]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhficlass.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use param_get32ex() and add c for clock parameter
[proxmark3-svn] / client / cmdhficlass.c
diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index db3de20577a718a78999eba5158a5c15d96b8387..05ca39e4e7e2f7c2963e0028925cced58d9f415d 100644 (file)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -33,8 +33,6 @@
 #include "usb_cmd.h"
 #include "cmdhfmfu.h"
 
 #include "usb_cmd.h"
 #include "cmdhfmfu.h"
 
-#define llX PRIx64
-
 static int CmdHelp(const char *Cmd);
 
 #define ICLASS_KEYS_MAX 8
 static int CmdHelp(const char *Cmd);
 
 #define ICLASS_KEYS_MAX 8
@@ -53,8 +51,7 @@ typedef struct iclass_block {
     uint8_t d[8];
 } iclass_block_t;
 
     uint8_t d[8];
 } iclass_block_t;
 
-int xorbits_8(uint8_t val)
-{
+int xorbits_8(uint8_t val) {
        uint8_t res = val ^ (val >> 1); //1st pass
        res = res ^ (res >> 1);                 // 2nd pass
        res = res ^ (res >> 2);                 // 3rd pass
        uint8_t res = val ^ (val >> 1); //1st pass
        res = res ^ (res >> 1);                 // 2nd pass
        res = res ^ (res >> 2);                 // 3rd pass
@@ -62,20 +59,18 @@ int xorbits_8(uint8_t val)
        return res & 1;
 }
 
        return res & 1;
 }
 
-int CmdHFiClassList(const char *Cmd)
-{
+int CmdHFiClassList(const char *Cmd) {
        PrintAndLog("Deprecated command, use 'hf list iclass' instead");
        return 0;
 }
 
        PrintAndLog("Deprecated command, use 'hf list iclass' instead");
        return 0;
 }
 
-int CmdHFiClassSnoop(const char *Cmd)
-{
+int CmdHFiClassSnoop(const char *Cmd) {
        UsbCommand c = {CMD_SNOOP_ICLASS};
        SendCommand(&c);
        return 0;
 }
        UsbCommand c = {CMD_SNOOP_ICLASS};
        SendCommand(&c);
        return 0;
 }
-int usage_hf_iclass_sim()
-{
+
+int usage_hf_iclass_sim(void) {
        PrintAndLog("Usage:  hf iclass sim <option> [CSN]");
        PrintAndLog("        options");
        PrintAndLog("                0 <CSN> simulate the given CSN");
        PrintAndLog("Usage:  hf iclass sim <option> [CSN]");
        PrintAndLog("        options");
        PrintAndLog("                0 <CSN> simulate the given CSN");
@@ -90,8 +85,7 @@ int usage_hf_iclass_sim()
 }
 
 #define NUM_CSNS 15
 }
 
 #define NUM_CSNS 15
-int CmdHFiClassSim(const char *Cmd)
-{
+int CmdHFiClassSim(const char *Cmd) {
        uint8_t simType = 0;
        uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
 
        uint8_t simType = 0;
        uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
 
@@ -184,13 +178,12 @@ int CmdHFiClassSim(const char *Cmd)
        return 0;
 }
 
        return 0;
 }
 
-int HFiClassReader(const char *Cmd, bool loop, bool verbose)
-{
+int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
        bool tagFound = false;
        bool tagFound = false;
-       UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
-                                       FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
+       UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
+                   FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA |
+                   FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY } };
        // loop in client not device - else on windows have a communication error
        // loop in client not device - else on windows have a communication error
-       c.arg[0] |= FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY;
        UsbCommand resp;
        while(!ukbhit()){
                SendCommand(&c);
        UsbCommand resp;
        while(!ukbhit()){
                SendCommand(&c);
@@ -198,21 +191,30 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose)
                        uint8_t readStatus = resp.arg[0] & 0xff;
                        uint8_t *data = resp.d.asBytes;
 
                        uint8_t readStatus = resp.arg[0] & 0xff;
                        uint8_t *data = resp.d.asBytes;
 
-                       if (verbose)
-                               PrintAndLog("Readstatus:%02x", readStatus);
-                       if( readStatus == 0){
-                               //Aborted
-                               if (verbose) PrintAndLog("Quitting...");
-                               return 0;
-                       }
-                       if( readStatus & FLAG_ICLASS_READER_CSN){
-                               PrintAndLog("CSN: %s",sprint_hex(data,8));
+                       // no tag found
+                       if( readStatus == 0) continue;
+
+                       if( readStatus & FLAG_ICLASS_READER_CSN) {
+                               PrintAndLog("   CSN: %s",sprint_hex(data,8));
                                tagFound = true;
                        }
                                tagFound = true;
                        }
-                       if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("CC: %s",sprint_hex(data+16,8));
-                       if( readStatus & FLAG_ICLASS_READER_CONF){
+                       if( readStatus & FLAG_ICLASS_READER_CC) { 
+                               PrintAndLog("    CC: %s",sprint_hex(data+16,8));
+                       }
+                       if( readStatus & FLAG_ICLASS_READER_CONF) {
                                printIclassDumpInfo(data);
                        }
                                printIclassDumpInfo(data);
                        }
+                       if (readStatus & FLAG_ICLASS_READER_AA) {
+                               bool legacy = true;
+                               PrintAndLog(" AppIA: %s",sprint_hex(data+8*5,8));
+                               for (int i = 0; i<8; i++) {
+                                       if (data[8*5+i] != 0xFF) {
+                                               legacy = false;
+                                       } 
+                               }
+                               PrintAndLog("      : Possible iClass %s",(legacy) ? "(legacy tag)" : "(NOT legacy tag)");
+                       }
+
                        if (tagFound && !loop) return 1;
                } else {
                        if (verbose) PrintAndLog("Command execute timeout");
                        if (tagFound && !loop) return 1;
                } else {
                        if (verbose) PrintAndLog("Command execute timeout");
@@ -222,13 +224,11 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose)
        return 0;
 }
 
        return 0;
 }
 
-int CmdHFiClassReader(const char *Cmd)
-{
+int CmdHFiClassReader(const char *Cmd) {
        return HFiClassReader(Cmd, true, true);
 }
 
        return HFiClassReader(Cmd, true, true);
 }
 
-int CmdHFiClassReader_Replay(const char *Cmd)
-{
+int CmdHFiClassReader_Replay(const char *Cmd) {
        uint8_t readerType = 0;
        uint8_t MAC[4]={0x00, 0x00, 0x00, 0x00};
 
        uint8_t readerType = 0;
        uint8_t MAC[4]={0x00, 0x00, 0x00, 0x00};
 
@@ -250,8 +250,14 @@ int CmdHFiClassReader_Replay(const char *Cmd)
        return 0;
 }
 
        return 0;
 }
 
-int hf_iclass_eload_usage()
-{
+int iclassEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
+       UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, 0}};
+       memcpy(c.d.asBytes, data, blocksCount * 16);
+       SendCommand(&c);
+       return 0;
+}
+
+int hf_iclass_eload_usage(void) {
        PrintAndLog("Loads iclass tag-dump into emulator memory on device");
        PrintAndLog("Usage:  hf iclass eload f <filename>");
        PrintAndLog("");
        PrintAndLog("Loads iclass tag-dump into emulator memory on device");
        PrintAndLog("Usage:  hf iclass eload f <filename>");
        PrintAndLog("");
@@ -259,14 +265,7 @@ int hf_iclass_eload_usage()
        return 0;
 }
 
        return 0;
 }
 
-int iclassEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
-       UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, 0}};
-       memcpy(c.d.asBytes, data, blocksCount * 16);
-       SendCommand(&c);
-       return 0;
-}
-int CmdHFiClassELoad(const char *Cmd)
-{
+int CmdHFiClassELoad(const char *Cmd) {
 
        char opt = param_getchar(Cmd, 0);
        if (strlen(Cmd)<1 || opt == 'h')
 
        char opt = param_getchar(Cmd, 0);
        if (strlen(Cmd)<1 || opt == 'h')
@@ -291,8 +290,13 @@ int CmdHFiClassELoad(const char *Cmd)
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
-       uint8_t *dump = malloc(fsize);
+       if (fsize < 0) {
+               PrintAndLog("Error, when getting filesize");
+               fclose(f);
+               return 1;
+       }
 
