Implemented 'hf iclass decrypt <tagdump>'. This performs the 3des decryption of iclass tag dumps, but requires the decryption file to be present on the filesystem

2025-08-14 02:26:59 -07:00 · 2015-02-17 22:07:40 +01:00 · 2015-02-17 22:07:40 +01:00 · 41524d8a39
commit 41524d8a39
parent e80aeb9695
3 changed files with 138 additions and 25 deletions
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -53,6 +53,21 @@ int CmdHFiClassSnoop(const char *Cmd)
 	SendCommand(&c);
 	return 0;
 }
+int usage_hf_iclass_sim()
+{
+	PrintAndLog("Usage:  hf iclass sim <option> [CSN]");
+	PrintAndLog("        options");
+	PrintAndLog("                0 <CSN> simulate the given CSN");
+	PrintAndLog("                1       simulate default CSN");
+	PrintAndLog("                2       Reader-attack, gather reader responses to extract elite key");
+	PrintAndLog("                3       Full simulation using emulator memory (see 'hf iclass eload')");
+	PrintAndLog("        example: hf iclass sim 0 031FEC8AF7FF12E0");
+	PrintAndLog("        example: hf iclass sim 2");
+	PrintAndLog("        example: hf iclass eload 'tagdump.bin'");
+	PrintAndLog("                 hf iclass sim 3");
+	return 0;
+}
+
 #define NUM_CSNS 15
 int CmdHFiClassSim(const char *Cmd)
 {
@ -60,14 +75,7 @@ int CmdHFiClassSim(const char *Cmd)
 	uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};

 	if (strlen(Cmd)<1) {
-		PrintAndLog("Usage:  hf iclass sim [0 <CSN>] | x");
-		PrintAndLog("        options");
-		PrintAndLog("                0 <CSN> simulate the given CSN");
-		PrintAndLog("                1       simulate default CSN");
-		PrintAndLog("                2       iterate CSNs, gather MACs");
-		PrintAndLog("        sample: hf iclass sim 0 031FEC8AF7FF12E0");
-		PrintAndLog("        sample: hf iclass sim 2");
-		return 0;
+		usage_hf_iclass_sim();
 	}

 	simType = param_get8(Cmd, 0);
@ -76,34 +84,23 @@ int CmdHFiClassSim(const char *Cmd)
 	{
 		if (param_gethex(Cmd, 1, CSN, 16)) {
 			PrintAndLog("A CSN should consist of 16 HEX symbols");
-			return 1;
+			return usage_hf_iclass_sim();
 		}
-		PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));

+		PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
 	}
-	if(simType > 2)
+	if(simType > 3)
 	{
 		PrintAndLog("Undefined simptype %d", simType);
-		return 1;
+		return usage_hf_iclass_sim();
 	}
-	uint8_t numberOfCSNs=0;

+	uint8_t numberOfCSNs=0;
 	if(simType == 2)
 	{
 		UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
 		UsbCommand resp = {0};

-		/*uint8_t csns[8 * NUM_CSNS] = {
-			 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0 ,
-			 0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0 ,
-			 0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0 ,
-			 0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0 ,
-			 0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0 ,
-			 0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0 ,
-			 0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 ,
-			 0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 };
-*/
-
 		uint8_t csns[8*NUM_CSNS] = {
 			0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
 			0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
@ -450,6 +447,102 @@ int CmdHFiClassELoad(const char *Cmd)
 	return 0;
 }

