RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-26 00:55:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

Update cmdhfmfdes.c

Browse source 
Desfire changekey AES
Seems to work, but response validation fails.
This commit is contained in:
mwalker33 2021-04-24 13:43:00 +10:00
parent 6780b852d4
commit ae42c9445a
1 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
client/src/cmdhfmfdes.c
View file

@ -1204,6 +1204,7 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n
sAPDU apdu = {0x90, MFDES_CHANGE_KEY, 0x00, 0x00, 0x01, data}; // 0xC4 sAPDU apdu = {0x90, MFDES_CHANGE_KEY, 0x00, 0x00, 0x01, data}; // 0xC4
size_t cmdcnt = 0; size_t cmdcnt = 0;
uint8_t csPkt[30] = {0x00}; // temp storage for AES first CheckSum
uint8_t new_key_length = 16; uint8_t new_key_length = 16;
switch (new_algo) { switch (new_algo) {
@ -1252,10 +1253,21 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n
cmdcnt += 2; cmdcnt += 2;
break; break;
case AS_NEW: case AS_NEW:
desfire_crc32_append(data + 1, cmdcnt); if (new_algo == MFDES_ALGO_AES) {
// AES Checksum must cover : C4<KeyNo> <PrevKey XOR Newkey> <NewKeyVer>
// C4 01 A0B08090E0F0C0D02030001060704050 03
// 19 bytes
//uint8_t csPkt[30] = {0x00};
csPkt[0] = 0xC4;
memcpy (&csPkt[1],data,18);
desfire_crc32(csPkt, 19, data + 1 + cmdcnt);
} else {
desfire_crc32_append(data + 1, cmdcnt);
}
cmdcnt += 4; cmdcnt += 4;
desfire_crc32(new_key, new_key_length, data + cmdcnt); desfire_crc32(new_key, new_key_length, data + 1 + cmdcnt);
cmdcnt += 4; cmdcnt += 4;
break; break;
} }
@ -1295,10 +1307,23 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n
} }
size_t sn = recv_len; size_t sn = recv_len;
p = mifare_cryto_postprocess_data(tag, data, &sn, MDCM_PLAIN | CMAC_COMMAND | CMAC_VERIFY); p = mifare_cryto_postprocess_data(tag, data, &sn, MDCM_PLAIN | CMAC_COMMAND | CMAC_VERIFY);
if (!p) // Should be finished processing the changekey so lets ensure the field is dropped.
DropFieldDesfire();
if (!p) {
/*
Note in my testing on an EV1, the AES password did change, with the number of returned bytes was 8, expected 9 <status><8 byte cmac>
As such !p is true and the code reports "Error on changing key"; so comment back to user until its fixed.
*/
if (new_algo == MFDES_ALGO_AES) {
PrintAndLogEx(WARNING,"AES password may have been changed, please check new password with the auth command.");
}
return PM3_ESOFT; return PM3_ESOFT;
}
/* /*
* If we changed the current authenticated key, we are not authenticated * If we changed the current authenticated key, we are not authenticated