 
+       uint8_t *dump = malloc(fsize);
 
        size_t bytes_read = fread(dump, 1, fsize, f);
        fclose(f);
 
        size_t bytes_read = fread(dump, 1, fsize, f);
        fclose(f);
@@ -323,8 +327,7 @@ int CmdHFiClassELoad(const char *Cmd)
        return 0;
 }
 
        return 0;
 }
 
-int readKeyfile(const char *filename, size_t len, uint8_t* buffer)
-{
+static int readKeyfile(const char *filename, size_t len, uint8_t* buffer) {
        FILE *f = fopen(filename, "rb");
        if(!f) {
                PrintAndLog("Failed to read from file '%s'", filename);
        FILE *f = fopen(filename, "rb");
        if(!f) {
                PrintAndLog("Failed to read from file '%s'", filename);
@@ -348,9 +351,8 @@ int readKeyfile(const char *filename, size_t len, uint8_t* buffer)
        return 0;
 }
 
        return 0;
 }
 
-int usage_hf_iclass_decrypt()
-{
-       PrintAndLog("Usage: hf iclass decrypt f <tagdump> o ");
+int usage_hf_iclass_decrypt(void) {
+       PrintAndLog("Usage: hf iclass decrypt f <tagdump>");
        PrintAndLog("");
        PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
        PrintAndLog("in the working directory. The file should be 16 bytes binary data");
        PrintAndLog("");
        PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
        PrintAndLog("in the working directory. The file should be 16 bytes binary data");
@@ -363,8 +365,7 @@ int usage_hf_iclass_decrypt()
        return 1;
 }
 
        return 1;
 }
 
-int CmdHFiClassDecrypt(const char *Cmd)
-{
+int CmdHFiClassDecrypt(const char *Cmd) {
        uint8_t key[16] = { 0 };
        if(readKeyfile("iclass_decryptionkey.bin", 16, key))
        {
        uint8_t key[16] = { 0 };
        if(readKeyfile("iclass_decryptionkey.bin", 16, key))
        {
@@ -379,10 +380,13 @@ int CmdHFiClassDecrypt(const char *Cmd)
        //Open the tagdump-file
        FILE *f;
        char filename[FILE_PATH_SIZE];
        //Open the tagdump-file
        FILE *f;
        char filename[FILE_PATH_SIZE];
-       if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0)
-       {
+       if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0) {
                f = fopen(filename, "rb");
                f = fopen(filename, "rb");
-       }else{
+               if ( f == NULL ) {
+                       PrintAndLog("Could not find file %s", filename);
+                       return 1;
+               }
+       } else {
                return usage_hf_iclass_decrypt();
        }
 
                return usage_hf_iclass_decrypt();
        }
 
@@ -417,11 +421,11 @@ int CmdHFiClassDecrypt(const char *Cmd)
        fclose(f);
 
        saveFile(outfilename,"bin", decrypted, blocknum*8);
        fclose(f);
 
        saveFile(outfilename,"bin", decrypted, blocknum*8);
-
+       free(decrypted);
        return 0;
 }
 
        return 0;
 }
 
-int usage_hf_iclass_encrypt(){
+int usage_hf_iclass_encrypt(void) {
        PrintAndLog("Usage: hf iclass encrypt <BlockData>");
        PrintAndLog("");
        PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
        PrintAndLog("Usage: hf iclass encrypt <BlockData>");
        PrintAndLog("");
        PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
@@ -432,8 +436,7 @@ int usage_hf_iclass_encrypt(){
        return 0;
 }
 
        return 0;
 }
 
-int iClassEncryptBlkData(uint8_t *blkData)
-{
+static int iClassEncryptBlkData(uint8_t *blkData) {
        uint8_t key[16] = { 0 };
        if(readKeyfile("iclass_decryptionkey.bin", 16, key))
        {
        uint8_t key[16] = { 0 };
        if(readKeyfile("iclass_decryptionkey.bin", 16, key))
        {
@@ -442,20 +445,19 @@ int iClassEncryptBlkData(uint8_t *blkData)
        }
        PrintAndLog("Decryption file found... ");
 
        }
        PrintAndLog("Decryption file found... ");
 
-       uint8_t decryptedData[16];
-       uint8_t *decrypted = decryptedData;
+       uint8_t encryptedData[16];
+       uint8_t *encrypted = encryptedData;
        des3_context ctx = { DES_DECRYPT ,{ 0 } };
        des3_set2key_enc( &ctx, key);
        
        des3_context ctx = { DES_DECRYPT ,{ 0 } };
        des3_set2key_enc( &ctx, key);
        
-       des3_crypt_ecb(&ctx, blkData,decrypted);
+       des3_crypt_ecb(&ctx, blkData,encrypted);
        //printvar("decrypted block", decrypted, 8);
        //printvar("decrypted block", decrypted, 8);
-       memcpy(blkData,decrypted,8);
+       memcpy(blkData,encrypted,8);
 
        return 1;
 }
 
 
        return 1;
 }
 
-int CmdHFiClassEncryptBlk(const char *Cmd)
-{
+int CmdHFiClassEncryptBlk(const char *Cmd) {
        uint8_t blkData[8] = {0};
        char opt = param_getchar(Cmd, 0);
        if (strlen(Cmd)<1 || opt == 'h')
        uint8_t blkData[8] = {0};
        char opt = param_getchar(Cmd, 0);
        if (strlen(Cmd)<1 || opt == 'h')
@@ -473,7 +475,7 @@ int CmdHFiClassEncryptBlk(const char *Cmd)
        return 1;
 }
 
        return 1;
 }
 
-void Calc_wb_mac(uint8_t blockno,uint8_t *data,uint8_t *div_key,uint8_t MAC[4]){
+void Calc_wb_mac(uint8_t blockno, uint8_t *data, uint8_t *div_key, uint8_t MAC[4]) {
        uint8_t WB[9];
        WB[0] = blockno;
        memcpy(WB + 1,data,8);
        uint8_t WB[9];
        WB[0] = blockno;
        memcpy(WB + 1,data,8);
@@ -481,11 +483,11 @@ void Calc_wb_mac(uint8_t blockno,uint8_t *data,uint8_t *div_key,uint8_t MAC[4]){
        //printf("Cal wb mac block [%02x][%02x%02x%02x%02x%02x%02x%02x%02x] : MAC [%02x%02x%02x%02x]",WB[0],WB[1],WB[2],WB[3],WB[4],WB[5],WB[6],WB[7],WB[8],MAC[0],MAC[1],MAC[2],MAC[3]);
 }
 
        //printf("Cal wb mac block [%02x][%02x%02x%02x%02x%02x%02x%02x%02x] : MAC [%02x%02x%02x%02x]",WB[0],WB[1],WB[2],WB[3],WB[4],WB[5],WB[6],WB[7],WB[8],MAC[0],MAC[1],MAC[2],MAC[3]);
 }
 
-static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool verbose){
+static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool verbose) {
        UsbCommand resp;
 
        UsbCommand c = {CMD_READER_ICLASS, {0}};
        UsbCommand resp;
 
        UsbCommand c = {CMD_READER_ICLASS, {0}};
-       c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
+       c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_ONE_TRY;
        if (use_credit_key)
                c.arg[0] |= FLAG_ICLASS_READER_CEDITKEY;
 
        if (use_credit_key)
                c.arg[0] |= FLAG_ICLASS_READER_CEDITKEY;
 
@@ -502,7 +504,6 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
 
        memcpy(CSN,data,8);
        if (CCNR!=NULL)memcpy(CCNR,data+16,8);
 
        memcpy(CSN,data,8);
        if (CCNR!=NULL)memcpy(CCNR,data+16,8);
-       //PrintAndLog("isOk:%02x", isOK);
        if(isOK > 0)
        {
                if (verbose) PrintAndLog("CSN: %s",sprint_hex(CSN,8));
        if(isOK > 0)
        {
                if (verbose) PrintAndLog("CSN: %s",sprint_hex(CSN,8));
@@ -514,41 +515,21 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
        return true;    
 }
 
        return true;    
 }
 
-static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool verbose) {
+static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
        uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t keytable[128] = {0};
-       uint8_t *used_key;
-       uint8_t key_sel[8] = {0};
-       uint8_t key_sel_p[8] = { 0 };
 
        if (!select_only(CSN, CCNR, use_credit_key, verbose))
                return false;
 
 
        if (!select_only(CSN, CCNR, use_credit_key, verbose))
                return false;
 
-       if(elite) {
-               hash2(KEY, keytable);
-               //Get the key index (hash1)
-               uint8_t key_index[8] = {0};
-               hash1(CSN, key_index);
-               //printvar("hash1", key_index,8);
-               for(uint8_t i = 0; i < 8 ; i++)
-                       key_sel[i] = keytable[key_index[i]] & 0xFF;
-               //PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
-               //printvar("k_sel", key_sel,8);
-               //Permute from iclass format to standard format
-               permutekey_rev(key_sel, key_sel_p);
-               used_key = key_sel_p;
-       } else {
-               used_key = KEY;
-       }
-       //PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
-       //printvar("Used key",KEY,8);
-       diversifyKey(CSN, used_key, div_key);
-       //PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
-       //printvar("Div key", div_key, 8);
-       //printvar("CC_NR:",CCNR,8);
+       //get div_key
+       if(rawkey)
+               memcpy(div_key, KEY, 8);
+       else
+               HFiClassCalcDivKey(CSN, KEY, div_key, elite);
+       PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]);
+
        doMAC(CCNR, div_key, MAC);
        doMAC(CCNR, div_key, MAC);
-       //printvar("MAC", MAC, 4);
        UsbCommand resp;
        UsbCommand d = {CMD_ICLASS_AUTHENTICATION, {0}};
        memcpy(d.d.asBytes, MAC, 4);
        UsbCommand resp;
        UsbCommand d = {CMD_ICLASS_AUTHENTICATION, {0}};
        memcpy(d.d.asBytes, MAC, 4);
@@ -567,8 +548,8 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
        return true;
 }
 
        return true;
 }
 
-int usage_hf_iclass_dump(){
-       PrintAndLog("Usage:  hf iclass dump f <fileName> k <Key> c <CreditKey> e\n");
+int usage_hf_iclass_dump(void) {
+       PrintAndLog("Usage:  hf iclass dump f <fileName> k <Key> c <CreditKey> e|r\n");
        PrintAndLog("Options:");
        PrintAndLog("  f <filename> : specify a filename to save dump to");
        PrintAndLog("  k <Key>      : *Access Key as 16 hex symbols or 1 hex to select key from memory");
        PrintAndLog("Options:");
        PrintAndLog("  f <filename> : specify a filename to save dump to");
        PrintAndLog("  k <Key>      : *Access Key as 16 hex symbols or 1 hex to select key from memory");
@@ -576,6 +557,7 @@ int usage_hf_iclass_dump(){
        PrintAndLog("  e            : If 'e' is specified, the key is interpreted as the 16 byte");
        PrintAndLog("                 Custom Key (KCus), which can be obtained via reader-attack");
        PrintAndLog("                 See 'hf iclass sim 2'. This key should be on iclass-format");
        PrintAndLog("  e            : If 'e' is specified, the key is interpreted as the 16 byte");
        PrintAndLog("                 Custom Key (KCus), which can be obtained via reader-attack");
        PrintAndLog("                 See 'hf iclass sim 2'. This key should be on iclass-format");
+       PrintAndLog("  r            : If 'r' is specified, the key is interpreted as raw block 3/4");
        PrintAndLog("  NOTE: * = required");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass dump k 001122334455667B");
        PrintAndLog("  NOTE: * = required");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass dump k 001122334455667B");
@@ -584,14 +566,16 @@ int usage_hf_iclass_dump(){
        return 0;
 }
 