+int usage_hf_iclass_decrypt()
+{
+	PrintAndLog("Usage: hf iclass decrypt f <tagdump> o ");
+	PrintAndLog("");
+	PrintAndLog("In order to use this function, the file 'iclass_decryptionkey.bin must reside");
+	PrintAndLog("in the working directory. The file should be 16 bytes binary data");
+	PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin");
+	PrintAndLog("");
+	PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 5. ");
+	PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
+	PrintAndLog("which is defined by the configuration block.");
+	return 1;
+}
+
+int readKeyfile(const char *filename, size_t len, uint8_t* buffer)
+{
+	FILE *f = fopen(filename, "rb");
+	if(!f) {
+		PrintAndLog("Failed to read from file '%s'", filename);
+		return 1;
+	}
+	fseek(f, 0, SEEK_END);
+	long fsize = ftell(f);
+	fseek(f, 0, SEEK_SET);
+	size_t bytes_read = fread(buffer, 1, len, f);
+	fclose(f);
+	if(fsize != len)
+	{
+		PrintAndLog("Warning, file size is %d, expected %d", fsize, len);
+		return 1;
+	}
+	if(bytes_read != len)
+	{
+		PrintAndLog("Warning, could only read %d bytes, expected %d" ,bytes_read, len);
+		return 1;
+	}
+	return 0;
+}
+
+int CmdHFiClassDecrypt(const char *Cmd)
+{
+	uint8_t key[16] = { 0 };
+	if(readKeyfile("iclass_decryptionkey.bin", 16, key))
+	{
+		usage_hf_iclass_decrypt();
+		return 1;
+	}
+	PrintAndLog("Decryption file found... ");
+	char opt = param_getchar(Cmd, 0);
+	if (strlen(Cmd)<1 || opt == 'h')
+		return usage_hf_iclass_decrypt();
+
+	//Open the tagdump-file
+	FILE *f;
+	char filename[FILE_PATH_SIZE];
+	if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0)
+	{
+		f = fopen(filename, "rb");
+	}else{
+		return usage_hf_iclass_decrypt();
+	}
+
+	fseek(f, 0, SEEK_END);
+	long fsize = ftell(f);
+	fseek(f, 0, SEEK_SET);
+	uint8_t enc_dump[8] = {0};
+	uint8_t *decrypted = malloc(fsize);
+	des3_context ctx = { DES_DECRYPT ,{ 0 } };
+	des3_set2key_dec( &ctx, key);
+	size_t bytes_read = fread(enc_dump, 1, 8, f);
+
+	//Use the first block (CSN) for filename
+	char outfilename[FILE_PATH_SIZE] = { 0 };
+	snprintf(outfilename,FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x-decrypted",
+			 enc_dump[0],enc_dump[1],enc_dump[2],enc_dump[3],
+			 enc_dump[4],enc_dump[5],enc_dump[6],enc_dump[7]);
+
+	size_t blocknum =0;
+	while(bytes_read == 8)
+	{
+		if(blocknum < 6)
+		{
+			memcpy(decrypted+(blocknum*8), enc_dump, 8);
+		}else{
+			des3_crypt_ecb(&ctx, enc_dump,decrypted +(blocknum*8) );
+		}
+		printvar("decrypted block", decrypted +(blocknum*8), 8);
+		bytes_read = fread(enc_dump, 1, 8, f);
+		blocknum++;
+	}
+	fclose(f);
+
+	saveFile(outfilename,"bin", decrypted, blocknum*8);
+
+	return 0;
+}

 int CmdHFiClass_iso14443A_write(const char *Cmd)
 {
@ -586,6 +679,7 @@ static command_t CommandTable[] =
 //	{"write",	CmdHFiClass_iso14443A_write,	0,	"Authenticate and Write iClass block"},
 	{"loclass",	CmdHFiClass_loclass,	1,	"Use loclass to perform bruteforce of reader attack dump"},
 	{"eload",   CmdHFiClassELoad,    0,     "[experimental] Load data into iclass emulator memory"},
+	{"decrypt", CmdHFiClassDecrypt,  1,     "Decrypt tagdump" },
 	{NULL, NULL, 0, NULL}
 };

--- a/client/loclass/cipher.c
+++ b/client/loclass/cipher.c
@ -45,7 +45,7 @@
 #include <stdbool.h>
 #include <stdint.h>
 #include <time.h>
-#include "fileutils.h"
+//#include "fileutils.h"
 uint8_t keytable[] = { 0,0,0,0,0,0,0,0};

 /**
--- a/client/loclass/des.h
+++ b/client/loclass/des.h
@ -78,6 +78,25 @@ typedef struct
 	uint32_t sk[96];            /*!<  3DES subkeys      */
 }
 des3_context;
+/*
+ * Triple-DES key schedule (112-bit, encryption)
+ */
+int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/*
+ * Triple-DES key schedule (112-bit, decryption)
+ */
+int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
+
+/*
+ * Triple-DES key schedule (168-bit, encryption)
+ */
+int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
+
+/*
+ * Triple-DES key schedule (168-bit, decryption)
+ */
+int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );

 /**
 * \brief          Set key parity on the given key to odd.