EM4x70 Authentication support

2020-12-12 09:59:30 -05:00
parent 7b7698843f
commit a6024a8622
7 changed files with 138 additions and 1 deletions
--- a/client/src/cmdlfem4x70.c
+++ b/client/src/cmdlfem4x70.c
@@ -240,11 +240,76 @@ int CmdEM4x70Unlock(const char *Cmd) {
    return PM3_ESOFT;
 }

+int CmdEM4x70Auth(const char *Cmd) {
+
+    // Authenticate transponder
+    // Send 56-bit random number + pre-computed f(rnd, k) to transponder.
+    // Transponder will respond with a response
+    em4x70_data_t etd = {0};
+
+    CLIParserContext *ctx;
+
+    CLIParserInit(&ctx, "lf em 4x70 auth",
+                  "Authenticate against an EM4x70 by sending random number (RN) and F(RN)\n"
+                  "  If F(RN) is incorrect based on the tag crypt key, the tag will not respond",
+                  "lf em 4x70 auth -r 11223344556677 -f 11223344\n"
+                );
+
+    void *argtable[] = {
+        arg_param_begin,
+        arg_lit0("x", "par", "Add parity bit when sending commands"),
+        arg_str1("r", "rnd", "<hex>", "Random 56-bit"),
+        arg_str1("f", "frn", "<hex>", "F(RN) 28-bit as 4 hex bytes"),
+        arg_param_end
+    };
+
+    CLIExecWithReturn(ctx, Cmd, argtable, true);
+    
+    etd.parity = arg_get_lit(ctx, 1);
+    
+    int rnd_len = 7;
+    CLIGetHexWithReturn(ctx, 2, etd.rnd, &rnd_len);
+
+    int frnd_len = 4;
+    CLIGetHexWithReturn(ctx, 3, etd.frnd, &frnd_len);
+
+    CLIParserFree(ctx);
+
+    if (rnd_len != 7) {
+        PrintAndLogEx(FAILED, "Random number length must be 7 bytes instead of %d", rnd_len);
+        return PM3_EINVARG;
+    }
+
+    if (frnd_len != 4) {
+        PrintAndLogEx(FAILED, "F(RN) length must be 4 bytes instead of %d", frnd_len);
+        return PM3_EINVARG;
+    }
+
+    clearCommandBuffer();
+    SendCommandNG(CMD_LF_EM4X70_AUTH, (uint8_t *)&etd, sizeof(etd));
+
+    PacketResponseNG resp;
+    if (!WaitForResponseTimeout(CMD_LF_EM4X70_AUTH, &resp, TIMEOUT)) {
+        PrintAndLogEx(WARNING, "Timeout while waiting for reply.");
+        return PM3_ETIMEOUT;
+    }
+
+    if (resp.status) {
+        // Response is 20-bit from tag
+        PrintAndLogEx(INFO, "Tag Auth Response: %02X %02X %02X", resp.data.asBytes[2], resp.data.asBytes[1], resp.data.asBytes[0]);
+        return PM3_SUCCESS;
+    }
+
+    PrintAndLogEx(FAILED, "TAG Authentication " _RED_("Failed"));
+    return PM3_ESOFT;
+}
+
 static command_t CommandTable[] = {
    {"help",   CmdHelp,         AlwaysAvailable, "This help"},
    {"info",   CmdEM4x70Info,   IfPm3EM4x70,     "Tag information EM4x70"},
    {"write",  CmdEM4x70Write,  IfPm3EM4x70,     "Write EM4x70"},
    {"unlock", CmdEM4x70Unlock, IfPm3EM4x70,     "Unlock EM4x70 for writing"},
+    {"auth",   CmdEM4x70Auth,   IfPm3EM4x70,     "Authenticate EM4x70"},
    {NULL, NULL, NULL, NULL}
 };

--- a/client/src/cmdlfem4x70.h
+++ b/client/src/cmdlfem4x70.h
@@ -20,6 +20,7 @@ int CmdLFEM4X70(const char *Cmd);
 int CmdEM4x70Info(const char *Cmd);
 int CmdEM4x70Write(const char *Cmd);
 int CmdEM4x70Unlock(const char *Cmd);
+int CmdEM4x70Auth(const char *Cmd);

 int em4x70_info(void);
 bool detect_4x70_block(void);