        return 0;
 }
 
-int CmdHFiClassReader_Dump(const char *Cmd){
+int CmdHFiClassReader_Dump(const char *Cmd) {
 
        uint8_t MAC[4] = {0x00,0x00,0x00,0x00};
        uint8_t div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t c_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t blockno = 0;
        uint8_t numblks = 0;
 
        uint8_t MAC[4] = {0x00,0x00,0x00,0x00};
        uint8_t div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t c_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t blockno = 0;
        uint8_t numblks = 0;
-       uint8_t maxBlk = 32;
+       uint8_t maxBlk = 31;
+       uint8_t app_areas = 1;
+       uint8_t kb = 2;
        uint8_t KEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t CreditKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
        uint8_t KEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t CreditKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
@@ -599,8 +583,11 @@ int CmdHFiClassReader_Dump(const char *Cmd){
        uint8_t fileNameLen = 0;
        char filename[FILE_PATH_SIZE]={0};
        char tempStr[50] = {0};
        uint8_t fileNameLen = 0;
        char filename[FILE_PATH_SIZE]={0};
        char tempStr[50] = {0};
+       bool have_debit_key = false;
        bool have_credit_key = false;
        bool have_credit_key = false;
+       bool use_credit_key = false;
        bool elite = false;
        bool elite = false;
+       bool rawkey = false;
        bool errors = false;
        uint8_t cmdp = 0;
 
        bool errors = false;
        uint8_t cmdp = 0;
 
@@ -619,7 +606,7 @@ int CmdHFiClassReader_Dump(const char *Cmd){
                                errors = param_gethex(tempStr, 0, CreditKEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
                                errors = param_gethex(tempStr, 0, CreditKEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
-                               if (keyNbr <= ICLASS_KEYS_MAX) {
+                               if (keyNbr < ICLASS_KEYS_MAX) {
                                        memcpy(CreditKEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
                                        memcpy(CreditKEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
@@ -647,12 +634,13 @@ int CmdHFiClassReader_Dump(const char *Cmd){
                        break;
                case 'k':
                case 'K':
                        break;
                case 'k':
                case 'K':
+                       have_debit_key = true;
                        dataLen = param_getstr(Cmd, cmdp+1, tempStr);
                        if (dataLen == 16) { 
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
                        dataLen = param_getstr(Cmd, cmdp+1, tempStr);
                        if (dataLen == 16) { 
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
-                               if (keyNbr <= ICLASS_KEYS_MAX) {
+                               if (keyNbr < ICLASS_KEYS_MAX) {
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
@@ -664,6 +652,11 @@ int CmdHFiClassReader_Dump(const char *Cmd){
                        }
                        cmdp += 2;
                        break;
                        }
                        cmdp += 2;
                        break;
+               case 'r':
+               case 'R':
+                       rawkey = true;
+                       cmdp++;
+                       break;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
@@ -673,104 +666,62 @@ int CmdHFiClassReader_Dump(const char *Cmd){
        }
 
        if (cmdp < 2) return usage_hf_iclass_dump();
        }
 
        if (cmdp < 2) return usage_hf_iclass_dump();
+       // if no debit key given try credit key on AA1 (not for iclass but for some picopass this will work)
+       if (!have_debit_key && have_credit_key) use_credit_key = true;
 
        //get config and first 3 blocks
        UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
                                        FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY}};
        UsbCommand resp;
        uint8_t tag_data[255*8];
 
        //get config and first 3 blocks
        UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
                                        FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY}};
        UsbCommand resp;
        uint8_t tag_data[255*8];
+
        clearCommandBuffer();
        SendCommand(&c);
        clearCommandBuffer();
        SendCommand(&c);
-       if (WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
-               uint8_t readStatus = resp.arg[0] & 0xff;
-               uint8_t *data = resp.d.asBytes;
-
-               if( readStatus == 0){
-                       //Aborted
-                       PrintAndLog("No tag found...");
-                       return 0;
-               }
-               if( readStatus & (FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_CC)){
-                       memcpy(tag_data, data, 8*3);
-                       /*for (; blockno < 3; blockno++) {
-                               PrintAndLog("     | %02X | %02X%02X%02X%02X%02X%02X%02X%02X |", blockno,
-                                       data[(blockno*8)+0],data[(blockno*8)+1],data[(blockno*8)+2],data[(blockno*8)+3],
-                                       data[(blockno*8)+4],data[(blockno*8)+5],data[(blockno*8)+6],data[(blockno*8)+7]);
-                       }*/
-                       blockno+=2;
-                       numblks = data[8];
-
-                       if (data[13] & 0x80) {
-                               // large memory - not able to dump pages currently
-                               maxBlk = 255;
-                       }       else {
-                               maxBlk = 32;
-                       }
-                       //PrintAndLog("maxBlk: %02X",maxBlk);
-               }
-       } else {
+       if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
                PrintAndLog("Command execute timeout");
                PrintAndLog("Command execute timeout");
+               ul_switch_off_field();
                return 0;
        }
                return 0;
        }
+       uint8_t readStatus = resp.arg[0] & 0xff;
+       uint8_t *data = resp.d.asBytes;
 
 
-       if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+       if(readStatus == 0){
+               PrintAndLog("No tag found...");
+               ul_switch_off_field();
+               return 0;
+       }
+       if( readStatus & (FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_CC)){
+               memcpy(tag_data, data, 8*3);
+               blockno+=2; // 2 to force re-read of block 2 later. (seems to respond differently..)
+               numblks = data[8];
+               getMemConfig(data[13], data[12], &maxBlk, &app_areas, &kb);
+               // large memory - not able to dump pages currently
+               if (numblks > maxBlk) numblks = maxBlk;
+       }
+       ul_switch_off_field();
+       // authenticate debit key and get div_key - later store in dump block 3
+       if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
                //try twice - for some reason it sometimes fails the first time...
                //try twice - for some reason it sometimes fails the first time...
-               if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
+               if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
                        ul_switch_off_field();
                        return 0;
                }
        }
                        ul_switch_off_field();
                        return 0;
                }
        }
-       //print debit div_key
-       //PrintAndLog("     | 03 | %02X%02X%02X%02X%02X%02X%02X%02X |",
-       //      div_key[0],div_key[1],div_key[2],div_key[3],
-       //      div_key[4],div_key[5],div_key[6],div_key[7]);
        
        
-       if (have_credit_key){
-               //turn off hf field
-               //PrintAndLog("attempt 1 to auth with credit key");
-               ul_switch_off_field();
-               memset(c_div_key,0,8);
-               memset(MAC,0,4);
-               if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
-                       //try twice - for some reason it sometimes fails the first time...
-                       memset(c_div_key,0,8);
-                       memset(MAC,0,4);
-                       if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
-                               ul_switch_off_field();
-                               return 0;
-                       }
-               }
-               //print credit div_key
-               //PrintAndLog("     | 04 | %02X%02X%02X%02X%02X%02X%02X%02X |",
-               //      div_key[0],div_key[1],div_key[2],div_key[3],
-               //      div_key[4],div_key[5],div_key[6],div_key[7]);
-       
-               //turn off hf field
-               //PrintAndLog("attempt 2 to auth with debit key");
-               ul_switch_off_field();
-               memset(div_key,0,8);
-               memset(MAC,0,4);
-               if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
-                       //try twice - for some reason it sometimes fails the first time...
-                       if (!select_and_auth(KEY, MAC, div_key, false, elite, false)){
-                               ul_switch_off_field();
-                               return 0;
-                       }
-               }
-       }
-       //PrintAndLog("have %d blocks",blockno);
-
-       UsbCommand w = {CMD_ICLASS_DUMP, {blockno, numblks-blockno+1, 0x88}};
+       // begin dump
+       UsbCommand w = {CMD_ICLASS_DUMP, {blockno, numblks-blockno+1}};
        clearCommandBuffer();
        SendCommand(&w);
        if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
                PrintAndLog("Command execute time-out 1");
        clearCommandBuffer();
        SendCommand(&w);
        if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
                PrintAndLog("Command execute time-out 1");
+               ul_switch_off_field();
                return 1;
        }
        uint32_t blocksRead = resp.arg[1];
        uint8_t isOK = resp.arg[0] & 0xff;
        if (!isOK && !blocksRead) {
                PrintAndLog("Read Block Failed");
                return 1;
        }
        uint32_t blocksRead = resp.arg[1];
        uint8_t isOK = resp.arg[0] & 0xff;
        if (!isOK && !blocksRead) {
                PrintAndLog("Read Block Failed");
+               ul_switch_off_field();
                return 0;
        }
        uint32_t startindex = resp.arg[2];
                return 0;
        }
        uint32_t startindex = resp.arg[2];
@@ -778,239 +729,91 @@ int CmdHFiClassReader_Dump(const char *Cmd){
                PrintAndLog("Data exceeded Buffer size!");
                blocksRead = (sizeof(tag_data)/8) - blockno;
        }
                PrintAndLog("Data exceeded Buffer size!");
                blocksRead = (sizeof(tag_data)/8) - blockno;
        }
-       //PrintAndLog("blocksread: %d, blockno: %d, startindex: %x",blocksRead,blockno,startindex);
+       // response ok - now get bigbuf content of the dump
        GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
        WaitForResponse(CMD_ACK,NULL);
        GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
        WaitForResponse(CMD_ACK,NULL);
-       uint32_t gotBytes = blocksRead*8 + blockno*8;
+       size_t gotBytes = blocksRead*8 + blockno*8;
 
