From 6f101995b633112d092b4f61b9fb2345f85ba353 Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Mon, 5 Jan 2015 09:16:06 +0100
Subject: [PATCH] Added loclass-functionality into the pm3,the functionality
 provided by loclass can now be invoked directly from the pm3. Also fixed some
 issues with how prnlog called PrintAndLog, and added some testdata for the
 loclass self-tests

---
 client/cmdhficlass.c           |  99 ++++++++++++++++++---------------
 client/loclass/elite_crack.c   |  17 ++++--
 client/loclass/fileutils.c     |   8 +--
 client/loclass/fileutils.h     |   1 +
 client/loclass/iclass_dump.bin | Bin 0 -> 3024 bytes
 5 files changed, 72 insertions(+), 53 deletions(-)
 create mode 100644 client/loclass/iclass_dump.bin

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 5146401b..dba4f113 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -42,42 +42,6 @@ int xorbits_8(uint8_t val)
     return res & 1;
 }
 
-#define ICLASS_CMD_ACTALL 0x0A
-#define ICLASS_CMD_IDENTIFY 0x0C
-#define ICLASS_CMD_READ 0x0C
-
-#define ICLASS_CMD_SELECT 0x81
-#define ICLASS_CMD_PAGESEL 0x84
-#define ICLASS_CMD_READCHECK 0x88
-#define ICLASS_CMD_CHECK 0x05
-#define ICLASS_CMD_SOF 0x0F
-#define ICLASS_CMD_HALT 0x00
-
-
-void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
-{
-
-	if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
-	{
-		  snprintf(exp,size,"READ(%d)",cmd[1]);
-		  return;
-	}
-
-    switch(cmd[0])
-    {
-	case ICLASS_CMD_ACTALL:            snprintf(exp,size,"ACTALL"); break;
-	case ICLASS_CMD_IDENTIFY:    snprintf(exp,size,"IDENTIFY"); break;
-	case ICLASS_CMD_SELECT:         snprintf(exp,size,"SELECT"); break;
-	case ICLASS_CMD_PAGESEL:         snprintf(exp,size,"PAGESEL"); break;
-	case ICLASS_CMD_READCHECK:         snprintf(exp,size,"READCHECK"); break;
-	case ICLASS_CMD_CHECK:         snprintf(exp,size,"CHECK"); break;
-	case ICLASS_CMD_SOF:            snprintf(exp,size,"SOF"); break;
-	case ICLASS_CMD_HALT:            snprintf(exp,size,"HALT"); break;
-	default:                        snprintf(exp,size,"?"); break;
-    }
-    return;
-}
-
 int CmdHFiClassList(const char *Cmd)
 {
 	PrintAndLog("Deprecated command, use 'hf list iclass' instead");
@@ -470,19 +434,64 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
   }
   return 0;
 }
+int CmdHFiClass_loclass(const char *Cmd)
+{
+	char opt = param_getchar(Cmd, 0);
+
+	if (strlen(Cmd)<1 || opt == 'h') {
+		PrintAndLog("Usage: hf iclass loclass [options]");
+		PrintAndLog("Options:");
+		PrintAndLog("h             Show this help");
+		PrintAndLog("t             Perform self-test");
+		PrintAndLog("f <filename>  Bruteforce iclass dumpfile");
+		PrintAndLog("                   An iclass dumpfile is assumed to consist of an arbitrary number of");
+		PrintAndLog("                   malicious CSNs, and their protocol responses");
+		PrintAndLog("                   The the binary format of the file is expected to be as follows: ");
+		PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+		PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+		PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+		PrintAndLog("                  ... totalling N*24 bytes");
+		return 0;
+	}
+	char fileName[255] = {0};
+	if(opt == 'f')
+	{
+			if(param_getstr(Cmd, 1, fileName) > 0)
+			{
+				return bruteforceFileNoKeys(fileName);
+			}else
+			{
+				PrintAndLog("You must specify a filename");
+			}
+	}
+	else if(opt == 't')
+	{
+		int errors = testCipherUtils();
+		errors += testMAC();
+		errors += doKeyTests(0);
+		errors += testElite();
+		if(errors)
+		{
+			prnlog("OBS! There were errors!!!");
+		}
+		return errors;
+	}
 
