hf iclass sim - now use cliparser
This commit is contained in:
tcprst
@@ -168,20 +168,23 @@ Simulate iCLASS
|
||||
```
|
||||
Options
|
||||
---
|
||||
0 <CSN> simulate the given CSN
|
||||
-t, --type <int> Simulation type to use
|
||||
--csn <hex> Specify CSN as 8 bytes (16 hex symbols) to use with sim type 0
|
||||
Types:
|
||||
0 simulate the given CSN
|
||||
1 simulate default CSN
|
||||
2 Runs online part of LOCLASS attack
|
||||
3 Full simulation using emulator memory (see 'hf iclass eload')
|
||||
4 Runs online part of LOCLASS attack against reader in keyroll mode
|
||||
|
||||
pm3 --> hf iclass sim 3
|
||||
pm3 --> hf iclass sim -t 3
|
||||
```
|
||||
|
||||
Simulate iCLASS Sequence
|
||||
```
|
||||
pm3 --> hf iclass dump --ki 0
|
||||
pm3 --> hf iclass eload -f hf-iclass-db883702f8ff12e0.bin
|
||||
pm3 --> hf iclass sim 3
|
||||
pm3 --> hf iclass sim -t 3
|
||||
```
|
||||
|
||||
Extract custom iCLASS key (loclass attack)
|
||||
@@ -190,11 +193,11 @@ Options
|
||||
---
|
||||
f <filename> : specify a filename to clone from
|
||||
k <key> : Access Key as 16 hex symbols or 1 hex to select key from memory
|
||||
e : If 'e' is specified, elite computations applied to key
|
||||
--elite : Elite computations applied to key
|
||||
|
||||
pm3 --> hf iclass sim 2
|
||||
pm3 --> hf iclass sim -t 2
|
||||
pm3 --> hf iclass loclass -f iclass_mac_attack.bin
|
||||
pm3 --> hf iclass managekeys n 7 k <Kcus>
|
||||
pm3 --> hf iclass managekeys --ki 7 -k <Kcus>
|
||||
pm3 --> hf iclass dump --ki 7 --elite
|
||||
```
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ This document is primarily intended for understanding `hf iclass loclass` and fi
|
||||
|
||||
LOCLASS aim is to recover the used masterkey for that specific reader configured in Elite mode / High Security mode.
|
||||
|
||||
LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file. For the first part you run `hf iclass sim 2` and take notice of the saved filename.
|
||||
LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file. For the first part you run `hf iclass sim -t 2` and take notice of the saved filename.
|
||||
|
||||
The second part is offline, where the information gathered from the first step is used in a series of DES operations to figure out the used
|
||||
masterkey.
|
||||
@@ -21,6 +21,6 @@ run `hf iclass loclass --test`.
|
||||
This test mode uses two files.
|
||||
|
||||
- `iclass_dump.bin`
|
||||
this is a sample file from `hf iclass sim 2`, with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader.
|
||||
this is a sample file from `hf iclass sim -t 2`, with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader.
|
||||
- `iclass_key.bin`
|
||||
this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permutation / reversing / generation of key is correct.
|
||||
Reference in New Issue
Block a user