 
-       //PrintAndLog("have %d blocks",gotBytes/8);
-       
-       if (have_credit_key && maxBlk > blockno+numblks+1) {
-               //turn off hf field
+       // try AA2
+       if (have_credit_key) {
+               //turn off hf field before authenticating with different key
                ul_switch_off_field();
                ul_switch_off_field();
-               //PrintAndLog("attempt 2 to auth with credit key");
-               memset(c_div_key,0,8);
                memset(MAC,0,4);
                memset(MAC,0,4);
-               if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+               // AA2 authenticate credit key and git c_div_key - later store in dump block 4
+               if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
                        //try twice - for some reason it sometimes fails the first time...
                        //try twice - for some reason it sometimes fails the first time...
-                       if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+                       if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
                                ul_switch_off_field();
                                return 0;
                        }
                }
                                ul_switch_off_field();
                                return 0;
                        }
                }
-               w.arg[0] = blockno + blocksRead;
-               w.arg[1] = maxBlk - (blockno + blocksRead);
-               w.arg[2] = 0x18;
-               clearCommandBuffer();
-               SendCommand(&w);
-               if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
-                       PrintAndLog("Command execute timeout 2");
-                       return 0;
-               }
-               uint8_t isOK = resp.arg[0] & 0xff;
-               blocksRead = resp.arg[1];
-               if (!isOK && !blocksRead) {
-                       PrintAndLog("Read Block Failed 2");
-                       return 0;
-               }               
+               // do we still need to read more block?  (aa2 enabled?)
+               if (maxBlk > blockno+numblks+1) {
+                       // setup dump and start
+                       w.arg[0] = blockno + blocksRead;
+                       w.arg[1] = maxBlk - (blockno + blocksRead);
+                       clearCommandBuffer();
+                       SendCommand(&w);
+                       if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+                               PrintAndLog("Command execute timeout 2");
+                               ul_switch_off_field();
+                               return 0;
+                       }
+                       uint8_t isOK = resp.arg[0] & 0xff;
+                       blocksRead = resp.arg[1];
+                       if (!isOK && !blocksRead) {
+                               PrintAndLog("Read Block Failed 2");
+                               ul_switch_off_field();
+                               return 0;
+                       }               
 
 
-               startindex = resp.arg[2];
-               if (blocksRead*8 > sizeof(tag_data)-gotBytes) {
-                       PrintAndLog("Data exceeded Buffer size!");
-                       blocksRead = (sizeof(tag_data) - gotBytes)/8;
-               }
-               GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
-               WaitForResponse(CMD_ACK,NULL);
+                       startindex = resp.arg[2];
+                       if (blocksRead*8 > sizeof(tag_data)-gotBytes) {
+                               PrintAndLog("Data exceeded Buffer size!");
+                               blocksRead = (sizeof(tag_data) - gotBytes)/8;
+                       }
+                       // get dumped data from bigbuf
+                       GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
+                       WaitForResponse(CMD_ACK,NULL);
 
 
-               gotBytes += blocksRead*8;
-               //PrintAndLog("have %d blocks",gotBytes/8);
+                       gotBytes += blocksRead*8;                       
+               } else { //field is still on - turn it off...
+                       ul_switch_off_field();
+               }
        }
 
        }
 
-       memcpy(tag_data+(3*8),div_key,8);
-       memcpy(tag_data+(4*8),c_div_key,8);
-
-       for (blockno = 0; blockno < gotBytes/8; blockno++){
-               PrintAndLog("     | %02X | %02X%02X%02X%02X%02X%02X%02X%02X |", blockno,
-                       tag_data[(blockno*8)+0],tag_data[(blockno*8)+1],tag_data[(blockno*8)+2],tag_data[(blockno*8)+3],
-                       tag_data[(blockno*8)+4],tag_data[(blockno*8)+5],tag_data[(blockno*8)+6],tag_data[(blockno*8)+7]);
-       }
+       // add diversified keys to dump
+       if (have_debit_key) memcpy(tag_data+(3*8),div_key,8);
+       if (have_credit_key) memcpy(tag_data+(4*8),c_div_key,8);
+       // print the dump
+       printf("------+--+-------------------------+\n");
+       printf("CSN   |00| %s|\n",sprint_hex(tag_data, 8));
+       printIclassDumpContents(tag_data, 1, (gotBytes/8), gotBytes);
+       
        if (filename[0] == 0){
                snprintf(filename, FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
                    tag_data[0],tag_data[1],tag_data[2],tag_data[3],
                    tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
        }
        if (filename[0] == 0){
                snprintf(filename, FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
                    tag_data[0],tag_data[1],tag_data[2],tag_data[3],
                    tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
        }
-       saveFile(filename,"bin",tag_data, gotBytes );
+
+       // save the dump to .bin file
        PrintAndLog("Saving dump file - %d blocks read", gotBytes/8);
        PrintAndLog("Saving dump file - %d blocks read", gotBytes/8);
+       saveFile(filename, "bin", tag_data, gotBytes);
        return 1;
 }
 
        return 1;
 }
 
-/*
-int CmdHFiClassReader_Dump(const char *Cmd)
-{
-       uint8_t readerType = 0;
+static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
-       uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t keytable[128] = {0};
-       bool elite = false;
-       bool use_credit_key = false;
-       uint8_t *used_key;
-       int i;
-       if (strlen(Cmd) < 1)
-       {
-               return usage_hf_iclass_dump();
-       }
-
-       if (param_gethex(Cmd, 0, KEY, 16))
-       {
-               PrintAndLog("KEY must include 16 HEX symbols");
-               return 1;
-       }
-
-       if (param_getchar(Cmd, 1) == 'e')
-       {
-               PrintAndLog("Elite switch on");
-               elite = true;
-
-               //calc h2
-               hash2(KEY, keytable);
-               printarr_human_readable("keytable", keytable, 128);
-
-               if (param_getchar(Cmd, 2) == 'c')
-                       use_credit_key = true;
-       } else if (param_getchar(Cmd, 1) == 'c'){
-               use_credit_key = true;          
-       }
-
-       UsbCommand resp;
-       uint8_t key_sel[8] = {0};
-       uint8_t key_sel_p[8] = { 0 };
-
-       UsbCommand c = {CMD_READER_ICLASS, {0}};
-       c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
-       if (use_credit_key)
-               c.arg[0] |= FLAG_ICLASS_READER_CEDITKEY;
-       clearCommandBuffer();
-       SendCommand(&c);
-
-       if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
-       {
-               PrintAndLog("Command execute timeout");
-               return 0;
-       }
-
-       uint8_t isOK    = resp.arg[0] & 0xff;
-       uint8_t * data  = resp.d.asBytes;
-
-       memcpy(CSN,data,8);
-       memcpy(CCNR,data+16,8);
-
-       PrintAndLog("isOk:%02x", isOK);
-
-       if(isOK > 0)
-       {
-               PrintAndLog("CSN: %s",sprint_hex(CSN,8));
-       }
-       if(isOK <= 1){
-               PrintAndLog("Failed to obtain CC! Aborting");
-               return 0;
-       }
-       //Status 2 or higher
-
-       if(elite)
-       {
-               //Get the key index (hash1)
-               uint8_t key_index[8] = {0};
-
-               hash1(CSN, key_index);
-               printvar("hash1", key_index,8);
-               for(i = 0; i < 8 ; i++)
-                       key_sel[i] = keytable[key_index[i]] & 0xFF;
-               PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
-               printvar("k_sel", key_sel,8);
-               //Permute from iclass format to standard format
-               permutekey_rev(key_sel,key_sel_p);
-               used_key = key_sel_p;
-       }else{
-               used_key = KEY;
-       }
-
-       PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
-       printvar("Used key",used_key,8);
-       diversifyKey(CSN,used_key, div_key);
-       PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
-       printvar("Div key", div_key, 8);
-       printvar("CC_NR:",CCNR,12);
-       doMAC(CCNR,div_key, MAC);
-       printvar("MAC", MAC, 4);
-
-       uint8_t iclass_data[32000] = {0};
-       uint32_t iclass_datalen = 0;
-       uint32_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
-
-       UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
-       memcpy(d.d.asBytes, MAC, 4);
-       clearCommandBuffer();
-       SendCommand(&d);
-       PrintAndLog("Waiting for device to dump data. Press button on device and key on keyboard to abort...");
-       while (true) {
-               printf(".");
-               if (ukbhit()) {
-                       getchar();
-                       printf("\naborted via keyboard!\n");
-                       break;
-               }
-               if(WaitForResponseTimeout(CMD_ACK,&resp,4500))
-               {
-                       uint32_t dataLength = resp.arg[0];
-                       iclass_blocksFailed |= resp.arg[1];
-                       if(dataLength > 0)
-                       {
-                               PrintAndLog("Got %d bytes data (total so far %d)" ,dataLength,iclass_datalen);
-                               memcpy(iclass_data+iclass_datalen, resp.d.asBytes,dataLength);
-                               iclass_datalen += dataLength;
-                       }else
-                       {//Last transfer, datalength 0 means the dump is finished
-                               PrintAndLog("Dumped %d bytes of data from tag. ", iclass_datalen);
-                               if(iclass_blocksFailed)
-                               {
-                                       PrintAndLog("OBS! Some blocks failed to be dumped correctly!");
-                               }
-                               if(iclass_datalen > 0)
-                               {
-                                       char filename[100] = {0};
-                                       //create a preferred filename
-                                       snprintf(filename, 100,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
-                                                        CSN[0],CSN[1],CSN[2],CSN[3],
-                                                       CSN[4],CSN[5],CSN[6],CSN[7]);
-                                       //Place the div_key in block 3
-                                       memcpy(iclass_data+(3*8), div_key, 8);
-                                       saveFile(filename,"bin",iclass_data, iclass_datalen );
-                               }
-                               //Aaaand we're finished
-                               return 0;
-                       }
-               }
-       }
-       return 0;
-}
-*/
-
-int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool verbose){
-       uint8_t MAC[4]={0x00,0x00,0x00,0x00};
-       uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t keyType = (use_credit_key) ? 0x18 : 0x88;
-       if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, verbose))
+       if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose))
                return 0;
 
