diff --git a/armsrc/Standalone/hf_colin.c b/armsrc/Standalone/hf_colin.c index bd184fad6..5eeb2a42a 100644 --- a/armsrc/Standalone/hf_colin.c +++ b/armsrc/Standalone/hf_colin.c @@ -27,39 +27,78 @@ int curlline; // Colin's VIGIKPWN sniff/simulate/clone repeat routine for HF Mifare -/* -void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug) -{ - uint32_t chunksize = (PM3_CMD_DATA_SIZE / 4); - uint8_t totalchunks = len / chunksize; - uint8_t last_chunksize = len - (totalchunks * chunksize); - char chunk[chunksize + 1]; - memset(chunk, 0x00, sizeof(chunk)); - if (debug > 0) - { - Dbprintf("len : %d", len); - Dbprintf("chunksize : %d bytes", chunksize); - Dbprintf("totalchunks : %d", totalchunks); - Dbprintf("last_chunksize: %d", last_chunksize); +typedef struct MFC1KSchema { + uint8_t name[32]; + uint64_t trigger; + uint64_t keysA[16]; + uint64_t keysB[16]; +} MFC1KSchema; + +#define MAX_SCHEMAS 4 + +MFC1KSchema Schemas[MAX_SCHEMAS]; + +MFC1KSchema Noralsy = { + .name = "Noralsy", + .trigger = 0x414c41524f4e, + .keysA = { + 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, + 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, + 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e, 0x414c41524f4e + }, + .keysB = { + 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, + 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, + 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e, 0x424c41524f4e } - for (uint8_t i = 0; i < totalchunks; i++) - { - memset(chunk, 0x00, sizeof(chunk)); - memcpy(chunk, &bigar[i * chunksize], chunksize); - DbprintfEx(FLAG_RAWPRINT, "%s", chunk); +}; + +MFC1KSchema InfiHexact = {.name = "Infineon/Hexact", + .trigger = 0x484558414354, + .keysA = {0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, + 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, + 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, 0x484558414354, + 0x484558414354 + }, + .keysB = {0xa22ae129c013, 0x49fae4e3849f, 0x38fcf33072e0, 0x8ad5517b4b18, 0x509359f131b1, + 0x6c78928e1317, 0xaa0720018738, 0xa6cac2886412, 0x62d0c424ed8e, 0xe64a986a5d94, + 0x8fa1d601d0a2, 0x89347350bd36, 0x66d2b7dc39ef, 0x6bc1e1ae547d, 0x22729a9bd40f + } + }; + +MFC1KSchema UrmetCaptive = { + .name = "Urmet Captive", + .trigger = 0x8829da9daf76, + .keysA = { + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76 + }, + .keysB = { + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, + 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76, 0x8829da9daf76 } - if (last_chunksize > 0) - { - memset(chunk, 0x00, sizeof(chunk)); - memcpy(chunk, &bigar[totalchunks * chunksize], last_chunksize); - DbprintfEx(FLAG_RAWPRINT, "%s", chunk); - } - if (newlines > 0) - { - DbprintfEx(FLAG_NEWLINE, " "); +}; + +int total_schemas = 0; + +void add_schema(MFC1KSchema *p, MFC1KSchema a, int *schemas_counter) { + if (*schemas_counter < MAX_SCHEMAS) { + p[*schemas_counter] = a; + *schemas_counter += 1; + } +} + +void delete_schema(MFC1KSchema *p, int *schemas_counter, int index) { + if (*schemas_counter > 0 && index < *schemas_counter && index > -1) { + int last_index = *schemas_counter - 1; + for (int i = index; i < last_index; i++) { + p[i] = p[i + 1]; + } + *schemas_counter -= 1; } } -*/ void cjSetCursFRight() { vtsend_cursor_position(NULL, 98, (currfline)); @@ -81,9 +120,8 @@ void cjTabulize() { DbprintfEx(FLAG_RAWPRINT, "\t\t\t"); } /* void cjPrintKey(uint64_t key, uint8_t *foundKey, uint16_t sectorNo, uint8_t type) { char tosendkey[13]; - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], foundKey[5]); - cjSetCursRight(); - DbprintfEx(FLAG_NEWLINE, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type); + sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], +foundKey[5]); cjSetCursRight(); DbprintfEx(FLAG_NEWLINE, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type); } */ @@ -101,7 +139,7 @@ void ReadLastTagFromFlash() { uint8_t *mem = BigBuf_malloc(size); - //this