github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #2188 from nvx/iclass_aa2_dump_fix

Browse source 
Fix iClass dump truncating the AA2 area and improve dump reliability by fixing cmd retry delays.
This commit is contained in:
Iceman 2023-11-27 14:54:02 +01:00 committed by GitHub
commit f73d4a07e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Fixed `hf iclass dump` truncating AA2 blocks and improve reliability (@nvx)
- Added some info about UMC in "doc/magic_cards_notes.md" (@temskiy) - Added some info about UMC in "doc/magic_cards_notes.md" (@temskiy)
## [Faraday.4.17511][2023-11-13] ## [Faraday.4.17511][2023-11-13]

8
armsrc/iclass.c
View file

@ -1254,6 +1254,12 @@ static bool iclass_send_cmd_with_retries(uint8_t *cmd, size_t cmdsize, uint8_t *
if (res == PM3_SUCCESS && expected_size == resp_len) { if (res == PM3_SUCCESS && expected_size == resp_len) {
return true; return true;
} }
// Timed out waiting for the tag to reply, but perhaps the tag did hear the command and is attempting to reply
// So wait long enough for the tag to encode it's reply plus required frame delays on each side before retrying
// And then double it, because in practice it seems to make it much more likely to succeed
// Response time calculation from expected_size lifted from GetIso15693AnswerFromTag
*start_time = *eof_time + ((DELAY_ICLASS_VICC_TO_VCD_READER + DELAY_ISO15693_VCD_TO_VICC_READER + (expected_size * 8 * 8 * 16)) * 2);
} }
return false; return false;
} }
@ -1739,7 +1745,7 @@ void iClass_Dump(uint8_t *msg) {
} PACKED response; } PACKED response;
response.isOK = dumpsuccess; response.isOK = dumpsuccess;
response.block_cnt = i; response.block_cnt = i - cmd->start_block;
response.bb_offset = dataout - BigBuf_get_addr(); response.bb_offset = dataout - BigBuf_get_addr();
reply_ng(CMD_HF_ICLASS_DUMP, PM3_SUCCESS, (uint8_t *)&response, sizeof(response)); reply_ng(CMD_HF_ICLASS_DUMP, PM3_SUCCESS, (uint8_t *)&response, sizeof(response));
} }

30
client/src/cmdhficlass.c
View file

@ -2067,17 +2067,15 @@ static int CmdHFiClassDump(const char *Cmd) {
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
if (pagemap == PICOPASS_NON_SECURE_PAGEMODE) { if (pagemap != PICOPASS_NON_SECURE_PAGEMODE) {
// all memory available
memcpy(tag_data + (8 * 3), tempbuf + (8 * 3), (blocks_read * 8));
} else {
// div key KD // div key KD
memcpy(tag_data + (8 * 3), tempbuf + (8 * 3), 8); memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 3),
// AIA data tempbuf + (PICOPASS_BLOCK_SIZE * 3), PICOPASS_BLOCK_SIZE);
memcpy(tag_data + (8 * 5), tempbuf + (8 * 5), 8);
// AA1 data
memcpy(tag_data + (8 * 6), tempbuf + (8 * 6), ((blocks_read - 6) * 8));
} }
// all memory available
memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
blocks_read * PICOPASS_BLOCK_SIZE);
uint16_t bytes_got = (app_limit1 + 1) * 8; uint16_t bytes_got = (app_limit1 + 1) * 8;
@ -2135,12 +2133,14 @@ static int CmdHFiClassDump(const char *Cmd) {
} }
// div key KC // div key KC
memcpy(tag_data + (8 * 4), tempbuf + (8 * 4), 8); memcpy(tag_data + (PICOPASS_BLOCK_SIZE * 4), tempbuf + (PICOPASS_BLOCK_SIZE * 4), PICOPASS_BLOCK_SIZE);
// AA2 data // AA2 data
memcpy(tag_data + (8 * (app_limit1 + 1)), tempbuf + (8 * (app_limit1 + 1)), (blocks_read * 8)); memcpy(tag_data + (PICOPASS_BLOCK_SIZE * payload.start_block),
tempbuf + (PICOPASS_BLOCK_SIZE * payload.start_block),
blocks_read * PICOPASS_BLOCK_SIZE);
bytes_got = (blocks_read * 8); bytes_got += (blocks_read * PICOPASS_BLOCK_SIZE);
aa2_success = true; aa2_success = true;
} }
@ -3036,7 +3036,7 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e
int sio_start_block = 0, sio_end_block = 0; int sio_start_block = 0, sio_end_block = 0;
if (sio_start && sio_length > 0) { if (sio_start && sio_length > 0) {
sio_start_block = (sio_start - iclass_dump) / PICOPASS_BLOCK_SIZE; sio_start_block = (sio_start - iclass_dump) / PICOPASS_BLOCK_SIZE;
sio_end_block = sio_start_block + (sio_length + PICOPASS_BLOCK_SIZE - 1) / PICOPASS_BLOCK_SIZE - 1; sio_end_block = sio_start_block + ((sio_length + PICOPASS_BLOCK_SIZE - 1) / PICOPASS_BLOCK_SIZE) - 1;
} }
int i = startblock; int i = startblock;
@ -3107,7 +3107,7 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e
regular_print_block = true; regular_print_block = true;
} else { } else {
const char *info_ks[] = {"CSN", "Config", "E-purse", "Debit", "Credit", "AIA", "User"}; const char *info_ks[] = {"CSN", "Config", "E-purse", "Debit", "Credit", "AIA", "User", "User AA2"};
if (i >= 6 && i <= 9 && is_legacy) { if (i >= 6 && i <= 9 && is_legacy) {
// legacy credential // legacy credential
@ -3132,6 +3132,8 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e
} else { } else {
if (i < 6) { if (i < 6) {
block_info = info_ks[i]; block_info = info_ks[i];
} else if (i > hdr->conf.app_limit) {
block_info = info_ks[7];
} else { } else {
block_info = info_ks[6]; block_info = info_ks[6];
} }