mirror of
https://github.com/Proxmark/proxmark3.git
synced 2025-07-11 07:46:09 -07:00
More work on iclass full simulation, and some work on iclass tag dump parsing
This commit is contained in:
parent
b67f7ec359
commit
1defcf606f
6 changed files with 44 additions and 18 deletions
|
@ -39,8 +39,10 @@
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "fileutils.h"
|
|
||||||
#include "cipherutils.h"
|
#include "cipherutils.h"
|
||||||
|
#ifndef ON_DEVICE
|
||||||
|
#include "fileutils.h"
|
||||||
|
#endif
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
|
* @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
|
||||||
|
|
|
@ -94,6 +94,7 @@ CMDSRCS = nonce2key/crapto1.c\
|
||||||
cmdscript.c\
|
cmdscript.c\
|
||||||
pm3_bitlib.c\
|
pm3_bitlib.c\
|
||||||
aes.c\
|
aes.c\
|
||||||
|
protocols.c\
|
||||||
|
|
||||||
|
|
||||||
COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
|
COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
#include "loclass/ikeys.h"
|
#include "loclass/ikeys.h"
|
||||||
#include "loclass/elite_crack.h"
|
#include "loclass/elite_crack.h"
|
||||||
#include "loclass/fileutils.h"
|
#include "loclass/fileutils.h"
|
||||||
|
#include "protocols.h"
|
||||||
|
|
||||||
static int CmdHelp(const char *Cmd);
|
static int CmdHelp(const char *Cmd);
|
||||||
|
|
||||||
|
@ -75,10 +76,9 @@ int CmdHFiClassSim(const char *Cmd)
|
||||||
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
|
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
|
||||||
|
|
||||||
if (strlen(Cmd)<1) {
|
if (strlen(Cmd)<1) {
|
||||||
usage_hf_iclass_sim();
|
return usage_hf_iclass_sim();
|
||||||
}
|
}
|
||||||
|
simType = param_get8ex(Cmd, 0, 0, 10);
|
||||||
simType = param_get8(Cmd, 0);
|
|
||||||
|
|
||||||
if(simType == 0)
|
if(simType == 0)
|
||||||
{
|
{
|
||||||
|
@ -322,7 +322,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
|
||||||
PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
|
PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
|
||||||
printvar("Div key", div_key, 8);
|
printvar("Div key", div_key, 8);
|
||||||
printvar("CC_NR:",CCNR,12);
|
printvar("CC_NR:",CCNR,12);
|
||||||
doMAC(CCNR,12,div_key, MAC);
|
doMAC(CCNR,div_key, MAC);
|
||||||
printvar("MAC", MAC, 4);
|
printvar("MAC", MAC, 4);
|
||||||
|
|
||||||
uint8_t iclass_data[32000] = {0};
|
uint8_t iclass_data[32000] = {0};
|
||||||
|
@ -421,9 +421,12 @@ int CmdHFiClassELoad(const char *Cmd)
|
||||||
fseek(f, 0, SEEK_SET);
|
fseek(f, 0, SEEK_SET);
|
||||||
|
|
||||||
uint8_t *dump = malloc(fsize);
|
uint8_t *dump = malloc(fsize);
|
||||||
|
|
||||||
|
|
||||||
size_t bytes_read = fread(dump, 1, fsize, f);
|
size_t bytes_read = fread(dump, 1, fsize, f);
|
||||||
fclose(f);
|
fclose(f);
|
||||||
|
|
||||||
|
printIclassDumpInfo(dump);
|
||||||
//Validate
|
//Validate
|
||||||
|
|
||||||
if (bytes_read < fsize)
|
if (bytes_read < fsize)
|
||||||
|
@ -456,7 +459,7 @@ int usage_hf_iclass_decrypt()
|
||||||
PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
|
PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
|
||||||
PrintAndLog("in the working directory. The file should be 16 bytes binary data");
|
PrintAndLog("in the working directory. The file should be 16 bytes binary data");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin");
|
PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
|
PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
|
||||||
PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
|
PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
|
||||||
|
@ -604,7 +607,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
|
||||||
diversifyKey(CSN,KEY, div_key);
|
diversifyKey(CSN,KEY, div_key);
