mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-11-10 17:49:32 +08:00
Merge pull request #2432 from Antiklesys/master
Bugfixes and code improvements for hf iclass legrec
This commit is contained in:
Iceman
GitHub
commit
f5cc09e8c9
4 changed files with 73 additions and 76 deletions
|
|
@ -2174,6 +2174,7 @@ void iClass_Recover(iclass_recover_req_t *msg) {
|
|||
bool shallow_mod = false;
|
||||
|
||||
LED_A_ON();
|
||||
Dbprintf(_RED_("Interrupting this process will render the card unusable!"));
|
||||
|
||||
Iso15693InitReader();
|
||||
//Authenticate with AA2 with the standard key to get the AA2 mac
|
||||
|
|
@ -2277,15 +2278,20 @@ Xorring the index of iterations against those decimal numbers allows us to retri
|
|||
blockno = 3;
|
||||
wb[0] = blockno;
|
||||
memcpy(wb + 1, xorkeyblock, 8);
|
||||
|
||||
doMAC_N(wb, sizeof(wb), div_key2, mac2);
|
||||
|
||||
//Step5 Perform Write
|
||||
|
||||
DbpString("Generated XOR Key: ");
|
||||
Dbhexdump(8, xorkeyblock, false);
|
||||
|
||||
if (iclass_writeblock_ext(blockno, xorkeyblock, mac2, use_mac, shallow_mod)) {
|
||||
Dbprintf("Write block [%3d/0x%02X] " _GREEN_("successful"), blockno, blockno);
|
||||
} else {
|
||||
Dbprintf("Write block [%3d/0x%02X] " _RED_("failed"), blockno, blockno);
|
||||
if (index > 1){
|
||||
Dbprintf(_RED_("Card is likely to be unusable!"));
|
||||
}
|
||||
goto out;
|
||||
}
|
||||
//Step6 Perform 8 authentication attempts
|
||||
|
|
@ -2302,7 +2308,7 @@ Xorring the index of iterations against those decimal numbers allows us to retri
|
|||
goto restore;
|
||||
}
|
||||
}
|
||||
|
||||
index++;
|
||||
}//end while
|
||||
|
||||
|
||||
|
|
@ -2311,10 +2317,6 @@ restore:
|
|||
uint8_t partialkey[PICOPASS_BLOCK_SIZE];
|
||||
convertToHexArray(bits_found, partialkey);
|
||||
|
||||
for (int i = 0; i < 8; i++){
|
||||
Dbprintf("Raw Key Partial Bytes: " _GREEN_("[%3d -> 0x%02X]"), i, partialkey);
|
||||
}
|
||||
|
||||
uint8_t resetkey[PICOPASS_BLOCK_SIZE];
|
||||
convertToHexArray(index, resetkey);
|
||||
|
||||
|
|
@ -2325,19 +2327,26 @@ restore:
|
|||
blockno = 3;
|
||||
wb[0] = blockno;
|
||||
memcpy(wb + 1, resetkey, 8);
|
||||
|
||||
doMAC_N(wb, sizeof(wb), div_key2, mac2);
|
||||
|
||||
//Write back the card to the original key
|
||||
DbpString(_YELLOW_("Restoring Card to the original key using Reset Key: "));
|
||||
Dbhexdump(8, resetkey, false);
|
||||
if (iclass_writeblock_ext(blockno, resetkey, mac2, use_mac, shallow_mod)) {
|
||||
Dbprintf("Restore of Original Key [%3d/0x%02X] " _GREEN_("successful"), blockno, blockno);
|
||||
Dbprintf("Restore of Original Key "_GREEN_("successful. Card is usable again."));
|
||||
} else {
|
||||
Dbprintf("Restore of Original Key [%3d/0x%02X] " _RED_("failed"), blockno, blockno);
|
||||
Dbprintf("Restore of Original Key " _RED_("failed. Card is likely unusable."));
|
||||
}
|
||||
//Print the 24 bits found from k1
|
||||
DbpString(_YELLOW_("Raw Key Partial Bytes: "));
|
||||
Dbhexdump(8, partialkey, false);
|