one will handle filetype (symlink or not) and resolving by itself + // this one will handle filetype (symlink or not) and resolving by itself rdv40_spiffs_read_as_filetype((char *)HFCOLIN_LASTTAG_SYMLINK, (uint8_t *)mem, len, RDV40_SPIFFS_SAFETY_SAFE); emlSetMem(mem, 0, 64); @@ -129,8 +167,9 @@ void WriteTagToFlash(uint32_t uid, size_t size) { num_to_bytes(uid, 4, buid); sprintf(dest, "hf_colin/mf_%02x%02x%02x%02x.bin", buid[0], buid[1], buid[2], buid[3]); - // TODO : by using safe function for multiple writes we are both breaking cache mecanisms and making useless and unoptimized mount operations - // we should manage at out level the mount status before and after the whole standalone mode + // TODO : by using safe function for multiple writes we are both breaking cache mecanisms and making useless and + // unoptimized mount operations we should manage at out level the mount status before and after the whole standalone + // mode rdv40_spiffs_write((char *)dest, (uint8_t *)data, len, RDV40_SPIFFS_SAFETY_SAFE); // lastag will only contain filename/path to last written tag file so we don't loose time or space. rdv40_spiffs_make_symlink((char *)dest, (char *)HFCOLIN_LASTTAG_SYMLINK, RDV40_SPIFFS_SAFETY_SAFE); @@ -141,12 +180,15 @@ void WriteTagToFlash(uint32_t uid, size_t size) { return; } -void ModInfo(void) { - DbpString(" HF Mifare ultra fast sniff/sim/clone - aka VIGIKPWN (Colin Brigato)"); -} +void ModInfo(void) { DbpString(" HF Mifare ultra fast sniff/sim/clone - aka VIGIKPWN (Colin Brigato)"); } void RunMod() { StandAloneMode(); + + add_schema(Schemas, Noralsy, &total_schemas); + add_schema(Schemas, InfiHexact, &total_schemas); + add_schema(Schemas, UrmetCaptive, &total_schemas); + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); currline = 20; @@ -155,7 +197,7 @@ void RunMod() { memset(cjuid, 0, sizeof(cjuid)); cjcuid = 0; uint8_t sectorsCnt = (MF1KSZ / MF1KSZSIZE); - uint64_t key64; // Defines current key + uint64_t key64; // Defines current key uint8_t *keyBlock; // Where the keys will be held in memory. /* VIGIK EXPIRED DUMP FOR STUDY @@ -194,11 +236,11 @@ void RunMod() { ACCBITS : 796788[00]+VALUE */ - //---------------------------- - // Set of keys to be used. - // This should cover ~98% of - // French VIGIK system @2017 - //---------------------------- +//---------------------------- +// Set of keys to be used. +// This should cover ~98% of +// French VIGIK system @2017 +//---------------------------- #define STKEYS 37 @@ -295,7 +337,7 @@ failtag: SpinOff(50); LED_A_ON(); uint8_t ticker = 0; - //while (!BUTTON_PRESS() && !iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) + // while (!BUTTON_PRESS() && !iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) while (!iso14443a_select_card(cjuid, &p_card, &cjcuid, true, 0, true)) { WDT_HIT(); @@ -377,8 +419,8 @@ failtag: if (key == -1) { err = 1; allKeysFound = false; - // used in portable imlementation on microcontroller: it reports back the fail and open the standalone lock - // reply_old(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0); + // used in portable imlementation on microcontroller: it reports back the fail and open the standalone + // lock reply_old(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0); break; } else if (key == -2) { err = 1; // Can't select card. @@ -393,10 +435,10 @@ failtag: cjSetCursRight(); DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %012" PRIx64 " ; TYP: %i", sec, key64, type); /*reply_old(CMD_CJB_INFORM_CLIENT_KEY, 12, sec, type, tosendkey, 12);*/ - switch (key64) { - ///////////////////////////////////////////////////////// - // COMMON SCHEME 1 : INFINITRON/HEXACT - case 0x484558414354: + + for (int i = 0; i < total_schemas; i++) { + if (key64 == Schemas[i].trigger) { + cjSetCursLeft(); DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_); cjSetCursLeft(); @@ -404,232 +446,36 @@ failtag: DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_); cjSetCursLeft(); - DbprintfEx(FLAG_NEWLINE, "%sDetected: %s INFI_HEXACT_VIGIK_TAG%s", _XORANGE_, _XCYAN_, _XWHITE_); + DbprintfEx(FLAG_NEWLINE, "%sDetected: %s %s%s", _XORANGE_, _XCYAN_, Schemas[i].name, _XWHITE_); cjSetCursLeft(); - DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_); + DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, + _XYELLOW_, _XGREEN_); cjSetCursLeft(); DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_); - ; - // Type 0 / A first + uint16_t t = 0; for (uint16_t s = 0; s < sectorsCnt; s++) { - num_to_bytes(0x484558414354, 6, foundKey[t][s]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], foundKey[t][s][2], - foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]); + num_to_bytes(Schemas[i].keysA[s], 6, foundKey[t][s]); + sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], + foundKey[t][s][2], foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]); cjSetCursRight(); DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t); } t = 1; - uint16_t sectorNo = 0; - num_to_bytes(0xa22ae129c013, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 1; - num_to_bytes(0x49fae4e3849f, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 2; - num_to_bytes(0x38fcf33072e0, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 3; - num_to_bytes(0x8ad5517b4b18, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 4; - num_to_bytes(0x509359f131b1, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 5; - num_to_bytes(0x6c78928e1317, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 6; - num_to_bytes(0xaa0720018738, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 7; - num_to_bytes(0xa6cac2886412, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 8; - num_to_bytes(0x62d0c424ed8e, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 9; - num_to_bytes(0xe64a986a5d94, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 10; - num_to_bytes(0x8fa1d601d0a2, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 11; - num_to_bytes(0x89347350bd36, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 12; - num_to_bytes(0x66d2b7dc39ef, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 13; - num_to_bytes(0x6bc1e1ae547d, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 14; - num_to_bytes(0x22729a9bd40f, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - sectorNo = 15; - num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2], - foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]); - cjSetCursRight(); - - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t); - trapped = 1; - break; - ////////////////END OF SCHEME 1////////////////////////////// - - /////////////////////////////////////// - // COMMON SCHEME 2 : URMET CAPTIVE / COGELEC!/? - case 0x8829da9daf76: - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%sDetected :%sURMET_CAPTIVE_VIGIK_TAG%s", _XORANGE_, _XCYAN_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_); - cjSetCursLeft(); - - // emlClearMem(); - // A very weak one... - for (uint16_t i = 0; i < 2; i++) { - for (uint16_t s = 0; s < sectorsCnt; s++) { - num_to_bytes(key64, 6, foundKey[i][s]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", - foundKey[i][s][0], - foundKey[i][s][1], - foundKey[i][s][2], - foundKey[i][s][3], - foundKey[i][s][4], - foundKey[i][s][5] - ); - cjSetCursRight(); - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, i); - } - } - trapped = 1; - break; - ////////////////END OF SCHEME 2////////////////////////////// - - /////////////////////////////////////// - // COMMON SCHEME 3 : NORALSY "A-LARON & B-LARON . . . NORAL-B & NORAL-A" - case 0x414c41524f4e: // Thumbs up to the guy who had the idea of such a "mnemotechnical" key pair - case 0x424c41524f4e: - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _XRED_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, " .TAG SEEMS %sDETERMINISTIC%s. ", _XGREEN_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%s Detected :%sNORALSY_VIGIK_TAG %s", _XORANGE_, _XCYAN_, _XWHITE_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "...%s[%sKey_derivation_schemeTest%s]%s...", _XYELLOW_, _XGREEN_, _XYELLOW_, _XGREEN_); - cjSetCursLeft(); - - DbprintfEx(FLAG_NEWLINE, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _XGREEN_, _XWHITE_); - - t = 0; for (uint16_t s = 0; s < sectorsCnt; s++) { - num_to_bytes(0x414c41524f4e, 6, foundKey[t][s]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", - foundKey[t][s][0], - foundKey[t][s][1], - foundKey[t][s][2], - foundKey[t][s][3], - foundKey[t][s][4], - foundKey[t][s][5]); - cjSetCursRight(); - DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t); - } - - t = 1; - for (uint16_t s = 0; s < sectorsCnt; s++) { - num_to_bytes(0x424c41524f4e, 6, foundKey[t][s]); - sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", - foundKey[t][s][0], - foundKey[t][s][1], - foundKey[t][s][2], - foundKey[t][s][3], - foundKey[t][s][4], - foundKey[t][s][5]); + num_to_bytes(Schemas[i].keysB[s], 6, foundKey[t][s]); + sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], + foundKey[t][s][2], foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]); cjSetCursRight(); DbprintfEx(FLAG_NEWLINE, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t); } trapped = 1; break; - ////////////////END OF SCHEME 3////////////////////////////// + } } + /* etc etc for testing schemes quick schemes */ } } @@ -685,7 +531,8 @@ failtag: delta_time = GetTickCountDelta(start_time); cjSetCursLeft(); - DbprintfEx(FLAG_NEWLINE, "%s>>%s Time for VIGIK break :%s%dms%s", _XGREEN_, _XWHITE_, _XYELLOW_, delta_time, _XWHITE_); + DbprintfEx(FLAG_NEWLINE, "%s>>%s Time for VIGIK break :%s%dms%s", _XGREEN_, _XWHITE_, _XYELLOW_, delta_time, + _XWHITE_); vtsend_cursor_position_save(NULL); vtsend_set_attribute(NULL, 1); @@ -706,8 +553,9 @@ readysim: DbprintfEx(FLAG_NEWLINE, "%s!> HOLD ON : %s When you'll click, simm will stop", _XRED_, _XWHITE_); cjSetCursLeft(); - DbprintfEx(FLAG_NEWLINE, "Then %s immediately %s we'll try to %s dump our emulator state%s \r\nin a %s chinese tag%s", _XRED_, _XWHITE_, _XYELLOW_, _XWHITE_, - _XCYAN_, _XWHITE_); + DbprintfEx(FLAG_NEWLINE, + "Then %s immediately %s we'll try to %s dump our emulator state%s \r\nin a %s chinese tag%s", _XRED_, + _XWHITE_, _XYELLOW_, _XWHITE_, _XCYAN_, _XWHITE_); cjSetCursLeft(); cjSetCursLeft(); @@ -736,7 +584,7 @@ readysim: } // Use UID, SAK, ATQA from EMUL, if uid not defined - //if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) { + // if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) { flags |= FLAG_UID_IN_EMUL; //} Mifare1ksim(flags | FLAG_MF_1K, 0, cjuid); @@ -856,7 +704,8 @@ int e_MifareECardLoad(uint32_t numofsectors, uint8_t keytype) { /* the chk function is a piwi'ed(tm) check that will try all keys for a particular sector. also no tracing no dbg */ -int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, uint8_t keyCount, uint8_t *datain, uint64_t *key) { +int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, uint8_t keyCount, uint8_t *datain, + uint64_t *key) { DBGLEVEL = DBG_NONE; iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); set_tracing(false); @@ -961,8 +810,7 @@ void saMifareMakeTag(void) { } } - -//TODO : make this work either for a Gen1a or for a block 0 direct write all transparently +// TODO : make this work either for a Gen1a or for a block 0 direct write all transparently //----------------------------------------------------------------------------- // Matt's StandAlone mod. // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn) @@ -1049,7 +897,8 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data }; } - if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) { + if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || + (receivedAnswer[0] != 0x0a)) { DbprintfEx(FLAG_NEWLINE, "write block send command error"); break; };