]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
bug fix for hf iclass reader and iclass detection 330/head
authormarshmellow42 <marshmellowrf@gmail.com>
Fri, 23 Jun 2017 17:50:25 +0000 (13:50 -0400)
committermarshmellow42 <marshmellowrf@gmail.com>
Fri, 23 Jun 2017 17:50:25 +0000 (13:50 -0400)
memory locations in code are now accurate and the CC output is not
corrupted by the config's crc.

also the looping and flags for what to read are now correctly
implemented in the code.

armsrc/iclass.c
client/cmdhficlass.c

index eb5a5a7969f98a7dd96d94832b5087ceb9148ed2..f69d0be28f365cfae84ed7292f7bb90b2317e5fc 100644 (file)
@@ -1661,7 +1661,7 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key)
        //Flag that we got to at least stage 1, read CSN
        read_status = 1;
 
        //Flag that we got to at least stage 1, read CSN
        read_status = 1;
 
-       // Card selected, now read e-purse (cc)
+       // Card selected, now read e-purse (cc) (only 8 bytes no CRC)
        ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
        if(ReaderReceiveIClass(resp) == 8) {
                //Save CC (e-purse) in response data
        ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
        if(ReaderReceiveIClass(resp) == 8) {
                //Save CC (e-purse) in response data
@@ -1682,21 +1682,28 @@ void ReaderIClass(uint8_t arg0) {
        uint8_t card_data[6 * 8]={0};
        memset(card_data, 0xFF, sizeof(card_data));
        uint8_t last_csn[8]={0};
        uint8_t card_data[6 * 8]={0};
        memset(card_data, 0xFF, sizeof(card_data));
        uint8_t last_csn[8]={0};
-       
+       uint8_t resp[ICLASS_BUFFER_SIZE];
+       memset(resp, 0xFF, sizeof(resp));
        //Read conf block CRC(0x01) => 0xfa 0x22
        uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
        //Read conf block CRC(0x01) => 0xfa 0x22
        uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
-       //Read conf block CRC(0x05) => 0xde  0x64
+       //Read App Issuer Area block CRC(0x05) => 0xde  0x64
        uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
 
        uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
 
-
        int read_status= 0;
        uint8_t result_status = 0;
        int read_status= 0;
        uint8_t result_status = 0;
+       // flag to read until one tag is found successfully
        bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
        bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
+       // flag to only try 5 times to find one tag then return
        bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY;
        bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY;
-       bool use_credit_key = false;
-       if (arg0 & FLAG_ICLASS_READER_CEDITKEY)
-               use_credit_key = true;
-       set_tracing(TRUE);
+       // if neither abort_after_read nor try_once then continue reading until button pressed.
+
+       bool use_credit_key = arg0 & FLAG_ICLASS_READER_CEDITKEY;
+       // test flags for what blocks to be sure to read
+       uint8_t flagReadConfig = arg0 & FLAG_ICLASS_READER_CONF;
+       uint8_t flagReadCC = arg0 & FLAG_ICLASS_READER_CC;
+       uint8_t flagReadAA = arg0 & FLAG_ICLASS_READER_AA;
+
+       set_tracing(true);
        setupIclassReader();
 
        uint16_t tryCnt=0;
        setupIclassReader();
 
        uint16_t tryCnt=0;
@@ -1721,21 +1728,22 @@ void ReaderIClass(uint8_t arg0) {
                // moving CC forward 8 bytes
                memcpy(card_data+16,card_data+8, 8);
                //Read block 1, config
                // moving CC forward 8 bytes
                memcpy(card_data+16,card_data+8, 8);
                //Read block 1, config
-               if(arg0 & FLAG_ICLASS_READER_CONF)
-               {
-                       if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
+               if(flagReadConfig) {
+                       if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, 10, 10))
                        {
                                result_status |= FLAG_ICLASS_READER_CONF;
                        {
                                result_status |= FLAG_ICLASS_READER_CONF;
+                               memcpy(card_data+8, resp, 8);
                        } else {
                                Dbprintf("Failed to dump config block");
                        }
                }
 
                //Read block 5, AA
                        } else {
                                Dbprintf("Failed to dump config block");
                        }
                }
 
