RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-20 15:26:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

add: added @AdamLaurie 's iclass raw keys changes

Browse source
This commit is contained in:
iceman1001 2015-12-21 19:44:47 +01:00
parent 9332b857ff
commit a7474bb30a
2 changed files with 50 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -7,6 +7,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
-- --
### Added ### Added
- `lf awid bruteforce <facilitycode>` - Simple bruteforce attack against a AWID reader.
- `lf t55xx bruteforce <start password> <end password> [i <*.dic>]` - Simple bruteforce attack to find password - (iceman and others) - `lf t55xx bruteforce <start password> <end password> [i <*.dic>]` - Simple bruteforce attack to find password - (iceman and others)
- `lf viking clone`- clone viking tag to t55x7 or Q5 from 4byte hex ID input - `lf viking clone`- clone viking tag to t55x7 or Q5 from 4byte hex ID input
- `lf viking sim` - sim full viking tag from 4byte hex ID input - `lf viking sim` - sim full viking tag from 4byte hex ID input
@ -52,6 +53,7 @@ of stream transmissions (marshmellow)
- Revised workflow for StandAloneMode14a (Craig Young) - Revised workflow for StandAloneMode14a (Craig Young)
- EPA functions (`hf epa`) now support both ISO 14443-A and 14443-B cards (frederikmoellers) - EPA functions (`hf epa`) now support both ISO 14443-A and 14443-B cards (frederikmoellers)
- 'hw version' only talks to ARM at startup, after that the info is cached. (pwpiwi) - 'hw version' only talks to ARM at startup, after that the info is cached. (pwpiwi)
- Added `r` option to iclass functions - allows key to be provided in raw block 3/4 format
## [2.2.0][2015-07-12] ## [2.2.0][2015-07-12]