        UsbCommand resp;
 
        Calc_wb_mac(blockno,bldata,div_key,MAC);
                return 0;
 
        UsbCommand resp;
 
        Calc_wb_mac(blockno,bldata,div_key,MAC);
-       UsbCommand w = {CMD_ICLASS_WRITEBLOCK, {blockno, keyType}};
+       UsbCommand w = {CMD_ICLASS_WRITEBLOCK, {blockno}};
        memcpy(w.d.asBytes, bldata, 8);
        memcpy(w.d.asBytes, bldata, 8);
-       memcpy(w.d.asBytes + 8,MAC, 4);
+       memcpy(w.d.asBytes + 8, MAC, 4);
        
        clearCommandBuffer();
        SendCommand(&w);
        
        clearCommandBuffer();
        SendCommand(&w);
@@ -1025,17 +828,17 @@ int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_k
                return 0;
        }
        PrintAndLog("Write Block Successful");
                return 0;
        }
        PrintAndLog("Write Block Successful");
-
        return 1;
 }
 
        return 1;
 }
 
-int usage_hf_iclass_writeblock() {
+int usage_hf_iclass_writeblock(void) {
        PrintAndLog("Options:");
   PrintAndLog("  b <Block> : The block number as 2 hex symbols");
   PrintAndLog("  d <data>  : Set the Data to write as 16 hex symbols");
        PrintAndLog("  k <Key>   : Access Key as 16 hex symbols or 1 hex to select key from memory");
   PrintAndLog("  c         : If 'c' is specified, the key set is assumed to be the credit key\n");
   PrintAndLog("  e         : If 'e' is specified, elite computations applied to key");
        PrintAndLog("Options:");
   PrintAndLog("  b <Block> : The block number as 2 hex symbols");
   PrintAndLog("  d <data>  : Set the Data to write as 16 hex symbols");
        PrintAndLog("  k <Key>   : Access Key as 16 hex symbols or 1 hex to select key from memory");
   PrintAndLog("  c         : If 'c' is specified, the key set is assumed to be the credit key\n");
   PrintAndLog("  e         : If 'e' is specified, elite computations applied to key");
+  PrintAndLog("  r         : If 'r' is specified, no computations applied to key");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B");
        PrintAndLog("  hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B");
        PrintAndLog("  hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c");
@@ -1045,13 +848,14 @@ int usage_hf_iclass_writeblock() {
 
 int CmdHFiClass_WriteBlock(const char *Cmd) {
        uint8_t blockno=0;
 
 int CmdHFiClass_WriteBlock(const char *Cmd) {
        uint8_t blockno=0;
-       uint8_t bldata[8]={0};
+       uint8_t bldata[8]={0,0,0,0,0,0,0,0};
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
        uint8_t dataLen = 0;
        char tempStr[50] = {0};
        bool use_credit_key = false;
        bool elite = false;
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
        uint8_t dataLen = 0;
        char tempStr[50] = {0};
        bool use_credit_key = false;
        bool elite = false;
+       bool rawkey= false;
        bool errors = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
        bool errors = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
@@ -1095,7 +899,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
-                               if (keyNbr <= ICLASS_KEYS_MAX) {
+                               if (keyNbr < ICLASS_KEYS_MAX) {
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
@@ -1107,6 +911,11 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
                        }
                        cmdp += 2;
                        break;
                        }
                        cmdp += 2;
                        break;
+               case 'r':
+               case 'R':
+                       rawkey = true;
+                       cmdp++;
+                       break;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
@@ -1116,12 +925,13 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
        }
 
        if (cmdp < 6) return usage_hf_iclass_writeblock();
        }
 
        if (cmdp < 6) return usage_hf_iclass_writeblock();
-
-       return WriteBlock(blockno, bldata, KEY, use_credit_key, elite, true);
+       int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, true);
+       ul_switch_off_field();
+       return ans;
 }
 
 }
 
-int usage_hf_iclass_clone() {
-       PrintAndLog("Usage:  hf iclass clone f <tagfile.bin> b <first block> l <last block> k <KEY> e c");
+int usage_hf_iclass_clone(void) {
+       PrintAndLog("Usage:  hf iclass clone f <tagfile.bin> b <first block> l <last block> k <KEY> c e|r");
        PrintAndLog("Options:");
        PrintAndLog("  f <filename>: specify a filename to clone from");
        PrintAndLog("  b <Block>   : The first block to clone as 2 hex symbols");
        PrintAndLog("Options:");
        PrintAndLog("  f <filename>: specify a filename to clone from");
        PrintAndLog("  b <Block>   : The first block to clone as 2 hex symbols");
@@ -1129,6 +939,7 @@ int usage_hf_iclass_clone() {
        PrintAndLog("  k <Key>     : Access Key as 16 hex symbols or 1 hex to select key from memory");
        PrintAndLog("  c           : If 'c' is specified, the key set is assumed to be the credit key\n");
        PrintAndLog("  e           : If 'e' is specified, elite computations applied to key");
        PrintAndLog("  k <Key>     : Access Key as 16 hex symbols or 1 hex to select key from memory");
        PrintAndLog("  c           : If 'c' is specified, the key set is assumed to be the credit key\n");
        PrintAndLog("  e           : If 'e' is specified, elite computations applied to key");
+       PrintAndLog("  r           : If 'r' is specified, no computations applied to key");
        PrintAndLog("Samples:");
        PrintAndLog("  hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e");
        PrintAndLog("  hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0");
        PrintAndLog("Samples:");
        PrintAndLog("  hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e");
        PrintAndLog("  hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0");
@@ -1137,7 +948,7 @@ int usage_hf_iclass_clone() {
 }
 
 int CmdHFiClassCloneTag(const char *Cmd) {
 }
 
 int CmdHFiClassCloneTag(const char *Cmd) {
-       char filename[FILE_PATH_SIZE];
+       char filename[FILE_PATH_SIZE] = {0};
        char tempStr[50]={0};
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
        char tempStr[50]={0};
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t keyNbr = 0;
@@ -1147,6 +958,7 @@ int CmdHFiClassCloneTag(const char *Cmd) {
        uint8_t dataLen = 0;
        bool use_credit_key = false;
        bool elite = false;
        uint8_t dataLen = 0;
        bool use_credit_key = false;
        bool elite = false;
+       bool rawkey = false;
        bool errors = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
        bool errors = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
@@ -1190,7 +1002,7 @@ int CmdHFiClassCloneTag(const char *Cmd) {
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
-                               if (keyNbr <= ICLASS_KEYS_MAX) {
+                               if (keyNbr < ICLASS_KEYS_MAX) {
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
@@ -1210,6 +1022,11 @@ int CmdHFiClassCloneTag(const char *Cmd) {
                        }
                        cmdp += 2;
                        break;
                        }
                        cmdp += 2;
                        break;
+               case 'r':
+               case 'R':
+                       rawkey = true;
+                       cmdp++;
+                       break;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
@@ -1236,6 +1053,7 @@ int CmdHFiClassCloneTag(const char *Cmd) {
 
        if (startblock<5) {
                PrintAndLog("You cannot write key blocks this way. yet... make your start block > 4");
 
        if (startblock<5) {
                PrintAndLog("You cannot write key blocks this way. yet... make your start block > 4");
+               fclose(f);
                return 0;
        }
        // now read data from the file from block 6 --- 19
                return 0;
        }
        // now read data from the file from block 6 --- 19
@@ -1244,19 +1062,19 @@ int CmdHFiClassCloneTag(const char *Cmd) {
        // else we have to create a share memory
        int i;
        fseek(f,startblock*8,SEEK_SET);
        // else we have to create a share memory
        int i;
        fseek(f,startblock*8,SEEK_SET);
-       fread(tag_data,sizeof(iclass_block_t),endblock - startblock + 1,f);
-       /*
-       for (i = 0; i < endblock - startblock+1; i++){
-               printf("block [%02x] [%02x%02x%02x%02x%02x%02x%02x%02x]\n",i + startblock,tag_data[i].d[0],tag_data[i].d[1],tag_data[i].d[2],tag_data[i].d[3],tag_data[i].d[4],tag_data[i].d[5],tag_data[i].d[6],tag_data[i].d[7]);
-       }*/
+       if ( fread(tag_data,sizeof(iclass_block_t),endblock - startblock + 1,f) == 0 ) {
+               PrintAndLog("File reading error.");
+               fclose(f);
+               return 2;
+       }
 
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
 
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-       if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, true))
+       if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, true))
                return 0;
 
                return 0;
 
-       UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock,((use_credit_key) ? 0x18 : 0x88)}};
+       UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock}};
        uint8_t *ptr;
        // calculate all mac for every the block we will write
        for (i = startblock; i <= endblock; i++){
        uint8_t *ptr;
        // calculate all mac for every the block we will write
        for (i = startblock; i <= endblock; i++){
@@ -1272,9 +1090,9 @@ int CmdHFiClassCloneTag(const char *Cmd) {
        uint8_t p[12];
        for (i = 0; i <= endblock - startblock;i++){
            memcpy(p,w.d.asBytes + (i * 12),12);
        uint8_t p[12];
        for (i = 0; i <= endblock - startblock;i++){
            memcpy(p,w.d.asBytes + (i * 12),12);
-           printf("block [%02x]",i + startblock);
-           printf(" [%02x%02x%02x%02x%02x%02x%02x%02x]",p[0],p[1],p[2],p[3],p[4],p[5],p[6],p[7]);
-           printf(" MAC [%02x%02x%02x%02x]\n",p[8],p[9],p[10],p[11]);
+           printf("Block |%02x|",i + startblock);
+           printf(" %02x%02x%02x%02x%02x%02x%02x%02x |",p[0],p[1],p[2],p[3],p[4],p[5],p[6],p[7]);
+           printf(" MAC |%02x%02x%02x%02x|\n",p[8],p[9],p[10],p[11]);
        }
        UsbCommand resp;
        SendCommand(&w);
        }
        UsbCommand resp;
        SendCommand(&w);
@@ -1286,15 +1104,22 @@ int CmdHFiClassCloneTag(const char *Cmd) {
        return 1;
 }
 
        return 1;
 }
 
-int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool verbose){
+static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose, bool auth) {
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-       if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, verbose))
-               return 0;
+       if (auth) {
+               if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
+                       return 0;
+       } else {
+               uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+               uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+               if (!select_only(CSN, CCNR, (keyType==0x18), verbose))
+                       return 0;
+       }
 
        UsbCommand resp;
 
        UsbCommand resp;
-       UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno, keyType}};
+       UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno}};
        clearCommandBuffer();
        SendCommand(&w);
        if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
        clearCommandBuffer();
        SendCommand(&w);
        if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
@@ -1312,13 +1137,14 @@ int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool v
        return 1;
 }
 
        return 1;
 }
 
-int usage_hf_iclass_readblock(){
-       PrintAndLog("Usage:  hf iclass readblk b <Block> k <Key> c e\n");
+int usage_hf_iclass_readblock(void) {
+       PrintAndLog("Usage:  hf iclass readblk b <Block> k <Key> c e|r\n");
        PrintAndLog("Options:");
   PrintAndLog("  b <Block> : The block number as 2 hex symbols");
        PrintAndLog("  k <Key>   : Access Key as 16 hex symbols or 1 hex to select key from memory");
   PrintAndLog("  c         : If 'c' is specified, the key set is assumed to be the credit key\n");
   PrintAndLog("  e         : If 'e' is specified, elite computations applied to key");
        PrintAndLog("Options:");
   PrintAndLog("  b <Block> : The block number as 2 hex symbols");
        PrintAndLog("  k <Key>   : Access Key as 16 hex symbols or 1 hex to select key from memory");
   PrintAndLog("  c         : If 'c' is specified, the key set is assumed to be the credit key\n");
   PrintAndLog("  e         : If 'e' is specified, elite computations applied to key");
+  PrintAndLog("  r         : If 'r' is specified, no computations applied to key");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass readblk b 06 k 0011223344556677");
        PrintAndLog("  hf iclass readblk b 1B k 0011223344556677 c");
   PrintAndLog("Samples:");
        PrintAndLog("  hf iclass readblk b 06 k 0011223344556677");
        PrintAndLog("  hf iclass readblk b 1B k 0011223344556677 c");
@@ -1326,8 +1152,7 @@ int usage_hf_iclass_readblock(){
        return 0;
 }
 
        return 0;
 }
 
-int CmdHFiClass_ReadBlock(const char *Cmd)
-{
+int CmdHFiClass_ReadBlock(const char *Cmd) {
        uint8_t blockno=0;
        uint8_t keyType = 0x88; //debit key
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
        uint8_t blockno=0;
        uint8_t keyType = 0x88; //debit key
        uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
@@ -1335,7 +1160,9 @@ int CmdHFiClass_ReadBlock(const char *Cmd)
        uint8_t dataLen = 0;
        char tempStr[50] = {0};
        bool elite = false;
        uint8_t dataLen = 0;
        char tempStr[50] = {0};
        bool elite = false;
+       bool rawkey = false;
        bool errors = false;
        bool errors = false;
+       bool auth = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
@@ -1364,12 +1191,13 @@ int CmdHFiClass_ReadBlock(const char *Cmd)
                        break;
                case 'k':
                case 'K':
                        break;
                case 'k':
                case 'K':
+                       auth = true;
                        dataLen = param_getstr(Cmd, cmdp+1, tempStr);
                        if (dataLen == 16) { 
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
                        dataLen = param_getstr(Cmd, cmdp+1, tempStr);
                        if (dataLen == 16) { 
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
                        } else if (dataLen == 1) {
                                keyNbr = param_get8(Cmd, cmdp+1);
-                               if (keyNbr <= ICLASS_KEYS_MAX) {
+                               if (keyNbr < ICLASS_KEYS_MAX) {
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
                                        memcpy(KEY, iClass_Key_Table[keyNbr], 8);
                                } else {
                                        PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
@@ -1381,6 +1209,11 @@ int CmdHFiClass_ReadBlock(const char *Cmd)
                        }
                        cmdp += 2;
                        break;
                        }
                        cmdp += 2;
                        break;
+               case 'r':
+               case 'R':
+                       rawkey = true;
+                       cmdp++;
+                       break;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
                default:
                        PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
                        errors = true;
@@ -1389,13 +1222,13 @@ int CmdHFiClass_ReadBlock(const char *Cmd)
                if(errors) return usage_hf_iclass_readblock();
        }
 
                if(errors) return usage_hf_iclass_readblock();
        }
 
-       if (cmdp < 4) return usage_hf_iclass_readblock();
-       
-       return ReadBlock(KEY, blockno, keyType, elite, true);
+       if (cmdp < 2) return usage_hf_iclass_readblock();
+       if (!auth)
+               PrintAndLog("warning: no authentication used with read, only a few specific blocks can be read accurately without authentication.");
+       return ReadBlock(KEY, blockno, keyType, elite, rawkey, true, auth);
 }
 
 }
 
-int CmdHFiClass_loclass(const char *Cmd)
-{
+int CmdHFiClass_loclass(const char *Cmd) {
        char opt = param_getchar(Cmd, 0);
 
        if (strlen(Cmd)<1 || opt == 'h') {
        char opt = param_getchar(Cmd, 0);
 
        if (strlen(Cmd)<1 || opt == 'h') {
@@ -1406,7 +1239,7 @@ int CmdHFiClass_loclass(const char *Cmd)
                PrintAndLog("f <filename>  Bruteforce iclass dumpfile");
                PrintAndLog("                   An iclass dumpfile is assumed to consist of an arbitrary number of");
                PrintAndLog("                   malicious CSNs, and their protocol responses");
                PrintAndLog("f <filename>  Bruteforce iclass dumpfile");
                PrintAndLog("                   An iclass dumpfile is assumed to consist of an arbitrary number of");
                PrintAndLog("                   malicious CSNs, and their protocol responses");
-               PrintAndLog("                   The the binary format of the file is expected to be as follows: ");
+               PrintAndLog("                   The binary format of the file is expected to be as follows: ");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
                PrintAndLog("                   <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
@@ -1440,49 +1273,42 @@ int CmdHFiClass_loclass(const char *Cmd)
        return 0;
 }
 
        return 0;
 }
 
-int usage_hf_iclass_readtagfile(){
-       PrintAndLog("Usage: hf iclass readtagfile <filename>");
-       return 1;
-}
-
-void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize){
-       uint8_t blockdata[8];
+void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize) {
        uint8_t mem_config;
        memcpy(&mem_config, iclass_dump + 13,1);
        uint8_t maxmemcount;
        uint8_t filemaxblock = filesize / 8;
        uint8_t mem_config;
        memcpy(&mem_config, iclass_dump + 13,1);
        uint8_t maxmemcount;
        uint8_t filemaxblock = filesize / 8;
-       if (mem_config == 0x80)
+       if (mem_config & 0x80)
                maxmemcount = 255;
        else
                maxmemcount = 255;
        else
-               maxmemcount = 32;
+               maxmemcount = 31;
+       //PrintAndLog   ("endblock: %d, filesize: %d, maxmemcount: %d, filemaxblock: %d", endblock,filesize, maxmemcount, filemaxblock);
 
        if (startblock == 0)
                startblock = 6;
        if ((endblock > maxmemcount) || (endblock == 0))
                endblock = maxmemcount;
 
        if (startblock == 0)
                startblock = 6;
        if ((endblock > maxmemcount) || (endblock == 0))
                endblock = maxmemcount;
-       if (endblock > filemaxblock)
+
+       // remember endblock need to relate to zero-index arrays.
+       if (endblock > filemaxblock-1)
                endblock = filemaxblock;
                endblock = filemaxblock;
+       
        int i = startblock;
        int i = startblock;
-       int j;
-       while (i < endblock){
-               printf("block[%02X]: ",i);
-               memcpy(blockdata,iclass_dump + (i * 8),8);
-               for (j = 0;j < 8;j++)
-                       printf("%02X ",blockdata[j]);
-               printf("\n");
+       printf("------+--+-------------------------+\n");
+       while (i <= endblock) {
+               uint8_t *blk = iclass_dump + (i * 8);
+               printf("Block |%02X| %s|\n", i, sprint_hex(blk, 8) );   
                i++;
        }
                i++;
        }
-       if ((i < filemaxblock) && (i < maxmemcount)){
-               printf("block[%02X]: ",i);
-               memcpy(blockdata,iclass_dump + (i * 8),8);
-               for (j = 0;j < 8;j++)
-                       printf("%02X",blockdata[j]);
-               printf("\n");
-       }
+       printf("------+--+-------------------------+\n");
 }
 
