iclass - updates

clean up output
allow readblock without authenticating (can read blocks 0, 1, 2, 5
without authenticating.)
add Application Issuer Area to reader output and use it to attempt to
identify legacy vs NOT legacy.

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index ce7d1f935d9447d8baca20115b1bea327b9c876f..55dd555ad56013ca92bf7f98963515e5c558ecac 100644 (file)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -199,13 +199,25 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
                                return 0;
                        }
                        if( readStatus & FLAG_ICLASS_READER_CSN){
-                               PrintAndLog("CSN: %s",sprint_hex(data,8));
+                               PrintAndLog("   CSN: %s",sprint_hex(data,8));
                                tagFound = true;
                        }
-                       if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("CC: %s",sprint_hex(data+16,8));
+                       if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("    CC: %s",sprint_hex(data+16,8));
                        if( readStatus & FLAG_ICLASS_READER_CONF){
                                printIclassDumpInfo(data);
                        }
+                       //TODO add iclass read block 05 and test iclass type..
+                       if (readStatus & FLAG_ICLASS_READER_AA) {
+                               bool legacy = true;
+                               PrintAndLog(" AppIA: %s",sprint_hex(data+8*4,8));
+                               for (int i = 0; i<8; i++) {
+                                       if (data[8*4+i] != 0xFF) {
+                                               legacy = false;
+                                       } 
+                               }
+                               PrintAndLog("      : Possible iClass %s",(legacy) ? "(legacy tag)" : "(NOT legacy tag)");
+                       }
+
                        if (tagFound && !loop) return 1;
                } else {
                        if (verbose) PrintAndLog("Command execute timeout");
@@ -1095,12 +1107,19 @@ int CmdHFiClassCloneTag(const char *Cmd) {
        return 1;
 }
 
-static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose) {
+static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose, bool auth) {
        uint8_t MAC[4]={0x00,0x00,0x00,0x00};
        uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-       if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
-               return 0;
+       if (auth) {
+               if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
+                       return 0;
+       } else {
+               uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+               uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+               if (!select_only(CSN, CCNR, (keyType==0x18), verbose))
+                       return 0;
+       }
 
        UsbCommand resp;
        UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno}};
@@ -1146,6 +1165,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
        bool elite = false;
        bool rawkey = false;
        bool errors = false;
+       bool auth = false;
        uint8_t cmdp = 0;
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
@@ -1174,6 +1194,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
                        break;
                case 'k':
                case 'K':
+                       auth = true;
                        dataLen = param_getstr(Cmd, cmdp+1, tempStr);
                        if (dataLen == 16) { 
                                errors = param_gethex(tempStr, 0, KEY, dataLen);
@@ -1204,9 +1225,10 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
                if(errors) return usage_hf_iclass_readblock();
        }
 
-       if (cmdp < 4) return usage_hf_iclass_readblock();
-
-       return ReadBlock(KEY, blockno, keyType, elite, rawkey, true);
+       if (cmdp < 2) return usage_hf_iclass_readblock();
+       if (!auth)
+               PrintAndLog("warning: no authentication used with read, only a few specific blocks can be read accurately without authentication.");
+       return ReadBlock(KEY, blockno, keyType, elite, rawkey, true, auth);
 }
 
 int CmdHFiClass_loclass(const char *Cmd) {

diff --git a/common/protocols.c b/common/protocols.c
index 69631f580f491a4810d24dcc3495919388cb4880..795f3eaa37bd8883d8f3a58f5b8af508e69892f7 100644 (file)
--- a/common/protocols.c
+++ b/common/protocols.c
@@ -62,23 +62,23 @@ uint8_t notset(uint8_t val, uint8_t mask) {
 void fuse_config(const picopass_hdr *hdr) {
        uint8_t fuses = hdr->conf.fuses;
 
-       if (isset(fuses,FUSE_FPERS))prnt("      Mode: Personalization [Programmable]");
-       else prnt("     Mode: Application [Locked]");
+       if (isset(fuses,FUSE_FPERS))prnt("  Mode: Personalization [Programmable]");
+       else prnt("  Mode: Application [Locked]");
 
        if (isset(fuses, FUSE_CODING1))
-               prnt("  Coding: RFU");
+               prnt("Coding: RFU");
        else
        {
-               if( isset( fuses , FUSE_CODING0)) prnt("        Coding: ISO 14443-2 B/ISO 15693");
-               else prnt("     Coding: ISO 14443B only");
+               if( isset( fuses , FUSE_CODING0)) prnt("Coding: ISO 14443-2 B/ISO 15693");
+               else prnt("Coding: ISO 14443B only");
        }
-       if( isset (fuses,FUSE_CRYPT1 | FUSE_CRYPT0 )) prnt("    Crypt: Secured page, keys not locked");
-       if( isset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt("   Crypt: Secured page, keys not locked");
-       if( notset (fuses,FUSE_CRYPT1) && isset( fuses, FUSE_CRYPT0 )) prnt("   Crypt: Non secured page");
-       if( notset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt("  Crypt: No auth possible. Read only if RA is enabled");
+       if( isset (fuses,FUSE_CRYPT1 | FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked");
+       if( isset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked");
+       if( notset (fuses,FUSE_CRYPT1) && isset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Non secured page");
+       if( notset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: No auth possible. Read only if RA is enabled");
 
-       if( isset( fuses, FUSE_RA)) prnt("      RA: Read access enabled");
-       else prnt("     RA: Read access not enabled");
+       if( isset( fuses, FUSE_RA)) prnt("    RA: Read access enabled");
+       else prnt("    RA: Read access not enabled");
 }
 
 void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) {
@@ -119,9 +119,9 @@ void mem_app_config(const picopass_hdr *hdr) {
        uint8_t app_areas = 2;
        uint8_t max_blk = 31;
        getMemConfig(mem, chip, &max_blk, &app_areas, &kb);
-       prnt("  Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem);
-       prnt("  AA1: blocks 06-%02X", applimit);
-       prnt("  AA2: blocks %02X-%02X", applimit+1, max_blk);
+       prnt("   Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem);
+       prnt("   AA1: blocks 06-%02X", applimit);
+       prnt("   AA2: blocks %02X-%02X", applimit+1, max_blk);
 }
 void print_picopass_info(const picopass_hdr *hdr) {
        fuse_config(hdr);