+	return 0;
+}
 
 static command_t CommandTable[] = 
 {
-  {"help",	CmdHelp,			1,	"This help"},
-  {"list",	CmdHFiClassList,	0,	"[Deprecated] List iClass history"},
-  {"snoop",	CmdHFiClassSnoop,	0,	"Eavesdrop iClass communication"},
-  {"sim",	CmdHFiClassSim,		0,	"Simulate iClass tag"},
-  {"reader",CmdHFiClassReader,	0,	"Read an iClass tag"},
-  {"replay",CmdHFiClassReader_Replay,	0,	"Read an iClass tag via Reply Attack"},
-  {"dump",	CmdHFiClassReader_Dump,	0,		"Authenticate and Dump iClass tag"},
-  {"write",	CmdHFiClass_iso14443A_write,	0,	"Authenticate and Write iClass block"},
-  {NULL, NULL, 0, NULL}
+	{"help",	CmdHelp,			1,	"This help"},
+	{"list",	CmdHFiClassList,	0,	"[Deprecated] List iClass history"},
+	{"snoop",	CmdHFiClassSnoop,	0,	"Eavesdrop iClass communication"},
+	{"sim",	CmdHFiClassSim,		0,	"Simulate iClass tag"},
+	{"reader",CmdHFiClassReader,	0,	"Read an iClass tag"},
+	{"replay",CmdHFiClassReader_Replay,	0,	"Read an iClass tag via Reply Attack"},
+	{"dump",	CmdHFiClassReader_Dump,	0,		"Authenticate and Dump iClass tag"},
+	{"write",	CmdHFiClass_iso14443A_write,	0,	"Authenticate and Write iClass block"},
+	{"loclass",	CmdHFiClass_loclass,	1,	"Use loclass to perform bruteforce of reader attack dump"},
+	{NULL, NULL, 0, NULL}
 };
 
 int CmdHFiClass(const char *Cmd)
diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c
index 7dc60396..f0eb964b 100644
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@@ -526,7 +526,7 @@ int bruteforceFile(const char *filename, uint16_t keytable[])
 	fseek(f, 0, SEEK_SET);
 
 	uint8_t *dump = malloc(fsize);
-    size_t bytes_read = fread(dump, fsize, 1, f);
+	size_t bytes_read = fread(dump, 1, fsize, f);
 
