'hf iclass loclass': fix error handling (#865)

* fix handling of "BEING_CRACKED" flag
* don't try to calculate KCus when some bytes couldn't be brute forced
* whitespace fixes

client/loclass/elite_crack.c

@@ -306,8 +306,7 @@ static uint32_t startvalue = 0;
  * @param keytable where to write found values.
  * @return
  */
-int bruteforceItem(dumpdata item, uint16_t keytable[])
+int bruteforceItem(dumpdata item, uint16_t keytable[]) {
-{
 	int errors = 0;
 	uint8_t key_sel_p[8] = { 0 };
 	uint8_t div_key[8] = {0};
@@ -319,6 +318,8 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 	uint8_t key_index[8] = {0};
 	hash1(item.csn, key_index);
 
+	printvar("CSN  ", item.csn, 8);
+	printvar("HASH1", key_index, 8);
 
 	/*
 	 * Determine which bytes to retrieve. A hash is typically
@@ -333,26 +334,20 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 	 * Only the lower eight bits correspond to the (hopefully cracked) key-value.
 	 **/
 	uint8_t bytes_to_recover[3] = {0};
-	uint8_t numbytes_to_recover = 0 ;
+	uint8_t numbytes_to_recover = 0;
-	int i;
-	for(i =0 ; i < 8 ; i++)
-	{
-		if(keytable[key_index[i]] & (CRACKED | BEING_CRACKED)) continue;
-		bytes_to_recover[numbytes_to_recover++] = key_index[i];
-		keytable[key_index[i]] |= BEING_CRACKED;
 
-		if(numbytes_to_recover > 3)
+	for (int i = 0; i < 8; i++) {
-		{
+		if (keytable[key_index[i]] & (CRACKED | BEING_CRACKED)) continue;
+		if (numbytes_to_recover == 3) {
 			prnlog("The CSN requires > 3 byte bruteforce, not supported");
-			printvar("CSN", item.csn,8);
-			printvar("HASH1", key_index,8);
-
 			//Before we exit, reset the 'BEING_CRACKED' to zero
 			keytable[bytes_to_recover[0]] &= ~BEING_CRACKED;
 			keytable[bytes_to_recover[1]] &= ~BEING_CRACKED;
 			keytable[bytes_to_recover[2]] &= ~BEING_CRACKED;
-
 			return 1;
+		} else {
+			bytes_to_recover[numbytes_to_recover++] = key_index[i];
+			keytable[key_index[i]] |= BEING_CRACKED;
 		}
 	}
 
@@ -370,24 +365,27 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 
 	uint32_t endmask =  1 << 8*numbytes_to_recover;
 
-	for(i =0 ; i < numbytes_to_recover && numbytes_to_recover > 1; i++)
+	for (int i = 0; i < numbytes_to_recover; i++) {
 		prnlog("Bruteforcing byte %d", bytes_to_recover[i]);
+	}
 
-	while(!found && !(brute & endmask))
+	while (!found && !(brute & endmask)) {
-	{
 
 		//Update the keytable with the brute-values
-		for(i =0 ; i < numbytes_to_recover; i++)
+		for(int i = 0 ; i < numbytes_to_recover; i++) {
-		{
 			keytable[bytes_to_recover[i]] &= 0xFF00;
-			keytable[bytes_to_recover[i]] |= (brute >> (i*8) & 0xFF);
+			keytable[bytes_to_recover[i]] |= ((brute >> (i*8)) & 0xFF);
 		}
 
 		// Piece together the key
-		key_sel[0] = keytable[key_index[0]] & 0xFF;key_sel[1] = keytable[key_index[1]] & 0xFF;
+		key_sel[0] = keytable[key_index[0]] & 0xFF;
-		key_sel[2] = keytable[key_index[2]] & 0xFF;key_sel[3] = keytable[key_index[3]] & 0xFF;
+		key_sel[1] = keytable[key_index[1]] & 0xFF;
-		key_sel[4] = keytable[key_index[4]] & 0xFF;key_sel[5] = keytable[key_index[5]] & 0xFF;
+		key_sel[2] = keytable[key_index[2]] & 0xFF;
-		key_sel[6] = keytable[key_index[6]] & 0xFF;key_sel[7] = keytable[key_index[7]] & 0xFF;
+		key_sel[3] = keytable[key_index[3]] & 0xFF;
+		key_sel[4] = keytable[key_index[4]] & 0xFF;
+		key_sel[5] = keytable[key_index[5]] & 0xFF;
+		key_sel[6] = keytable[key_index[6]] & 0xFF;
+		key_sel[7] = keytable[key_index[7]] & 0xFF;
 
 		//Permute from iclass format to standard format
 		permutekey_rev(key_sel,key_sel_p);
@@ -396,10 +394,9 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 		//Calc mac
 		doMAC(item.cc_nr, div_key,calculated_MAC);
 
-		if(memcmp(calculated_MAC, item.mac, 4) == 0)
+		if (memcmp(calculated_MAC, item.mac, 4) == 0) {
-		{
+			for (int i = 0; i < numbytes_to_recover; i++)
-			for(i =0 ; i < numbytes_to_recover; i++)
+				prnlog("=> %d: 0x%02x", bytes_to_recover[i], 0xFF & keytable[bytes_to_recover[i]]);
-				prnlog("=> %d: 0x%02x", bytes_to_recover[i],0xFF & keytable[bytes_to_recover[i]]);
 			found = true;
 			break;
 		}
@@ -410,27 +407,22 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
 			fflush(stdout);
 		}
 	}
-	if(! found)
+
-	{
+	if (!found) {
-		prnlog("Failed to recover %d bytes using the following CSN",numbytes_to_recover);
+		prnlog("\nFailed to recover %d bytes", numbytes_to_recover);
-		printvar("CSN",item.csn,8);
 		errors++;
 		//Before we exit, reset the 'BEING_CRACKED' to zero
-		for(i =0 ; i < numbytes_to_recover; i++)
+		for (int i = 0; i < numbytes_to_recover; i++) {
-		{
+			keytable[bytes_to_recover[i]] &= ~BEING_CRACKED;
-			keytable[bytes_to_recover[i]]  &= 0xFF;
-			keytable[bytes_to_recover[i]]  |= CRACK_FAILED;
 		}
-
+	} else {
-	}else
+		for (int i = 0; i < numbytes_to_recover; i++) {
-	{
+			keytable[bytes_to_recover[i]] &= ~BEING_CRACKED;
-		for(i =0 ; i < numbytes_to_recover; i++)
-		{
-			keytable[bytes_to_recover[i]]  &= 0xFF;
 			keytable[bytes_to_recover[i]] |= CRACKED;
 		}
 
 	}
+
 	return errors;
 }
 
@@ -532,12 +524,11 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
 	// master key calculation
 	uint8_t first16bytes[16] = {0};
 
-	for(i = 0 ; i < 16 ; i++)
+	for (int i = 0; i < 16; i++) {
-	{
 		first16bytes[i] = keytable[i] & 0xFF;
-		if(!(keytable[i] & CRACKED))
+		if (!(keytable[i] & CRACKED)) {
-		{
+			prnlog("Error, we are missing byte %d, cannot calculate custom key.", i);
-			prnlog("Error, we are missing byte %d, custom key calculation will fail...", i);
+			return 1;
 		}
 	}
 	errors += calculateMasterKey(first16bytes, NULL);