X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0644d5e3a3ed255fea1084c0af564c00f592b36c..0ec548dc2122f9bc0f0b536db5fa1a12f1f5c16a:/client/cmdhfmfu.c diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 8dfb9a3b..f85c160a 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -7,7 +7,6 @@ //----------------------------------------------------------------------------- // High frequency MIFARE ULTRALIGHT (C) commands //----------------------------------------------------------------------------- -//#include #include "loclass/des.h" #include "cmdhfmfu.h" #include "cmdhfmf.h" @@ -391,7 +390,7 @@ int CmdHF14AMfucAuth(const char *Cmd){ //Change key to user defined one if (cmdp == 'k' || cmdp == 'K'){ keyNo = param_get8(Cmd, 1); - if(keyNo >= 4) errors = true; + if(keyNo > 4) errors = true; } if (cmdp == 'h' || cmdp == 'H') { @@ -430,7 +429,6 @@ int CmdHF14AMfucAuth(const char *Cmd){ uint8_t * data= resp.d.asBytes; if (isOK){ - PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8)); memcpy(enc_random_b,data+1,8); } else { PrintAndLog("Auth failed"); @@ -440,10 +438,7 @@ int CmdHF14AMfucAuth(const char *Cmd){ PrintAndLog("Command execute timeout"); return 1; } - uint8_t iv[8] = { 0 }; - // Do we need random ? Right now we use all ones, is that random enough ? -// DES_random_key(&RndA); PrintAndLog(" RndA :%s",sprint_hex(random_a, 8)); PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8)); @@ -490,6 +485,23 @@ int CmdHF14AMfucAuth(const char *Cmd){ if (isOK){ PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8)); + + uint8_t foo[8] = { 0 }; + uint8_t bar[8] = { 0 }; + memcpy(foo, data2+1, 8); + des3_set2key_enc(&ctx, key); + + des3_crypt_cbc(&ctx // des3_context *ctx + , DES_DECRYPT // int mode + , 8 // size_t length + , enc_random_b // unsigned char iv[8] + , foo // const unsigned char *input + , bar // unsigned char *output + ); + + PrintAndLog("BAR:%s",sprint_hex(bar, 8)); + + } else { return 2; } @@ -601,12 +613,16 @@ int CmdTestDES(const char * cmd) // int CmdHF14AMfUCRdBl(const char *Cmd) { + bool hasPwd = FALSE; uint8_t blockNo = -1; + unsigned char key[16]; char cmdp = param_getchar(Cmd, 0); if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') { - PrintAndLog("Usage: hf mfu crdbl "); - PrintAndLog(" sample: hf mfu crdbl 0"); + PrintAndLog("Usage: hf mfu crdbl "); + PrintAndLog(""); + PrintAndLog("sample: hf mfu crdbl 0"); + PrintAndLog(" hf mfu crdbl 0 1122334455667788"); return 0; } @@ -621,15 +637,32 @@ int CmdHF14AMfUCRdBl(const char *Cmd) return 1; } - PrintAndLog("--block no: 0x%02X (%d)", (int)blockNo, blockNo); + // key + if ( strlen(Cmd) > 3){ + if (param_gethex(Cmd, 1, key, 16)) { + PrintAndLog("Key must include %d HEX symbols", 16); + return 1; + } else { + hasPwd = TRUE; + } + } + + if ( hasPwd ) + PrintAndLog("--block no: 0x%02X (%d) PWD: %s", (int)blockNo, blockNo, key); + else + PrintAndLog("--block no: 0x%02X (%d)", (int)blockNo, blockNo); //Read Block - UsbCommand e = {CMD_MIFAREU_READBL, {blockNo}}; - SendCommand(&e); - UsbCommand resp_c; - if (WaitForResponseTimeout(CMD_ACK,&resp_c,1500)) { - uint8_t isOK = resp_c.arg[0] & 0xff; - uint8_t *data = resp_c.d.asBytes; + UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}}; + if ( hasPwd ) { + c.arg[1] = 1; + memcpy(c.d.asBytes,key,16); + } + SendCommand(&c); + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + uint8_t *data = resp.d.asBytes; PrintAndLog("isOk: %02x", isOK); if (isOK)