github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #2916 from Antiklesys/master

Browse source 
Sam firmware output in decimal and unhash to detect AES key format
This commit is contained in:
Iceman 2025-06-29 22:46:33 +02:00 committed by GitHub
commit fbdc85d6ad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 23 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
armsrc/sam_common.c
View file

@ -229,7 +229,8 @@ int sam_get_version(bool info) {
uint16_t response_len = ISO7816_MAX_FRAME; uint16_t response_len = ISO7816_MAX_FRAME;
uint8_t payload[] = { uint8_t payload[] = {
0xa0, 0x02, // <- SAM command 0xa0, // <- SAM command
0x02, // <- Length
0x82, 0x00 // <- get version 0x82, 0x00 // <- get version
}; };
uint16_t payload_len = sizeof(payload); uint16_t payload_len = sizeof(payload);
@ -278,7 +279,7 @@ int sam_get_version(bool info) {
} }
if (g_dbglevel >= DBG_INFO || info) { if (g_dbglevel >= DBG_INFO || info) {
DbpString(_BLUE_("-- SAM Information --")); DbpString(_BLUE_("-- SAM Information --"));
Dbprintf(_YELLOW_("Firmware version: ")"%X.%X", sam_version_an[2], sam_version_an[3]); Dbprintf(_YELLOW_("Firmware version: ")"%d.%d", sam_version_an[2], sam_version_an[3]);
Dbprintf(_YELLOW_("Firmware ID: ")); Dbprintf(_YELLOW_("Firmware ID: "));
Dbhexdump(sam_build_an[1], sam_build_an + 2, false); Dbhexdump(sam_build_an[1], sam_build_an + 2, false);
} }
@ -309,7 +310,8 @@ int sam_get_serial_number(void) {
uint16_t response_len = ISO7816_MAX_FRAME; uint16_t response_len = ISO7816_MAX_FRAME;
uint8_t payload[] = { uint8_t payload[] = {
0xa0, 0x02, // <- SAM command 0xa0, // <- SAM command
0x02, // <- Length
0x96, 0x00 // <- get serial number 0x96, 0x00 // <- get serial number
}; };
uint16_t payload_len = sizeof(payload); uint16_t payload_len = sizeof(payload);

18
client/src/cmdhficlass.c
View file

@ -5058,6 +5058,24 @@ static int CmdHFiClassUnhash(const char *Cmd) {
return PM3_EINVARG; return PM3_EINVARG;
} }
//check if divkey respects hash0 rules (legacy format) or if it could be AES Based
int count_lsb0 = 0;
int count_lsb1 = 0;
for (int i = 0; i < PICOPASS_BLOCK_SIZE; i++) {
if ((div_key[i] & 0x01) == 0) {
count_lsb0++;
} else {
count_lsb1++;
}
}
if(count_lsb0 != 4 || count_lsb1 != 4){
PrintAndLogEx(INFO, _RED_("Incorrect LSB Distribution, unable to unhash - the key might be AES based."));
return PM3_SUCCESS;
}
PrintAndLogEx(INFO, "Diversified key... %s", sprint_hex_inrow(div_key, sizeof(div_key))); PrintAndLogEx(INFO, "Diversified key... %s", sprint_hex_inrow(div_key, sizeof(div_key)));
PrintAndLogEx(INFO, "-----------------------------------"); PrintAndLogEx(INFO, "-----------------------------------");
invert_hash0(div_key); invert_hash0(div_key);