X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/9b82de75f4a74b2d7f149dc161f0d3a3fb1752fa..a501c82b196b614295a6e3bf7481da84affb0d8e:/client/cmdhficlass.c

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 0650eef9..370b36e9 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -16,12 +16,11 @@
 #include <sys/stat.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
 #include "data.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhficlass.h"
-#include "common.h"
+#include "../include/common.h"
 #include "util.h"
 #include "cmdmain.h"
 #include "loclass/des.h"
@@ -35,11 +34,11 @@ static int CmdHelp(const char *Cmd);
 
 int xorbits_8(uint8_t val)
 {
-    uint8_t res = val ^ (val >> 1); //1st pass
-    res = res ^ (res >> 1); 		// 2nd pass
-    res = res ^ (res >> 2); 		// 3rd pass
-    res = res ^ (res >> 4); 			// 4th pass
-    return res & 1;
+	uint8_t res = val ^ (val >> 1); //1st pass
+	res = res ^ (res >> 1); 		// 2nd pass
+	res = res ^ (res >> 2); 		// 3rd pass
+	res = res ^ (res >> 4); 			// 4th pass
+	return res & 1;
 }
 
 int CmdHFiClassList(const char *Cmd)
@@ -56,7 +55,7 @@ int CmdHFiClassList(const char *Cmd)
 		return 0;
 	}
 
-	uint8_t got[1920];
+	uint8_t got[TRACE_BUFFER_SIZE];
 	GetFromBigBuf(got,sizeof(got),0);
 	WaitForResponse(CMD_ACK,NULL);
 
@@ -78,7 +77,7 @@ int CmdHFiClassList(const char *Cmd)
 	uint32_t EndOfTransmissionTimestamp = 0;
 
 
-	for( i=0; i < 1900;)
+	for( i=0; i < TRACE_BUFFER_SIZE;)
 	{
 		//First 32 bits contain
 		// isResponse (1 bit)
@@ -88,7 +87,7 @@ int CmdHFiClassList(const char *Cmd)
 		timestamp = *((uint32_t *)(got+i));
 		parityBits = *((uint32_t *)(got+i+4));
 		len = got[i+8];
-        frame = (got+i+9);
+		frame = (got+i+9);
 		uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff;
 
 		tagToReader = timestamp & 0x80000000;
@@ -303,7 +302,7 @@ int CmdHFiClassSnoop(const char *Cmd)
   SendCommand(&c);
   return 0;
 }
-
+#define NUM_CSNS 15
 int CmdHFiClassSim(const char *Cmd)
 {
   uint8_t simType = 0;
@@ -340,20 +339,27 @@ int CmdHFiClassSim(const char *Cmd)
 
 	if(simType == 2)
 	{
-		UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,63}};
+		UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
 		UsbCommand resp = {0};
 
-		uint8_t csns[64] = {
-			 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0 ,
-			 0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0 ,
-			 0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0 ,
-			 0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0 ,
-			 0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0 ,
-			 0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0 ,
-			 0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 ,
-			 0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 };
-
-		memcpy(c.d.asBytes, csns, 64);
+	uint8_t csns[8*NUM_CSNS] = {
+	 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
+	 0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
+	
+	 memcpy(c.d.asBytes, csns, 8*NUM_CSNS);
 
 		SendCommand(&c);
 		if (!WaitForResponseTimeout(CMD_ACK, &resp, -1)) {
@@ -362,9 +368,9 @@ int CmdHFiClassSim(const char *Cmd)
 		}
 
 		uint8_t num_mac_responses  = resp.arg[1];
-		PrintAndLog("Mac responses: %d MACs obtained (should be 8)", num_mac_responses);
+		PrintAndLog("Mac responses: %d MACs obtained (should be %d)", num_mac_responses, NUM_CSNS);
 
