From adacace01250ac2d86a105b609761621d2534581 Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 4 Oct 2020 14:52:59 -0400 Subject: [PATCH 1/5] hf iclass permute - now use cliparser --- client/src/cmdhficlass.c | 41 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 8dfe7720a..bc1337c0e 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -18,6 +18,7 @@ #include "cmdparser.h" // command_t #include "commonutil.h" // ARRAYLEN #include "cmdtrace.h" +#include "cliparser.h" #include "util_posix.h" #include "comms.h" #include "des.h" @@ -359,20 +360,7 @@ static int usage_hf_iclass_lookup(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -static int usage_hf_iclass_permutekey(void) { - PrintAndLogEx(NORMAL, "Permute function from 'heart of darkness' paper.\n"); - PrintAndLogEx(NORMAL, "Usage: hf iclass permute [h] \n"); - PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h Show this help"); - PrintAndLogEx(NORMAL, " r reverse permuted key"); - PrintAndLogEx(NORMAL, " f permute key"); - PrintAndLogEx(NORMAL, " input bytes"); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass permute r 0123456789abcdef")); - PrintAndLogEx(NORMAL, ""); - return PM3_SUCCESS; -} + static int cmp_uint32(const void *a, const void *b) { @@ -3522,17 +3510,26 @@ static int CmdHFiClassPermuteKey(const char *Cmd) { uint8_t data[16] = {0}; bool isReverse = false; int len = 0; - char cmdp = tolower(param_getchar(Cmd, 0)); - if (strlen(Cmd) == 0 || cmdp == 'h') - return usage_hf_iclass_permutekey(); - isReverse = (cmdp == 'r'); + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass permute", + "Permute function from 'heart of darkness' paper.", + "hf iclass permute --reverse --key 0123456789abcdef\n" + "hf iclass permute --key ff55330f0055330f\n"); - param_gethex_ex(Cmd, 1, data, &len); - if (len % 2) - return usage_hf_iclass_permutekey(); + void *argtable[] = { + arg_param_begin, + arg_lit0(NULL, "reverse", "reverse permuted key"), + arg_str1(NULL, "key", "", "input key"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); - len >>= 1; + isReverse = arg_get_lit(ctx, 1); + + CLIGetHexWithReturn(ctx, 2, data, &len); + + CLIParserFree(ctx); memcpy(key, data, 8); From c85d919e20e0154ea854c8e21b40fd13ee9c8867 Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 4 Oct 2020 15:23:48 -0400 Subject: [PATCH 2/5] hf iclass view - now use cliparser --- client/src/cmdhficlass.c | 75 +++++++++++++--------------------------- 1 file changed, 24 insertions(+), 51 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index bc1337c0e..14756328f 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -225,21 +225,6 @@ static int usage_hf_iclass_readblock(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -static int usage_hf_iclass_view(void) { - PrintAndLogEx(NORMAL, "Print a iCLASS tag dump file\n"); - PrintAndLogEx(NORMAL, "Usage: hf iClass view [f ] [s ] [e ] [v]\n"); - PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h Show this help"); - PrintAndLogEx(NORMAL, " f filename of dump"); - PrintAndLogEx(NORMAL, " s print from this block (default block6)"); - PrintAndLogEx(NORMAL, " e end printing at this block (default 0, ALL)"); - PrintAndLogEx(NORMAL, " v verbose output"); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass view f hf-iclass-AA162D30F8FF12F1-dump.bin")); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass view s 1 f hf-iclass-AA162D30F8FF12F1-dump.bin")); - PrintAndLogEx(NORMAL, ""); - return PM3_SUCCESS; -} static int usage_hf_iclass_calc_newkey(void) { PrintAndLogEx(NORMAL, "Calculate new key for updating\n"); PrintAndLogEx(NORMAL, "Usage: hf iclass calc_newkey o n s [csn] e\n"); @@ -2668,43 +2653,31 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e } static int CmdHFiClassView(const char *Cmd) { - int startblock = 0; - int endblock = 0; - char filename[FILE_PATH_SIZE]; - bool errors = false, verbose = false; - uint8_t cmdp = 0; - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (tolower(param_getchar(Cmd, cmdp))) { - case 'h': - return usage_hf_iclass_view(); - case 'f': - if (param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE) { - PrintAndLogEx(FAILED, "Filename too long"); - errors = true; - break; - } - cmdp += 2; - break; - case 's': - startblock = param_get8ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - case 'e': - endblock = param_get8ex(Cmd, cmdp + 1, 0, 10); - cmdp += 2; - break; - case 'v': - verbose = true; - cmdp++; - break; - default: - PrintAndLogEx(WARNING, "unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); - errors = true; - break; - } - } + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass view", + "Print a iCLASS tag dump file", + "hf iclass view -f hf-iclass-AA162D30F8FF12F1-dump.bin\n" + "hf iclass view --startblock 1 --file hf-iclass-AA162D30F8FF12F1-dump.bin\n"); - if (errors || (strlen(Cmd) == 0)) return usage_hf_iclass_view(); + void *argtable[] = { + arg_param_begin, + arg_str1("f", "file", "", "filename of dump"), + arg_int0(NULL, "startblock", "", "print from this block (default block6)"), + arg_int0(NULL, "endblock", "", "end printing at this block (default 0, ALL)"), + arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int fnlen = 0; + char filename[FILE_PATH_SIZE]; + CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t*)filename, FILE_PATH_SIZE, &fnlen); + + int startblock = arg_get_int_def(ctx, 2, 0); + int endblock = arg_get_int_def(ctx, 3, 0); + bool verbose = arg_get_lit(ctx, 4); + + CLIParserFree(ctx); uint8_t *dump = NULL; size_t bytes_read = 0; From fbc7f05ad1537975d08dc9757559aaf45a5b5088 Mon Sep 17 00:00:00 2001 From: tcprst Date: Tue, 6 Oct 2020 09:03:24 -0400 Subject: [PATCH 3/5] rebase on master, fix merge conflict --- armsrc/Standalone/hf_iceclass.c | 2 +- client/src/cmdhficlass.c | 12 ++--- doc/cheatsheet.md | 5 +- doc/commands.md | 88 ++++++++++----------------------- 4 files changed, 35 insertions(+), 72 deletions(-) diff --git a/armsrc/Standalone/hf_iceclass.c b/armsrc/Standalone/hf_iceclass.c index 2a0ef6236..00de115e6 100644 --- a/armsrc/Standalone/hf_iceclass.c +++ b/armsrc/Standalone/hf_iceclass.c @@ -125,7 +125,7 @@ static void download_instructions(uint8_t t) { case ICE_STATE_FULLSIM: { DbpString("The emulator memory was saved to SPIFFS"); DbpString("1. " _YELLOW_("mem spiffs dump o " HF_ICLASS_FULLSIM_MOD_BIN " f " HF_ICLASS_FULLSIM_MOD" e")); - DbpString("2. " _YELLOW_("hf iclass view f " HF_ICLASS_FULLSIM_MOD_BIN)); + DbpString("2. " _YELLOW_("hf iclass view -f " HF_ICLASS_FULLSIM_MOD_BIN)); break; } case ICE_STATE_ATTACK: { diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 14756328f..6417de85b 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -2661,10 +2661,10 @@ static int CmdHFiClassView(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_str1("f", "file", "", "filename of dump"), - arg_int0(NULL, "startblock", "", "print from this block (default block6)"), - arg_int0(NULL, "endblock", "", "end printing at this block (default 0, ALL)"), - arg_lit0("v", "verbose", "verbose output"), + arg_str1("f", "file", "", "filename of dump"), + arg_int0("s", "startblock", "", "print from this block (default block6)"), + arg_int0("e", "endblock", "", "end printing at this block (default 0, ALL)"), + arg_lit0("v", "verbose", "verbose output"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -3492,7 +3492,7 @@ static int CmdHFiClassPermuteKey(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_lit0(NULL, "reverse", "reverse permuted key"), + arg_lit0("r", "reverse", "reverse permuted key"), arg_str1(NULL, "key", "", "input key"), arg_param_end }; @@ -3550,7 +3550,7 @@ static command_t CommandTable[] = { {"encrypt", CmdHFiClassEncryptBlk, AlwaysAvailable, "[options..] Encrypt given block data"}, {"decrypt", CmdHFiClassDecrypt, AlwaysAvailable, "[options..] Decrypt given block data or tag dump file" }, {"managekeys", CmdHFiClassManageKeys, AlwaysAvailable, "[options..] Manage keys to use with iclass commands"}, - {"permutekey", CmdHFiClassPermuteKey, IfPm3Iclass, " Permute function from 'heart of darkness' paper"}, + {"permute", CmdHFiClassPermuteKey, IfPm3Iclass, " Permute function from 'heart of darkness' paper"}, {"view", CmdHFiClassView, AlwaysAvailable, "[options..] Display content from tag dump file"}, {NULL, NULL, NULL, NULL} diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index bee2b2b5e..5e46f68df 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -46,9 +46,10 @@ Reverse permute iCLASS master key ``` Options --- -r reverse permuted key +-r --reverse : reverse permuted key + --key : input key -pm3 --> hf iclass permute r 3F90EBF0910F7B6F +pm3 --> hf iclass permute --reverse --key 3F90EBF0910F7B6F ``` iCLASS Reader diff --git a/doc/commands.md b/doc/commands.md index 94d28dfdf..40ce18a23 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -241,70 +241,32 @@ Check