fix 'hf iclass sim':

* chg to reader command decoder in iso15693.c (require no modulation before SOF) * add 'has_been_low_for' logic to hi_simulate.v (same as in other FPGA modes, default to "no modulation") * add simulation of chip status (IDLE, ACTIVE, SELECTED, HALTED) * check ACSN on SELECT * add simulation of RESELECT * always check length of reader commands * fix printing of NR, MAC in sim 2 mode * fix response length to CHECK command
2025-08-20 13:23:25 -07:00 · 2019-09-21 11:58:51 +02:00 · 2019-09-21 11:58:51 +02:00 · 5b12974a7f
commit 5b12974a7f
parent a66f26da18
5 changed files with 238 additions and 157 deletions
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -100,7 +100,46 @@ int usage_hf_iclass_sim(void) {
 	return 0;
 }

+// the original malicious IDs from Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult,
+// and Milosch Meriac. Dismantling iClass and iClass Elite.
 #define NUM_CSNS 15
+static uint8_t csns[8 * NUM_CSNS] = {
+	0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
+	0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
+
+
+// pre-defined 9 CSNs by iceman.
+// only one csn depend on several others.
+// six depends only on the first csn,  (0,1, 0x45)
+
+// #define NUM_CSNS 9
+// static uint8_t csns[8 * NUM_CSNS] = {
+    // 0x01, 0x0A, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x0C, 0x06, 0x0C, 0xFE, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x10, 0x97, 0x83, 0x7B, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x13, 0x97, 0x82, 0x7A, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x07, 0x0E, 0x0D, 0xF9, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x14, 0x96, 0x84, 0x76, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0x17, 0x96, 0x85, 0x71, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0xCE, 0xC5, 0x0F, 0x77, 0xF7, 0xFF, 0x12, 0xE0,
+    // 0xD2, 0x5A, 0x82, 0xF8, 0xF7, 0xFF, 0x12, 0xE0
+    // //0x04, 0x08, 0x9F, 0x78, 0x6E, 0xFF, 0x12, 0xE0
+// };
+
+
 int CmdHFiClassSim(const char *Cmd) {
 	uint8_t simType = 0;
 	uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
@ -123,23 +162,6 @@ int CmdHFiClassSim(const char *Cmd) {
 		UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType, NUM_CSNS}};
 		UsbCommand resp = {0};

-		uint8_t csns[8 * NUM_CSNS] = {
-			0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
-			0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
-
 		memcpy(c.d.asBytes, csns, 8 * NUM_CSNS);

 		SendCommand(&c);