mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-02-13 02:34:48 +08:00
Merge pull request #287 from cjbrigato/master
HF_COLIN : Makes Known Schemes in Struct form
This commit is contained in:
Philippe Teuwen
GitHub
commit
7093fdaa5d
1 changed files with 116 additions and 267 deletions
|
|
@ -27,39 +27,78 @@ int curlline;
|
|||
|
||||
// Colin's VIGIKPWN sniff/simulate/clone repeat routine for HF Mifare
|
||||
|
||||
/*
|
||||
void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug)
|
||||
{
|
||||
uint32_t chunksize = (PM3_CMD_DATA_SIZE / 4);
|
||||
uint8_t totalchunks = len / chunksize;
|
||||
uint8_t last_chunksize = len - (totalchunks * chunksize);
|
||||
char chunk[chunksize + 1];
|
||||
memset(chunk, 0x00, sizeof(chunk));
|
||||
if (debug > 0)
|
||||
{
|
||||
Dbprintf("len : %d", len);
|
||||
Dbprintf("chunksize : %d bytes", chunksize);
|
||||
Dbprintf("totalchunks : %d", totalchunks);
|
||||
Dbprintf("last_chunksize: %d", last_chunksize);
|
||||
typedef struct MFC1KSchema {
|
||||
uint8_t name[32];
|
||||
uint64_t trigger;
|
||||
uint64_t keysA[16];
|
||||
uint64_t keysB[16];
|
||||
} MFC1KSchema;
|
||||
|
||||
#define MAX_SCHEMAS 4
|
||||
|
||||
MFC1KSchema Schemas[MAX_SCHEMAS];
|
||||
|
||||
MFC1KSchema Noralsy = {
|
||||
.name = "Noralsy",
|
||||
.trigger = 0x414c41524f4e,
|
||||
.keysA = {
|
||||
0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e,
|
||||
0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e,
|
||||
0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e
|
||||
},
|
||||
.keysB = {
|
||||
0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e,
|
||||
0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e,
|
||||
0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e
|
||||
}
|
||||
for (uint8_t i = 0; i < totalchunks; i++)
|
||||
{
|
||||
memset(chunk, 0x00, sizeof(chunk));
|
||||
memcpy(chunk, &bigar[i * chunksize], chunksize);
|
||||
DbprintfEx(FLAG_RAWPRINT, "%s", chunk);
|
||||
};
|
||||
|
||||
MFC1KSchema InfiHexact = {.name = "Infineon/Hexact",
|
||||
.trigger = 0x484558414354,
|
||||
.keysA = {0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354,
|
||||
0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354,
|
||||
0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354,
|
||||
0x484558414354
|
||||
},
|
||||
.keysB = {0xa22ae129c013, 0x49fae4e3849f, 0x38fcf33072e0, 0x8ad5517b4b18, 0x509359f131b1,
|
||||
0x6c78928e1317, 0xaa0720018738, 0xa6cac2886412, 0x62d0c424ed8e, 0xe64a986a5d94,
|
||||
0x8fa1d601d0a2, 0x89347350bd36, 0x66d2b7dc39ef, 0x6bc1e1ae547d, 0x22729a9bd40f
|
||||
}
|
||||
};
|
||||
|
||||
MFC1KSchema UrmetCaptive = {
|
||||
.name = "Urmet Captive",
|
||||
.trigger = 0x8829da9daf76,
|
||||
.keysA = {
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76,
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76,
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76
|
||||
},
|
||||
.keysB = {
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76,
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76,
|
||||
0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76
|
||||
}
|
||||
if (last_chunksize > 0)
|
||||
{
|
||||
memset(chunk, 0x00, sizeof(chunk));
|
||||
memcpy(chunk, &bigar[totalchunks * chunksize], last_chunksize);
|
||||
DbprintfEx(FLAG_RAWPRINT, "%s", chunk);
|
||||
}
|
||||
if (newlines > 0)
|
||||
{
|
||||
DbprintfEx(FLAG_NEWLINE, " ");
|
||||
};
|
||||
|
||||
int total_schemas = 0;
|
||||
|
||||
void add_schema(MFC1KSchema *p, MFC1KSchema a, int *schemas_counter) {
|
||||
if (*schemas_counter < MAX_SCHEMAS) {
|
||||
p[*schemas_counter] = a;
|
||||
*schemas_counter += 1;
|
||||
}
|
||||
}
|
||||
|
||||
void delete_schema(MFC1KSchema *p, int *schemas_counter, int index) {
