RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-14 19:24:10 +08:00
Code Issues Projects Releases Packages Wiki Activity

ADD: 'hf mfu info' type detection now support NTAG_I2C_1K_PLUS, NTAG_I2C_2K_PLUS

Browse source 
ADD: 'hf mfu info'  ul-ev1 pwd tests are now correct
ADD: 'ul ev1 authentication' now deals with magic tags and NACK messages correct.
ADD: 'hf mfu pwdgen'  added the option 'r' to read uid from tag instead.
This commit is contained in:
iceman1001 2017-07-11 17:52:01 +02:00
parent 1f9534e2cc
commit 17a8e69e90
2 changed files with 119 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
client/cmdhfmfu.c
View file

@ -131,21 +131,20 @@ uint16_t ul_ev1_packgenC(uint8_t* uid){
return 0xaa55;
}
void ul_ev1_pwdgen_selftest(){
int ul_ev1_pwdgen_selftest(){
uint8_t uid1[] = {0x04,0x11,0x12,0x11,0x12,0x11,0x10};
uint8_t uid1[] = {0x04, 0x11, 0x12, 0x11, 0x12, 0x11, 0x10};
uint32_t pwd1 = ul_ev1_pwdgenA(uid1);
PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid1,7), pwd1, (pwd1 == 0x8432EB17)?"OK":"->8432EB17<-");
uint8_t uid2[] = {0x04,0x1f,0x98,0xea,0x1e,0x3e,0x81};
uint8_t uid2[] = {0x04, 0x1f, 0x98, 0xea, 0x1e, 0x3e, 0x81};
uint32_t pwd2 = ul_ev1_pwdgenB(uid2);
PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid2,7), pwd2, (pwd2 == 0x5fd37eca)?"OK":"->5fd37eca<--");
uint8_t uid3[] = {0x04,0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80};
uint8_t uid3[] = {0x04, 0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80};
uint32_t pwd3 = ul_ev1_pwdgenC(uid3);
PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid3,7), pwd3, (pwd3 == 0x5a349515)?"OK":"->5a349515<--");
return;
return 0;
}
static int CmdHelp(const char *Cmd);
@ -279,6 +278,10 @@ static int ulev1_requestAuthentication( uint8_t *pwd, uint8_t *pack, uint16_t pa
uint8_t cmd[] = {MIFARE_ULEV1_AUTH, pwd[0], pwd[1], pwd[2], pwd[3]};
int len = ul_send_cmd_raw(cmd, sizeof(cmd), pack, packLength);
// NACK tables different tags, but between 0-9 is a NEGATIVE response.
// ACK == 0xA
if ( len == 1 && pack[0] <= 0x09 )
return -1;
return len;
}
@ -293,7 +296,7 @@ static int ul_auth_select( iso14a_card_select_t *card, TagTypeUL_t tagtype, bool
if ( !ul_select(card) ) return 0;
if (hasAuthKey) {
if (ulev1_requestAuthentication(authenticationkey, pack, packSize) < 2) {
if ( ulev1_requestAuthentication(authenticationkey, pack, packSize > -1 )) {
ul_switch_off_field();
PrintAndLog("Error: Authentication Failed UL-EV1/NTAG");
return 0;
@ -467,6 +470,10 @@ int ul_print_type(uint32_t tagtype, uint8_t spaces){
PrintAndLog("%sTYPE : NTAG I%sC 888bytes (NT3H1101FHK)", spacer, "\xFD");
else if ( tagtype & NTAG_I2C_2K )
PrintAndLog("%sTYPE : NTAG I%sC 1904bytes (NT3H1201FHK)", spacer, "\xFD");
else if ( tagtype & NTAG_I2C_1K_PLUS )