                //Read block 5, AA
-               if(arg0 & FLAG_ICLASS_READER_AA){
-                       if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
+               if(flagReadAA) {
+                       if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, 10, 10))
                        {
                                result_status |= FLAG_ICLASS_READER_AA;
                        {
                                result_status |= FLAG_ICLASS_READER_AA;
+                               memcpy(card_data+(8*5), resp, 8);
                        } else {
                                //Dbprintf("Failed to dump AA block");
                        }
                        } else {
                                //Dbprintf("Failed to dump AA block");
                        }
@@ -1747,16 +1755,15 @@ void ReaderIClass(uint8_t arg0) {
                // (3,4 write-only, kc and kd)
                // 5 Application issuer area
                //
                // (3,4 write-only, kc and kd)
                // 5 Application issuer area
                //
-               //Then we can 'ship' back the 8 * 5 bytes of data,
+               //Then we can 'ship' back the 8 * 6 bytes of data,
                // with 0xFF:s in block 3 and 4.
 
                LED_B_ON();
                //Send back to client, but don't bother if we already sent this
                if(memcmp(last_csn, card_data, 8) != 0)
                {
                // with 0xFF:s in block 3 and 4.
 
                LED_B_ON();
                //Send back to client, but don't bother if we already sent this
                if(memcmp(last_csn, card_data, 8) != 0)
                {
-                       // If caller requires that we get CC, continue until we got it
-                       if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
-                       {
+                       // If caller requires that we get Conf, CC, AA, continue until we got it
+                       if( (result_status ^ FLAG_ICLASS_READER_CSN ^ flagReadConfig ^ flagReadCC ^ flagReadAA) == 0) {
                                cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
                                if(abort_after_read) {
                                        LED_A_OFF();
                                cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
                                if(abort_after_read) {
                                        LED_A_OFF();
index 55dd555ad56013ca92bf7f98963515e5c558ecac..05ca39e4e7e2f7c2963e0028925cced58d9f415d 100644 (file)
@@ -180,10 +180,10 @@ int CmdHFiClassSim(const char *Cmd) {
 
 int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
        bool tagFound = false;
 
 int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
        bool tagFound = false;
-       UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
-                                       FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
+       UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
+                   FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA |
+                   FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY } };
        // loop in client not device - else on windows have a communication error
        // loop in client not device - else on windows have a communication error
-       c.arg[0] |= FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY;
        UsbCommand resp;
        while(!ukbhit()){
                SendCommand(&c);
        UsbCommand resp;
        while(!ukbhit()){
                SendCommand(&c);
@@ -191,27 +191,24 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
                        uint8_t readStatus = resp.arg[0] & 0xff;
                        uint8_t *data = resp.d.asBytes;
 
                        uint8_t readStatus = resp.arg[0] & 0xff;
                        uint8_t *data = resp.d.asBytes;
 
-                       if (verbose)
-                               PrintAndLog("Readstatus:%02x", readStatus);
-                       if( readStatus == 0){
-                               //Aborted
-                               if (verbose) PrintAndLog("Quitting...");
-                               return 0;
-                       }
-                       if( readStatus & FLAG_ICLASS_READER_CSN){
+                       // no tag found
+                       if( readStatus == 0) continue;
+
+                       if( readStatus & FLAG_ICLASS_READER_CSN) {
                                PrintAndLog("   CSN: %s",sprint_hex(data,8));
                                tagFound = true;
                        }
                                PrintAndLog("   CSN: %s",sprint_hex(data,8));
                                tagFound = true;
                        }
-                       if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("    CC: %s",sprint_hex(data+16,8));
-                       if( readStatus & FLAG_ICLASS_READER_CONF){
+                       if( readStatus & FLAG_ICLASS_READER_CC) { 
+                               PrintAndLog("    CC: %s",sprint_hex(data+16,8));
+                       }
+                       if( readStatus & FLAG_ICLASS_READER_CONF) {
                                printIclassDumpInfo(data);
                        }
                                printIclassDumpInfo(data);
                        }
-                       //TODO add iclass read block 05 and test iclass type..
                        if (readStatus & FLAG_ICLASS_READER_AA) {
                                bool legacy = true;
                        if (readStatus & FLAG_ICLASS_READER_AA) {
                                bool legacy = true;
-                               PrintAndLog(" AppIA: %s",sprint_hex(data+8*4,8));
+                               PrintAndLog(" AppIA: %s",sprint_hex(data+8*5,8));
                                for (int i = 0; i<8; i++) {
                                for (int i = 0; i<8; i++) {
-                                       if (data[8*4+i] != 0xFF) {
+                                       if (data[8*5+i] != 0xFF) {
                                                legacy = false;
                                        } 
                                }
                                                legacy = false;
                                        } 
                                }
Impressum, Datenschutz