RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-25 08:35:56 +08:00
Code Issues Projects Releases Packages Wiki Activity

added another pwdgen algo

Browse source
This commit is contained in:
iceman1001 2022-01-23 01:32:14 +01:00
parent 3af0f4a0fd
commit 0587845c56
4 changed files with 44 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -3,10 +3,11 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased]
- Changed `hf mfu pwdgen` - now generate xiaomi air purifier pwd/pack (@doegox)
- Fix `hf 14a sim` - sneaky detection of user supplied UID might be empty (@iceman1001)
- Adds support for PCSC's proprietary HID 37bit format P10004 (@bthedorff)
- Add `nfc decode` - now NDEF vCard messages with a PHOTO in base64 format is shown (@iceman1001)
- Remove AID limitations when using Gallagher key diversification (@DarkMatterMatt)
- Added support for PCSC's proprietary HID 37bit format P10004 (@bthedorff)
- Added `nfc decode` - now NDEF vCard messages with a PHOTO in base64 format is shown (@iceman1001)
- Changed - AID limitations when using Gallagher key diversification (@DarkMatterMatt)
## [Frostbit.4.14831] [2022-01-11]
- Changed Wiegand format lookup - now case-insensitive (@iceman1001)

29
client/src/cmdhfmfu.c
View file

@ -1157,12 +1157,14 @@ static mfu_identify_t mfu_ident_table[] = {
NULL, NULL,
"hf mfu dump -k %08x"
},
/*
{
"Amiibo", "0004040201001103",
9, 9, "480FE0F110FFEEA500",
ul_ev1_pwdgenB, ul_ev1_packgenB,
"Xiaomi AIR Purifier", "0004040201000F03",
0, 0, "",
ul_ev1_pwdgenE, ul_ev1_packgen_def,
"hf mfu dump -k %08x"
},
*/
{NULL, NULL, 0, 0, NULL, NULL, NULL, NULL}
};
@ -3177,18 +3179,19 @@ static int CmdHF14AMfUPwdGen(const char *Cmd) {
}
}
PrintAndLogEx(INFO, "---------------------------------");
PrintAndLogEx(INFO, "------------------.---------------");
PrintAndLogEx(INFO, " Using UID : %s", sprint_hex(uid, 7));
PrintAndLogEx(INFO, "---------------------------------");
PrintAndLogEx(INFO, " algo | pwd | pack");
PrintAndLogEx(INFO, "----------------+----------+-----");
PrintAndLogEx(INFO, " EV1 | %08X | %04X", ul_ev1_pwdgenA(uid), ul_ev1_packgenA(uid));
PrintAndLogEx(INFO, " Amiibo | %08X | %04X", ul_ev1_pwdgenB(uid), ul_ev1_packgenB(uid));
PrintAndLogEx(INFO, " Lego Dimension | %08X | %04X", ul_ev1_pwdgenC(uid), ul_ev1_packgenC(uid));
PrintAndLogEx(INFO, " XYZ 3D printer | %08X | %04X", ul_ev1_pwdgenD(uid), ul_ev1_packgenD(uid));
PrintAndLogEx(INFO, "----------------+----------+-----");
PrintAndLogEx(INFO, "----------------------------------");
PrintAndLogEx(INFO, " algo | pwd | pack");
PrintAndLogEx(INFO, "-----------------+----------+-----");
PrintAndLogEx(INFO, " EV1 | %08X | %04X", ul_ev1_pwdgenA(uid), ul_ev1_packgenA(uid));
PrintAndLogEx(INFO, " Amiibo | %08X | %04X", ul_ev1_pwdgenB(uid), ul_ev1_packgenB(uid));
PrintAndLogEx(INFO, " Lego Dimension | %08X | %04X", ul_ev1_pwdgenC(uid), ul_ev1_packgenC(uid));
PrintAndLogEx(INFO, " XYZ 3D printer | %08X | %04X", ul_ev1_pwdgenD(uid), ul_ev1_packgenD(uid));
PrintAndLogEx(INFO, " Xiaomi purifier | %08X | %04X", ul_ev1_pwdgenE(uid), ul_ev1_packgen_def(uid));
PrintAndLogEx(INFO, "-----------------+----------+-----");
PrintAndLogEx(INFO, " Vingcard algo");
PrintAndLogEx(INFO, "---------------------------------");
PrintAndLogEx(INFO, "----------------------------------");
return PM3_SUCCESS;
}

23
common/generator.c
View file

@ -160,6 +160,18 @@ uint32_t ul_ev1_pwdgenD(const uint8_t *uid) {
return BSWAP_32(pwd);
}
// AIR purifier Xiaomi
uint32_t ul_ev1_pwdgenE(const uint8_t *uid) {
uint8_t hash[20];
mbedtls_sha1(uid, 7, hash);
uint32_t pwd = 0;
pwd |= ( hash[ hash[0] % 20 ] ) << 24 ;
pwd |= ( hash[ (hash[0] + 5 ) % 20 ] ) << 16;
pwd |= ( hash[ (hash[0] + 13) % 20 ] ) << 8;
pwd |= ( hash[ (hash[0] + 17) % 20 ] );
return pwd;
}
// pack generation for algo 1-3
uint16_t ul_ev1_packgenA(const uint8_t *uid) {
uint16_t pack = (uid[0] ^ uid[1] ^ uid[2]) << 8 | (uid[2] ^ 8);
@ -544,6 +556,17 @@ int generator_selftest(void) {
testresult++;
PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid4, 7), pwd4, success ? "OK" : "->72B1EC61<--");
uint8_t uid5[] = {0x04, 0xA0, 0x3C, 0xAA, 0x1E, 0x70, 0x80};
uint32_t pwd5 = ul_ev1_pwdgenE(uid5);
success = (pwd5 == 0xCD91AFCC);
// if (success)
// testresult++;
PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid5, 7), pwd5, success ? "OK" : "->CD91AFCC<--");
// uint8_t uid5[] = {0x11, 0x22, 0x33, 0x44};
// uint64_t key1 = mfc_algo_a(uid5);
// success = (key1 == 0xD1E2AA68E39A);

1
common/generator.h
View file

@ -26,6 +26,7 @@ uint32_t ul_ev1_pwdgenA(const uint8_t *uid);
uint32_t ul_ev1_pwdgenB(const uint8_t *uid);
uint32_t ul_ev1_pwdgenC(const uint8_t *uid);
uint32_t ul_ev1_pwdgenD(const uint8_t *uid);
uint32_t ul_ev1_pwdgenE(const uint8_t *uid);
uint16_t ul_ev1_packgen_def(const uint8_t *uid);
uint16_t ul_ev1_packgenA(const uint8_t *uid);