PrintAndLog("%sTYPE : NTAG I%sC plus 888bytes (NT3H2111FHK)", spacer, "\xFD");
else if ( tagtype & NTAG_I2C_2K_PLUS )
PrintAndLog("%sTYPE : NTAG I%sC plus 1912bytes (NT3H2211FHK)", spacer, "\xFD");
else if ( tagtype & MY_D )
PrintAndLog("%sTYPE : INFINEON my-d\x99 (SLE 66RxxS)", spacer);
else if ( tagtype & MY_D_NFC )
@ -658,7 +665,6 @@ uint32_t GetHF14AMfU_Type(void){
switch (len) {
case 0x0A: {
if ( version[2] == 0x03 && version[6] == 0x0B )
tagtype = UL_EV1_48;
else if ( version[2] == 0x03 && version[6] != 0x0B )
@ -673,10 +679,14 @@ uint32_t GetHF14AMfU_Type(void){
tagtype = NTAG_215;
else if ( version[2] == 0x04 && version[3] == 0x02 && version[6] == 0x13 )
tagtype = NTAG_216;
else if ( version[2] == 0x04 && version[3] == 0x05 && version[6] == 0x13 )
else if ( memcmp(version+2, "\x04\x05\x02\x01\x13", 5) == 0)
tagtype = NTAG_I2C_1K;
else if ( version[2] == 0x04 && version[3] == 0x05 && version[6] == 0x15 )
else if ( memcmp(version+2, "\x04\x05\x02\x01\x15", 5) == 0)
tagtype = NTAG_I2C_2K;
else if ( memcmp(version+2, "\x04\x05\x02\x02\x13", 5) == 0)
tagtype = NTAG_I2C_1K_PLUS;
else if ( memcmp(version+2, "\x04\x05\x02\x02\x15", 5) == 0)
tagtype = NTAG_I2C_2K_PLUS;
else if ( version[2] == 0x04 )
tagtype = NTAG;
@ -878,7 +888,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
}
// Read signature
if ((tagtype & (UL_EV1_48 | UL_EV1_128 | NTAG_213 | NTAG_215 | NTAG_216 | NTAG_I2C_1K | NTAG_I2C_2K ))) {
if ((tagtype & (UL_EV1_48 | UL_EV1_128 | NTAG_213 | NTAG_215 | NTAG_216 | NTAG_I2C_1K | NTAG_I2C_2K | NTAG_I2C_1K_PLUS | NTAG_I2C_2K_PLUS))) {
uint8_t ulev1_signature[32] = {0x00};
status = ulev1_readSignature( ulev1_signature, sizeof(ulev1_signature));
if ( status == -1 ) {
@ -894,7 +904,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
}
// Get Version
if ((tagtype & (UL_EV1_48 | UL_EV1_128 | NTAG_210 | NTAG_212 | NTAG_213 | NTAG_215 | NTAG_216 | NTAG_I2C_1K | NTAG_I2C_2K))) {
if ((tagtype & (UL_EV1_48 | UL_EV1_128 | NTAG_210 | NTAG_212 | NTAG_213 | NTAG_215 | NTAG_216 | NTAG_I2C_1K | NTAG_I2C_2K | NTAG_I2C_1K_PLUS | NTAG_I2C_2K_PLUS))) {
uint8_t version[10] = {0x00};
status = ulev1_getVersion(version, sizeof(version));
if ( status == -1 ) {
@ -939,31 +949,31 @@ int CmdHF14AMfUInfo(const char *Cmd){
// test pwd gen A
num_to_bytes( ul_ev1_pwdgenA(card.uid), 4, key);
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
if (len >= 1) {
if (len > -1)
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
}
if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
// test pwd gen B
num_to_bytes( ul_ev1_pwdgenB(card.uid), 4, key);
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
if (len >= 1) {
if (len > -1)
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
}
if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
