg[2];
if (blocksRead * 8 > sizeof(tag_data) - gotBytes) {
PrintAndLogEx(FAILED, "data exceeded buffer size!");
blocksRead = (sizeof(tag_data) - gotBytes) / 8;
@ -1097,7 +1097,7 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose))
return 0;
UsbCommand resp;
UsbReplyNG resp;
Calc_wb_mac(blockno, bldata, div_key, MAC);
UsbCommand w = {CMD_ICLASS_WRITEBLOCK, {blockno}, {{0}}};
@ -1110,7 +1110,7 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c
if (verbose) PrintAndLogEx(WARNING, "Write Command execute timeout");
return 0;
}
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t isOK = resp.core.old.arg[0] & 0xff;
if (isOK)
PrintAndLogEx(SUCCESS, "Write block successful");
else
@ -1342,7 +1342,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
PrintAndLogEx(NORMAL, " MAC |%02x%02x%02x%02x|\n", p[8], p[9], p[10], p[11]);
}
UsbCommand resp;
UsbReplyNG resp;
clearCommandBuffer();
SendCommand(&w);
if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
@ -1367,7 +1367,7 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
return 0;
}
UsbCommand resp;
UsbReplyNG resp;
UsbCommand c = {CMD_ICLASS_READBLOCK, {blockno}, {{0}}};
clearCommandBuffer();
SendCommand(&c);
@ -1376,13 +1376,13 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
return 0;
}
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t isOK = resp.core.old.arg[0] & 0xff;
if (!isOK) {
PrintAndLogEx(WARNING, "read block failed");
return 0;
}
//data read is stored in: resp.d.asBytes[0-15]
PrintAndLogEx(NORMAL, "block %02X: %s\n", blockno, sprint_hex(resp.d.asBytes, 8));
//data read is stored in: resp.core.old.d.asBytes[0-15]
PrintAndLogEx(NORMAL, "block %02X: %s\n", blockno, sprint_hex(resp.core.old.d.asBytes, 8));
return 1;
}
@ -1987,7 +1987,7 @@ static int CmdHFiClassCheckKeys(const char *Cmd) {
memcpy(c.d.asBytes, pre + i, 4 * keys);
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
UsbReplyNG resp;
while (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
timeout++;
@ -1999,8 +1999,8 @@ static int CmdHFiClassCheckKeys(const char *Cmd) {
}
}
uint8_t found = resp.arg[1] & 0xFF;
uint8_t isOK = resp.arg[0] & 0xFF;
uint8_t found = resp.core.old.arg[1] & 0xFF;
uint8_t isOK = resp.core.old.arg[0] & 0xFF;
t2 = msclock() - t2;
switch (isOK) {
@ -2467,14 +2467,14 @@ int readIclass(bool loop, bool verbose) {
UsbCommand c = {CMD_READER_ICLASS, {flags, 0, 0}, {{0}}};
// loop in client not device - else on windows have a communication error
UsbCommand resp;
UsbReplyNG resp;
while (!ukbhit()) {
clearCommandBuffer();
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
uint8_t readStatus = resp.arg[0] & 0xff;
uint8_t *data = resp.d.asBytes;
uint8_t readStatus = resp.core.old.arg[0] & 0xff;
uint8_t *data = resp.core.old.d.asBytes;
if (verbose) PrintAndLogEx(NORMAL, "Readstatus:%02x", readStatus);
// no tag found or button pressed