 }
 
-int CmdHFiClassReadTagFile(const char *Cmd)
-{
+int usage_hf_iclass_readtagfile() {
+       PrintAndLog("Usage: hf iclass readtagfile <filename> [startblock] [endblock]");
+       return 1;
+}
+
+int CmdHFiClassReadTagFile(const char *Cmd) {
        int startblock = 0;
        int endblock = 0;
        char tempnum[5];
        int startblock = 0;
        int endblock = 0;
        char tempnum[5];
@@ -1509,96 +1335,195 @@ int CmdHFiClassReadTagFile(const char *Cmd)
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
-       uint8_t *dump = malloc(fsize);
+       if ( fsize < 0 ) {
+               PrintAndLog("Error, when getting filesize");
+               fclose(f);
+               return 1;
+       }
 
 
+       uint8_t *dump = malloc(fsize);
 
        size_t bytes_read = fread(dump, 1, fsize, f);
        fclose(f);
        uint8_t *csn = dump;
 
        size_t bytes_read = fread(dump, 1, fsize, f);
        fclose(f);
        uint8_t *csn = dump;
-       printf("CSN :     %02X %02X %02X %02X %02X %02X %02X %02X\n",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
+       printf("------+--+-------------------------+\n");
+       printf("CSN   |00| %s|\n", sprint_hex(csn, 8) );
        //    printIclassDumpInfo(dump);
        printIclassDumpContents(dump,startblock,endblock,bytes_read);
        free(dump);
        return 0;
 }
 
        //    printIclassDumpInfo(dump);
        printIclassDumpContents(dump,startblock,endblock,bytes_read);
        free(dump);
        return 0;
 }
 
-uint64_t xorcheck(uint64_t sdiv,uint64_t hdiv){
+/*
+uint64_t xorcheck(uint64_t sdiv,uint64_t hdiv) {
        uint64_t new_div = 0x00;
        new_div ^= sdiv;
        new_div ^= hdiv;
        return new_div;
 }
 
        uint64_t new_div = 0x00;
        new_div ^= sdiv;
        new_div ^= hdiv;
        return new_div;
 }
 
-uint64_t hexarray_to_uint64(uint8_t *key){
+uint64_t hexarray_to_uint64(uint8_t *key) {
        char temp[17];
        uint64_t uint_key;
        for (int i = 0;i < 8;i++)
                sprintf(&temp[(i *2)],"%02X",key[i]);
        temp[16] = '\0';
        char temp[17];
        uint64_t uint_key;
        for (int i = 0;i < 8;i++)
                sprintf(&temp[(i *2)],"%02X",key[i]);
        temp[16] = '\0';
-       if (sscanf(temp,"%016"llX,&uint_key) < 1)
+       if (sscanf(temp,"%016" SCNx64,&uint_key) < 1)
                return 0;
        return uint_key;
 }
                return 0;
        return uint_key;
 }
-
-int usage_hf_iclass_calc_ekey(){
-       PrintAndLog("Usage: hf iclass calc_ekey <STDKEY> <ELITE key> [c]");
-       return 1;
-}
-
-int CmdHFiClassCalcEKey(const char *Cmd){
-       uint8_t STDKEY[8];
-       uint8_t ELITEKEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t std_div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-       uint8_t elite_div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+*/
+void HFiClassCalcDivKey(uint8_t        *CSN, uint8_t   *KEY, uint8_t *div_key, bool elite){
        uint8_t keytable[128] = {0};
        uint8_t key_index[8] = {0};
        uint8_t keytable[128] = {0};
        uint8_t key_index[8] = {0};
-       uint64_t new_div_key;
-       uint64_t i_elite_div_key;
-       uint64_t i_std_div_key;
-       bool use_credit_key = false;
-       //memcpy(STDKEY,GLOBAL_KEY,sizeof(STDKEY));
-       int i;
-       if (strlen(Cmd) < 2)
-               return usage_hf_iclass_calc_ekey();
+       if (elite) {
+               uint8_t key_sel[8] = { 0 };
+               uint8_t key_sel_p[8] = { 0 };
+               hash2(KEY, keytable);
+               hash1(CSN, key_index);
+               for(uint8_t i = 0; i < 8 ; i++)
+                       key_sel[i] = keytable[key_index[i]] & 0xFF;
 
 
-       if (param_gethex(Cmd, 0, STDKEY, 16))
-               return usage_hf_iclass_calc_ekey();
+               //Permute from iclass format to standard format
+               permutekey_rev(key_sel, key_sel_p);
+               diversifyKey(CSN, key_sel_p, div_key);  
+       } else {
+               diversifyKey(CSN, KEY, div_key);
+       }               
+}
 
 
-       if (param_gethex(Cmd, 1, ELITEKEY, 16) != 0)
-               return usage_hf_iclass_calc_ekey();
+//when told CSN, oldkey, newkey, if new key is elite (elite), and if old key was elite (oldElite)
+//calculate and return xor_div_key (ready for a key write command)
+//print all div_keys if verbose
+static void HFiClassCalcNewKey(uint8_t *CSN, uint8_t *OLDKEY, uint8_t *NEWKEY, uint8_t *xor_div_key, bool elite, bool oldElite, bool verbose){
+       uint8_t old_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t new_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       //get old div key
+       HFiClassCalcDivKey(CSN, OLDKEY, old_div_key, oldElite);
+       //get new div key
+       HFiClassCalcDivKey(CSN, NEWKEY, new_div_key, elite);
+       
+       for (uint8_t i = 0; i < sizeof(old_div_key); i++){
+               xor_div_key[i] = old_div_key[i] ^ new_div_key[i];
+       }
+       if (verbose) {
+               printf("Old Div Key : %s\n",sprint_hex(old_div_key,8));
+               printf("New Div Key : %s\n",sprint_hex(new_div_key,8));
+               printf("Xor Div Key : %s\n",sprint_hex(xor_div_key,8));         
+       }
+}
 
 
-       if (param_getchar(Cmd, 2)=='c')
-               use_credit_key = true;
+int usage_hf_iclass_calc_newkey(void) {
+       PrintAndLog("HELP :  Manage iClass Keys in client memory:\n");
+       PrintAndLog("Usage:  hf iclass calc_newkey o <Old key> n <New key> s [csn] e");
+       PrintAndLog("  Options:");
+       PrintAndLog("  o <oldkey> : *specify a key as 16 hex symbols or a key number as 1 symbol");
+       PrintAndLog("  n <newkey> : *specify a key as 16 hex symbols or a key number as 1 symbol");
+       PrintAndLog("  s <csn>    : specify a card Serial number to diversify the key (if omitted will attempt to read a csn)");
+       PrintAndLog("  e          : specify new key as elite calc");
+       PrintAndLog("  ee         : specify old and new key as elite calc");
+       PrintAndLog("Samples:");
+       PrintAndLog(" e key to e key given csn : hf iclass calcnewkey o 1122334455667788 n 2233445566778899 s deadbeafdeadbeaf ee");
+       PrintAndLog(" std key to e key read csn: hf iclass calcnewkey o 1122334455667788 n 2233445566778899 e");
+       PrintAndLog(" std to std read csn      : hf iclass calcnewkey o 1122334455667788 n 2233445566778899");
+       PrintAndLog("NOTE: * = required\n");
 
 
-       hash2(ELITEKEY, keytable);
+       return 1;
+}
 
 
-       uint8_t key_sel[8] = { 0 };
-       uint8_t key_sel_p[8] = { 0 };
+int CmdHFiClassCalcNewKey(const char *Cmd) {
+       uint8_t OLDKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t NEWKEY[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t xor_div_key[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t CSN[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t CCNR[12] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+       uint8_t keyNbr = 0;
+       uint8_t dataLen = 0;
+       char tempStr[50] = {0};
+       bool givenCSN = false;
+       bool oldElite = false;
+       bool elite = false;
+       bool errors = false;
+       uint8_t cmdp = 0;
+       while(param_getchar(Cmd, cmdp) != 0x00)
+       {
+               switch(param_getchar(Cmd, cmdp))
+               {
+               case 'h':
+               case 'H':
+                       return usage_hf_iclass_calc_newkey();
+               case 'e':
+               case 'E':
+                       dataLen = param_getstr(Cmd, cmdp, tempStr);
+                       if (dataLen==2)
+                               oldElite = true;
+                       elite = true;
+                       cmdp++;
+                       break;
+               case 'n':
+               case 'N':
+                       dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+                       if (dataLen == 16) { 
+                               errors = param_gethex(tempStr, 0, NEWKEY, dataLen);
+                       } else if (dataLen == 1) {
+                               keyNbr = param_get8(Cmd, cmdp+1);
+                               if (keyNbr < ICLASS_KEYS_MAX) {
+                                       memcpy(NEWKEY, iClass_Key_Table[keyNbr], 8);
+                               } else {
+                                       PrintAndLog("\nERROR: NewKey Nbr is invalid\n");
+                                       errors = true;
+                               }
+                       } else {
+                               PrintAndLog("\nERROR: NewKey is incorrect length\n");
+                               errors = true;
+                       }
+                       cmdp += 2;
+                       break;
+               case 'o':
+               case 'O':
+                       dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+                       if (dataLen == 16) { 
+                               errors = param_gethex(tempStr, 0, OLDKEY, dataLen);
+                       } else if (dataLen == 1) {
+                               keyNbr = param_get8(Cmd, cmdp+1);
+                               if (keyNbr < ICLASS_KEYS_MAX) {
+                                       memcpy(OLDKEY, iClass_Key_Table[keyNbr], 8);
+                               } else {
+                                       PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
+                                       errors = true;
+                               }
+                       } else {
+                               PrintAndLog("\nERROR: Credit Key is incorrect length\n");
+                               errors = true;
+                       }
+                       cmdp += 2;
+                       break;
+               case 's':
+               case 'S':
+                       givenCSN = true;
+                       if (param_gethex(Cmd, cmdp+1, CSN, 16))
+                               return usage_hf_iclass_calc_newkey();
+                       cmdp += 2;
+                       break;
+               default:
+                       PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
+                       errors = true;
+                       break;
+               }
+               if(errors) return usage_hf_iclass_calc_newkey();
+       }
 
