diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index 886a52d2d..82ad47e99 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -20,6 +20,7 @@ #include #include #include "commonutil.h" +#include "generator.h" #include "aes.h" #include "ui.h" #include "crc.h" @@ -788,6 +789,7 @@ int DesfireSelectAID(DesfireContext *ctx, uint8_t *aid1, uint8_t *aid2) { DesfireClearSession(ctx); ctx->appSelected = (aid1[0] != 0x00 || aid1[1] != 0x00 || aid1[2] != 0x00); + ctx->selectedAID = DesfireAIDByteToUint(aid1); return PM3_SUCCESS; } @@ -825,6 +827,7 @@ int DesfireSelectAIDHexNoFieldOn(DesfireContext *ctx, uint32_t aid) { DesfireClearSession(ctx); ctx->appSelected = (aid != 0x000000); + ctx->selectedAID = aid; return PM3_SUCCESS; } @@ -991,13 +994,13 @@ static int DesfireAuthenticateEV1(DesfireContext *dctx, DesfireSecureChannel sec // We will overrite any provided KDF input since a gallagher specific KDF was requested. dctx->kdfInputLen = 11; - /*if (mfdes_kdf_input_gallagher(tag->info.uid, tag->info.uidlen, dctx->keyNum, tag->selected_application, dctx->kdfInput, &dctx->kdfInputLen) != PM3_SUCCESS) { + if (mfdes_kdf_input_gallagher(dctx->uid, dctx->uidlen, dctx->keyNum, dctx->selectedAID, dctx->kdfInput, &dctx->kdfInputLen) != PM3_SUCCESS) { PrintAndLogEx(FAILED, "Could not generate Gallagher KDF input"); - }*/ + } + PrintAndLogEx(INFO, " KDF Input: " _YELLOW_("%s"), sprint_hex(dctx->kdfInput, dctx->kdfInputLen)); MifareKdfAn10922(dctx, DCOMasterKey, dctx->kdfInput, dctx->kdfInputLen); PrintAndLogEx(INFO, " Derrived key: " _GREEN_("%s"), sprint_hex(dctx->key, desfire_get_key_block_length(dctx->keyType))); - PrintAndLogEx(INFO, " KDF Input: " _YELLOW_("%s"), sprint_hex(dctx->kdfInput, dctx->kdfInputLen)); } uint8_t subcommand = MFDES_AUTHENTICATE; @@ -2547,6 +2550,7 @@ int DesfireISOSelectEx(DesfireContext *dctx, bool fieldon, DesfireISOSelectContr DesfireClearSession(dctx); dctx->appSelected = !((cntr == ISSMFDFEF && datalen == 0) || (cntr == ISSEFByFileID && datalen == 2 && data[0] == 0 && data[1] == 0)); + dctx->selectedAID = 0; return res; } diff --git a/client/src/mifare/desfirecrypto.c b/client/src/mifare/desfirecrypto.c index 4bd6582b4..14d725678 100644 --- a/client/src/mifare/desfirecrypto.c +++ b/client/src/mifare/desfirecrypto.c @@ -43,6 +43,10 @@ void DesfireClearContext(DesfireContext *ctx) { ctx->commMode = DCMNone; ctx->appSelected = false; + ctx->selectedAID = 0; + + memset(ctx->uid, 0, sizeof(ctx->uid)); + ctx->uidlen = 0; ctx->kdfAlgo = 0; ctx->kdfInputLen = 0; diff --git a/client/src/mifare/desfirecrypto.h b/client/src/mifare/desfirecrypto.h index 113996ece..e5a7643e8 100644 --- a/client/src/mifare/desfirecrypto.h +++ b/client/src/mifare/desfirecrypto.h @@ -87,6 +87,10 @@ typedef struct DesfireContextS { DesfireCommunicationMode commMode; // plain/mac/enc bool appSelected; // for iso auth + uint32_t selectedAID; + + uint8_t uid[10]; + uint8_t uidlen; uint8_t IV[DESFIRE_MAX_KEY_SIZE]; uint8_t sessionKeyMAC[DESFIRE_MAX_KEY_SIZE];