github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2881 from Antiklesys/master

Browse source 
Improved hf iclass legrec speed by 147%
This commit is contained in:
Iceman 2025-06-04 17:31:44 +02:00 committed by GitHub
commit fb13d52e7c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 80 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Changed `hf iclass legrec` - additional code optimizations gaining a ~147% speed increase (@antiklesys)
- Changed `hf iclass tear` - readability improvements for erase phase (@antiklesys) - Changed `hf iclass tear` - readability improvements for erase phase (@antiklesys)
- Changed `hf iclass legrec` - code optimizations gaining a ~8% speed increase (@antiklesys) - Changed `hf iclass legrec` - code optimizations gaining a ~8% speed increase (@antiklesys)
- Modified `hf iclass tear` - now has a device side implementation also. (@antiklesys) (@iceman1001) - Modified `hf iclass tear` - now has a device side implementation also. (@antiklesys) (@iceman1001)

111
armsrc/iclass.c
View file

@ -2669,39 +2669,18 @@ void iClass_Recover(iclass_recover_req_t *msg) {
//START LOOP //START LOOP
uint32_t loops = 1; uint32_t loops = 1;
bool card_select = false;
while (bits_found == -1) { bool card_auth = false;
bool card_select = false; bool priv_esc = false;
bool card_auth = false; int status_message = 0;
int reinit_tentatives = 0; int reinit_tentatives = 0;
uint8_t original_mac[8] = {0}; bool res = false;
uint16_t resp_len = 0; picopass_hdr_t hdr = {0};
int res2; uint8_t original_mac[8] = {0};
uint8_t resp[10] = {0}; uint8_t mac1[4] = {0};
uint8_t mac1[4] = {0};
uint8_t mac2[4] = {0};
picopass_hdr_t hdr = {0};
bool res = false;
int status_message = 0;
while (!card_select || !card_auth) { while (!card_select || !card_auth) {
if (BUTTON_PRESS() || loops > msg->loop) {
if(loops > msg->loop){
completed = true;
}else{
interrupted = true;
}
goto out;
}
if (msg->test) {
Dbprintf(_YELLOW_("*Cycled Reader*") " TEST Index - Loops: "_YELLOW_("%3d / %3d") " *", loops, msg->loop);
}else if (msg->debug){
Dbprintf(_YELLOW_("*Cycled Reader*") " Index: "_RED_("%3d")" Loops: "_YELLOW_("%3d / %3d") " *", index, loops, msg->loop);
}else{
DbprintfEx(FLAG_INPLACE, "[" _BLUE_("#") "] Index: "_CYAN_("%3d")" Loops: "_YELLOW_("%3d / %3d")" ", index, loops, msg->loop);
}
Iso15693InitReader(); //has to be at the top as it starts tracing Iso15693InitReader(); //has to be at the top as it starts tracing
if (!msg->debug) { if (!msg->debug) {
set_tracing(false); //disable tracing to prevent crashes - set to true for debugging set_tracing(false); //disable tracing to prevent crashes - set to true for debugging
@ -2739,10 +2718,68 @@ void iClass_Recover(iclass_recover_req_t *msg) {
} }
} }
while (bits_found == -1) {
reinit_tentatives = 0;
int res2;
uint8_t resp[10] = {0};
uint8_t mac2[4] = {0};
res = false;
uint16_t resp_len = 0;
if (BUTTON_PRESS() || loops > msg->loop) {
if(loops > msg->loop){
completed = true;
}else{
interrupted = true;
}
goto out;
}
if (msg->test) {
Dbprintf(_YELLOW_("*Cycled Reader*") " TEST Index - Loops: "_YELLOW_("%3d / %3d") " *", loops, msg->loop);
}else if (msg->debug || (!card_select && !card_auth)){
Dbprintf(_YELLOW_("*Cycled Reader*") " Index: "_RED_("%3d")" Loops: "_YELLOW_("%3d / %3d") " *", index, loops, msg->loop);
}else{
DbprintfEx(FLAG_INPLACE, "[" _BLUE_("#") "] Index: "_CYAN_("%3d")" Loops: "_YELLOW_("%3d / %3d")" ", index, loops, msg->loop);
}
while (!card_select || !card_auth) {