 
-       if (!select_only(CSN, CCNR, use_credit_key, true))
-               return 0;
+       if (cmdp < 4) return usage_hf_iclass_calc_newkey();
 
 
-       diversifyKey(CSN, STDKEY, std_div_key);
-
-       //    printvar("(S)Div key", std_div_key, 8);
-       hash1(CSN, key_index);
-       for(i = 0; i < 8 ; i++)
-               key_sel[i] = keytable[key_index[i]] & 0xFF;
-
-       //Permute from iclass format to standard format
-       permutekey_rev(key_sel, key_sel_p);
-       diversifyKey(CSN, key_sel_p, elite_div_key);
-       //    printvar("(E)Div key", elite_div_key, 8);
-       i_elite_div_key = hexarray_to_uint64(elite_div_key);
-       i_std_div_key = hexarray_to_uint64(std_div_key);
-       new_div_key = xorcheck(i_std_div_key, i_elite_div_key);
-       printf("New Div Key : %016"llX"\n",new_div_key);
+       if (!givenCSN)
+               if (!select_only(CSN, CCNR, false, true))
+                       return 0;
+       
+       HFiClassCalcNewKey(CSN, OLDKEY, NEWKEY, xor_div_key, elite, oldElite, true);
        return 0;
 }
 
        return 0;
 }
 
-int loadKeys(char *filename){
+static int loadKeys(char *filename) {
        FILE *f;
        f = fopen(filename,"rb");
        if(!f) {
        FILE *f;
        f = fopen(filename,"rb");
        if(!f) {
@@ -1609,6 +1534,12 @@ int loadKeys(char *filename){
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
        long fsize = ftell(f);
        fseek(f, 0, SEEK_SET);
 
+       if ( fsize < 0 ) {
+               PrintAndLog("Error, when getting filesize");
+               fclose(f);
+               return 1;
+       }
+
        uint8_t *dump = malloc(fsize);
 
        size_t bytes_read = fread(dump, 1, fsize, f);
        uint8_t *dump = malloc(fsize);
 
        size_t bytes_read = fread(dump, 1, fsize, f);
@@ -1627,7 +1558,7 @@ int loadKeys(char *filename){
        return 1;
 }
 
        return 1;
 }
 
-int saveKeys(char *filename){
+static int saveKeys(char *filename) {
        FILE *f;
        f = fopen(filename,"wb");
        if (f == NULL) {
        FILE *f;
        f = fopen(filename,"wb");
        if (f == NULL) {
@@ -1644,7 +1575,7 @@ int saveKeys(char *filename){
        return 0;
 }
 
        return 0;
 }
 
-int printKeys(){
+static int printKeys(void) {
        PrintAndLog("");
        for (uint8_t i = 0; i < ICLASS_KEYS_MAX; i++){
                PrintAndLog("%u: %s",i,sprint_hex(iClass_Key_Table[i],8));
        PrintAndLog("");
        for (uint8_t i = 0; i < ICLASS_KEYS_MAX; i++){
                PrintAndLog("%u: %s",i,sprint_hex(iClass_Key_Table[i],8));
@@ -1653,7 +1584,7 @@ int printKeys(){
        return 0;
 }
 
        return 0;
 }
 
-int usage_hf_iclass_managekeys(){
+int usage_hf_iclass_managekeys(void) {
        PrintAndLog("HELP :  Manage iClass Keys in client memory:\n");
        PrintAndLog("Usage:  hf iclass managekeys n [keynbr] k [key] f [filename] s l p\n");
        PrintAndLog("  Options:");
        PrintAndLog("HELP :  Manage iClass Keys in client memory:\n");
        PrintAndLog("Usage:  hf iclass managekeys n [keynbr] k [key] f [filename] s l p\n");
        PrintAndLog("  Options:");
@@ -1671,7 +1602,7 @@ int usage_hf_iclass_managekeys(){
        return 0;
 }
 
        return 0;
 }
 
-int CmdManageKeys(const char *Cmd){
+int CmdHFiClassManageKeys(const char *Cmd) {
        uint8_t keyNbr = 0;
        uint8_t dataLen = 0;
        uint8_t KEY[8] = {0};
        uint8_t keyNbr = 0;
        uint8_t dataLen = 0;
        uint8_t KEY[8] = {0};
@@ -1701,8 +1632,8 @@ int CmdManageKeys(const char *Cmd){
                case 'n':
                case 'N':
                        keyNbr = param_get8(Cmd, cmdp+1);
                case 'n':
                case 'N':
                        keyNbr = param_get8(Cmd, cmdp+1);
-                       if (keyNbr < 0) {
-                               PrintAndLog("Wrong block number");
+                       if (keyNbr >= ICLASS_KEYS_MAX) {
+                               PrintAndLog("Invalid block number");
                                errors = true;
                        }
                        cmdp += 2;
                                errors = true;
                        }
                        cmdp += 2;
@@ -1767,23 +1698,22 @@ int CmdManageKeys(const char *Cmd){
 static command_t CommandTable[] = 
 {
        {"help",        CmdHelp,                        1,      "This help"},
 static command_t CommandTable[] = 
 {
        {"help",        CmdHelp,                        1,      "This help"},
-       {"calc_ekey",   CmdHFiClassCalcEKey,            0,      "Get Elite Diversified key (block 3) to write to convert std to elite"},
-       {"clone",       CmdHFiClassCloneTag,            0,      "Authenticate and Clone from iClass bin file"},
-       {"decrypt",     CmdHFiClassDecrypt,             1,      "Decrypt tagdump" },
-       {"dump",        CmdHFiClassReader_Dump,         0,      "Authenticate and Dump iClass tag's AA1"},
-       {"eload",       CmdHFiClassELoad,               0,      "[experimental] Load data into iClass emulator memory"},
-       {"encryptblk",  CmdHFiClassEncryptBlk,          1,      "[blockData] Encrypt given block data"},
-       {"list",        CmdHFiClassList,                0,      "[Deprecated] List iClass history"},
-       //{"load",        CmdHFiClass_load,             0,      "Load from tagfile to iClass card"},
-       {"loclass",     CmdHFiClass_loclass,            1,      "Use loclass to perform bruteforce of reader attack dump"},
-       {"managekeys",  CmdManageKeys,                  1,      "Manage the keys to use with iClass"},
-       {"readblk",     CmdHFiClass_ReadBlock,          0,      "Authenticate and Read iClass block"},
-       {"reader",      CmdHFiClassReader,              0,      "Read an iClass tag"},
-       {"readtagfile", CmdHFiClassReadTagFile,         1,      "Display Content from tagfile"},
-       {"replay",      CmdHFiClassReader_Replay,       0,      "Read an iClass tag via Reply Attack"},
-       {"sim",         CmdHFiClassSim,                 0,      "Simulate iClass tag"},
-       {"snoop",       CmdHFiClassSnoop,               0,      "Eavesdrop iClass communication"},
-       {"writeblk",    CmdHFiClass_WriteBlock,         0,      "Authenticate and Write iClass block"},
+       {"calcnewkey",  CmdHFiClassCalcNewKey,          1,      "[options..] Calc Diversified keys (blocks 3 & 4) to write new keys"},
+       {"clone",       CmdHFiClassCloneTag,            0,      "[options..] Authenticate and Clone from iClass bin file"},
+       {"decrypt",     CmdHFiClassDecrypt,             1,      "[f <fname>] Decrypt tagdump" },
+       {"dump",        CmdHFiClassReader_Dump,         0,      "[options..] Authenticate and Dump iClass tag's AA1"},
+       {"eload",       CmdHFiClassELoad,               0,      "[f <fname>] (experimental) Load data into iClass emulator memory"},
+       {"encryptblk",  CmdHFiClassEncryptBlk,          1,      "<BlockData> Encrypt given block data"},
+       {"list",        CmdHFiClassList,                0,      "            (Deprecated) List iClass history"},
+       {"loclass",     CmdHFiClass_loclass,            1,      "[options..] Use loclass to perform bruteforce of reader attack dump"},
+       {"managekeys",  CmdHFiClassManageKeys,          1,      "[options..] Manage the keys to use with iClass"},
+       {"readblk",     CmdHFiClass_ReadBlock,          0,      "[options..] Authenticate and Read iClass block"},
+       {"reader",      CmdHFiClassReader,              0,      "            Read an iClass tag"},
+       {"readtagfile", CmdHFiClassReadTagFile,         1,      "[options..] Display Content from tagfile"},
+       {"replay",      CmdHFiClassReader_Replay,       0,      "<mac>       Read an iClass tag via Reply Attack"},
+       {"sim",         CmdHFiClassSim,                 0,      "[options..] Simulate iClass tag"},
+       {"snoop",       CmdHFiClassSnoop,               0,      "            Eavesdrop iClass communication"},
+       {"writeblk",    CmdHFiClass_WriteBlock,         0,      "[options..] Authenticate and Write iClass block"},
        {NULL, NULL, 0, NULL}
 };
 
        {NULL, NULL, 0, NULL}
 };
 
Proxmark3 GIT tracking
Impressum, Datenschutz