From 37166d6c73aec1e6465105aabb59b73af758abbb Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 20 Jun 2025 11:58:32 +0800 Subject: [PATCH 1/5] Improved sam response processing Improved sam response processing on client side, it detects when the response contains an error and highlights the error number, detects when the response is an snmp messages and does the asn.1 decoding of the snmp message. --- client/src/cmdhficlass.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 035031cf2..b7e1fedc7 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5886,6 +5886,15 @@ static int CmdHFiClassConfigCard(const char *Cmd) { return PM3_SUCCESS; } +static bool match_with_wildcard(const uint8_t *data, const uint8_t *pattern, const bool *mask, size_t length) { + for (size_t i = 0; i < length; ++i) { + if (mask[i] && data[i] != pattern[i]) { + return false; + } + } + return true; +} + static int CmdHFiClassSAM(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf iclass sam", @@ -5964,6 +5973,8 @@ static int CmdHFiClassSAM(const char *Cmd) { PacketResponseNG resp; WaitForResponse(CMD_HF_SAM_PICOPASS, &resp); + bool is_snmp = false; + switch (resp.status) { case PM3_SUCCESS: break; @@ -6022,11 +6033,27 @@ static int CmdHFiClassSAM(const char *Cmd) { PrintAndLogEx(SUCCESS, " hf iclass dump --nr -k %s", sprint_hex_inrow(d + 1, 8)); } } else { + //if it is an error decode it + if (memcmp(d, "\xBE\x07\x80\x01", 4) == 0) { //if it the string is 0xbe 0x07 0x80 0x01 the next byte will indicate the error code + PrintAndLogEx(ERR,_RED_("Sam Error Code: %s"), d[4]); print_hex(d, resp.length); + + }else{ + uint8_t pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // 0xFF is a placeholder for the length message + bool mask[] = {true, true, false, true, true, false}; // false means wildcard + if (match_with_wildcard(d, pattern, mask, 4)) { // Pattern matched with wildcard support + is_snmp = true; + PrintAndLogEx(SUCCESS, _YELLOW_("samSNMPMessageResponse: ")"%s", sprint_hex(d + 6, resp.length - 6)); + }else{ + print_hex(d, resp.length); + } + } } - if (decodeTLV) { + if (decodeTLV && is_snmp == false) { asn1_print(d, d[1] + 2, " "); + } else{ + asn1_print(d + 6, resp.length - 6, " "); } return PM3_SUCCESS; From 67fbd6abbab180c20aa3c3ce942a5fa352e46913 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 20 Jun 2025 12:00:41 +0800 Subject: [PATCH 2/5] Update cmdhficlass.c Signed-off-by: Antiklesys --- client/src/cmdhficlass.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index b7e1fedc7..df13c5cea 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -6035,7 +6035,7 @@ static int CmdHFiClassSAM(const char *Cmd) { } else { //if it is an error decode it if (memcmp(d, "\xBE\x07\x80\x01", 4) == 0) { //if it the string is 0xbe 0x07 0x80 0x01 the next byte will indicate the error code - PrintAndLogEx(ERR,_RED_("Sam Error Code: %s"), d[4]); + PrintAndLogEx(ERR,_RED_("Sam Error Code: %02x"), d[4]); print_hex(d, resp.length); }else{ From e0b1b5b4f8aedfc8fe9c9b9cd76e2e364cf9345a Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 20 Jun 2025 12:02:25 +0800 Subject: [PATCH 3/5] Update cmdhficlass.c Fixed indent Signed-off-by: Antiklesys --- client/src/cmdhficlass.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index df13c5cea..dcdc4b805 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -6035,9 +6035,8 @@ static int CmdHFiClassSAM(const char *Cmd) { } else { //if it is an error decode it if (memcmp(d, "\xBE\x07\x80\x01", 4) == 0) { //if it the string is 0xbe 0x07 0x80 0x01 the next byte will indicate the error code - PrintAndLogEx(ERR,_RED_("Sam Error Code: %02x"), d[4]); - print_hex(d, resp.length); - + PrintAndLogEx(ERR,_RED_("Sam Error Code: %02x"), d[4]); + print_hex(d, resp.length); }else{ uint8_t pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // 0xFF is a placeholder for the length message bool mask[] = {true, true, false, true, true, false}; // false means wildcard From c504d433986ae03568aec9a95cab59bb0c66a322 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 20 Jun 2025 12:32:14 +0800 Subject: [PATCH 4/5] Update cmdhficlass.c Signed-off-by: Antiklesys --- client/src/cmdhficlass.