mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-03-04 03:58:08 +08:00
ADD: a new pwdgen algo Nicknamed C, (Huge props to @Bettse for everything) also added to the "hf mfu info" command. However, that will not work given the system's lockbits.. :( Maybe I'll add a function to test all imp pwdgens given a UID without making a authentication call to tag.
ADD: BSWAP_32 macro, for changing endianness.
This commit is contained in:
iceman1001
parent
88a2610af5
commit
dd79e03a1a
4 changed files with 43 additions and 6 deletions
|
|
@ -74,6 +74,7 @@ void rol(uint8_t *data, const size_t len){
|
|||
}
|
||||
data[len-1] = first;
|
||||
}
|
||||
|
||||
void lsl (uint8_t *data, size_t len) {
|
||||
for (size_t n = 0; n < len - 1; n++) {
|
||||
data[n] = (data[n] << 1) | (data[n+1] >> 7);
|
||||
|
|
@ -421,7 +422,6 @@ void StartCountSspClk()
|
|||
while (AT91C_BASE_TC0->TC_CV < 0xFFF0);
|
||||
}
|
||||
|
||||
|
||||
uint32_t RAMFUNC GetCountSspClk(){
|
||||
uint32_t tmp_count;
|
||||
tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV;
|
||||
|
|
|
|||
|
|
@ -100,6 +100,25 @@ uint32_t ul_ev1_pwdgenB(uint8_t* uid) {
|
|||
return (uint32_t)bytes_to_num(pwd, 4);
|
||||
}
|
||||
|
||||
// Certain pwd generation algo nickname C.
|
||||
uint32_t ul_ev1_pwdgenC(uint8_t* uid){
|
||||
uint32_t pwd = 0;
|
||||
uint8_t base[] = {
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x28,
|
||||
0x63, 0x29, 0x20, 0x43, 0x6f, 0x70, 0x79, 0x72,
|
||||
0x69, 0x67, 0x68, 0x74, 0x20, 0x4c, 0x45, 0x47,
|
||||
0x4f, 0x20, 0x32, 0x30, 0x31, 0x34, 0xaa, 0xaa
|
||||
};
|
||||
|
||||
memcpy(base, uid, 7);
|
||||
|
||||
for (int i = 0; i < 32; i += 4) {
|
||||
uint32_t b = *(uint32_t *)(base + i);
|
||||
pwd = b + ROTR(pwd, 25) + ROTR(pwd, 10) - pwd;
|
||||
}
|
||||
return BSWAP_32(pwd);
|
||||
}
|
||||
|
||||
void ul_ev1_pwdgen_selftest(){
|
||||
|
||||
uint8_t uid1[] = {0x04,0x11,0x12,0x11,0x12,0x11,0x10};
|
||||
|
|
@ -109,6 +128,10 @@ void ul_ev1_pwdgen_selftest(){
|
|||
uint8_t uid2[] = {0x04,0x1f,0x98,0xea,0x1e,0x3e,0x81};
|
||||
uint32_t pwd2 = ul_ev1_pwdgenB(uid2);
|
||||
PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid2,7), pwd2, (pwd2 == 0x5fd37eca)?"OK":"->5fd37eca<--");
|
||||
|
||||
uint8_t uid3[] = {0x04,0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80};
|
||||
uint32_t pwd3 = ul_ev1_pwdgenC(uid3);
|
||||
PrintAndLog("UID | %s | %08X | %s", sprint_hex(uid3,7), pwd3, (pwd3 == 0x5a349515)?"OK":"->5a349515<--");
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -915,6 +938,14 @@ int CmdHF14AMfUInfo(const char *Cmd){
|
|||
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
|
||||
}
|
||||
if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
|
||||
|
||||
// test pwd gen C
|
||||
num_to_bytes( ul_ev1_pwdgenC(card.uid), 4, key);
|
||||
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
|
||||
if (len >= 1) {
|
||||
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
|
||||
}
|
||||
if (!ul_auth_select( &card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack))) return -1;
|
||||
|
||||
for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ) {
|
||||
key = default_pwd_pack[i];
|
||||
|
|
@ -1876,7 +1907,6 @@ int CmdHF14AMfucSetUid(const char *Cmd){
|
|||
int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
|
||||
|
||||
uint8_t uid[4];
|
||||
|
||||
char cmdp = param_getchar(Cmd, 0);
|
||||
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_gendiverse();
|
||||
|
||||
|
|
|
|||
|
|
@ -32,11 +32,13 @@ int usage_hf_mfu_sim(void);
|
|||
int usage_hf_mfu_ucauth(void);
|
||||
int usage_hf_mfu_ucsetpwd(void);
|
||||
int usage_hf_mfu_ucsetuid(void);
|
||||
int usage_hf_mfu_gendiverse(void);
|
||||
int usage_hf_mfu_gendiverse(void);
|
||||
|
||||
int CmdHFMFUltra(const char *Cmd);
|
||||
|
||||
uint32_t ul_ev1_pwdgenA(uint8_t* uid);
|
||||
uint32_t ul_ev1_pwdgenA(uint8_t* uid);
|
||||
uint32_t ul_ev1_pwdgenC(uint8_t* uid);
|
||||
|
||||
typedef enum TAGTYPE_UL {
|
||||
UNKNOWN = 0x000000,
|
||||
|
|
|
|||
|
|
@ -26,6 +26,11 @@
|
|||
#ifndef MAX
|
||||
# define MAX(a, b) (((a) > (b)) ? (a) : (b))
|
||||
#endif
|
||||
#ifndef BSWAP_32
|
||||
#define BSWAP_32(x) \
|
||||
((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
|
||||
(((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
|
||||
#endif
|
||||
#define TRUE 1
|
||||
#define FALSE 0
|
||||
#define EVEN 0
|
||||
|
|
@ -40,9 +45,9 @@ void AddLogCurrentDT(char *fileName);
|
|||
void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount);
|
||||
|
||||
void print_hex(const uint8_t * data, const size_t len);
|
||||
char * sprint_hex(const uint8_t * data, const size_t len);
|
||||
char * sprint_bin(const uint8_t * data, const size_t len);
|
||||
char * sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t breaks);
|
||||
char *sprint_hex(const uint8_t * data, const size_t len);
|
||||
char *sprint_bin(const uint8_t * data, const size_t len);
|
||||
char *sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t breaks);
|
||||
char *sprint_hex_ascii(const uint8_t *data, const size_t len);
|
||||
|
||||
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
|
||||
|
|
|
|||
Loading…
Reference in a new issue