 	fclose(f);
     if (bytes_read < fsize)
@@ -577,9 +577,18 @@ int _testBruteforce()
 			**** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 ****
 		**/
 		uint16_t keytable[128] = {0};
-		//save some time...
-		startvalue = 0x7B0000;
-		errors |= bruteforceFile("iclass_dump.bin",keytable);
+
+		//Test a few variants
+		if(fileExists("iclass_dump.bin"))
+		{
+			errors |= bruteforceFile("iclass_dump.bin",keytable);
+		}else if(fileExists("loclass/iclass_dump.bin")){
+			errors |= bruteforceFile("loclass/iclass_dump.bin",keytable);
+		}else if(fileExists("client/loclass/iclass_dump.bin")){
+			errors |= bruteforceFile("client/loclass/iclass_dump.bin",keytable);
+		}else{
+			prnlog("Error: The file iclass_dump.bin was not found!");
+		}
 	}
 	return errors;
 }
diff --git a/client/loclass/fileutils.c b/client/loclass/fileutils.c
index 255aa313..9ea9d145 100644
--- a/client/loclass/fileutils.c
+++ b/client/loclass/fileutils.c
@@ -57,11 +57,11 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si
  */
 void prnlog(char *fmt, ...)
 {
-
+	char buffer[2048] = {0};
 	va_list args;
 	va_start(args,fmt);
-    PrintAndLog(fmt, args);
-    //vprintf(fmt,args);
+	vsprintf (buffer,fmt, args);
 	va_end(args);
-    //printf("\n");
+	PrintAndLog(buffer);
+
 }
diff --git a/client/loclass/fileutils.h b/client/loclass/fileutils.h
index a0f5a799..e02079d5 100644
--- a/client/loclass/fileutils.h
+++ b/client/loclass/fileutils.h
@@ -21,4 +21,5 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si
  * @param fmt
  */
 void prnlog(char *fmt, ...);
+int fileExists(const char *filename);
 #endif // FILEUTILS_H
diff --git a/client/loclass/iclass_dump.bin b/client/loclass/iclass_dump.bin
new file mode 100644
index 0000000000000000000000000000000000000000..bfecd1bae95d3d2681ad38183b22f1408cfc285f
GIT binary patch
literal 3024
zcmY+@YdqBX9tZH>|381j7-nR$ZdtUf+m8D!LJ7If(8wq!EMqjQnOTNaOU9;i9BI8e
z*=$Q{B&=IuC5!AOlyx?h3|VT(t<urighKW_I1j$_efWNTUY|#wFQU>nS2nd3=>HeB
zho9Kh%UB{&Y44%?`3HKUC;1#gQ*#5lLt8LKW32TuL8q@k@3_-R$?9K<!x&mi&=+PZ
z#dMqVzu;T7{)E1<I__#H?aWls)mnhwt+40o#JRshDdH#4iw-zXeh_tck(45O41HK;
z+>>;QnN0|V6VPL_C%Phi{pS%oWDoR2N^{xo9{w>XgzW=8tN5kbyoW!X6vFa`-VxV1
z7Moz%O@xJcL66pW$Tj1X$_O_%DRk1_k|vYIn@h;X?h<rHuZ6=g2QMR%jqOF~-y|OJ
z8fowPkzg{*p^w}-sei54bre~A)CpZn-}CKhKHnVQSC<RDc%`mZpZ2*N{jFNbN4>iD
zuhgFi!Q!qcd1z7VZ=16DHgfD`CGYEZFv*YLN^u%(9rm|>vB`aW#(|@vNqYxfLj6?>
zZGAgSrfa^19wDRWHl#Y%BTU5zdVx6P{_v5(tGFtr<j0OrDh$e<I|!+?2IkGZ-v{jK
zD|tY~i{_yxTXTXBh1*RKnVCO9w;)#SZr!phK?30n^n>z>x$=6l7A6o)K{qNKKOS!;
zH^EbclhBVaznk;^Q!NzpAr#P`pvJlXvPWZZk!T#c4>fy5?{(9picmBL{lkpc?KWOo
zI9V)w1fBD1hk=V>QXiIbSZV)t{pY{k8JpQih{Yo?FO;;5E`4nK2<P*a{_Dr$`lizb
z?>y0`NgFV46e|6}MMM&#1fJ4gpOqAqN7t<BVo3=~9+CH=;Ej{ZIXwAOrJkXIKX}K=
zKBu9$7zXTL+Ur>6o>f<i{8)j|A2uiOZ;(Fw2ywU;&`0uG8XjP0$S5exANsV<g=t9x
z=@k~l@`Wyoh~2@KlEd+ku-(u%L-A+Yg!v@SV(o;!C1MA5MU}Ux62|g?e!jUtG8OxC
z37H+X1N!~0BL-ilE3ROf+3nENN{?QjQ9Sh{*laiGGB;t;?N9!<t1q+Lpg&$W-jGQ>
zs?cu#L(r=hZg$Jlc|FM2FBW=$+6Fby;{814@2lk3gVl?Q9i7Se-rY()@2pulBgMLp
zh@9-JuxHqP=c57r=sCpY*g)TI`NDnM4$~%Lr$;(;pZTIj3Nc=d%xu4hKJ<Wbu~o0_
z4YFcZL4SC`pnoyBun-~K3_8UwR_AzW)+lCWdl~vfe@vwcQ$vp1Fe{*kov7rj^QLle
zTiXlJ?U?K{hmxl1aCKY{y57C+$lGfsONgYZ3w^k~FfZjNDi4{O--JFQ=5kXfK5WA+
zOqIN~GN+~a-^?!vRaH972gh5z>9bWyLj+9?dX?TK#o3C9b>!rh4}GmY?|Jl^YaXI#
zsz7(oc618QXsX62G#vUemRLY9$alx7nizCb%+&hq;`1`(?0pn^qM!BkU!G752tIEa
zdi24;XCGTKN|BGJ1Ul_LyJmg)9+%|lErRa-+gF1#O|_Y5i_S~v6+^i{Uy_|)K%&FX
zp*I*&wVeyt8b~O32K~F{dcmH*Gbre@BeT$JB2O$U=n^-y%a;dzl_gHiJKQ^sG9?4h
z;|z1w2KmollSOIwpkF&^pDzqN?urbJ2cbvA=o!cGg6?1$X?LNMS9leX-0?n?n(;gI
z(N!<4=viSk3JeZ~KI4&|yWnL!j#z=g(7DlDAMXpMokU?lLD1J8NM3Rz0!tJe8UUSP
zwow|MCnu1}_8#b7jIa?bu<t6`#@_|Kb64bzQ-ik-lUe)hp*NaVm<!UUNhnKt4SES<
zI4$)*H_oDn{Y>a-it=ll|2$WVEUg=$Yd^CZ*I^CC<DC6g(2qJ<i(M|NM<eS`s-d6u
za4?BlWN}e;fC=>R@X(IUUNt#RQqhOr`Tf^Xv()?bn4R+(=nw6CORJZ={(&5wi=Z!*
z(p_@x%Tkep%h%AyY7PFVYHZy^YU&!$1>a<2i?X^dlAGfx=nY$wlb9#>^&m|O1v)Vm
zB?=gtb4BVJWaySby0^E)6QL+Rfq>rZB^am=rRX75k|Fd+np|<4ewRQRAH0J8@|>*V
z)dBTsBu;q>J>yQHZBP2YP9Zy+O6Zh|xHL}7Trb+YCkA>OA*jEqvrUfNoC={2EU0IF
zr9G{Oj17mNZ<HU+TkSDcN6Cq6(4W3F4?Gq-Q-kPK67-Gf?cS?TJ!X+E;|28IL`KVO
I-q_v00HFlzzyJUM

literal 0
HcmV?d00001

-- 
2.39.2