hf mf mad - detect and decode of HID PACS

2025-03-31 01:11:27 +08:00 · 2022-08-21 09:40:06 +02:00 · 2022-08-21 09:40:06 +02:00 · 28449aa580
commit 28449aa580
parent 643f77996a
3 changed files with 53 additions and 0 deletions
--- a/client/src/cmdhfmf.c
+++ b/client/src/cmdhfmf.c
@ -35,6 +35,8 @@
 #include "crapto1/crapto1.h"    // prng_successor
 #include "cmdhf14a.h"           // exchange APDU
 #include "crypto/libpcrypto.h"
+#include "wiegand_formats.h"
+#include "wiegand_formatutils.h"

 #define MIFARE_4K_MAXBLOCK 256
 #define MIFARE_2K_MAXBLOCK 128
@ -5388,6 +5390,41 @@ static int CmdHF14AMfMAD(const char *Cmd) {
        MADPrintHeader();
        bool haveMAD2 = false;
        MAD1DecodeAndPrint(dump, swapmad, verbose, &haveMAD2);
+
+        int sector = DetectHID(dump, 0x484d);
+        if (sector > -1) {
+
+            // decode it
+            PrintAndLogEx(INFO, "");
+            PrintAndLogEx(INFO, _CYAN_("HID PACS detected"));
+
+            uint8_t pacs_sector[MFBLOCK_SIZE * 3] = {0};
+            memcpy(pacs_sector, dump + (sector * 4 * 16), sizeof(pacs_sector));
+
+            if (pacs_sector[16] == 0x02) {
+
+                PrintAndLogEx(SUCCESS, "Raw...... " _GREEN_("%s"), sprint_hex_inrow(pacs_sector + 24, 8));
+
+                //todo:  remove preamble/sentinel
+                uint32_t top = 0, mid = 0, bot = 0;
+                char hexstr[16 + 1] = {0};
+                hex_to_buffer((uint8_t *)hexstr, pacs_sector + 24, 8, sizeof(hexstr) - 1, 0, 0, true);
+                hexstring_to_u96(&top, &mid, &bot, hexstr);
+
+                PrintAndLogEx(INFO, "top %x %x %x", top, mid, bot);
+
+                char binstr[64 + 1];
+                hextobinstring(binstr, hexstr);
+                char *pbin = binstr;
+                while (strlen(pbin) && *(++pbin) == '0');
+
+                PrintAndLogEx(SUCCESS, "Binary... " _GREEN_("%s"), pbin);
+
+                PrintAndLogEx(INFO, "Wiegand decode");
+                wiegand_message_t packed = initialize_message_object(top, mid, bot, 0);
+                HIDTryUnpack(&packed);
+            }
+        }
        free(dump);
        return PM3_SUCCESS;
    }
--- a/client/src/mifare/mad.c
+++ b/client/src/mifare/mad.c
@ -406,3 +406,18 @@ bool HasMADKey(uint8_t *d) {

    return (memcmp(d + (3 * MFBLOCK_SIZE), g_mifare_mad_key, sizeof(g_mifare_mad_key)) == 0);
 }
+
+int DetectHID(uint8_t *d, uint16_t manufacture) {
+    if (d == NULL)
+        return -1;
+
+    // find HID
+    for (int i = 1; i < 16; i++) {
+        uint16_t aid = madGetAID(d, false, 1, i);
+        if (aid == manufacture) {
+            return i;
+        }
+    }
+
+    return -1;
+}
--- a/client/src/mifare/mad.h
+++ b/client/src/mifare/mad.h
@ -29,4 +29,5 @@ int MADDFDecodeAndPrint(uint32_t short_aid, bool verbose);
 int MADCardHolderInfoDecode(uint8_t *data, size_t datalen, bool verbose);
 void MADPrintHeader(void);
 bool HasMADKey(uint8_t *d);
+int DetectHID(uint8_t *d, uint16_t manufacture);
 #endif // _MAD_H_