More work on iclass full simulation, and some work on iclass tag dump parsing

author Martin Holst Swende <martin@swende.se>

Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)

committer Martin Holst Swende <martin@swende.se>

Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)
author Martin Holst Swende <martin@swende.se>
Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)
committer Martin Holst Swende <martin@swende.se>
Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)
diff --git a/armsrc/cipherutils.c b/armsrc/cipherutils.c

index a734ea7a1775b782bdc2c8704e1b3724e96e041b..c00e2be2db5b6cf3324bc1fcf01d250ec7024b05 100644 (file)
--- a/armsrc/cipherutils.c
+++ b/armsrc/cipherutils.c
@@ -39,8 +39,10 @@
  #include <stdint.h>
  #include <stdio.h>
  #include <string.h>
  #include <stdint.h>
  #include <stdio.h>
  #include <string.h>
-#include "fileutils.h"
  #include "cipherutils.h"
  #include "cipherutils.h"
+#ifndef ON_DEVICE
+#include "fileutils.h"
+#endif
  /**
   *
   * @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
  /**
   *
   * @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
diff --git a/client/Makefile b/client/Makefile

index e63581ba1ff864520167f5406c96b7dcf53dbe23..20e17d7d5ae47ec8b7949ac60adc44e900c9cc79 100644 (file)
--- a/client/Makefile
+++ b/client/Makefile
@@ -94,6 +94,7 @@ CMDSRCS =     nonce2key/crapto1.c\
                         cmdscript.c\
                         pm3_bitlib.c\
                         aes.c\
                         cmdscript.c\
                         pm3_bitlib.c\
                         aes.c\
+                       protocols.c\
  
  
  COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
  
  
  COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c

index 7bc23e9bb522d32db4e3db637dfc60aa7b3eea9b..31f7ba973f8d2a956194d9152fdf65584b3f76a7 100644 (file)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -29,6 +29,7 @@
  #include "loclass/ikeys.h"
  #include "loclass/elite_crack.h"
  #include "loclass/fileutils.h"
  #include "loclass/ikeys.h"
  #include "loclass/elite_crack.h"
  #include "loclass/fileutils.h"
+#include "protocols.h"
  
  static int CmdHelp(const char *Cmd);
  
  
  static int CmdHelp(const char *Cmd);
  
@@ -75,10 +76,9 @@ int CmdHFiClassSim(const char *Cmd)
         uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  
         if (strlen(Cmd)<1) {
         uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  
         if (strlen(Cmd)<1) {
-               usage_hf_iclass_sim();
+               return usage_hf_iclass_sim();
         }
         }
-
-       simType = param_get8(Cmd, 0);
+       simType = param_get8ex(Cmd, 0, 0, 10);
  
         if(simType == 0)
         {
  
         if(simType == 0)
         {
@@ -322,7 +322,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
         PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
         printvar("Div key", div_key, 8);
         printvar("CC_NR:",CCNR,12);
         PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
         printvar("Div key", div_key, 8);
         printvar("CC_NR:",CCNR,12);
-       doMAC(CCNR,12,div_key, MAC);
+       doMAC(CCNR,div_key, MAC);
         printvar("MAC", MAC, 4);
  
         uint8_t iclass_data[32000] = {0};
         printvar("MAC", MAC, 4);
  
         uint8_t iclass_data[32000] = {0};
@@ -421,9 +421,12 @@ int CmdHFiClassELoad(const char *Cmd)
         fseek(f, 0, SEEK_SET);
  
         uint8_t *dump = malloc(fsize);
         fseek(f, 0, SEEK_SET);
  
         uint8_t *dump = malloc(fsize);
+
+
         size_t bytes_read = fread(dump, 1, fsize, f);
         fclose(f);
  
         size_t bytes_read = fread(dump, 1, fsize, f);
         fclose(f);
  
+       printIclassDumpInfo(dump);
         //Validate
  
         if (bytes_read < fsize)
         //Validate
  
         if (bytes_read < fsize)
@@ -456,7 +459,7 @@ int usage_hf_iclass_decrypt()
         PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
         PrintAndLog("in the working directory. The file should be 16 bytes binary data");
         PrintAndLog("");
         PrintAndLog("OBS! In order to use this function, the file 'iclass_decryptionkey.bin' must reside");
         PrintAndLog("in the working directory. The file should be 16 bytes binary data");
         PrintAndLog("");
-       PrintAndLog("example: hf iclass decrypt tagdump_12312342343.bin");
+       PrintAndLog("example: hf iclass decrypt f tagdump_12312342343.bin");
         PrintAndLog("");
         PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
         PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
         PrintAndLog("");
         PrintAndLog("OBS! This is pretty stupid implementation, it tries to decrypt every block after block 6. ");
         PrintAndLog("Correct behaviour would be to decrypt only the application areas where the key is valid,");
@@ -604,7 +607,7 @@ int CmdHFiClass_iso14443A_write(const char *Cmd)
         diversifyKey(CSN,KEY, div_key);
  
         PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
         diversifyKey(CSN,KEY, div_key);
  
         PrintAndLog("Div Key: %s",sprint_hex(div_key,8));
-       doMAC(CCNR, 12,div_key, MAC);
+       doMAC(CCNR, div_key, MAC);
  
         UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
         memcpy(c2.d.asBytes, bldata, 8);
  