// test pwd gen C
num_to_bytes( ul_ev1_pwdgenC(card.uid), 4, key);
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
if (len >= 1) {
if (len > -1)
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
}
if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ) {
key = default_pwd_pack[i];
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
if (len >= 1) {
if (len > -1) {
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
break;
} else {
@ -1361,9 +1371,14 @@ int usage_hf_mfu_gendiverse(void){
}
int usage_hf_mfu_pwdgen(void){
PrintAndLog("Usage: hf mfu pwdgen <uid (14 hex symbols)>");
PrintAndLog("");
PrintAndLog("sample: hf mfu pwdgen 11223344556677");
PrintAndLog("Usage: hf mfu pwdgen [h] [r] <uid (14 hex symbols)>");
PrintAndLog(" Options:");
PrintAndLog(" h : this help");
PrintAndLog(" r : read uid from tag");
PrintAndLog(" <uid> : 7 byte UID (optional)");
PrintAndLog("samples:");
PrintAndLog(" hf mfu pwdgen r");
PrintAndLog(" hf mfu pwdgen 11223344556677");
PrintAndLog("");
return 0;
}
@ -2028,12 +2043,39 @@ int CmdHF14AMfUSim(const char *Cmd) {
}
int CmdHF14AMfuPwdGen(const char *Cmd){
uint8_t uid[7] = {0x00};
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_pwdgen();
if (param_gethex(Cmd, 0, uid, 14)) return usage_hf_mfu_pwdgen();
if (cmdp == 't' || cmdp == 'T') return ul_ev1_pwdgen_selftest();
if ( cmdp == 'r' || cmdp == 'R') {
// read uid from tag
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK, &resp);
iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status == 0) {
PrintAndLog("iso14443a card select failed");
return 1;
}
if ( card.uidlen != 7 ) {
PrintAndLog("Wrong sized UID, expected 7bytes got %d", card.uidlen);
return 1;
}
memcpy(uid, card.uid, sizeof(uid));
}
else {
if (param_gethex(Cmd, 0, uid, 14)) return usage_hf_mfu_pwdgen();
}
PrintAndLog("---------------------------------");
PrintAndLog(" Using UID : %s", sprint_hex(uid, 7));
PrintAndLog("---------------------------------");
PrintAndLog(" algo | pwd | pack");
PrintAndLog("------+----------+-----");
PrintAndLog(" EV1 | %08X | %04X", ul_ev1_pwdgenA(uid), ul_ev1_packgenA(uid));

102
client/cmdhfmfu.h
View file

@ -4,37 +4,37 @@
#ifndef CMDHFMFU_H__
#define CMDHFMFU_H__
int CmdHF14AMfUWrBl(const char *Cmd);
int CmdHF14AMfURdBl(const char *Cmd);
extern int CmdHF14AMfUWrBl(const char *Cmd);
extern int CmdHF14AMfURdBl(const char *Cmd);
//Crypto Cards
int CmdHF14AMfucAuth(const char *Cmd);
int CmdHF14AMfucSetPwd(const char *Cmd);
int CmdHF14AMfucSetUid(const char *Cmd);
int CmdHF14AMfuGenDiverseKeys(const char *Cmd);
int CmdHF14AMfuPwdGen(const char *Cmd);
extern int CmdHF14AMfucAuth(const char *Cmd);
extern int CmdHF14AMfucSetPwd(const char *Cmd);
extern int CmdHF14AMfucSetUid(const char *Cmd);
extern int CmdHF14AMfuGenDiverseKeys(const char *Cmd);