column "offline" for their availability. ### hf iclass { ICLASS RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf iclass help `|Y |`This help` +|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` +|`hf iclass chk `|Y |`[options..] Check keys` +|`hf iclass clone `|N |`[options..] Restore a dump file onto a iClass tag` +|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` +|`hf iclass dump `|N |`[options..] Dump iClass tag to file` +|`hf iclass eload `|N |`[f ] Load iClass dump file into emulator memory` +|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` +|`hf iclass info `|Y |` Tag information` +|`hf iclass list `|Y |` List iClass history` +|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` +|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` +|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iClass` +|`hf iclass permute `|N |` Permute function from 'heart of darkness' paper` +|`hf iclass rdbl `|N |`[options..] Read iClass block` +|`hf iclass reader `|N |` Act like an iClass reader` +|`hf iclass readtagfile `|Y |`[options..] Display content from tag dump file` +|`hf iclass replay `|N |` Read iClass tag via replay attack` +|`hf iclass sim `|N |`[options..] Simulate iClass tag` +|`hf iclass sniff `|N |` Eavesdrop iClass communication` +|`hf iclass wrbl `|N |`[options..] Write iClass block` -|command |offline |description -|------- |------- |----------- -|`hf iclass help `|Y |`This help` -|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file` -|`hf iclass info `|Y |` Tag information` -|`hf iclass list `|Y |` List iclass history` -|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block` -|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader` -|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag` -|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication` -|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block` -|`hf iclass chk `|Y |`[options..] Check keys` -|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` -|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` -|`hf iclass replay `|N |` Read Picopass / iCLASS tag via replay attack` -|`hf iclass sim `|N |`[options..] Simulate iCLASS tag` -|`hf iclass eload `|N |`[f ] Load Picopass / iCLASS dump file into emulator memory` -|`hf iclass esave `|N |`[f ] Save emulator memory to file` -|`hf iclass eview `|N |`[options..] View emulator memory` -|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` -|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` -|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` -|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands` -|`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper` -|`hf iclass view `|Y |`[options..] Display content from tag dump file` - - -### hf legic - - { LEGIC RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf legic help `|Y |`This help` -|`hf legic list `|Y |`List LEGIC history` -|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info` -|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data` -|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file` -|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag` -|`hf legic rdbl `|N |`Read bytes from a LEGIC Prime tag` -|`hf legic sim `|N |`Start tag simulator` -|`hf legic wrbl `|N |`Write data to a LEGIC Prime tag` -|`hf legic crc `|Y |`Calculate Legic CRC over given bytes` -|`hf legic eload `|Y |`Load binary dump to emulator memory` -|`hf legic esave `|Y |`Save emulator memory to binary file` -|`hf legic wipe `|N |`Wipe a LEGIC Prime tag` - - -### hf lto - - { LTO Cartridge Memory RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf lto help `|Y |`This help` -|`hf lto dump `|N |`Dump LTO-CM tag to file` -|`hf lto restore `|N |`Restore dump file to LTO-CM tag` -|`hf lto info `|N |`Tag information` -|`hf lto rdbl `|N |`Read block` -|`hf lto wrbl `|N |`Write block` -|`hf lto list `|Y |`List LTO-CM history` - - + ### hf mf { MIFARE RFIDs... } From c276f48c464d98c0e9fbb30add9236052d68be5e Mon Sep 17 00:00:00 2001 From: tcprst Date: Tue, 6 Oct 2020 09:35:49 -0400 Subject: [PATCH 4/5] fix dropped legic, lto --- doc/commands.