From 67e344df90c5f007fe2641458967001328c24278 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Wed, 21 Jun 2017 16:51:22 -0400 Subject: [PATCH] iclass - updates clean up output allow readblock without authenticating (can read blocks 0, 1, 2, 5 without authenticating.) add Application Issuer Area to reader output and use it to attempt to identify legacy vs NOT legacy. --- client/cmdhficlass.c | 38 ++++++++++++++++++++++++++++++-------- common/protocols.c | 28 ++++++++++++++-------------- 2 files changed, 44 insertions(+), 22 deletions(-) diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index ce7d1f93..55dd555a 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -199,13 +199,25 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) { return 0; } if( readStatus & FLAG_ICLASS_READER_CSN){ - PrintAndLog("CSN: %s",sprint_hex(data,8)); + PrintAndLog(" CSN: %s",sprint_hex(data,8)); tagFound = true; } - if( readStatus & FLAG_ICLASS_READER_CC) PrintAndLog("CC: %s",sprint_hex(data+16,8)); + if( readStatus & FLAG_ICLASS_READER_CC) PrintAndLog(" CC: %s",sprint_hex(data+16,8)); if( readStatus & FLAG_ICLASS_READER_CONF){ printIclassDumpInfo(data); } + //TODO add iclass read block 05 and test iclass type.. + if (readStatus & FLAG_ICLASS_READER_AA) { + bool legacy = true; + PrintAndLog(" AppIA: %s",sprint_hex(data+8*4,8)); + for (int i = 0; i<8; i++) { + if (data[8*4+i] != 0xFF) { + legacy = false; + } + } + PrintAndLog(" : Possible iClass %s",(legacy) ? "(legacy tag)" : "(NOT legacy tag)"); + } + if (tagFound && !loop) return 1; } else { if (verbose) PrintAndLog("Command execute timeout"); @@ -1095,12 +1107,19 @@ int CmdHFiClassCloneTag(const char *Cmd) { return 1; } -static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose) { +static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose, bool auth) { uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose)) - return 0; + if (auth) { + if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose)) + return 0; + } else { + uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + if (!select_only(CSN, CCNR, (keyType==0x18), verbose)) + return 0; + } UsbCommand resp; UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno}}; @@ -1146,6 +1165,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { bool elite = false; bool rawkey = false; bool errors = false; + bool auth = false; uint8_t cmdp = 0; while(param_getchar(Cmd, cmdp) != 0x00) { @@ -1174,6 +1194,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { break; case 'k': case 'K': + auth = true; dataLen = param_getstr(Cmd, cmdp+1, tempStr); if (dataLen == 16) { errors = param_gethex(tempStr, 0, KEY, dataLen); @@ -1204,9 +1225,10 @@ int CmdHFiClass_ReadBlock(const char *Cmd) { if(errors) return usage_hf_iclass_readblock(); } - if (cmdp < 4) return usage_hf_iclass_readblock(); - - return ReadBlock(KEY, blockno, keyType, elite, rawkey, true); + if (cmdp < 2) return usage_hf_iclass_readblock(); + if (!auth) + PrintAndLog("warning: no authentication used with read, only a few specific blocks can be read accurately without authentication."); + return ReadBlock(KEY, blockno, keyType, elite, rawkey, true, auth); } int CmdHFiClass_loclass(const char *Cmd) { diff --git a/common/protocols.c b/common/protocols.c index 69631f58..795f3eaa 100644 --- a/common/protocols.c +++ b/common/protocols.c @@ -62,23 +62,23 @@ uint8_t notset(uint8_t val, uint8_t mask) { void fuse_config(const picopass_hdr *hdr) { uint8_t fuses = hdr->conf.fuses; - if (isset(fuses,FUSE_FPERS))prnt(" Mode: Personalization [Programmable]"); - else prnt(" Mode: Application [Locked]"); + if (isset(fuses,FUSE_FPERS))prnt(" Mode: Personalization [Programmable]"); + else prnt(" Mode: Application [Locked]"); if (isset(fuses, FUSE_CODING1)) - prnt(" Coding: RFU"); + prnt("Coding: RFU"); else { - if( isset( fuses , FUSE_CODING0)) prnt(" Coding: ISO 14443-2 B/ISO 15693"); - else prnt(" Coding: ISO 14443B only"); + if( isset( fuses , FUSE_CODING0)) prnt("Coding: ISO 14443-2 B/ISO 15693"); + else prnt("Coding: ISO 14443B only"); } - if( isset (fuses,FUSE_CRYPT1 | FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked"); - if( isset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked"); - if( notset (fuses,FUSE_CRYPT1) && isset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Non secured page"); - if( notset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: No auth possible. Read only if RA is enabled"); + if( isset (fuses,FUSE_CRYPT1 | FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked"); + if( isset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Secured page, keys not locked"); + if( notset (fuses,FUSE_CRYPT1) && isset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: Non secured page"); + if( notset (fuses,FUSE_CRYPT1) && notset( fuses, FUSE_CRYPT0 )) prnt(" Crypt: No auth possible. Read only if RA is enabled"); - if( isset( fuses, FUSE_RA)) prnt(" RA: Read access enabled"); - else prnt(" RA: Read access not enabled"); + if( isset( fuses, FUSE_RA)) prnt(" RA: Read access enabled"); + else prnt(" RA: Read access not enabled"); } void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) { @@ -119,9 +119,9 @@ void mem_app_config(const picopass_hdr *hdr) { uint8_t app_areas = 2; uint8_t max_blk = 31; getMemConfig(mem, chip, &max_blk, &app_areas, &kb); - prnt(" Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem); - prnt(" AA1: blocks 06-%02X", applimit); - prnt(" AA2: blocks %02X-%02X", applimit+1, max_blk); + prnt(" Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem); + prnt(" AA1: blocks 06-%02X", applimit); + prnt(" AA2: blocks %02X-%02X", applimit+1, max_blk); } void print_picopass_info(const picopass_hdr *hdr) { fuse_config(hdr); -- 2.39.5