fix: hf iclass decrypt - making sure we use available bytes even if app limit reports much more data

2025-02-14 19:24:10 +08:00 · 2020-03-11 17:08:03 +01:00 · 2020-03-11 17:08:03 +01:00 · b96585483d
commit b96585483d
parent d63d6d0978
1 changed files with 17 additions and 5 deletions
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -785,7 +785,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
                return usage_hf_iclass_decrypt();
            case 'd':
                if (param_gethex(Cmd, cmdp + 1, enc_data, 16)) {
-                    PrintAndLogEx(ERR, "data must be 16 HEX symbols");
+                    PrintAndLogEx(ERR, "Data must be 16 HEX symbols");
                    errors = true;
                    break;
                }
@ -794,7 +794,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
                break;
            case 'f':
                if (param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0) {
-                    PrintAndLogEx(WARNING, "no filename found after f");
+                    PrintAndLogEx(WARNING, "No filename found after f");
                    errors = true;
                    break;
                }
@ -864,7 +864,14 @@ static int CmdHFiClassDecrypt(const char *Cmd) {

        BLOCK79ENCRYPTION aa1_encryption = (decrypted[(6 * 8) + 7] & 0x03);

-        for (uint16_t blocknum = 0; blocknum < applimit; ++blocknum) {
+        uint32_t limit = MIN(applimit, decryptedlen / 8);
+
+        if (decryptedlen / 8 != applimit) {
+            PrintAndLogEx(WARNING, "Actual file len " _YELLOW_("%u") "vs HID app-limit len " _YELLOW_("%u"), decryptedlen, applimit * 8);
+            PrintAndLogEx(INFO, "Setting limit to " _GREEN_("%u"), limit * 8);
+        }
+
+        for (uint16_t blocknum = 0; blocknum < limit; ++blocknum) {

            uint8_t idx = blocknum * 8;
            memcpy(enc_data, decrypted + idx, 8);
@ -885,7 +892,12 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
        }

        //Use the first block (CSN) for filename
-        char *fptr = calloc(42, sizeof(uint8_t));
+        char *fptr = calloc(50, sizeof(uint8_t));
+        if (!fptr) {
+            PrintAndLogEx(WARNING, "Failed to allocate memory");
+            free(decrypted);
+            return PM3_EMALLOC;
+        }
        strcat(fptr, "hf-iclass-");
        FillFileNameByUID(fptr, hdr->csn, "-data-decrypted", sizeof(hdr->csn));

@ -893,9 +905,9 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
        saveFileEML(fptr, decrypted, decryptedlen, 8);
        saveFileJSON(fptr, jsfIclass, decrypted, decryptedlen);

+        PrintAndLogEx(INFO, "Following output skips CSN / block0");
        printIclassDumpContents(decrypted, 1, (decryptedlen / 8), decryptedlen);

-
        // decode block 6
        if (memcmp(decrypted + (8 * 6), empty, 8) != 0) {
            if (use_sc) {