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/doc/commands.md b/doc/commands.md index 40ce18a23..9771b8942 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -266,6 +266,42 @@ Check column "offline" for their availability. |`hf iclass sniff `|N |` Eavesdrop iClass communication` |`hf iclass wrbl `|N |`[options..] Write iClass block` + +### hf legic + + { LEGIC RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf legic help `|Y |`This help` +|`hf legic list `|Y |`List LEGIC history` +|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info` +|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data` +|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file` +|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag` +|`hf legic rdbl `|N |`Read bytes from a LEGIC Prime tag` +|`hf legic sim `|N |`Start tag simulator` +|`hf legic wrbl `|N |`Write data to a LEGIC Prime tag` +|`hf legic crc `|Y |`Calculate Legic CRC over given bytes` +|`hf legic eload `|Y |`Load binary dump to emulator memory` +|`hf legic esave `|Y |`Save emulator memory to binary file` +|`hf legic wipe `|N |`Wipe a LEGIC Prime tag` + + +### hf lto + + { LTO Cartridge Memory RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf lto help `|Y |`This help` +|`hf lto dump `|N |`Dump LTO-CM tag to file` +|`hf lto restore `|N |`Restore dump file to LTO-CM tag` +|`hf lto info `|N |`Tag information` +|`hf lto rdbl `|N |`Read block` +|`hf lto wrbl `|N |`Write block` +|`hf lto list `|Y |`List LTO-CM history` + ### hf mf From 4447e72486fe38d0c9004ede0fd5db8b4831fdf0 Mon Sep 17 00:00:00 2001 From: tcprst Date: Tue, 6 Oct 2020 09:38:57 -0400 Subject: [PATCH 5/5] rebase - fix missed iclass doc changes --- doc/commands.md | 48 +++++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/doc/commands.md b/doc/commands.md index 9771b8942..c0aeea991 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -242,29 +242,31 @@ Check column "offline" for their availability. { ICLASS RFIDs... } -|command |offline |description -|------- |------- |----------- -|`hf iclass help `|Y |`This help` -|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` -|`hf iclass chk `|Y |`[options..] Check keys` -|`hf iclass clone `|N |`[options..] Restore a dump file onto a iClass tag` -|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` -|`hf iclass dump `|N |`[options..] Dump iClass tag to file` -|`hf iclass eload `|N |`[f ] Load iClass dump file into emulator memory` -|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` -|`hf iclass info `|Y |` Tag information` -|`hf iclass list `|Y |` List iClass history` -|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` -|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` -|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iClass` -|`hf iclass permute `|N |` Permute function from 'heart of darkness' paper` -|`hf iclass rdbl `|N |`[options..] Read iClass block` -|`hf iclass reader `|N |` Act like an iClass reader` -|`hf iclass readtagfile `|Y |`[options..] Display content from tag dump file` -|`hf iclass replay `|N |` Read iClass tag via replay attack` -|`hf iclass sim `|N |`[options..] Simulate iClass tag` -|`hf iclass sniff `|N |` Eavesdrop iClass communication` -|`hf iclass wrbl `|N |`[options..] Write iClass block` +|command |offline |description +|------- |------- |----------- +|`hf iclass help `|Y |`This help` +|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file` +|`hf iclass info `|Y |` Tag information` +|`hf iclass list `|Y |` List iclass history` +|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block` +|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader` +|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag` +|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication` +|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block` +|`hf iclass chk `|Y |`[options..] Check keys` +|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` +|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` +|`hf iclass replay `|N |` Read Picopass / iCLASS tag via replay attack` +|`hf iclass sim `|N |`[options..] Simulate iCLASS tag` +|`hf iclass eload `|N |`[f ] Load Picopass / iCLASS dump file into emulator memory` +|`hf iclass esave `|N |`[f ] Save emulator memory to file` +|`hf iclass eview `|N |`[options..] View emulator memory` +|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` +|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` +|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` +|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands` +|`hf iclass permute `|N |` Permute function from 'heart of darkness' paper` +|`hf iclass view `|Y |`[options..] Display content from tag dump file` ### hf legic