62
client/cmdhficlass.c
View file

@ -502,7 +502,7 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
return true; return true;
} }
static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool verbose) { static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
@ -510,7 +510,11 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
return false; return false;
//get div_key //get div_key
if(rawkey)
memcpy(div_key, KEY, 8);
else
HFiClassCalcDivKey(CSN, KEY, div_key, elite); HFiClassCalcDivKey(CSN, KEY, div_key, elite);
PrintAndLog("Authing with %s: %02x%02x%02x%02x%02x%02x%02x%02x", rawkey ? "raw key" : "diversified key", div_key[0],div_key[1],div_key[2],div_key[3],div_key[4],div_key[5],div_key[6],div_key[7]);
doMAC(CCNR, div_key, MAC); doMAC(CCNR, div_key, MAC);
UsbCommand resp; UsbCommand resp;
@ -532,7 +536,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
} }
int usage_hf_iclass_dump(void) { int usage_hf_iclass_dump(void) {
PrintAndLog("Usage: hf iclass dump f <fileName> k <Key> c <CreditKey> e\n"); PrintAndLog("Usage: hf iclass dump f <fileName> k <Key> c <CreditKey> e|r\n");
PrintAndLog("Options:"); PrintAndLog("Options:");
PrintAndLog(" f <filename> : specify a filename to save dump to"); PrintAndLog(" f <filename> : specify a filename to save dump to");
PrintAndLog(" k <Key> : *Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" k <Key> : *Access Key as 16 hex symbols or 1 hex to select key from memory");
@ -540,6 +544,7 @@ int usage_hf_iclass_dump(void) {
PrintAndLog(" e : If 'e' is specified, the key is interpreted as the 16 byte"); PrintAndLog(" e : If 'e' is specified, the key is interpreted as the 16 byte");
PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack"); PrintAndLog(" Custom Key (KCus), which can be obtained via reader-attack");
PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format"); PrintAndLog(" See 'hf iclass sim 2'. This key should be on iclass-format");
PrintAndLog(" r : If 'r' is specified, the key is interpreted as raw block 3/4");
PrintAndLog(" NOTE: * = required"); PrintAndLog(" NOTE: * = required");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" hf iclass dump k 001122334455667B"); PrintAndLog(" hf iclass dump k 001122334455667B");
@ -569,6 +574,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
bool have_credit_key = false; bool have_credit_key = false;
bool use_credit_key = false; bool use_credit_key = false;
bool elite = false; bool elite = false;
bool rawkey = false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
@ -633,6 +639,11 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
} }
cmdp += 2; cmdp += 2;
break; break;
case 'r':
case 'R':
rawkey = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -676,9 +687,9 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
} }
ul_switch_off_field(); ul_switch_off_field();
// authenticate debit key and get div_key - later store in dump block 3 // authenticate debit key and get div_key - later store in dump block 3
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){ if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
//try twice - for some reason it sometimes fails the first time... //try twice - for some reason it sometimes fails the first time...
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){ if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, false)){
ul_switch_off_field(); ul_switch_off_field();
return 0; return 0;
} }
@ -716,9 +727,9 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
ul_switch_off_field(); ul_switch_off_field();
memset(MAC,0,4); memset(MAC,0,4);
// AA2 authenticate credit key and git c_div_key - later store in dump block 4 // AA2 authenticate credit key and git c_div_key - later store in dump block 4
if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
//try twice - for some reason it sometimes fails the first time... //try twice - for some reason it sometimes fails the first time...
if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
ul_switch_off_field(); ul_switch_off_field();
return 0; return 0;
} }
@ -778,10 +789,10 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
return 1; return 1;
} }
static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool verbose) { static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t MAC[4]={0x00,0x00,0x00,0x00};
uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, verbose)) if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose))
return 0; return 0;
UsbCommand resp; UsbCommand resp;
@ -814,6 +825,7 @@ int usage_hf_iclass_writeblock(void) {
PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
PrintAndLog(" r : If 'r' is specified, no computations applied to key");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B"); PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B");
PrintAndLog(" hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c"); PrintAndLog(" hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c");
@ -830,6 +842,7 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
char tempStr[50] = {0}; char tempStr[50] = {0};
bool use_credit_key = false; bool use_credit_key = false;
bool elite = false; bool elite = false;
bool rawkey= false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00) while(param_getchar(Cmd, cmdp) != 0x00)
@ -885,6 +898,11 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
} }
cmdp += 2; cmdp += 2;
break; break;
case 'r':
case 'R':
rawkey = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -894,13 +912,13 @@ int CmdHFiClass_WriteBlock(const char *Cmd) {
} }
if (cmdp < 6) return usage_hf_iclass_writeblock(); if (cmdp < 6) return usage_hf_iclass_writeblock();
int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, true); int ans = WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, true);
ul_switch_off_field(); ul_switch_off_field();
return ans; return ans;
} }
int usage_hf_iclass_clone(void) { int usage_hf_iclass_clone(void) {
PrintAndLog("Usage: hf iclass clone f <tagfile.bin> b <first block> l <last block> k <KEY> e c"); PrintAndLog("Usage: hf iclass clone f <tagfile.bin> b <first block> l <last block> k <KEY> c e|r");
PrintAndLog("Options:"); PrintAndLog("Options:");
PrintAndLog(" f <filename>: specify a filename to clone from"); PrintAndLog(" f <filename>: specify a filename to clone from");
PrintAndLog(" b <Block> : The first block to clone as 2 hex symbols"); PrintAndLog(" b <Block> : The first block to clone as 2 hex symbols");
@ -908,6 +926,7 @@ int usage_hf_iclass_clone(void) {
PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
PrintAndLog(" r : If 'r' is specified, no computations applied to key");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e"); PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 06 l 1A k 1122334455667788 e");
PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0"); PrintAndLog(" hf iclass clone f iclass_tagdump-121345.bin b 05 l 19 k 0");
@ -926,6 +945,7 @@ int CmdHFiClassCloneTag(const char *Cmd) {
uint8_t dataLen = 0; uint8_t dataLen = 0;
bool use_credit_key = false; bool use_credit_key = false;
bool elite = false; bool elite = false;
bool rawkey = false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00) while(param_getchar(Cmd, cmdp) != 0x00)
@ -989,6 +1009,11 @@ int CmdHFiClassCloneTag(const char *Cmd) {
} }
cmdp += 2; cmdp += 2;
break; break;
case 'r':
case 'R':
rawkey = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -1032,7 +1057,7 @@ int CmdHFiClassCloneTag(const char *Cmd) {
uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t MAC[4]={0x00,0x00,0x00,0x00};
uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, true)) if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, true))
return 0; return 0;
UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock}}; UsbCommand w = {CMD_ICLASS_CLONE,{startblock,endblock}};
@ -1065,11 +1090,11 @@ int CmdHFiClassCloneTag(const char *Cmd) {
return 1; return 1;
} }
static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool verbose) { static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, bool rawkey, bool verbose) {
uint8_t MAC[4]={0x00,0x00,0x00,0x00}; uint8_t MAC[4]={0x00,0x00,0x00,0x00};
uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, verbose)) if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
return 0; return 0;
UsbCommand resp; UsbCommand resp;
@ -1092,12 +1117,13 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
} }
int usage_hf_iclass_readblock(void) { int usage_hf_iclass_readblock(void) {
PrintAndLog("Usage: hf iclass readblk b <Block> k <Key> c e\n"); PrintAndLog("Usage: hf iclass readblk b <Block> k <Key> c e|r\n");
PrintAndLog("Options:"); PrintAndLog("Options:");
PrintAndLog(" b <Block> : The block number as 2 hex symbols"); PrintAndLog(" b <Block> : The block number as 2 hex symbols");
PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory"); PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n"); PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
PrintAndLog(" e : If 'e' is specified, elite computations applied to key"); PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
PrintAndLog(" r : If 'r' is specified, no computations applied to key");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" hf iclass readblk b 06 k 0011223344556677"); PrintAndLog(" hf iclass readblk b 06 k 0011223344556677");
PrintAndLog(" hf iclass readblk b 1B k 0011223344556677 c"); PrintAndLog(" hf iclass readblk b 1B k 0011223344556677 c");
@ -1113,6 +1139,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
uint8_t dataLen = 0; uint8_t dataLen = 0;
char tempStr[50] = {0}; char tempStr[50] = {0};
bool elite = false; bool elite = false;
bool rawkey = false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00) while(param_getchar(Cmd, cmdp) != 0x00)
@ -1159,6 +1186,11 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
} }
cmdp += 2; cmdp += 2;
break; break;
case 'r':
case 'R':
rawkey = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -1169,7 +1201,7 @@ int CmdHFiClass_ReadBlock(const char *Cmd) {
if (cmdp < 4) return usage_hf_iclass_readblock(); if (cmdp < 4) return usage_hf_iclass_readblock();
return ReadBlock(KEY, blockno, keyType, elite, true); return ReadBlock(KEY, blockno, keyType, elite, rawkey, true);
} }
int CmdHFiClass_loclass(const char *Cmd) { int CmdHFiClass_loclass(const char *Cmd) {