|
||||||
|
|
||||||
PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
|
PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
|
||||||
doMAC(CCNR, 12,div_key, MAC);
|
doMAC(CCNR, div_key, MAC);
|
||||||
|
|
||||||
UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
|
UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
|
||||||
memcpy(c2.d.asBytes, bldata, 8);
|
memcpy(c2.d.asBytes, bldata, 8);
|
||||||
|
|
|
@ -394,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
|
||||||
//Diversify
|
//Diversify
|
||||||
diversifyKey(item.csn, key_sel_p, div_key);
|
diversifyKey(item.csn, key_sel_p, div_key);
|
||||||
//Calc mac
|
//Calc mac
|
||||||
doMAC(item.cc_nr,12, div_key,calculated_MAC);
|
doMAC(item.cc_nr, div_key,calculated_MAC);
|
||||||
|
|
||||||
if(memcmp(calculated_MAC, item.mac, 4) == 0)
|
if(memcmp(calculated_MAC, item.mac, 4) == 0)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,7 +1,14 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <strings.h>
|
#include <strings.h>
|
||||||
|
#include <string.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include "protocols.h"
|
||||||
|
#ifndef ON_DEVICE
|
||||||
|
#include "ui.h"
|
||||||
|
#define prnt PrintAndLog
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
|
@ -25,17 +32,9 @@ typedef struct {
|
||||||
|
|
||||||
}picopass_hdr;
|
}picopass_hdr;
|
||||||
|
|
||||||
#define FUSE_FPERS 0x80
|
|
||||||
#define FUSE_CODING1 0x40
|
|
||||||
#define FUSE_CODING0 0x20
|
|
||||||
#define FUSE_CRYPT1 0x10
|
|
||||||
#define FUSE_CRYPT0 0x08
|
|
||||||
#define FUSE_FPROD1 0x04
|
|
||||||
#define FUSE_FPROD0 0x02
|
|
||||||
#define FUSE_RA 0x01
|
|
||||||
|
|
||||||
//#define prnt printf
|
//#define prnt printf
|
||||||
void prnt(char *fmt,...)
|
/*void prnt(char *fmt,...)
|
||||||
{
|
{
|
||||||
va_list argptr;
|
va_list argptr;
|
||||||
va_start(argptr, fmt);
|
va_start(argptr, fmt);
|
||||||
|
@ -44,7 +43,7 @@ void prnt(char *fmt,...)
|
||||||
va_end(argptr);
|
va_end(argptr);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
uint8_t isset(uint8_t val, uint8_t mask)
|
uint8_t isset(uint8_t val, uint8_t mask)
|
||||||
{
|
{
|
||||||
return (val & mask);
|
return (val & mask);
|
||||||
|
@ -95,6 +94,14 @@ void print_picopass_info(const picopass_hdr *hdr)
|
||||||
mem_config(hdr);
|
mem_config(hdr);
|
||||||
applimit_config(hdr);
|
applimit_config(hdr);
|
||||||
}
|
}
|
||||||
|
void printIclassDumpInfo(uint8_t* iclass_dump)
|
||||||
|
{
|
||||||
|
// picopass_hdr hdr;
|
||||||
|
// memcpy(&hdr, iclass_dump, sizeof(picopass_hdr));
|
||||||
|
print_picopass_info((picopass_hdr *) iclass_dump);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
void test()
|
void test()
|
||||||
{
|
{
|
||||||
picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
|
picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
|
||||||
|
@ -106,3 +113,4 @@ int main(int argc, char *argv[])
|
||||||
test();
|
test();
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
|
@ -170,5 +170,17 @@ NXP/Philips CUSTOM COMMANDS
|
||||||
#define ICLASS 1
|
#define ICLASS 1
|
||||||
#define ISO_14443B 2
|
#define ISO_14443B 2
|
||||||
|
|
||||||
|
//-- Picopass fuses
|
||||||
|
#define FUSE_FPERS 0x80
|
||||||
|
#define FUSE_CODING1 0x40
|
||||||
|
#define FUSE_CODING0 0x20
|
||||||
|
#define FUSE_CRYPT1 0x10
|
||||||
|
#define FUSE_CRYPT0 0x08
|
||||||
|
#define FUSE_FPROD1 0x04
|
||||||
|
#define FUSE_FPROD0 0x02
|
||||||
|
#define FUSE_RA 0x01
|
||||||
|
|
||||||
|
|
||||||
|
void printIclassDumpInfo(uint8_t* iclass_dump);
|
||||||
|
|
||||||
#endif // PROTOCOLS_H
|
#endif // PROTOCOLS_H
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue