hf 14a info - add MFC EV1 signature checks
This commit is contained in:
iceman1001
@@ -748,7 +748,6 @@ int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data)
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_MIFARE_READSC, sectorNo, keyType, 0, key, 6);
|
||||
|
||||
PacketResponseNG resp;
|
||||
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
|
||||
uint8_t isOK = resp.oldarg[0] & 0xff;
|
||||
@@ -760,10 +759,33 @@ int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data)
|
||||
return PM3_EUNDEF;
|
||||
}
|
||||
} else {
|
||||
PrintAndLogEx(ERR, "Command execute timeout");
|
||||
PrintAndLogEx(DEBUG, "Command execute timeout");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
int mfReadBlock(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t *data) {
|
||||
mf_readblock_t payload = {
|
||||
.blockno = blockNo,
|
||||
.keytype = keyType
|
||||
};
|
||||
memcpy(payload.key, key, sizeof(payload.key));
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_MIFARE_READBL, (uint8_t *)&payload, sizeof(mf_readblock_t));
|
||||
PacketResponseNG resp;
|
||||
if (WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500)) {
|
||||
memcpy(data, resp.data.asBytes, 16);
|
||||
|
||||
if (resp.status != PM3_SUCCESS) {
|
||||
PrintAndLogEx(DEBUG, "failed reading block");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
} else {
|
||||
PrintAndLogEx(DEBUG, "Command execute timeout");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -1196,3 +1218,19 @@ int detect_mf_magic(bool is_mfc) {
|
||||
}
|
||||
return isGeneration;
|
||||
}
|
||||
|
||||
int detect_mfc_ev1_signature(uint8_t *signature) {
|
||||
if (signature == NULL) {
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
uint8_t sign[32] = {0};
|
||||
uint8_t key[] = {0x4b, 0x79, 0x1b, 0xea, 0x7b, 0xcc};
|
||||
int res = mfReadBlock(69, 1, key, sign);
|
||||
if ( res == PM3_SUCCESS) {
|
||||
res = mfReadBlock(70, 1, key, sign + 16);
|
||||
if (res == PM3_SUCCESS) {
|
||||
memcpy(signature, sign, sizeof(sign));
|
||||
}
|
||||
}
|
||||
return res;
|
||||
}
|
||||
@@ -70,6 +70,7 @@ int mfCheckKeys_file(uint8_t *destfn, uint64_t *key);
|
||||
int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultkey);
|
||||
|
||||
int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data);
|
||||
int mfReadBlock(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t *data);
|
||||
|
||||
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
|
||||
int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
|
||||
@@ -90,5 +91,7 @@ int detect_classic_prng(void);
|
||||
int detect_classic_nackbug(bool verbose);
|
||||
int detect_mf_magic(bool is_mfc);
|
||||
int detect_classic_static_nonce(void);
|
||||
int detect_mfc_ev1_signature(uint8_t *signature);
|
||||
|
||||
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user