X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/aa41c6058a4c5768d524a711af846f43ca7a236c..a61b4976bd2085bf0495855b48fcad0d9ed4572e:/client/cmdhficlass.c diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index a7ef53c1..47ff2db0 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -16,12 +16,11 @@ #include #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type #include "data.h" -//#include "proxusb.h" #include "proxmark3.h" #include "ui.h" #include "cmdparser.h" #include "cmdhficlass.h" -#include "common.h" +#include "../include/common.h" #include "util.h" #include "cmdmain.h" #include "loclass/des.h" @@ -35,11 +34,11 @@ static int CmdHelp(const char *Cmd); int xorbits_8(uint8_t val) { - uint8_t res = val ^ (val >> 1); //1st pass - res = res ^ (res >> 1); // 2nd pass - res = res ^ (res >> 2); // 3rd pass - res = res ^ (res >> 4); // 4th pass - return res & 1; + uint8_t res = val ^ (val >> 1); //1st pass + res = res ^ (res >> 1); // 2nd pass + res = res ^ (res >> 2); // 3rd pass + res = res ^ (res >> 4); // 4th pass + return res & 1; } int CmdHFiClassList(const char *Cmd) @@ -88,7 +87,7 @@ int CmdHFiClassList(const char *Cmd) timestamp = *((uint32_t *)(got+i)); parityBits = *((uint32_t *)(got+i+4)); len = got[i+8]; - frame = (got+i+9); + frame = (got+i+9); uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff; tagToReader = timestamp & 0x80000000; @@ -437,7 +436,7 @@ int CmdHFiClassReader_Replay(const char *Cmd) if (strlen(Cmd)<1) { PrintAndLog("Usage: hf iclass replay "); PrintAndLog(" sample: hf iclass replay 00112233"); - return 0; + return 0; } if (param_gethex(Cmd, 0, MAC, 8)) { @@ -461,11 +460,20 @@ int CmdHFiClassReader_Dump(const char *Cmd) uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; //uint8_t CC_temp[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - + uint8_t keytable[128] = {0}; + int elite = 0; + uint8_t *used_key; + int i; if (strlen(Cmd)<1) { - PrintAndLog("Usage: hf iclass dump "); + PrintAndLog("Usage: hf iclass dump [e]"); + PrintAndLog(" Key - A 16 byte master key"); + PrintAndLog(" e - If 'e' is specified, the key is interpreted as the 16 byte"); + PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack"); + PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format"); PrintAndLog(" sample: hf iclass dump 0011223344556677"); + + return 0; } @@ -474,14 +482,28 @@ int CmdHFiClassReader_Dump(const char *Cmd) PrintAndLog("KEY must include 16 HEX symbols"); return 1; } - + + if (param_getchar(Cmd, 1) == 'e') + { + PrintAndLog("Elite switch on"); + elite = 1; + + //calc h2 + hash2(KEY, keytable); + printarr_human_readable("keytable", keytable, 128); + + } + + UsbCommand c = {CMD_READER_ICLASS, {0}}; c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE; SendCommand(&c); UsbCommand resp; - + uint8_t key_sel[8] = {0x00}; + uint8_t key_sel_p[8] = {0x00}; + if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { uint8_t isOK = resp.arg[0] & 0xff; uint8_t * data = resp.d.asBytes; @@ -495,12 +517,41 @@ int CmdHFiClassReader_Dump(const char *Cmd) { PrintAndLog("CSN: %s",sprint_hex(CSN,8)); } - if(isOK >= 1) + if(isOK > 1) { - //PrintAndLog("CC: %s",sprint_hex(CCNR,8)); - diversifyKey(CSN,KEY, div_key); + if(elite) + { + + //Get the key index (hash1) + uint8_t key_index[8] = {0}; + + hash1(CSN, key_index); + printvar("hash1", key_index,8); + for(i = 0; i < 8 ; i++) + key_sel[i] = keytable[key_index[i]] & 0xFF; + printvar("k_sel", key_sel,8); + //Permute from iclass format to standard format + permutekey_rev(key_sel,key_sel_p); + used_key = key_sel_p; + }else{ + //Perhaps this should also be permuted to std format? + // Something like the code below? I have no std system + // to test this with /Martin + + //uint8_t key_sel_p[8] = { 0 }; + //permutekey_rev(KEY,key_sel_p); + //used_key = key_sel_p; + + used_key = KEY; + + } + printvar("Used key",used_key,8); + diversifyKey(CSN,used_key, div_key); + printvar("Div key", div_key, 8); + printvar("CC_NR:",CCNR,12); doMAC(CCNR,12,div_key, MAC); - PrintAndLog("MAC: %s",sprint_hex(MAC,sizeof(MAC))); + printvar("MAC", MAC, 4); + UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}}; memcpy(d.d.asBytes, MAC, 4); SendCommand(&d); @@ -596,14 +647,17 @@ int CmdHFiClass_iso14443A_write(const char *Cmd) static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"list", CmdHFiClassList, 0, "List iClass history"}, - {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, - {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, + {"help", CmdHelp, 1, "This help"}, + {"list", CmdHFiClassList, 0, "List iClass history"}, + {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"}, + {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"}, {"reader",CmdHFiClassReader, 0, "Read an iClass tag"}, {"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, + {"replay", CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"}, + {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"}, + {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"}, {NULL, NULL, 0, NULL} }; @@ -616,5 +670,5 @@ int CmdHFiClass(const char *Cmd) int CmdHelp(const char *Cmd) { CmdsHelp(CommandTable); - return 0; + return 0; }