X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/b82d8098522c841f4021177f449b7155c154d169..b8140ab10879ffe6fe8d7b7add1cb66f2610d2d1:/client/cmdhficlass.c diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 3d745d75..12a7141e 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -406,7 +406,7 @@ int CmdHFiClassDecrypt(const char *Cmd) { fclose(f); saveFile(outfilename,"bin", decrypted, blocknum*8); - + free(decrypted); return 0; } @@ -500,7 +500,7 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v return true; } -static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool verbose) { +static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool rawkey, bool verbose) { uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; @@ -508,7 +508,11 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u return false; //get div_key - HFiClassCalcDivKey(CSN, KEY, div_key, elite); + if(rawkey) + memcpy(div_key, KEY, 8); + else + HFiClassCalcDivKey(CSN, KEY, div_key, elite); + PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]); doMAC(CCNR, div_key, MAC); UsbCommand resp; @@ -530,7 +534,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u } int usage_hf_iclass_dump(void) { - PrintAndLog("Usage: hf iclass dump f k c e\n"); + PrintAndLog("Usage: hf iclass dump f k c e|r\n"); PrintAndLog("Options:"); PrintAndLog(" f : specify a filename to save dump to"); PrintAndLog(" k : *Access Key as 16 hex symbols or 1 hex to select key from memory"); @@ -538,6 +542,7 @@ int usage_hf_iclass_dump(void) { PrintAndLog(" e : If 'e' is specified, the key is interpreted as the 16 byte"); PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack"); PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format"); + PrintAndLog(" r : If 'r' is specified, the key is interpreted as raw block 3/4"); PrintAndLog(" NOTE: * = required"); PrintAndLog("Samples:"); PrintAndLog(" hf iclass dump k 001122334455667B"); @@ -554,7 +559,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { uint8_t blockno = 0; uint8_t numblks = 0; uint8_t maxBlk = 31; - uint8_t books = 1; + uint8_t app_areas = 1; uint8_t kb = 2; uint8_t KEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CreditKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; @@ -567,6 +572,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) { bool have_credit_key = false; bool use_credit_key = false; bool elite = false; + bool rawkey = false; bool errors = false; uint8_t cmdp = 0; @@ -631,6 +637,11 @@ int CmdHFiClassReader_Dump(const char *Cmd) { } cmdp += 2; break; + case 'r': + case 'R': + rawkey = true; + cmdp++; + break; default: PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); errors = true; @@ -668,15 +679,15 @@ int CmdHFiClassReader_Dump(const char *Cmd) { memcpy(tag_data, data, 8*3); blockno+=2; // 2 to force re-read of block 2 later. (seems to respond differently..) numblks = data[8]; - getMemConfig(data[13], data[12], &maxBlk, &books, &kb); + getMemConfig(data[13], data[12], &maxBlk, &app_areas, &kb); // large memory - not able to dump pages currently if (numblks > maxBlk) numblks = maxBlk; } ul_switch_off_field(); // authenticate debit key and get div_key - later store in dump block 3 - if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){ + if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){ //try twice - for some reason it sometimes fails the first time... - if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){ + if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){ ul_switch_off_field(); return 0; } @@ -714,9 +725,9 @@ int CmdHFiClassReader_Dump(const char *Cmd) { ul_switch_off_field(); memset(MAC,0,4); // AA2 authenticate credit key and git c_div_key - later store in dump block 4 - if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){ + if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){ //try twice - for some reason it sometimes fails the first time... - if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){ + if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){ ul_switch_off_field(); return 0; } @@ -776,10 +787,10 @@ int CmdHFiClassReader_Dump(const char *Cmd) { return 1; } -static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool verbose) { +static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) { uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, verbose)) + if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose)) return 0; UsbCommand resp; @@ -812,6 +823,7 @@ int usage_hf_iclass_writeblock(void) { PrintAndLog(" k : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); + PrintAndLog(" r : If 'r' is specified, no computations applied to key"); PrintAndLog("Samples:"); PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B"); PrintAndLog(" hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c"); @@ -828,6 +840,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { char tempStr[50] = {0}; bool use_credit_key = false; bool elite = false; + bool rawkey= false; bool errors = false; uint8_t cmdp = 0; while(param_getchar(Cmd, cmdp) != 0x00) @@ -883,6 +896,11 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { } cmdp += 2; break; + case 'r': + case 'R': + rawkey = true; + cmdp++; + break; default: PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); errors = true; @@ -892,13 +910,13 @@ int CmdHFiClass_WriteBlock(const char *Cmd) { } if (cmdp < 6) return usage_hf_iclass_writeblock(); - int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, true); + int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, true); ul_switch_off_field(); return ans; } int usage_hf_iclass_clone(void) { - PrintAndLog("Usage: hf iclass clone f b l k e c"); + PrintAndLog("Usage: hf iclass clone f b l k c e|r"); PrintAndLog("Options:"); PrintAndLog(" f : specify a filename to clone from"); PrintAndLog(" b : The first block to clone as 2 hex symbols"); @@ -906,6 +924,7 @@ int usage_hf_iclass_clone(void) { PrintAndLog(" k : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); + PrintAndLog(" r : If 'r' is specified, no computations applied to key"); PrintAndLog("Samples:"); PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e"); PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0"); @@ -924,6 +943,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { uint8_t dataLen = 0; bool use_credit_key = false; bool elite = false; + bool rawkey = false; bool errors = false; uint8_t cmdp = 0; while(param_getchar(Cmd, cmdp) != 0x00) @@ -987,6 +1007,11 @@ int CmdHFiClassCloneTag(const char *Cmd) { } cmdp += 2; break; + case 'r': + case 'R': + rawkey = true; + cmdp++; + break; default: PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); errors = true; @@ -1026,7 +1051,7 @@ int CmdHFiClassCloneTag(const char *Cmd) { uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, true)) + if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, true)) return 0; UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock}}; @@ -1059,11 +1084,11 @@ int CmdHFiClassCloneTag(const char *Cmd) { return 1; } -static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool verbose) { +static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose) { uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, verbose)) + if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose)) return 0; UsbCommand resp; @@ -1086,12 +1111,13 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, } int usage_hf_iclass_readblock(void) { - PrintAndLog("Usage: hf iclass readblk b k c e\n"); + PrintAndLog("Usage: hf iclass readblk b k c e|r\n"); PrintAndLog("Options:"); PrintAndLog(" b : The block number as 2 hex symbols"); PrintAndLog(" k : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); + PrintAndLog(" r : If 'r' is specified, no computations applied to key"); PrintAndLog("Samples:"); PrintAndLog(" hf iclass readblk b 06 k 0011223344556677"); PrintAndLog(" hf iclass readblk b 1B k 0011223344556677 c"); @@ -1107,6 +1133,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { uint8_t dataLen = 0; char tempStr[50] = {0}; bool elite = false; + bool rawkey = false; bool errors = false; uint8_t cmdp = 0; while(param_getchar(Cmd, cmdp) != 0x00) @@ -1153,6 +1180,11 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { } cmdp += 2; break; + case 'r': + case 'R': + rawkey = true; + cmdp++; + break; default: PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); errors = true; @@ -1163,7 +1195,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { if (cmdp < 4) return usage_hf_iclass_readblock(); - return ReadBlock(KEY, blockno, keyType, elite, true); + return ReadBlock(KEY, blockno, keyType, elite, rawkey, true); } int CmdHFiClass_loclass(const char *Cmd) { @@ -1177,7 +1209,7 @@ int CmdHFiClass_loclass(const char *Cmd) { PrintAndLog("f Bruteforce iclass dumpfile"); PrintAndLog(" An iclass dumpfile is assumed to consist of an arbitrary number of"); PrintAndLog(" malicious CSNs, and their protocol responses"); - PrintAndLog(" The the binary format of the file is expected to be as follows: "); + PrintAndLog(" The binary format of the file is expected to be as follows: "); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");