extern int CmdHF14AMfuPwdGen(const char *Cmd);
//general stuff
int CmdHF14AMfUDump(const char *Cmd);
int CmdHF14AMfUInfo(const char *Cmd);
int CmdHF14AMfUeLoad(const char *Cmd);
int CmdHF14AMfUSim(const char *Cmd);
extern int CmdHF14AMfUDump(const char *Cmd);
extern int CmdHF14AMfUInfo(const char *Cmd);
extern int CmdHF14AMfUeLoad(const char *Cmd);
extern int CmdHF14AMfUSim(const char *Cmd);
uint32_t GetHF14AMfU_Type(void);
int ul_print_type(uint32_t tagtype, uint8_t spacer);
void ul_switch_off_field(void);
extern uint32_t GetHF14AMfU_Type(void);
extern int ul_print_type(uint32_t tagtype, uint8_t spacer);
extern void ul_switch_off_field(void);
int usage_hf_mfu_info(void);
int usage_hf_mfu_dump(void);
int usage_hf_mfu_rdbl(void);
int usage_hf_mfu_wrbl(void);
int usage_hf_mfu_eload(void);
int usage_hf_mfu_sim(void);
int usage_hf_mfu_ucauth(void);
int usage_hf_mfu_ucsetpwd(void);
int usage_hf_mfu_ucsetuid(void);
int usage_hf_mfu_gendiverse(void);
int usage_hf_mfu_pwdgen(void);
extern int usage_hf_mfu_info(void);
extern int usage_hf_mfu_dump(void);
extern int usage_hf_mfu_rdbl(void);
extern int usage_hf_mfu_wrbl(void);
extern int usage_hf_mfu_eload(void);
extern int usage_hf_mfu_sim(void);
extern int usage_hf_mfu_ucauth(void);
extern int usage_hf_mfu_ucsetpwd(void);
extern int usage_hf_mfu_ucsetuid(void);
extern int usage_hf_mfu_gendiverse(void);
extern int usage_hf_mfu_pwdgen(void);
int CmdHFMFUltra(const char *Cmd);
@ -46,31 +46,35 @@ uint16_t ul_ev1_packgenA(uint8_t* uid);
uint16_t ul_ev1_packgenA(uint8_t* uid);
uint16_t ul_ev1_packgenA(uint8_t* uid);
uint32_t ul_ev1_otpgenA(uint8_t* uid);
typedef enum TAGTYPE_UL {
UNKNOWN = 0x000000,
UL = 0x000001,
UL_C = 0x000002,
UL_EV1_48 = 0x000004,
UL_EV1_128 = 0x000008,
NTAG = 0x000010,
NTAG_203 = 0x000020,
NTAG_210 = 0x000040,
NTAG_212 = 0x000080,
NTAG_213 = 0x000100,
NTAG_215 = 0x000200,
NTAG_216 = 0x000400,
MY_D = 0x000800,
MY_D_NFC = 0x001000,
MY_D_MOVE = 0x002000,
MY_D_MOVE_NFC = 0x004000,
MY_D_MOVE_LEAN= 0x008000,
NTAG_I2C_1K = 0x010000,
NTAG_I2C_2K = 0x020000,
FUDAN_UL = 0x040000,
MAGIC = 0x080000,
UL_MAGIC = UL | MAGIC,
UL_C_MAGIC = UL_C | MAGIC,
UL_ERROR = 0xFFFFFF,
UNKNOWN = 0x000000,
UL = 0x000001,
UL_C = 0x000002,
UL_EV1_48 = 0x000004,
UL_EV1_128 = 0x000008,
NTAG = 0x000010,
NTAG_203 = 0x000020,
NTAG_210 = 0x000040,
NTAG_212 = 0x000080,
NTAG_213 = 0x000100,
NTAG_215 = 0x000200,
NTAG_216 = 0x000400,
MY_D = 0x000800,
MY_D_NFC = 0x001000,
MY_D_MOVE = 0x002000,
MY_D_MOVE_NFC = 0x004000,
MY_D_MOVE_LEAN = 0x008000,
NTAG_I2C_1K = 0x010000,
NTAG_I2C_2K = 0x020000,
NTAG_I2C_1K_PLUS = 0x040000,
NTAG_I2C_2K_PLUS = 0x080000,
FUDAN_UL = 0x100000,
MAGIC = 0x200000,
UL_MAGIC = UL | MAGIC,
UL_C_MAGIC = UL_C | MAGIC,
UL_ERROR = 0xFFFFFF,
} TagTypeUL_t;
#endif