|
||||
if (*schemas_counter > 0 && index < *schemas_counter && index > -1) {
|
||||
int last_index = *schemas_counter - 1;
|
||||
for (int i = index; i < last_index; i++) {
|
||||
p[i] = p[i + 1];
|
||||
}
|
||||
*schemas_counter -= 1;
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
void cjSetCursFRight() {
|
||||
vtsend_cursor_position(NULL, 98, (currfline));
|
||||
|
|
@ -81,9 +120,8 @@ void cjTabulize() { DbprintfEx(FLAG_RAWPRINT, "\t\t\t"); }
|
|||
/*
|
||||
void cjPrintKey(uint64_t key, uint8_t *foundKey, uint16_t sectorNo, uint8_t type) {
|
||||
char tosendkey[13];
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], foundKey[5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4],
|
||||
foundKey[5]); cjSetCursRight(); DbprintfEx(FLAG_NEWLINE, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type);
|
||||
}
|
||||
*/
|
||||
|
||||
|
|
@ -101,7 +139,7 @@ void ReadLastTagFromFlash() {
|
|||
|
||||
uint8_t *mem = BigBuf_malloc(size);
|
||||
|
||||
//this one will handle filetype (symlink or not) and resolving by itself
|
||||
// this one will handle filetype (symlink or not) and resolving by itself
|
||||
rdv40_spiffs_read_as_filetype((char *)HFCOLIN_LASTTAG_SYMLINK, (uint8_t *)mem, len, RDV40_SPIFFS_SAFETY_SAFE);
|
||||
|
||||
emlSetMem(mem, 0, 64);
|
||||
|
|
@ -129,8 +167,9 @@ void WriteTagToFlash(uint32_t uid, size_t size) {
|
|||
num_to_bytes(uid, 4, buid);
|
||||
sprintf(dest, "hf_colin/mf_%02x%02x%02x%02x.bin", buid[0], buid[1], buid[2], buid[3]);
|
||||
|
||||
// TODO : by using safe function for multiple writes we are both breaking cache mecanisms and making useless and unoptimized mount operations
|
||||
// we should manage at out level the mount status before and after the whole standalone mode
|
||||
// TODO : by using safe function for multiple writes we are both breaking cache mecanisms and making useless and
|
||||
// unoptimized mount operations we should manage at out level the mount status before and after the whole standalone
|
||||
// mode
|
||||
rdv40_spiffs_write((char *)dest, (uint8_t *)data, len, RDV40_SPIFFS_SAFETY_SAFE);
|
||||
// lastag will only contain filename/path to last written tag file so we don't loose time or space.
|
||||
rdv40_spiffs_make_symlink((char *)dest, (char *)HFCOLIN_LASTTAG_SYMLINK, RDV40_SPIFFS_SAFETY_SAFE);
|
||||
|
|
@ -141,12 +180,15 @@ void WriteTagToFlash(uint32_t uid, size_t size) {
|
|||
return;
|
||||
}
|
||||
|
||||
void ModInfo(void) {
|
||||
DbpString(" HF Mifare ultra fast sniff/sim/clone - aka VIGIKPWN (Colin Brigato)");
|
||||
}
|
||||
void ModInfo(void) { DbpString(" HF Mifare ultra fast sniff/sim/clone - aka VIGIKPWN (Colin Brigato)"); }
|
||||
|
||||
void RunMod() {
|
||||
StandAloneMode();
|
||||
|
||||
add_schema(Schemas, Noralsy, &total_schemas);
|
||||
add_schema(Schemas, InfiHexact, &total_schemas);
|
||||
add_schema(Schemas, UrmetCaptive, &total_schemas);
|
||||
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
||||
|
||||
currline = 20;
|
||||
|
|
@ -155,7 +197,7 @@ void RunMod() {
|
|||
memset(cjuid, 0, sizeof(cjuid));
|
||||
cjcuid = 0;
|
||||
uint8_t sectorsCnt = (MF1KSZ / MF1KSZSIZE);
|
||||
uint64_t key64; // Defines current key
|
||||
uint64_t key64; // Defines current key
|
||||
uint8_t *keyBlock; // Where the keys will be held in memory.
|
||||
|
||||
/* VIGIK EXPIRED DUMP FOR STUDY
|
||||
|
|
@ -194,11 +236,11 @@ void RunMod() {
|
|||
ACCBITS : 796788[00]+VALUE
|
||||
*/
|
||||
|
||||
//----------------------------
|
||||
// Set of keys to be used.
|
||||
// This should cover ~98% of
|
||||
// French VIGIK system @2017
|
||||
//----------------------------
|
||||
//----------------------------
|
||||
// Set of keys to be used.