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index dcdc4b805..81c70ee70 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5974,6 +5974,10 @@ static int CmdHFiClassSAM(const char *Cmd) { WaitForResponse(CMD_HF_SAM_PICOPASS, &resp); bool is_snmp = false; + uint8_t snmp_pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // 0xFF is a placeholder for the length message + bool snmp_mask[] = {true, true, false, true, true, false}; // false means wildcard + uint8_t ack_pattern[] = {0xBD, 0xFF, 0x8A}; // 0xFF is a placeholder for the length message + bool ack_mask[] = {true, false, true}; // false means wildcard switch (resp.status) { case PM3_SUCCESS: @@ -6037,21 +6041,19 @@ static int CmdHFiClassSAM(const char *Cmd) { if (memcmp(d, "\xBE\x07\x80\x01", 4) == 0) { //if it the string is 0xbe 0x07 0x80 0x01 the next byte will indicate the error code PrintAndLogEx(ERR,_RED_("Sam Error Code: %02x"), d[4]); print_hex(d, resp.length); + }else if (match_with_wildcard(d, snmp_pattern, snmp_mask, 6)){ + is_snmp = true; + PrintAndLogEx(SUCCESS, _YELLOW_("[samSNMPMessageResponse] ")"%s", sprint_hex(d + 6, resp.length - 6)); + }else if (match_with_wildcard(d,ack_pattern, ack_mask, 3)){ + PrintAndLogEx(SUCCESS, _YELLOW_("[samResponseAcknowledge] ")"%s", sprint_hex(d + 4, resp.length - 4)); }else{ - uint8_t pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // 0xFF is a placeholder for the length message - bool mask[] = {true, true, false, true, true, false}; // false means wildcard - if (match_with_wildcard(d, pattern, mask, 4)) { // Pattern matched with wildcard support - is_snmp = true; - PrintAndLogEx(SUCCESS, _YELLOW_("samSNMPMessageResponse: ")"%s", sprint_hex(d + 6, resp.length - 6)); - }else{ - print_hex(d, resp.length); - } + print_hex(d, resp.length); } } if (decodeTLV && is_snmp == false) { asn1_print(d, d[1] + 2, " "); - } else{ + } else if (decodeTLV && is_snmp){ asn1_print(d + 6, resp.length - 6, " "); } From f5254880b9e50088e716acea68878637f6ccf4c0 Mon Sep 17 00:00:00 2001 From: Antiklesys Date: Fri, 20 Jun 2025 12:34:16 +0800 Subject: [PATCH 5/5] Update cmdhficlass.c Improved code comments Signed-off-by: Antiklesys --- client/src/cmdhficlass.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 81c70ee70..796bdd668 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -5974,10 +5974,10 @@ static int CmdHFiClassSAM(const char *Cmd) { WaitForResponse(CMD_HF_SAM_PICOPASS, &resp); bool is_snmp = false; - uint8_t snmp_pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // 0xFF is a placeholder for the length message - bool snmp_mask[] = {true, true, false, true, true, false}; // false means wildcard - uint8_t ack_pattern[] = {0xBD, 0xFF, 0x8A}; // 0xFF is a placeholder for the length message - bool ack_mask[] = {true, false, true}; // false means wildcard + uint8_t snmp_pattern[] = {0xBD, 0x81, 0xFF, 0x8A, 0x81, 0xFF}; // SNMP Response header pattern, 0xFF is a wildcard value for message length + bool snmp_mask[] = {true, true, false, true, true, false}; // false means wildcard value in that position + uint8_t ack_pattern[] = {0xBD, 0xFF, 0x8A}; // Acknowledge Response header pattern, 0xFF is a wildcard value for message length + bool ack_mask[] = {true, false, true}; // false means wildcard value in that position switch (resp.status) { case PM3_SUCCESS: