github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-16 02:03:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Reformatted

Browse source
This commit is contained in:
Martin Holst Swende 2015-02-14 21:17:08 +01:00
parent 7781a65656
commit 534445139c
1 changed files with 220 additions and 220 deletions
Download patch file Download diff file Expand all files Collapse all files

440
client/cmdhficlass.c
View file

@ -34,11 +34,11 @@ static int CmdHelp(const char *Cmd);
int xorbits_8(uint8_t val) int xorbits_8(uint8_t val)
{ {
uint8_t res = val ^ (val >> 1); //1st pass uint8_t res = val ^ (val >> 1); //1st pass
res = res ^ (res >> 1); // 2nd pass res = res ^ (res >> 1); // 2nd pass
res = res ^ (res >> 2); // 3rd pass res = res ^ (res >> 2); // 3rd pass
res = res ^ (res >> 4); // 4th pass res = res ^ (res >> 4); // 4th pass
return res & 1; return res & 1;
} }
int CmdHFiClassList(const char *Cmd) int CmdHFiClassList(const char *Cmd)
@ -49,44 +49,44 @@ int CmdHFiClassList(const char *Cmd)
int CmdHFiClassSnoop(const char *Cmd) int CmdHFiClassSnoop(const char *Cmd)
{ {
UsbCommand c = {CMD_SNOOP_ICLASS}; UsbCommand c = {CMD_SNOOP_ICLASS};
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
#define NUM_CSNS 15 #define NUM_CSNS 15
int CmdHFiClassSim(const char *Cmd) int CmdHFiClassSim(const char *Cmd)
{ {
uint8_t simType = 0; uint8_t simType = 0;
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0}; uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
if (strlen(Cmd)<1) { if (strlen(Cmd)<1) {
PrintAndLog("Usage: hf iclass sim [0 <CSN>] | x"); PrintAndLog("Usage: hf iclass sim [0 <CSN>] | x");
PrintAndLog(" options"); PrintAndLog(" options");
PrintAndLog(" 0 <CSN> simulate the given CSN"); PrintAndLog(" 0 <CSN> simulate the given CSN");
PrintAndLog(" 1 simulate default CSN"); PrintAndLog(" 1 simulate default CSN");
PrintAndLog(" 2 iterate CSNs, gather MACs"); PrintAndLog(" 2 iterate CSNs, gather MACs");
PrintAndLog(" sample: hf iclass sim 0 031FEC8AF7FF12E0"); PrintAndLog(" sample: hf iclass sim 0 031FEC8AF7FF12E0");
PrintAndLog(" sample: hf iclass sim 2"); PrintAndLog(" sample: hf iclass sim 2");
return 0; return 0;
} }
simType = param_get8(Cmd, 0); simType = param_get8(Cmd, 0);
if(simType == 0) if(simType == 0)
{ {
if (param_gethex(Cmd, 1, CSN, 16)) { if (param_gethex(Cmd, 1, CSN, 16)) {
PrintAndLog("A CSN should consist of 16 HEX symbols"); PrintAndLog("A CSN should consist of 16 HEX symbols");
return 1; return 1;
} }
PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8)); PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
} }
if(simType > 2) if(simType > 2)
{ {
PrintAndLog("Undefined simptype %d", simType); PrintAndLog("Undefined simptype %d", simType);
return 1; return 1;
} }
uint8_t numberOfCSNs=0; uint8_t numberOfCSNs=0;
if(simType == 2) if(simType == 2)
{ {
@ -103,23 +103,23 @@ int CmdHFiClassSim(const char *Cmd)
0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 , 0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 ,
0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 }; 0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 };
*/ */
uint8_t csns[8*NUM_CSNS] = { uint8_t csns[8*NUM_CSNS] = {
0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 }; 0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
memcpy(c.d.asBytes, csns, 8*NUM_CSNS); memcpy(c.d.asBytes, csns, 8*NUM_CSNS);
@ -164,124 +164,124 @@ int CmdHFiClassSim(const char *Cmd)
SendCommand(&c); SendCommand(&c);
} }
return 0; return 0;
} }
int CmdHFiClassReader(const char *Cmd) int CmdHFiClassReader(const char *Cmd)
{ {
UsbCommand c = {CMD_READER_ICLASS, {0}}; UsbCommand c = {CMD_READER_ICLASS, {0}};
SendCommand(&c); SendCommand(&c);
UsbCommand resp; UsbCommand resp;
while(!ukbhit()){ while(!ukbhit()){
if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
uint8_t isOK = resp.arg[0] & 0xff; uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes; uint8_t * data = resp.d.asBytes;
PrintAndLog("isOk:%02x", isOK); PrintAndLog("isOk:%02x", isOK);
if( isOK == 0){ if( isOK == 0){
//Aborted //Aborted
PrintAndLog("Quitting..."); PrintAndLog("Quitting...");
return 0; return 0;
} }
if(isOK > 0) if(isOK > 0)
{ {
PrintAndLog("CSN: %s",sprint_hex(data,8)); PrintAndLog("CSN: %s",sprint_hex(data,8));
} }
if(isOK >= 1) if(isOK >= 1)
{ {
PrintAndLog("CC: %s",sprint_hex(data+8,8)); PrintAndLog("CC: %s",sprint_hex(data+8,8));
}else{ }else{
PrintAndLog("No CC obtained"); PrintAndLog("No CC obtained");
} }
} else { } else {
PrintAndLog("Command execute timeout"); PrintAndLog("Command execute timeout");
} }
} }
return 0; return 0;
} }
int CmdHFiClassReader_Replay(const char *Cmd) int CmdHFiClassReader_Replay(const char *Cmd)
{ {
uint8_t readerType = 0; uint8_t readerType = 0;
uint8_t MAC[4]={0x00, 0x00, 0x00, 0x00}; uint8_t MAC[4]={0x00, 0x00, 0x00, 0x00};
if (strlen(Cmd)<1) { if (strlen(Cmd)<1) {
PrintAndLog("Usage: hf iclass replay <MAC>"); PrintAndLog("Usage: hf iclass replay <MAC>");
PrintAndLog(" sample: hf iclass replay 00112233"); PrintAndLog(" sample: hf iclass replay 00112233");
return 0; return 0;
} }
if (param_gethex(Cmd, 0, MAC, 8)) { if (param_gethex(Cmd, 0, MAC, 8)) {
PrintAndLog("MAC must include 8 HEX symbols"); PrintAndLog("MAC must include 8 HEX symbols");
return 1; return 1;
} }
UsbCommand c = {CMD_READER_ICLASS_REPLAY, {readerType}}; UsbCommand c = {CMD_READER_ICLASS_REPLAY, {readerType}};
memcpy(c.d.asBytes, MAC, 4); memcpy(c.d.asBytes, MAC, 4);
SendCommand(&c); SendCommand(&c);
return 0; return 0;
} }
int CmdHFiClassReader_Dump(const char *Cmd) int CmdHFiClassReader_Dump(const char *Cmd)
{ {
uint8_t readerType = 0; uint8_t readerType = 0;
uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t MAC[4]={0x00,0x00,0x00,0x00};
uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
//uint8_t CC_temp[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; //uint8_t CC_temp[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t keytable[128] = {0}; uint8_t keytable[128] = {0};
int elite = 0; int elite = 0;
uint8_t *used_key; uint8_t *used_key;
int i; int i;
if (strlen(Cmd)<1) if (strlen(Cmd)<1)
{ {
PrintAndLog("Usage: hf iclass dump <Key> [e]"); PrintAndLog("Usage: hf iclass dump <Key> [e]");
PrintAndLog(" Key - A 16 byte master key"); PrintAndLog(" Key - A 16 byte master key");
PrintAndLog(" e - If 'e' is specified, the key is interpreted as the 16 byte"); PrintAndLog(" e - If 'e' is specified, the key is interpreted as the 16 byte");
PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack"); PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack");
PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format"); PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format");
PrintAndLog(" sample: hf iclass dump 0011223344556677"); PrintAndLog(" sample: hf iclass dump 0011223344556677");
return 0; return 0;
} }
if (param_gethex(Cmd, 0, KEY, 16)) if (param_gethex(Cmd, 0, KEY, 16))
{ {
PrintAndLog("KEY must include 16 HEX symbols"); PrintAndLog("KEY must include 16 HEX symbols");
return 1; return 1;
} }
if (param_getchar(Cmd, 1) == 'e') if (param_getchar(Cmd, 1) == 'e')
{ {
PrintAndLog("Elite switch on"); PrintAndLog("Elite switch on");
elite = 1; elite = 1;
//calc h2 //calc h2
hash2(KEY, keytable); hash2(KEY, keytable);
printarr_human_readable("keytable", keytable, 128); printarr_human_readable("keytable", keytable, 128);
} }
UsbCommand resp; UsbCommand resp;
uint8_t key_sel[8] = {0}; uint8_t key_sel[8] = {0};
uint8_t key_sel_p[8] = { 0 }; uint8_t key_sel_p[8] = { 0 };
UsbCommand c = {CMD_READER_ICLASS, {0}}; UsbCommand c = {CMD_READER_ICLASS, {0}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC; c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
SendCommand(&c); SendCommand(&c);
if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
{ if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
PrintAndLog("Command execute timeout"); {
return 0; PrintAndLog("Command execute timeout");
} return 0;
}
uint8_t isOK = resp.arg[0] & 0xff; uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes; uint8_t * data = resp.d.asBytes;
@ -366,7 +366,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
//create a preferred filename //create a preferred filename
snprintf(filename, 100,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x", snprintf(filename, 100,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
CSN[0],CSN[1],CSN[2],CSN[3], CSN[0],CSN[1],CSN[2],CSN[3],
CSN[4],CSN[5],CSN[6],CSN[7]); CSN[4],CSN[5],CSN[6],CSN[7]);
saveFile(filename,"bin",iclass_data, iclass_datalen ); saveFile(filename,"bin",iclass_data, iclass_datalen );
} }
//Aaaand we're finished //Aaaand we're finished
@ -376,7 +376,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
} }
return 0; return 0;
} }
int hf_iclass_eload_usage() int hf_iclass_eload_usage()
@ -453,80 +453,80 @@ int CmdHFiClassELoad(const char *Cmd)
int CmdHFiClass_iso14443A_write(const char *Cmd) int CmdHFiClass_iso14443A_write(const char *Cmd)
{ {
uint8_t readerType = 0; uint8_t readerType = 0;
uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t MAC[4]={0x00,0x00,0x00,0x00};
uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t blockNo=0; uint8_t blockNo=0;
uint8_t bldata[8]={0}; uint8_t bldata[8]={0};
if (strlen(Cmd)<3) if (strlen(Cmd)<3)
{ {
PrintAndLog("Usage: hf iclass write <Key> <Block> <Data>"); PrintAndLog("Usage: hf iclass write <Key> <Block> <Data>");
PrintAndLog(" sample: hf iclass write 0011223344556677 10 AAAAAAAAAAAAAAAA"); PrintAndLog(" sample: hf iclass write 0011223344556677 10 AAAAAAAAAAAAAAAA");
return 0; return 0;
} }
if (param_gethex(Cmd, 0, KEY, 16)) if (param_gethex(Cmd, 0, KEY, 16))
{ {
PrintAndLog("KEY must include 16 HEX symbols"); PrintAndLog("KEY must include 16 HEX symbols");
return 1; return 1;
} }
blockNo = param_get8(Cmd, 1);
if (blockNo>32)
{
PrintAndLog("Error: Maximum number of blocks is 32 for iClass 2K Cards!");
return 1;
}
if (param_gethex(Cmd, 2, bldata, 8))
{
PrintAndLog("Block data must include 8 HEX symbols");
return 1;
}
UsbCommand c = {CMD_ICLASS_ISO14443A_WRITE, {0}};
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { blockNo = param_get8(Cmd, 1);
uint8_t isOK = resp.arg[0] & 0xff; if (blockNo>32)
uint8_t * data = resp.d.asBytes; {
PrintAndLog("Error: Maximum number of blocks is 32 for iClass 2K Cards!");
memcpy(CSN,data,8); return 1;
memcpy(CCNR,data+8,8); }
PrintAndLog("DEBUG: %s",sprint_hex(CSN,8)); if (param_gethex(Cmd, 2, bldata, 8))
PrintAndLog("DEBUG: %s",sprint_hex(CCNR,8)); {
PrintAndLog("isOk:%02x", isOK); PrintAndLog("Block data must include 8 HEX symbols");
} else { return 1;
PrintAndLog("Command execute timeout"); }
}
diversifyKey(CSN,KEY, div_key); UsbCommand c = {CMD_ICLASS_ISO14443A_WRITE, {0}};
SendCommand(&c);
UsbCommand resp;
PrintAndLog("Div Key: %s",sprint_hex(div_key,8)); if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
doMAC(CCNR, 12,div_key, MAC); uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}}; memcpy(CSN,data,8);
memcpy(c2.d.asBytes, bldata, 8); memcpy(CCNR,data+8,8);
memcpy(c2.d.asBytes+8, MAC, 4); PrintAndLog("DEBUG: %s",sprint_hex(CSN,8));
SendCommand(&c2); PrintAndLog("DEBUG: %s",sprint_hex(CCNR,8));
PrintAndLog("isOk:%02x", isOK);
} else {
PrintAndLog("Command execute timeout");
}
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { diversifyKey(CSN,KEY, div_key);
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
if (isOK) PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4)); doMAC(CCNR, 12,div_key, MAC);
else
PrintAndLog("isOk:%02x", isOK); UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
} else { memcpy(c2.d.asBytes, bldata, 8);
PrintAndLog("Command execute timeout"); memcpy(c2.d.asBytes+8, MAC, 4);
} SendCommand(&c2);
return 0;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
if (isOK)
PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
else
PrintAndLog("isOk:%02x", isOK);
} else {
PrintAndLog("Command execute timeout");
}
return 0;
} }
int CmdHFiClass_loclass(const char *Cmd) int CmdHFiClass_loclass(const char *Cmd)
{ {
@ -550,13 +550,13 @@ int CmdHFiClass_loclass(const char *Cmd)
char fileName[255] = {0}; char fileName[255] = {0};
if(opt == 'f') if(opt == 'f')
{ {
if(param_getstr(Cmd, 1, fileName) > 0) if(param_getstr(Cmd, 1, fileName) > 0)
{ {
return bruteforceFileNoKeys(fileName); return bruteforceFileNoKeys(fileName);
}else }else
{ {
PrintAndLog("You must specify a filename"); PrintAndLog("You must specify a filename");
} }
} }
else if(opt == 't') else if(opt == 't')
{ {
@ -591,12 +591,12 @@ static command_t CommandTable[] =
int CmdHFiClass(const char *Cmd) int CmdHFiClass(const char *Cmd)
{ {
CmdsParse(CommandTable, Cmd); CmdsParse(CommandTable, Cmd);
return 0; return 0;
} }
int CmdHelp(const char *Cmd) int CmdHelp(const char *Cmd)
{ {
CmdsHelp(CommandTable); CmdsHelp(CommandTable);
return 0; return 0;
} }