github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

make sure we get aia

Browse source
This commit is contained in:
iceman1001 2020-08-06 08:12:07 +02:00
commit dca17c3791
1 changed files with 49 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

88
armsrc/Standalone/hf_iceclass.c
View file

@ -135,6 +135,8 @@ static void save_to_flash(uint8_t *data, uint16_t datalen) {
static int fullsim_mode(void) { static int fullsim_mode(void) {
bool have_aa2 = memcmp(aa2_key, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8);
rdv40_spiffs_lazy_mount(); rdv40_spiffs_lazy_mount();
SpinOff(0); SpinOff(0);
@ -145,21 +147,28 @@ static int fullsim_mode(void) {
if (res == SPIFFS_OK) { if (res == SPIFFS_OK) {
Dbprintf("loaded '" _YELLOW_(HF_ICLASS_FULLSIM_ORIG_BIN) "' (%u bytes) to emulator memory", fsize); Dbprintf("loaded '" _YELLOW_(HF_ICLASS_FULLSIM_ORIG_BIN) "' (%u bytes) to emulator memory", fsize);
} }
picopass_hdr *hdr = (picopass_hdr *)emul;
uint8_t pagemap = get_pagemap(hdr);
if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
// create diversified key AA1/KD if not in dump.
if ( memcmp(hdr->key_d, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8) == 0) {
uint8_t ccnr[12] = {0};
memcpy(ccnr, hdr->epurse, 8);
bool use_elite = false;
iclass_calc_div_key(emul, legacy_aa1_key, hdr->key_d, use_elite);
}
// create diversified key AA1/KD if not in dump. // create diversified key AA2/KC if not in dump.
if ( memcmp(emul + (3 * 8), "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8) == 0) { if (have_aa2) {
uint8_t ccnr[12] = {0}; if (memcmp(hdr->key_c, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8) == 0) {
memcpy(ccnr, emul + (2 * 8), 8); uint8_t ccnr[12] = {0};
bool use_elite = false; memcpy(ccnr, hdr->epurse, 8);
iclass_calc_div_key(emul, legacy_aa1_key, emul + (3 * 8), use_elite); bool use_elite = false;
} iclass_calc_div_key(emul, aa2_key, hdr->key_c, use_elite);
}
// create diversified key AA2/KC if not in dump. }
if ( memcmp(emul + (4 * 8), "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8) == 0) {
uint8_t ccnr[12] = {0};
memcpy(ccnr, emul + (2 * 8), 8);
bool use_elite = false;
iclass_calc_div_key(emul, aa2_key, emul + (4 * 8), use_elite);
} }
iclass_simulate(ICLASS_SIM_MODE_FULL, 0 , false, NULL, NULL, NULL); iclass_simulate(ICLASS_SIM_MODE_FULL, 0 , false, NULL, NULL, NULL);
@ -223,14 +232,14 @@ static int reader_attack_mode(void) {
static int reader_dump_mode(void) { static int reader_dump_mode(void) {
BigBuf_free(); bool have_aa2 = (memcmp(aa2_key, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8) != 0);
uint8_t *card_data = BigBuf_malloc(0xFF * 8);
memset(card_data, 0xFF, sizeof(card_data));
bool have_aa2 = memcmp(aa2_key, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8);
for (;;) { for (;;) {
BigBuf_free();
uint8_t *card_data = BigBuf_malloc(0x100 * 8);
memset(card_data, 0xFF, sizeof(card_data));
if (BUTTON_PRESS()) { if (BUTTON_PRESS()) {
DbpString("button pressed"); DbpString("button pressed");
@ -247,7 +256,6 @@ static int reader_dump_mode(void) {
}; };
memcpy(auth.key, legacy_aa1_key, sizeof(auth.key)); memcpy(auth.key, legacy_aa1_key, sizeof(auth.key));
Iso15693InitReader(); Iso15693InitReader();
// select tag. // select tag.
@ -279,7 +287,7 @@ static int reader_dump_mode(void) {
app1_limit = hdr->conf.app_limit; app1_limit = hdr->conf.app_limit;
app2_limit = card_app2_limit[type]; app2_limit = card_app2_limit[type];
start_block = 6; start_block = 5;
res = authenticate_iclass_tag(&auth, hdr, &start_time, &eof_time, NULL); res = authenticate_iclass_tag(&auth, hdr, &start_time, &eof_time, NULL);
if (res == false) { if (res == false) {
@ -292,49 +300,51 @@ static int reader_dump_mode(void) {
} }
uint16_t dumped = 0; uint16_t dumped = 0;
// main read loop // main read loop
for (uint8_t i = start_block; i <= app1_limit; i++) { for (uint16_t i = start_block; i <= app1_limit; i++) {
res = iclass_read_block(i, card_data + (8 * i));
if (res) { if (iclass_read_block(i, card_data + (8 * i))) {
dumped++; dumped++;
} }
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
} }
if (pagemap != PICOPASS_NON_SECURE_PAGEMODE && have_aa2) { if (pagemap != PICOPASS_NON_SECURE_PAGEMODE && have_aa2) {
// authenticate AA2 // authenticate AA2
auth.use_raw = false;
auth.use_credit_key = true; auth.use_credit_key = true;
memcpy(auth.key, aa2_key, sizeof(auth.key)); memcpy(auth.key, aa2_key, sizeof(auth.key));
res = select_iclass_tag(card_data, auth.use_credit_key, &eof_time); res = select_iclass_tag(card_data, auth.use_credit_key, &eof_time);
if (res) { if (res) {
res = authenticate_iclass_tag(&auth, hdr, &start_time, &eof_time, NULL); res = authenticate_iclass_tag(&auth, hdr, &start_time, &eof_time, NULL);
if (res) { if (res) {
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
for (uint8_t i = app1_limit + 1; i <= app2_limit; i++) { for (uint16_t i = app1_limit + 1; i <= app2_limit; i++) {
res = iclass_read_block(i, card_data + (8 * i)); if (iclass_read_block(i, card_data + (8 * i))) {
if (res) {
dumped++; dumped++;
} }
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; //start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
} }
} else { } else {
DbpString("failed AA2 auth"); DbpString("failed AA2 auth");
} }
} else {
DbpString("failed AA2 selecting");
} }
} }
switch_off(); switch_off();
save_to_flash(card_data, (start_block + dumped) * 8 );
SpinDelay(250); save_to_flash(card_data, (start_block + dumped) * 8 );
Dbprintf("Found a %s", card_types[type]); Dbprintf("Found a %s (blocks dumped %u)", card_types[type], dumped);
} }
Dbprintf("-=[ exiting `read & dump` mode"); DbpString("-=[ exiting `read & dump` mode");
return PM3_SUCCESS; return PM3_SUCCESS;
} }