More work on iclass full simulation, and some work on iclass tag dump parsing

2025-07-11 07:46:09 -07:00 · 2015-02-19 10:48:33 +01:00 · 2015-02-19 10:48:33 +01:00 · 1defcf606f
commit 1defcf606f
parent b67f7ec359
6 changed files with 44 additions and 18 deletions
--- a/armsrc/cipherutils.c
+++ b/armsrc/cipherutils.c
@ -39,8 +39,10 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
-#include "fileutils.h"
 #include "cipherutils.h"
+#ifndef ON_DEVICE
+#include "fileutils.h"
+#endif
 /**
 *
 * @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
--- a/client/Makefile
+++ b/client/Makefile
@ -94,6 +94,7 @@ CMDSRCS = 	nonce2key/crapto1.c\
 			cmdscript.c\
 			pm3_bitlib.c\
 			aes.c\
+			protocols.c\


 COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -29,6 +29,7 @@
 #include "loclass/ikeys.h"
 #include "loclass/elite_crack.h"
 #include "loclass/fileutils.h"
+#include "protocols.h"

 static int CmdHelp(const char *Cmd);

@ -75,10 +76,9 @@ int CmdHFiClassSim(const char *Cmd)
 	uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};

 	if (strlen(Cmd)<1) {
-		usage_hf_iclass_sim();
+		return usage_hf_iclass_sim();
 	}
-
-	simType = param_get8(Cmd, 0);
+	simType = param_get8ex(Cmd, 0, 0, 10);

 	if(simType == 0)
 	{
@ -322,7 +322,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 	PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
 	printvar("Div key", div_key, 8);
 	printvar("CC_NR:",CCNR,12);
-	doMAC(CCNR,12,div_key, MAC);
+	doMAC(CCNR,div_key, MAC);
 	printvar("MAC", MAC, 4);

 	uint8_t iclass_data[32000] = {0};
@ -421,9 +421,12 @@ int CmdHFiClassELoad(const char *Cmd)
 	fseek(f, 0, SEEK_SET);

 	uint8_t *dump = malloc(fsize);
+
+
 	size_t bytes_read = fread(dump, 1, fsize, f);
 	fclose(f);

+	printIclassDumpInfo(dump);
 	//Validate

 	if (bytes_read < fsize)
@ -456,7 +459,7 @@ int usage_hf_iclass_decrypt()
 	PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
 	PrintAndLog("in the working directory. The file should be 16 bytes binary data");
 	PrintAndLog("");
-	PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin");
+	PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin");
 	PrintAndLog("");
 	PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
 	PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
@ -604,7 +607,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
 	diversifyKey(CSN,KEY, div_key);

 	PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
-	doMAC(CCNR, 12,div_key, MAC);
+	doMAC(CCNR, div_key, MAC);

 	UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
 	memcpy(c2.d.asBytes, bldata, 8);
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@ -394,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 		//Diversify
 		diversifyKey(item.csn, key_sel_p, div_key);
 		//Calc mac
-        doMAC(item.cc_nr,12, div_key,calculated_MAC);
+		doMAC(item.cc_nr, div_key,calculated_MAC);

 		if(memcmp(calculated_MAC, item.mac, 4) == 0)
 		{
--- a/common/protocols.c
+++ b/common/protocols.c
@ -1,7 +1,14 @@
 #include <stdio.h>
 #include <strings.h>
+#include <string.h>
 #include <stdint.h>
 #include <stdarg.h>
+#include "protocols.h"
+#ifndef ON_DEVICE
+#include "ui.h"
+#define prnt PrintAndLog
+#endif
+


 typedef struct {
@ -25,17 +32,9 @@ typedef struct {

 }picopass_hdr;

-#define FUSE_FPERS   0x80
-#define FUSE_CODING1 0x40
-#define FUSE_CODING0 0x20
-#define FUSE_CRYPT1  0x10
-#define FUSE_CRYPT0  0x08
-#define FUSE_FPROD1  0x04
-#define FUSE_FPROD0  0x02
-#define FUSE_RA      0x01

 //#define prnt printf
-void prnt(char *fmt,...)
+/*void prnt(char *fmt,...)
 {
 	va_list argptr;
 	va_start(argptr, fmt);
@ -44,7 +43,7 @@ void prnt(char *fmt,...)
 	va_end(argptr);
 	printf("\n");
 }
-
+*/
 uint8_t isset(uint8_t val, uint8_t mask)
 {
 	return (val & mask);
@ -95,6 +94,14 @@ void print_picopass_info(const picopass_hdr *hdr)
 	mem_config(hdr);
 	applimit_config(hdr);
 }
+void printIclassDumpInfo(uint8_t* iclass_dump)
+{
+//	picopass_hdr hdr;
+//	memcpy(&hdr, iclass_dump, sizeof(picopass_hdr));
+	print_picopass_info((picopass_hdr *) iclass_dump);
+}
+
+/*
 void test()
 {
 	picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
@ -106,3 +113,4 @@ int main(int argc, char *argv[])
 	test();
 	return 0;
 }
+*/
--- a/common/protocols.h
+++ b/common/protocols.h
@ -170,5 +170,17 @@ NXP/Philips CUSTOM COMMANDS
 #define ICLASS     1
 #define ISO_14443B 2

+//-- Picopass fuses
+#define FUSE_FPERS   0x80
+#define FUSE_CODING1 0x40
+#define FUSE_CODING0 0x20
+#define FUSE_CRYPT1  0x10
+#define FUSE_CRYPT0  0x08
+#define FUSE_FPROD1  0x04
+#define FUSE_FPROD0  0x02
+#define FUSE_RA      0x01
+
+
+void printIclassDumpInfo(uint8_t* iclass_dump);

 #endif // PROTOCOLS_H