+ cmdp += 2;
+ break;
+ case 'e':
+ case 'E':
+ elite = true;
+ cmdp++;
+ break;
+ case 'f':
+ case 'F':
+ fileNameLen = param_getstr(Cmd, cmdp+1, filename);
+ if (fileNameLen < 1) {
+ PrintAndLog("No filename found after f");
+ errors = true;
+ }
+ cmdp += 2;
+ break;
+ case 'k':
+ case 'K':
+ dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+ if (dataLen == 16) {
+ errors = param_gethex(tempStr, 0, KEY, dataLen);
+ } else if (dataLen == 1) {
+ keyNbr = param_get8(Cmd, cmdp+1);
+ if (keyNbr <= ICLASS_KEYS_MAX) {
+ memcpy(KEY, iClass_Key_Table[keyNbr], 8);
+ } else {
+ PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
+ errors = true;
+ }
+ } else {
+ PrintAndLog("\nERROR: Credit Key is incorrect length\n");
+ errors = true;
+ }
+ cmdp += 2;
+ break;
+ default:
+ PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
+ errors = true;
+ break;
+ }
+ if(errors) return usage_hf_iclass_dump();
+ }
+
+ if (cmdp < 2) return usage_hf_iclass_dump();
+
+ //get config and first 3 blocks
+ UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
+ FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY}};
+ UsbCommand resp;
+ uint8_t tag_data[255*8];
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ uint8_t readStatus = resp.arg[0] & 0xff;
+ uint8_t *data = resp.d.asBytes;
+
+ if( readStatus == 0){
+ //Aborted
+ PrintAndLog("No tag found...");
+ return 0;
+ }
+ if( readStatus & (FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_CC)){
+ memcpy(tag_data, data, 8*3);
+ /*for (; blockno < 3; blockno++) {
+ PrintAndLog(" | %02X | %02X%02X%02X%02X%02X%02X%02X%02X |", blockno,
+ data[(blockno*8)+0],data[(blockno*8)+1],data[(blockno*8)+2],data[(blockno*8)+3],
+ data[(blockno*8)+4],data[(blockno*8)+5],data[(blockno*8)+6],data[(blockno*8)+7]);
+ }*/
+ blockno+=2;
+ numblks = data[8];
+
+ if (data[13] & 0x80) {
+ // large memory - not able to dump pages currently
+ maxBlk = 255;
+ } else {
+ maxBlk = 32;
+ }
+ //PrintAndLog("maxBlk: %02X",maxBlk);
+ }
+ } else {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
+
+ if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+ //print debit div_key
+ //PrintAndLog(" | 03 | %02X%02X%02X%02X%02X%02X%02X%02X |",
+ // div_key[0],div_key[1],div_key[2],div_key[3],
+ // div_key[4],div_key[5],div_key[6],div_key[7]);
+
+ if (have_credit_key){
+ //turn off hf field
+ //PrintAndLog("attempt 1 to auth with credit key");
+ ul_switch_off_field();
+ memset(c_div_key,0,8);
+ memset(MAC,0,4);
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ memset(c_div_key,0,8);
+ memset(MAC,0,4);
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+ //print credit div_key
+ //PrintAndLog(" | 04 | %02X%02X%02X%02X%02X%02X%02X%02X |",
+ // div_key[0],div_key[1],div_key[2],div_key[3],
+ // div_key[4],div_key[5],div_key[6],div_key[7]);
+
+ //turn off hf field
+ //PrintAndLog("attempt 2 to auth with debit key");
+ ul_switch_off_field();
+ memset(div_key,0,8);
+ memset(MAC,0,4);
+ if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+ }
+ //PrintAndLog("have %d blocks",blockno);
+
+ UsbCommand w = {CMD_ICLASS_DUMP, {blockno, numblks-blockno+1, 0x88}};
+ clearCommandBuffer();
+ SendCommand(&w);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ PrintAndLog("Command execute time-out 1");
+ return 1;
+ }
+ uint32_t blocksRead = resp.arg[1];
+ uint8_t isOK = resp.arg[0] & 0xff;
+ if (!isOK && !blocksRead) {
+ PrintAndLog("Read Block Failed");
+ return 0;
+ }
+ uint32_t startindex = resp.arg[2];
+ if (blocksRead*8 > sizeof(tag_data)-(blockno*8)) {
+ PrintAndLog("Data exceeded Buffer size!");
+ blocksRead = (sizeof(tag_data)/8) - blockno;
+ }
+ //PrintAndLog("blocksread: %d, blockno: %d, startindex: %x",blocksRead,blockno,startindex);
+ GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
+ WaitForResponse(CMD_ACK,NULL);
+ uint32_t gotBytes = blocksRead*8 + blockno*8;
+
+ //PrintAndLog("have %d blocks",gotBytes/8);
+
+ if (have_credit_key && maxBlk > blockno+numblks+1) {
+ //turn off hf field
+ ul_switch_off_field();
+ //PrintAndLog("attempt 2 to auth with credit key");
+ memset(c_div_key,0,8);
+ memset(MAC,0,4);
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+ w.arg[0] = blockno + blocksRead;
+ w.arg[1] = maxBlk - (blockno + blocksRead);
