github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-14 02:26:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added SLIX-L functions and extended hf 15 sim

Browse source
This commit is contained in:
g3gg0 2020-04-11 23:03:42 +02:00
commit a9b59a1b07
7 changed files with 1287 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

152
client/cmdhf15.c
View file

@ -263,26 +263,35 @@ static int CmdHF15Reader(const char *Cmd) {
static int CmdHF15Sim(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0);
uint8_t uid[8] = {0x00};
uint8_t memory[32] = {0x00};
//E0 16 24 00 00 00 00 00
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 sim <UID>");
PrintAndLog("Usage: hf 15 sim <UID> [<memory>]");
PrintAndLog("");
PrintAndLog(" sample: hf 15 sim E016240000000000");
PrintAndLog(" example: hf 15 sim E016240000000000");
PrintAndLog(" hf 15 sim E016240000000000 0001020304..1D1E1F");
PrintAndLog(" ");
PrintAndLog(" sniff/decode mode: (live snooping reader commands)");
PrintAndLog(" hf 15 sim 0000000000000000");
return 0;
}
if (param_gethex(Cmd, 0, uid, 16)) {
PrintAndLog("UID must include 16 HEX symbols");
PrintAndLog("UID must have 16 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 1, memory, 64)) {
PrintAndLog("you should include 32 hex bytes for the tag memory");
}
PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
PrintAndLog("Press the button to stop simulation");
UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes,uid,8);
memcpy(&c.d.asBytes[8],memory,32);
SendCommand(&c);
return 0;
@ -298,6 +307,137 @@ static int CmdHF15Afi(const char *Cmd) {
}
static int CmdHF15SlixChangePass(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
uint8_t old_pass[4] = {0x00};
uint8_t new_pass[4] = {0x00};
uint8_t pass_id[1] = {0x00};
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 slix_change_pass <pass_id> <old_pass> <new_pass>");
PrintAndLog("");
PrintAndLog(" pass_id 04: privacy, 08: destroy, 10: EAS/AFI");
PrintAndLog("");
PrintAndLog(" example: hf 15 slix_change_pass 04 00000000 0F0F0F0F");
return 0;
}
if (param_gethex(Cmd, 0, pass_id, 2)) {
PrintAndLog("pass_id must have 2 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 1, old_pass, 8)) {
PrintAndLog("pass must have 8 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 2, new_pass, 8)) {
PrintAndLog("pass must have 8 HEX symbols");
return 0;
}
PrintAndLog("Setting new password %02X%02X%02X%02X for ID 0x%02X", new_pass[0], new_pass[1], new_pass[2], new_pass[3], *pass_id);
UsbCommand c = {CMD_ISO_15693_SLIX_L_CHANGE_PASS, {*pass_id, 0, 0}};
memcpy(&c.arg[1],old_pass,4);
memcpy(&c.arg[2],new_pass,4);
SendCommand(&c);
return 0;
}
static int CmdHF15SlixLockPass(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
uint8_t pass[4] = {0x00};
uint8_t pass_id[1] = {0x00};
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 slix_lock_pass <pass_id> <password>");
PrintAndLog("");
PrintAndLog(" pass_id 04: privacy, 08: destroy, 10: EAS/AFI");
PrintAndLog("");
PrintAndLog(" example: hf 15 slix_lock_pass 04 0F0F0F0F");
return 0;
}
if (param_gethex(Cmd, 0, pass_id, 2)) {
PrintAndLog("pass_id must have 2 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 1, pass, 8)) {
PrintAndLog("pass must have 8 HEX symbols");
return 0;
}
PrintAndLog("Locking password %02X%02X%02X%02X for ID 0x%02X", pass[0], pass[1], pass[2], pass[3], *pass_id);
UsbCommand c = {CMD_ISO_15693_SLIX_L_LOCK_PASS, {*pass_id, 0, 0}};
memcpy(&c.arg[1],pass,4);
SendCommand(&c);
return 0;
}
static int CmdHF15Bruteforce(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
uint8_t start_cmd = 0x00;
uint8_t end_cmd = 0x00;
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 brute <start_cmd> <end_cmd>");
PrintAndLog("");
PrintAndLog(" example: hf 15 brute 40 A0");
return 0;
}
if (param_gethex(Cmd, 0, &start_cmd, 2)) {
PrintAndLog("start_cmd must have 2 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 1, &end_cmd, 2)) {
PrintAndLog("end_cmd must have 2 HEX symbols");
return 0;
}
PrintAndLog("Scanning commands 0x%02X - 0x%02X", start_cmd, end_cmd);
UsbCommand c = {CMD_ISO_15693_BRUTE_FORCE, {start_cmd, end_cmd, 0}};
SendCommand(&c);
return 0;
}
static int CmdHF15SlixDisablePrivacy(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
uint8_t pass[4] = {0x00};
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 slix_disable_privacy <pass>");
PrintAndLog("");
PrintAndLog(" example: hf 15 slix_disable_privacy 0F0F0F0F");
return 0;
}
if (param_gethex(Cmd, 0, pass, 8)) {
PrintAndLog("password must have 8 HEX symbols");
return 0;
}
PrintAndLog("Disabling privacy mode using password %02X%02X%02X%02X", pass[0], pass[1], pass[2], pass[3]);
UsbCommand c = {CMD_ISO_15693_SLIX_L_DISABLE_PRIVACY, {0, 0, 0}};
memcpy(&c.arg[0],pass,4);
SendCommand(&c);
return 0;
}
// Reads all memory pages
static int CmdHF15DumpMem(const char*Cmd) {
UsbCommand resp;
@ -1061,6 +1201,10 @@ static command_t CommandTable15[] = {
{"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"},
{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},
{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
{"brute", CmdHF15Bruteforce, 0, "Brute force ISO15693 commands"},
{"slix_disable_privacy", CmdHF15SlixDisablePrivacy, 0, "Disable privacy mode on SLIX ISO15693 tag"},
{"slix_change_pass", CmdHF15SlixChangePass, 0, "Change password of SLIX ISO15693 tag"},
{"slix_lock_pass", CmdHF15SlixLockPass, 0, "Lock password on SLIX ISO15693 tag"},
{"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"},
{"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"},
{"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},