|
||||
// This should cover ~98% of
|
||||
// French VIGIK system @2017
|
||||
//----------------------------
|
||||
|
||||
#define STKEYS 37
|
||||
|
||||
|
|
@ -295,7 +337,7 @@ failtag:
|
|||
SpinOff(50);
|
||||
LED_A_ON();
|
||||
uint8_t ticker = 0;
|
||||
//while (!BUTTON_PRESS() && !iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true))
|
||||
// while (!BUTTON_PRESS() && !iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true))
|
||||
while (!iso14443a_select_card(cjuid, &p_card, &cjcuid, true, 0, true)) {
|
||||
WDT_HIT();
|
||||
|
||||
|
|
@ -377,8 +419,8 @@ failtag:
|
|||
if (key == -1) {
|
||||
err = 1;
|
||||
allKeysFound = false;
|
||||
// used in portable imlementation on microcontroller: it reports back the fail and open the standalone lock
|
||||
// reply_old(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
|
||||
// used in portable imlementation on microcontroller: it reports back the fail and open the standalone
|
||||
// lock reply_old(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
|
||||
break;
|
||||
} else if (key == -2) {
|
||||
err = 1; // Can't select card.
|
||||
|
|
@ -393,10 +435,10 @@ failtag:
|
|||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %012" PRIx64 " ; TYP: %i", sec, key64, type);
|
||||
/*reply_old(CMD_CJB_INFORM_CLIENT_KEY, 12, sec, type, tosendkey, 12);*/
|
||||
switch (key64) {
|
||||
/////////////////////////////////////////////////////////
|
||||
// COMMON SCHEME 1 : INFINITRON/HEXACT
|
||||
case 0x484558414354:
|
||||
|
||||
for (int i = 0; i < total_schemas; i++) {
|
||||
if (key64 == Schemas[i].trigger) {
|
||||
|
||||
cjSetCursLeft();
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
|
@ -404,232 +446,36 @@ failtag:
|
|||
DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%sDetected: %s INFI_HEXACT_VIGIK_TAG%s", _XORANGE_, _XCYAN_, _XWHITE_);
|
||||
DbprintfEx(FLAG_NEWLINE, "%sDetected: %s %s%s", _XORANGE_, _XCYAN_, Schemas[i].name, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_);
|
||||
DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_,
|
||||
_XYELLOW_, _XGREEN_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_);
|
||||
;
|
||||
// Type 0 / A first
|
||||
|
||||
uint16_t t = 0;
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x484558414354, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], foundKey[t][s][2],
|
||||
foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]);
|
||||
num_to_bytes(Schemas[i].keysA[s], 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1],
|
||||
foundKey[t][s][2], foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
t = 1;
|
||||
uint16_t sectorNo = 0;
|
||||
num_to_bytes(0xa22ae129c013, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 1;
|
||||
num_to_bytes(0x49fae4e3849f, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 2;
|
||||
num_to_bytes(0x38fcf33072e0, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 3;
|
||||
num_to_bytes(0x8ad5517b4b18, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 4;
|
||||
num_to_bytes(0x509359f131b1, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 5;
|
||||
num_to_bytes(0x6c78928e1317, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 6;
|
||||
num_to_bytes(0xaa0720018738, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 7;
|
||||
num_to_bytes(0xa6cac2886412, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 8;
|
||||
num_to_bytes(0x62d0c424ed8e, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 9;
|
||||
num_to_bytes(0xe64a986a5d94, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 10;
|
||||
num_to_bytes(0x8fa1d601d0a2, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 11;
|
||||
num_to_bytes(0x89347350bd36, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 12;
|
||||
num_to_bytes(0x66d2b7dc39ef, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 13;
|
||||
num_to_bytes(0x6bc1e1ae547d, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 14;
|
||||
num_to_bytes(0x22729a9bd40f, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
sectorNo = 15;
|
||||
num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
trapped = 1;
|
||||
break;
|
||||
////////////////END OF SCHEME 1//////////////////////////////
|
||||
|
||||
///////////////////////////////////////
|
||||
// COMMON SCHEME 2 : URMET CAPTIVE / COGELEC!/?
|
||||
case 0x8829da9daf76:
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%sDetected :%sURMET_CAPTIVE_VIGIK_TAG%s", _XORANGE_, _XCYAN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
// emlClearMem();
|
||||
// A very weak one...