+ w.arg[2] = 0x18;
+ clearCommandBuffer();
+ SendCommand(&w);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ PrintAndLog("Command execute timeout 2");
+ return 0;
+ }
+ uint8_t isOK = resp.arg[0] & 0xff;
+ blocksRead = resp.arg[1];
+ if (!isOK && !blocksRead) {
+ PrintAndLog("Read Block Failed 2");
+ return 0;
+ }
+
+ startindex = resp.arg[2];
+ if (blocksRead*8 > sizeof(tag_data)-gotBytes) {
+ PrintAndLog("Data exceeded Buffer size!");
+ blocksRead = (sizeof(tag_data) - gotBytes)/8;
+ }
+ GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
+ WaitForResponse(CMD_ACK,NULL);
+
+ gotBytes += blocksRead*8;
+ //PrintAndLog("have %d blocks",gotBytes/8);
+ }
+
+ memcpy(tag_data+(3*8),div_key,8);
+ memcpy(tag_data+(4*8),c_div_key,8);
+
+ for (blockno = 0; blockno < gotBytes/8; blockno++){
+ PrintAndLog(" | %02X | %02X%02X%02X%02X%02X%02X%02X%02X |", blockno,
+ tag_data[(blockno*8)+0],tag_data[(blockno*8)+1],tag_data[(blockno*8)+2],tag_data[(blockno*8)+3],
+ tag_data[(blockno*8)+4],tag_data[(blockno*8)+5],tag_data[(blockno*8)+6],tag_data[(blockno*8)+7]);
+ }
+ if (filename[0] == 0){
+ snprintf(filename, FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
+ tag_data[0],tag_data[1],tag_data[2],tag_data[3],
+ tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
+ }
+ saveFile(filename,"bin",tag_data, gotBytes );
+ PrintAndLog("Saving dump file - %d blocks read", gotBytes/8);
+ return 1;
+}
+
+/*
+int CmdHFiClassReader_Dump(const char *Cmd)
+{
+ uint8_t readerType = 0;
+ uint8_t MAC[4]={0x00,0x00,0x00,0x00};
+ uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t keytable[128] = {0};
+ bool elite = false;
+ bool use_credit_key = false;
+ uint8_t *used_key;
+ int i;
+ if (strlen(Cmd) < 1)
+ {
+ return usage_hf_iclass_dump();
+ }
+
+ if (param_gethex(Cmd, 0, KEY, 16))
+ {
+ PrintAndLog("KEY must include 16 HEX symbols");
+ return 1;
+ }
+
+ if (param_getchar(Cmd, 1) == 'e')
+ {
+ PrintAndLog("Elite switch on");
+ elite = true;
+
+ //calc h2
+ hash2(KEY, keytable);
+ printarr_human_readable("keytable", keytable, 128);
+
+ if (param_getchar(Cmd, 2) == 'c')
+ use_credit_key = true;
+ } else if (param_getchar(Cmd, 1) == 'c'){
+ use_credit_key = true;
+ }
+
+ UsbCommand resp;
+ uint8_t key_sel[8] = {0};
+ uint8_t key_sel_p[8] = { 0 };
+
+ UsbCommand c = {CMD_READER_ICLASS, {0}};
+ c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
+ if (use_credit_key)
+ c.arg[0] |= FLAG_ICLASS_READER_CEDITKEY;
+ clearCommandBuffer();
+ SendCommand(&c);
+
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
+ {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
+
+ uint8_t isOK = resp.arg[0] & 0xff;
+ uint8_t * data = resp.d.asBytes;
+
+ memcpy(CSN,data,8);
+ memcpy(CCNR,data+16,8);
+
+ PrintAndLog("isOk:%02x", isOK);
+
+ if(isOK > 0)
+ {
+ PrintAndLog("CSN: %s",sprint_hex(CSN,8));
+ }
+ if(isOK <= 1){
+ PrintAndLog("Failed to obtain CC! Aborting");
+ return 0;
+ }
+ //Status 2 or higher
+
+ if(elite)
+ {
+ //Get the key index (hash1)
+ uint8_t key_index[8] = {0};
+
+ hash1(CSN, key_index);
+ printvar("hash1", key_index,8);
+ for(i = 0; i < 8 ; i++)
+ key_sel[i] = keytable[key_index[i]] & 0xFF;
+ PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
+ printvar("k_sel", key_sel,8);
+ //Permute from iclass format to standard format
+ permutekey_rev(key_sel,key_sel_p);
+ used_key = key_sel_p;
+ }else{
+ used_key = KEY;
+ }
+
+ PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
+ printvar("Used key",used_key,8);
+ diversifyKey(CSN,used_key, div_key);
+ PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
+ printvar("Div key", div_key, 8);
+ printvar("CC_NR:",CCNR,12);
+ doMAC(CCNR,div_key, MAC);
+ printvar("MAC", MAC, 4);
+
+ uint8_t iclass_data[32000] = {0};
+ uint32_t iclass_datalen = 0;
+ uint32_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
+
+ UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
+ memcpy(d.d.asBytes, MAC, 4);
+ clearCommandBuffer();
+ SendCommand(&d);
+ PrintAndLog("Waiting for device to dump data. Press button on device and key on keyboard to abort...");
+ while (true) {
+ printf(".");
+ if (ukbhit()) {
+ getchar();
+ printf("\naborted via keyboard!\n");
+ break;
+ }
+ if(WaitForResponseTimeout(CMD_ACK,&resp,4500))