From fdd11c3fb20a9fb06ddcb86c7ce446ba24fa38ad Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 27 Oct 2020 20:46:43 +0100 Subject: [PATCH] Fix MAD decoding for DESFire --- client/src/cmdhfmfdes.c | 17 +++++++++++++---- client/src/mifare/mad.c | 10 ++++++++++ client/src/mifare/mad.h | 1 + 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 48b2b2a58..41ed89238 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -32,6 +32,7 @@ #include "fileutils.h" #include "mifare/mifaredefault.h" // default keys #include "mifare/ndef.h" // NDEF +#include "mifare/mad.h" #define MAX_KEY_LEN 24 #define MAX_KEYS_LIST_LEN 1024 @@ -3539,8 +3540,12 @@ static int CmdHF14ADesDump(const char *Cmd) { aid[2] = app_ids[i + 2]; PrintAndLogEx(SUCCESS, " AID : " _GREEN_("%02X%02X%02X"), aid[2], aid[1], aid[0]); - PrintAndLogEx(SUCCESS, " AID Function Cluster 0x%02X: " _YELLOW_("%s"), aid[2], cluster_to_text(aid[2])); - + if ((aid[2] >> 4) == 0xF) { + uint16_t short_aid = ((aid[2] & 0xF) << 12) | (aid[1] << 4) | (aid[0] >> 4); + PrintAndLogEx(SUCCESS, " AID mapped to MIFARE Classic AID (MAD): " _YELLOW_("%02X"), short_aid); + PrintAndLogEx(SUCCESS, " MAD AID Cluster 0x%02X : " _YELLOW_("%s"), short_aid >> 8, cluster_to_text(short_aid >> 8)); + MADDFDecodeAndPrint(short_aid); + } for (uint8_t m = 0; m < dfname_count; m++) { if (dfnames[m].aid[0] == aid[0] && dfnames[m].aid[1] == aid[1] && dfnames[m].aid[2] == aid[2]) { PrintAndLogEx(SUCCESS, " - DF " _YELLOW_("%02X%02X") " Name : " _YELLOW_("%s"), dfnames[m].fid[1], dfnames[m].fid[0], dfnames[m].name); @@ -3705,8 +3710,12 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { } PrintAndLogEx(SUCCESS, " AID : " _GREEN_("%02X%02X%02X"), aid[2], aid[1], aid[0]); - PrintAndLogEx(SUCCESS, " AID Function Cluster 0x%02X: " _YELLOW_("%s"), aid[2], cluster_to_text(aid[2])); - + if ((aid[2] >> 4) == 0xF) { + uint16_t short_aid = ((aid[2] & 0xF) << 12) | (aid[1] << 4) | (aid[0] >> 4); + PrintAndLogEx(SUCCESS, " AID mapped to MIFARE Classic AID (MAD): " _YELLOW_("%02X"), short_aid); + PrintAndLogEx(SUCCESS, " MAD AID Cluster 0x%02X : " _YELLOW_("%s"), short_aid >> 8, cluster_to_text(short_aid >> 8)); + MADDFDecodeAndPrint(short_aid); + } for (uint8_t m = 0; m < dfname_count; m++) { if (dfnames[m].aid[0] == aid[0] && dfnames[m].aid[1] == aid[1] && dfnames[m].aid[2] == aid[2]) { PrintAndLogEx(SUCCESS, " - DF " _YELLOW_("%02X%02X") " Name : " _YELLOW_("%s"), dfnames[m].fid[1], dfnames[m].fid[0], dfnames[m].name); diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index 1fe3cfb02..55868cfae 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -372,3 +372,13 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { return PM3_SUCCESS; } + +int MADDFDecodeAndPrint(uint32_t short_aid) { + open_mad_file(&mad_known_aids, false); + + char fmt[50]; + sprintf(fmt, " MAD AID Function 0x%04X :" _YELLOW_("%s"), short_aid, "%s"); + print_aid_description(mad_known_aids, short_aid, fmt, false); + close_mad_file(mad_known_aids); + return PM3_SUCCESS; +} diff --git a/client/src/mifare/mad.h b/client/src/mifare/mad.h index bb1b3800c..5500a5459 100644 --- a/client/src/mifare/mad.h +++ b/client/src/mifare/mad.h @@ -17,6 +17,7 @@ int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2); int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen, bool swapmad); int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMAD2); int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose); +int MADDFDecodeAndPrint(uint32_t short_aid); int MADCardHolderInfoDecode(uint8_t *data, size_t dataLen, bool verbose); #endif // _MAD_H_