|
||||
for (uint16_t i = 0; i < 2; i++) {
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(key64, 6, foundKey[i][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[i][s][0],
|
||||
foundKey[i][s][1],
|
||||
foundKey[i][s][2],
|
||||
foundKey[i][s][3],
|
||||
foundKey[i][s][4],
|
||||
foundKey[i][s][5]
|
||||
);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, i);
|
||||
}
|
||||
}
|
||||
trapped = 1;
|
||||
break;
|
||||
////////////////END OF SCHEME 2//////////////////////////////
|
||||
|
||||
///////////////////////////////////////
|
||||
// COMMON SCHEME 3 : NORALSY "A-LARON & B-LARON . . . NORAL-B & NORAL-A"
|
||||
case 0x414c41524f4e: // Thumbs up to the guy who had the idea of such a "mnemotechnical" key pair
|
||||
case 0x424c41524f4e:
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s Detected :%sNORALSY_VIGIK_TAG %s", _XORANGE_, _XCYAN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_);
|
||||
|
||||
t = 0;
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x414c41524f4e, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[t][s][0],
|
||||
foundKey[t][s][1],
|
||||
foundKey[t][s][2],
|
||||
foundKey[t][s][3],
|
||||
foundKey[t][s][4],
|
||||
foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
|
||||
t = 1;
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x424c41524f4e, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[t][s][0],
|
||||
foundKey[t][s][1],
|
||||
foundKey[t][s][2],
|
||||
foundKey[t][s][3],
|
||||
foundKey[t][s][4],
|
||||
foundKey[t][s][5]);
|
||||
num_to_bytes(Schemas[i].keysB[s], 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1],
|
||||
foundKey[t][s][2], foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
trapped = 1;
|
||||
break;
|
||||
////////////////END OF SCHEME 3//////////////////////////////
|
||||
}
|
||||
}
|
||||
|
||||
/* etc etc for testing schemes quick schemes */
|
||||
}
|
||||
}
|
||||
|
|
@ -685,7 +531,8 @@ failtag:
|
|||
delta_time = GetTickCountDelta(start_time);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>%s Time for VIGIK break :%s%dms%s", _XGREEN_, _XWHITE_, _XYELLOW_, delta_time, _XWHITE_);
|
||||
DbprintfEx(FLAG_NEWLINE, "%s>>%s Time for VIGIK break :%s%dms%s", _XGREEN_, _XWHITE_, _XYELLOW_, delta_time,
|
||||
_XWHITE_);
|
||||
|
||||
vtsend_cursor_position_save(NULL);
|
||||
vtsend_set_attribute(NULL, 1);
|
||||
|
|
@ -706,8 +553,9 @@ readysim:
|
|||
DbprintfEx(FLAG_NEWLINE, "%s!> HOLD ON : %s When you'll click, simm will stop", _XRED_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NEWLINE, "Then %s immediately %s we'll try to %s dump our emulator state%s \r\nin a %s chinese tag%s", _XRED_, _XWHITE_, _XYELLOW_, _XWHITE_,
|
||||
_XCYAN_, _XWHITE_);
|
||||
DbprintfEx(FLAG_NEWLINE,
|
||||
"Then %s immediately %s we'll try to %s dump our emulator state%s \r\nin a %s chinese tag%s", _XRED_,
|
||||
_XWHITE_, _XYELLOW_, _XWHITE_, _XCYAN_, _XWHITE_);
|
||||
cjSetCursLeft();
|
||||
cjSetCursLeft();
|
||||
|
||||
|
|
@ -736,7 +584,7 @@ readysim:
|
|||
}
|
||||
|
||||
// Use UID, SAK, ATQA from EMUL, if uid not defined
|
||||
//if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) {
|
||||
// if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) {
|
||||
flags |= FLAG_UID_IN_EMUL;
|
||||
//}
|
||||
Mifare1ksim(flags | FLAG_MF_1K, 0, cjuid);
|
||||
|
|
@ -856,7 +704,8 @@ int e_MifareECardLoad(uint32_t numofsectors, uint8_t keytype) {
|
|||
|
||||
/* the chk function is a piwi'ed(tm) check that will try all keys for
|
||||
a particular sector. also no tracing no dbg */
|
||||
int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, uint8_t keyCount, uint8_t *datain, uint64_t *key) {
|
||||
int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, uint8_t keyCount, uint8_t *datain,
|
||||
uint64_t *key) {
|
||||
DBGLEVEL = DBG_NONE;
|
||||
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
|
||||
set_tracing(false);
|
||||
|
|
@ -961,8 +810,7 @@ void saMifareMakeTag(void) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
//TODO : make this work either for a Gen1a or for a block 0 direct write all transparently
|
||||
// TODO : make this work either for a Gen1a or for a block 0 direct write all transparently
|
||||
//-----------------------------------------------------------------------------
|
||||
// Matt's StandAlone mod.
|
||||
// Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
|
||||
|
|
@ -1049,7 +897,8 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
|
|||
};
|
||||
}
|
||||
|
||||
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
|
||||
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) ||
|
||||
(receivedAnswer[0] != 0x0a)) {
|
||||
DbprintfEx(FLAG_NEWLINE, "write block send command error");
|
||||
break;
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue