More work on iclass full simulation, and some work on iclass tag dump parsing

This commit is contained in:
Martin Holst Swende 2015-02-19 10:48:33 +01:00
parent b67f7ec359
commit 1defcf606f
6 changed files with 44 additions and 18 deletions

View file

@ -39,8 +39,10 @@
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "fileutils.h"
#include "cipherutils.h"
#ifndef ON_DEVICE
#include "fileutils.h"
#endif
/**
*
* @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >

View file

@ -94,6 +94,7 @@ CMDSRCS = nonce2key/crapto1.c\
cmdscript.c\
pm3_bitlib.c\
aes.c\
protocols.c\
COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)

View file

@ -29,6 +29,7 @@
#include "loclass/ikeys.h"
#include "loclass/elite_crack.h"
#include "loclass/fileutils.h"
#include "protocols.h"
static int CmdHelp(const char *Cmd);
@ -75,10 +76,9 @@ int CmdHFiClassSim(const char *Cmd)
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
if (strlen(Cmd)<1) {
usage_hf_iclass_sim();
return usage_hf_iclass_sim();
}
simType = param_get8(Cmd, 0);
simType = param_get8ex(Cmd, 0, 0, 10);
if(simType == 0)
{
@ -322,7 +322,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
printvar("Div key", div_key, 8);
printvar("CC_NR:",CCNR,12);
doMAC(CCNR,12,div_key, MAC);
doMAC(CCNR,div_key, MAC);
printvar("MAC", MAC, 4);
uint8_t iclass_data[32000] = {0};
@ -421,9 +421,12 @@ int CmdHFiClassELoad(const char *Cmd)
fseek(f, 0, SEEK_SET);
uint8_t *dump = malloc(fsize);
size_t bytes_read = fread(dump, 1, fsize, f);
fclose(f);
printIclassDumpInfo(dump);
//Validate
if (bytes_read < fsize)
@ -456,7 +459,7 @@ int usage_hf_iclass_decrypt()
PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
PrintAndLog("in the working directory. The file should be 16 bytes binary data");
PrintAndLog("");
PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin");
PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin");
PrintAndLog("");
PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
@ -604,7 +607,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
diversifyKey(CSN,KEY, div_key);
PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
doMAC(CCNR, 12,div_key, MAC);
doMAC(CCNR, div_key, MAC);
UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
memcpy(c2.d.asBytes, bldata, 8);

View file

@ -394,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
//Diversify
diversifyKey(item.csn, key_sel_p, div_key);
//Calc mac
doMAC(item.cc_nr,12, div_key,calculated_MAC);
doMAC(item.cc_nr, div_key,calculated_MAC);
if(memcmp(calculated_MAC, item.mac, 4) == 0)
{

View file

@ -1,7 +1,14 @@
#include <stdio.h>
#include <strings.h>
#include <string.h>
#include <stdint.h>
#include <stdarg.h>
#include "protocols.h"
#ifndef ON_DEVICE
#include "ui.h"
#define prnt PrintAndLog
#endif
typedef struct {
@ -25,17 +32,9 @@ typedef struct {
}picopass_hdr;
#define FUSE_FPERS 0x80
#define FUSE_CODING1 0x40
#define FUSE_CODING0 0x20
#define FUSE_CRYPT1 0x10
#define FUSE_CRYPT0 0x08
#define FUSE_FPROD1 0x04
#define FUSE_FPROD0 0x02
#define FUSE_RA 0x01
//#define prnt printf
void prnt(char *fmt,...)
/*void prnt(char *fmt,...)
{
va_list argptr;
va_start(argptr, fmt);
@ -44,7 +43,7 @@ void prnt(char *fmt,...)
va_end(argptr);
printf("\n");
}
*/
uint8_t isset(uint8_t val, uint8_t mask)
{
return (val & mask);
@ -95,6 +94,14 @@ void print_picopass_info(const picopass_hdr *hdr)
mem_config(hdr);
applimit_config(hdr);
}
void printIclassDumpInfo(uint8_t* iclass_dump)
{
// picopass_hdr hdr;
// memcpy(&hdr, iclass_dump, sizeof(picopass_hdr));
print_picopass_info((picopass_hdr *) iclass_dump);
}
/*
void test()
{
picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
@ -106,3 +113,4 @@ int main(int argc, char *argv[])
test();
return 0;
}
*/

View file

@ -170,5 +170,17 @@ NXP/Philips CUSTOM COMMANDS
#define ICLASS 1
#define ISO_14443B 2
//-- Picopass fuses
#define FUSE_FPERS 0x80
#define FUSE_CODING1 0x40
#define FUSE_CODING0 0x20
#define FUSE_CRYPT1 0x10
#define FUSE_CRYPT0 0x08
#define FUSE_FPROD1 0x04
#define FUSE_FPROD0 0x02
#define FUSE_RA 0x01
void printIclassDumpInfo(uint8_t* iclass_dump);
#endif // PROTOCOLS_H