From f94a2cb964a3b5dbe811a5b84aeed3f808a26461 Mon Sep 17 00:00:00 2001
From: Antiklesys <syselkitna@gmail.com>
Date: Fri, 27 Jun 2025 09:55:58 +0800
Subject: [PATCH 1/2] Updated sam firmware version to be in decimal digits

Updated sam firmware version to be in decimal digits
---
 armsrc/sam_common.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c
index 75a5c3527..bfa959bba 100644
--- a/armsrc/sam_common.c
+++ b/armsrc/sam_common.c
@@ -229,7 +229,8 @@ int sam_get_version(bool info) {
     uint16_t response_len = ISO7816_MAX_FRAME;
 
     uint8_t payload[] = {
-        0xa0, 0x02, // <- SAM command
+        0xa0, // <- SAM command
+        0x02, // <- Length
         0x82, 0x00 // <- get version
     };
     uint16_t payload_len = sizeof(payload);
@@ -278,7 +279,7 @@ int sam_get_version(bool info) {
         }
         if (g_dbglevel >= DBG_INFO || info) {
             DbpString(_BLUE_("-- SAM Information --"));
-            Dbprintf(_YELLOW_("Firmware version: ")"%X.%X", sam_version_an[2], sam_version_an[3]);
+            Dbprintf(_YELLOW_("Firmware version: ")"%d.%d", sam_version_an[2], sam_version_an[3]);
             Dbprintf(_YELLOW_("Firmware ID: "));
             Dbhexdump(sam_build_an[1], sam_build_an + 2, false);
         }
@@ -309,7 +310,8 @@ int sam_get_serial_number(void) {
     uint16_t response_len = ISO7816_MAX_FRAME;
 
     uint8_t payload[] = {
-        0xa0, 0x02, // <- SAM command
+        0xa0, // <- SAM command
+        0x02, // <- Length
         0x96, 0x00 // <- get serial number
     };
     uint16_t payload_len = sizeof(payload);

From 89465db4b127ed9d4a3b77fd84f252dfa50f426c Mon Sep 17 00:00:00 2001
From: Antiklesys <syselkitna@gmail.com>
Date: Fri, 27 Jun 2025 10:30:40 +0800
Subject: [PATCH 2/2] Update hf iclass unhash to check lsb

Updated hf iclass unhash to check lsb to be 4x 0 and 4x 1.
If it doesn't respect that format it means it never went through hash0 (as hash0 forces the key format to have 4x LSB set to 1 and 4x LSB set to 0) and likely to be an AES based key.
---
 client/src/cmdhficlass.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c
index ffa5d8f7d..786049787 100644
--- a/client/src/cmdhficlass.c
+++ b/client/src/cmdhficlass.c
@@ -5058,6 +5058,24 @@ static int CmdHFiClassUnhash(const char *Cmd) {
         return PM3_EINVARG;
     }
 
+    //check if divkey respects hash0 rules (legacy format) or if it could be AES Based
+
+    int count_lsb0 = 0;
+    int count_lsb1 = 0;
+
+    for (int i = 0; i < PICOPASS_BLOCK_SIZE; i++) {
+        if ((div_key[i] & 0x01) == 0) {
+            count_lsb0++;
+        } else {
+            count_lsb1++;
+        }
+    }
+
+    if(count_lsb0 != 4 || count_lsb1 != 4){
+        PrintAndLogEx(INFO, _RED_("Incorrect LSB Distribution, unable to unhash - the key might be AES based."));
+        return PM3_SUCCESS;
+    }
+
     PrintAndLogEx(INFO, "Diversified key... %s", sprint_hex_inrow(div_key, sizeof(div_key)));
     PrintAndLogEx(INFO, "-----------------------------------");
     invert_hash0(div_key);