-		size_t datalen = 8*24;
+		size_t datalen = NUM_CSNS*24;
 		/*
 		 * Now, time to dump to file. We'll use this format:
 		 * <8-byte CSN><8-byte CC><4 byte NR><4 byte MAC>....
@@ -378,7 +384,7 @@ int CmdHFiClassSim(const char *Cmd)
 		void* dump = malloc(datalen);
 		memset(dump,0,datalen);//<-- Need zeroes for the CC-field
 		uint8_t i = 0;
-		for(i = 0 ; i < 8 ; i++)
+		for(i = 0 ; i < NUM_CSNS ; i++)
 		{
 			memcpy(dump+i*24, csns+i*8,8); //CSN
 			//8 zero bytes here...
@@ -437,7 +443,7 @@ int CmdHFiClassReader_Replay(const char *Cmd)
   if (strlen(Cmd)<1) {
     PrintAndLog("Usage:  hf iclass replay <MAC>");
     PrintAndLog("        sample: hf iclass replay 00112233");
-    return 0;
+	return 0;
   }
 
   if (param_gethex(Cmd, 0, MAC, 8)) {
@@ -491,6 +497,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 
     //calc h2
     hash2(KEY, keytable);
+    printarr_human_readable("keytable", keytable, 128);
 
   }
 
@@ -501,7 +508,9 @@ int CmdHFiClassReader_Dump(const char *Cmd)
   SendCommand(&c);
   
   UsbCommand resp;
-
+  uint8_t key_sel[8] = {0x00};
+  uint8_t key_sel_p[8] = {0x00};
+				
   if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
         uint8_t isOK    = resp.arg[0] & 0xff;
         uint8_t * data  = resp.d.asBytes;
@@ -519,8 +528,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
         {
             if(elite)
             {
-                uint8_t key_sel[8] = {0};
-                uint8_t key_sel_p[8] = { 0 };
+
                 //Get the key index (hash1)
                 uint8_t key_index[8] = {0};
 
@@ -533,13 +541,21 @@ int CmdHFiClassReader_Dump(const char *Cmd)
                 permutekey_rev(key_sel,key_sel_p);
                 used_key = key_sel_p;
             }else{
+                //Perhaps this should also be permuted to std format?
+                // Something like the code below? I have no std system
+                // to test this with /Martin
+
+                //uint8_t key_sel_p[8] = { 0 };
+                //permutekey_rev(KEY,key_sel_p);
+                //used_key = key_sel_p;
+
                 used_key = KEY;
 
             }
-            printvar("CC:",CCNR,8);
             printvar("Used key",used_key,8);
             diversifyKey(CSN,used_key, div_key);
             printvar("Div key", div_key, 8);
+            printvar("CC_NR:",CCNR,12);
             doMAC(CCNR,12,div_key, MAC);
             printvar("MAC", MAC, 4);
 
@@ -638,14 +654,17 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
 
 static command_t CommandTable[] = 
 {
-  {"help",	CmdHelp,			1,	"This help"},
-  {"list",	CmdHFiClassList,	0,	"List iClass history"},
-  {"snoop",	CmdHFiClassSnoop,	0,	"Eavesdrop iClass communication"},
-  {"sim",	CmdHFiClassSim,		0,	"Simulate iClass tag"},
+  {"help",    CmdHelp,        1, "This help"},
+  {"list",    CmdHFiClassList,   0, "List iClass history"},
+  {"snoop",   CmdHFiClassSnoop,  0, "Eavesdrop iClass communication"},
+  {"sim",     CmdHFiClassSim,    0, "Simulate iClass tag"},
   {"reader",CmdHFiClassReader,	0,	"Read an iClass tag"},
   {"replay",CmdHFiClassReader_Replay,	0,	"Read an iClass tag via Reply Attack"},
   {"dump",	CmdHFiClassReader_Dump,	0,		"Authenticate and Dump iClass tag"},
   {"write",	CmdHFiClass_iso14443A_write,	0,	"Authenticate and Write iClass block"},
+  {"replay",  CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
+  {"dump",	  CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
+  {"write",	CmdHFiClass_iso14443A_write,	0,	"Authenticate and Write iClass block"},
   {NULL, NULL, 0, NULL}
 };
 
@@ -658,5 +677,5 @@ int CmdHFiClass(const char *Cmd)
 int CmdHelp(const char *Cmd)
 {
   CmdsHelp(CommandTable);
-  return 0;
+	return 0;
 }