em4x70: Add write key convenience function. Use real values in writekey/auth help text so people with blank tags can program a test key and test authentication.

2020-12-15 12:32:30 -05:00
parent ad25920164
commit 60f36b468d
7 changed files with 101 additions and 2 deletions
--- a/client/src/cmdlfem4x70.c
+++ b/client/src/cmdlfem4x70.c
@@ -286,7 +286,7 @@ int CmdEM4x70Auth(const char *Cmd) {
    CLIParserInit(&ctx, "lf em 4x70 auth",
                  "Authenticate against an EM4x70 by sending random number (RN) and F(RN)\n"
                  "  If F(RN) is incorrect based on the tag crypt key, the tag will not respond",
-                  "lf em 4x70 auth --rnd 11223344556677 --frn 11223344\n"
+                  "lf em 4x70 auth --rnd 45F54ADA252AAC --frn 4866BB70 --> Test authentication, tag will respond if successful\n"
                 );

    void *argtable[] = {
@@ -340,7 +340,6 @@ int CmdEM4x70Auth(const char *Cmd) {

 int CmdEM4x70WritePIN(const char *Cmd) {

-    // send pin code to device, unlocking it for writing
    em4x70_data_t etd = {0};

    CLIParserContext *ctx;
@@ -395,6 +394,57 @@ int CmdEM4x70WritePIN(const char *Cmd) {
    return PM3_ESOFT;
 }

+int CmdEM4x70WriteKey(const char *Cmd) {
+
+    // Write new crypt key to tag
+    em4x70_data_t etd = {0};
+
+    CLIParserContext *ctx;
+
+    CLIParserInit(&ctx, "lf em 4x70 writekey",
+                  "Write new 96-bit key to tag\n",
+                  "lf em 4x70 writekey -k F32AA98CF5BE4ADFA6D3480B\n"
+                 );
+
+    void *argtable[] = {
+        arg_param_begin,
+        arg_lit0(NULL, "par", "Add parity bit when sending commands"),
+        arg_str1("k",  "key", "<hex>", "Crypt Key as 12 hex bytes"),
+        arg_param_end
+    };
+
+    CLIExecWithReturn(ctx, Cmd, argtable, true);
+
+    etd.parity = arg_get_lit(ctx, 1);
+
+    int key_len = 12;
+    CLIGetHexWithReturn(ctx, 2, etd.crypt_key, &key_len);
+
+    CLIParserFree(ctx);
+
+    if (key_len != 12) {
+        PrintAndLogEx(FAILED, "Crypt key length must be 12 bytes instead of %d", key_len);
+        return PM3_EINVARG;
+    }
+
+    clearCommandBuffer();
+    SendCommandNG(CMD_LF_EM4X70_WRITEKEY, (uint8_t *)&etd, sizeof(etd));
+
+    PacketResponseNG resp;
+    if (!WaitForResponseTimeout(CMD_LF_EM4X70_WRITEKEY, &resp, TIMEOUT)) {
+        PrintAndLogEx(WARNING, "Timeout while waiting for reply.");
+        return PM3_ETIMEOUT;
+    }
+
+    if (resp.status) {
+        PrintAndLogEx(INFO, "Writing new crypt key: " _GREEN_("SUCCESS"));
+        return PM3_SUCCESS;
+    }
+
+    PrintAndLogEx(FAILED, "Writing new crypt key: " _RED_("FAILED"));
+    return PM3_ESOFT;
+}
+
 static command_t CommandTable[] = {
    {"help",     CmdHelp,           AlwaysAvailable, "This help"},
    {"info",     CmdEM4x70Info,     IfPm3EM4x70,     "Tag information EM4x70"},
@@ -402,6 +452,7 @@ static command_t CommandTable[] = {
    {"unlock",   CmdEM4x70Unlock,   IfPm3EM4x70,     "Unlock EM4x70 for writing"},
    {"auth",     CmdEM4x70Auth,     IfPm3EM4x70,     "Authenticate EM4x70"},
    {"writepin", CmdEM4x70WritePIN, IfPm3EM4x70,     "Write PIN"},
+    {"writekey", CmdEM4x70WriteKey, IfPm3EM4x70,     "Write Crypt Key"},
    {NULL, NULL, NULL, NULL}
 };

--- a/client/src/cmdlfem4x70.h
+++ b/client/src/cmdlfem4x70.h
@@ -22,6 +22,7 @@ int CmdEM4x70Write(const char *Cmd);
 int CmdEM4x70Unlock(const char *Cmd);
 int CmdEM4x70Auth(const char *Cmd);
 int CmdEM4x70WritePIN(const char *Cmd);
+int CmdEM4x70WriteKey(const char *Cmd);

 int em4x70_info(void);
 bool detect_4x70_block(void);