Iso15693InitReader(); //has to be at the top as it starts tracing
set_tracing(false); //disable tracing to prevent crashes - set to true for debugging
//Step0 Card Select Routine
eof_time = 0; //reset eof time
res = select_iclass_tag(&hdr, false, &eof_time, shallow_mod);
if (res) {
status_message = 1; //card select successful
card_select = true;
}
//Step1 Authenticate with AA1 using trace
if (card_select) {
memcpy(original_mac, msg->req.key, 8);
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
res = authenticate_iclass_tag(&msg->req, &hdr, &start_time, &eof_time, mac1);
if (res) {
status_message = 2; //authentication with AA1 macs successful
card_auth = true;
}
}
if (!card_auth || !card_select) {
reinit_tentatives++;
switch_off();
}
if (reinit_tentatives == 5) {
DbpString("");
DbpString(_RED_("Unable to select or authenticate with card multiple times! Stopping."));
goto out;
}
}
//Step2 Privilege Escalation: attempt to read AA2 with credentials for AA1 //Step2 Privilege Escalation: attempt to read AA2 with credentials for AA1
uint8_t blockno = 24; uint8_t blockno = 3;
int priv_esc_tries = 0; int priv_esc_tries = 0;
bool priv_esc = false;
while (!priv_esc) { while (!priv_esc) {
//The privilege escalation is done with a readcheck and not just a normal read! //The privilege escalation is done with a readcheck and not just a normal read!
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
@ -2761,6 +2798,11 @@ void iClass_Recover(iclass_recover_req_t *msg) {
goto out; goto out;
} }
} }
if(priv_esc && status_message != 3){
start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
iclass_send_as_reader(read_check_cc, sizeof(read_check_cc), &start_time, &eof_time, shallow_mod);
status_message = 3;
}
//Step3 Calculate New Key (Optimised Algo V2) //Step3 Calculate New Key (Optimised Algo V2)
generate_single_key_block_inverted_opt(zero_key, index, genkeyblock); generate_single_key_block_inverted_opt(zero_key, index, genkeyblock);
@ -2771,7 +2813,6 @@ void iClass_Recover(iclass_recover_req_t *msg) {
//Step4 Calculate New Mac //Step4 Calculate New Mac
uint8_t wb[9] = {0}; uint8_t wb[9] = {0};
blockno = 3;
wb[0] = blockno; wb[0] = blockno;
memcpy(wb + 1, genkeyblock, 8); memcpy(wb + 1, genkeyblock, 8);
doMAC_N(wb, sizeof(wb), div_key2, mac2); doMAC_N(wb, sizeof(wb), div_key2, mac2);
@ -2895,9 +2936,13 @@ void iClass_Recover(iclass_recover_req_t *msg) {
if (write_error && (msg->debug || msg->test)) { //if there was a write error, re-run the loop for the same key index if (write_error && (msg->debug || msg->test)) { //if there was a write error, re-run the loop for the same key index
DbpString("Loop Error: "_RED_("Repeating Loop!")); DbpString("Loop Error: "_RED_("Repeating Loop!"));
card_select = false;
card_auth = false;
priv_esc = false;
}else{ }else{
loops++; loops++;
index++; index++;
status_message = 2;
} }
}//end while }//end while

2
client/src/cmdhficlass.c
View file

@ -4842,7 +4842,7 @@ static int CmdHFiClassLegacyRecSim(void) {
PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key))); PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key)));
PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key))); PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key)));
PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index); PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index);
PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index / 7250); PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index / 17800);
} }
index++; index++;