         UsbCommand c2 = {CMD_ICLASS_ISO14443A_WRITE, {readerType,blockNo}};
         memcpy(c2.d.asBytes, bldata, 8);
diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c

index a8ab869e8c53c0569108ec42b2c74ecc45b72229..c824eaa188ed45c56fce156718c4dfeda90f5b19 100644 (file)
--- a/client/loclass/elite_crack.c
+++ b/client/loclass/elite_crack.c
@@ -394,7 +394,7 @@ int bruteforceItem(dumpdata item, uint16_t keytable[])
                 //Diversify
                 diversifyKey(item.csn, key_sel_p, div_key);
                 //Calc mac
                 //Diversify
                 diversifyKey(item.csn, key_sel_p, div_key);
                 //Calc mac
-        doMAC(item.cc_nr,12, div_key,calculated_MAC);
+               doMAC(item.cc_nr, div_key,calculated_MAC);
  
                 if(memcmp(calculated_MAC, item.mac, 4) == 0)
                 {
  
                 if(memcmp(calculated_MAC, item.mac, 4) == 0)
                 {
diff --git a/common/protocols.c b/common/protocols.c

index bdaff3f148703a09bbe7ab286247cb5cc53858fb..6a4c9a103bff1a03ebb21215e968b54bc9aa7f09 100644 (file)
--- a/common/protocols.c
+++ b/common/protocols.c
@@ -1,7 +1,14 @@
  #include <stdio.h>
  #include <strings.h>
  #include <stdio.h>
  #include <strings.h>
+#include <string.h>
  #include <stdint.h>
  #include <stdarg.h>
  #include <stdint.h>
  #include <stdarg.h>
+#include "protocols.h"
+#ifndef ON_DEVICE
+#include "ui.h"
+#define prnt PrintAndLog
+#endif
+
  
  
  typedef struct {
  
  
  typedef struct {
@@ -25,17 +32,9 @@ typedef struct {
  
  }picopass_hdr;
  
  
  }picopass_hdr;
  
-#define FUSE_FPERS   0x80
-#define FUSE_CODING1 0x40
-#define FUSE_CODING0 0x20
-#define FUSE_CRYPT1  0x10
-#define FUSE_CRYPT0  0x08
-#define FUSE_FPROD1  0x04
-#define FUSE_FPROD0  0x02
-#define FUSE_RA      0x01
  
  //#define prnt printf
  
  //#define prnt printf
-void prnt(char *fmt,...)
+/*void prnt(char *fmt,...)
  {
         va_list argptr;
         va_start(argptr, fmt);
  {
         va_list argptr;
         va_start(argptr, fmt);
@@ -44,7 +43,7 @@ void prnt(char *fmt,...)
         va_end(argptr);
         printf("\n");
  }
         va_end(argptr);
         printf("\n");
  }
-
+*/
  uint8_t isset(uint8_t val, uint8_t mask)
  {
         return (val & mask);
  uint8_t isset(uint8_t val, uint8_t mask)
  {
         return (val & mask);
@@ -95,6 +94,14 @@ void print_picopass_info(const picopass_hdr *hdr)
         mem_config(hdr);
         applimit_config(hdr);
  }
         mem_config(hdr);
         applimit_config(hdr);
  }
+void printIclassDumpInfo(uint8_t* iclass_dump)
+{
+//     picopass_hdr hdr;
+//     memcpy(&hdr, iclass_dump, sizeof(picopass_hdr));
+       print_picopass_info((picopass_hdr *) iclass_dump);
+}
+
+/*
  void test()
  {
         picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
  void test()
  {
         picopass_hdr hdr = {0x27,0xaf,0x48,0x01,0xf9,0xff,0x12,0xe0,0x12,0xff,0xff,0xff,0x7f,0x1f,0xff,0x3c};
@@ -106,3 +113,4 @@ int main(int argc, char *argv[])
         test();
         return 0;
  }
         test();
         return 0;
  }
+*/
diff --git a/common/protocols.h b/common/protocols.h

index af165c3ac20d68cbf0d1acf9ee1e45c62ab02317..1dd6618506c716518476f591d9c822667bc275bd 100644 (file)
--- a/common/protocols.h
+++ b/common/protocols.h
@@ -170,5 +170,17 @@ NXP/Philips CUSTOM COMMANDS
  #define ICLASS     1
  #define ISO_14443B 2
  
  #define ICLASS     1
  #define ISO_14443B 2
  
+//-- Picopass fuses
+#define FUSE_FPERS   0x80
+#define FUSE_CODING1 0x40
+#define FUSE_CODING0 0x20
+#define FUSE_CRYPT1  0x10
+#define FUSE_CRYPT0  0x08
+#define FUSE_FPROD1  0x04
+#define FUSE_FPROD0  0x02
+#define FUSE_RA      0x01
+
+
+void printIclassDumpInfo(uint8_t* iclass_dump);
  
  #endif // PROTOCOLS_H
  
  #endif // PROTOCOLS_H
author	Martin Holst Swende <martin@swende.se>
	Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)
committer	Martin Holst Swende <martin@swende.se>
	Thu, 19 Feb 2015 09:48:33 +0000 (10:48 +0100)
armsrc/cipherutils.c		patch \| blob \| blame \| history
client/Makefile		patch \| blob \| blame \| history
client/cmdhficlass.c		patch \| blob \| blame \| history
client/loclass/elite_crack.c		patch \| blob \| blame \| history
common/protocols.c		patch \| blob \| blame \| history
common/protocols.h		patch \| blob \| blame \| history