||||
switch_off();
|
||||
reply_ng(CMD_HF_ICLASS_RECOVER, PM3_SUCCESS, NULL, 0);
|
||||
|
||||
|
||||
out:
|
||||
|
||||
switch_off();
|
||||
|
||||
reply_ng(CMD_HF_ICLASS_RECOVER, PM3_ESOFT, NULL, 0);
|
||||
|
||||
}
|
||||
|
|
@ -396,32 +396,22 @@ uint32_t get_flash_size(void) {
|
|||
return flash_size_from_cidr(*AT91C_DBGU_CIDR);
|
||||
}
|
||||
|
||||
// Function to convert an unsigned int to binary string
|
||||
void intToBinary(uint8_t num, char *binaryStr, int size) {
|
||||
binaryStr[size] = '\0'; // Null-terminate the string
|
||||
for (int i = size - 1; i >= 0; i--) {
|
||||
// Combined function to convert an unsigned int to an array of hex values corresponding to the last three bits of k1
|
||||
void convertToHexArray(uint8_t num, uint8_t *partialkey) {
|
||||
char binaryStr[25]; // 24 bits for binary representation + 1 for null terminator
|
||||
binaryStr[24] = '\0'; // Null-terminate the string
|
||||
|
||||
// Convert the number to binary string
|
||||
for (int i = 23; i >= 0; i--) {
|
||||
binaryStr[i] = (num % 2) ? '1' : '0';
|
||||
num /= 2;
|
||||
}
|
||||
}
|
||||
|
||||
// Function to convert a binary string to hexadecimal
|
||||
uint8_t binaryToHex(char *binaryStr) {
|
||||
return (uint8_t)strtoul(binaryStr, NULL, 2);
|
||||
}
|
||||
|
||||
// Function to convert an unsigned int to an array of hex values
|
||||
void convertToHexArray(uint8_t num, uint8_t *partialkey) {
|
||||
char binaryStr[25]; // 24 bits for binary representation + 1 for null terminator
|
||||
|
||||
// Convert the number to binary string
|
||||
intToBinary(num, binaryStr, 24);
|
||||
|
||||
// Split the binary string into groups of 3 and convert to hex
|
||||
for (int i = 0; i < 8 ; i++) {
|
||||
char group[4];
|
||||
strncpy(group, binaryStr + i * 3, 3);
|
||||
group[3] = '\0'; // Null-terminate the group string
|
||||
partialkey[i] = binaryToHex(group);
|
||||
partialkey[i] = (uint8_t)strtoul(group, NULL, 2);
|
||||
}
|
||||
}
|
||||
|
|
@ -88,8 +88,6 @@ int hex2binarray(char *target, char *source);
|
|||
int hex2binarray_n(char *target, const char *source, int sourcelen);
|
||||
int binarray2hex(const uint8_t *bs, int bs_len, uint8_t *hex);
|
||||
|
||||
void intToBinary(uint8_t num, char *binaryStr, int size);
|
||||
uint8_t binaryToHex(char *binaryStr);
|
||||
void convertToHexArray(uint8_t num, uint8_t *partialKey);
|
||||
|
||||
void LED(int led, int ms);
|
||||
|
|
|
|||
|
|
@ -3874,9 +3874,9 @@ static int CmdHFiClassRecover(uint8_t key[8]) {
|
|||
WaitForResponse(CMD_HF_ICLASS_RECOVER, &resp);
|
||||
|
||||
if (resp.status == PM3_SUCCESS) {
|
||||
PrintAndLogEx(SUCCESS, "iCLASS Recover " _GREEN_("successful"));
|
||||
PrintAndLogEx(SUCCESS, "iCLASS Key Bits Recovery " _GREEN_("successful"));
|
||||
} else {
|
||||
PrintAndLogEx(WARNING, "iCLASS Recover " _RED_("failed"));
|
||||
PrintAndLogEx(WARNING, "iCLASS Key Bits Recovery " _RED_("failed"));
|
||||
}
|
||||
|
||||
free(payload);
|
||||
|
|
|
|||
Loading…
Reference in a new issue