Inicio Explorar Axuda
Iniciar sesión
torambo.com
/
Momentum-Apps
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Make SIO sniffing (iClass) more dynamic

Eric Betts hai 11 meses
pai
4fba008a73
achega
e5599a87ba
Modificáronse 4 ficheiros con 18 adicións e 18 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 0
      .gitignore
  2. 15 18
      sam_api.c
  3. 1 0
      seader_credential.c
  4. 1 0
      seader_credential.h

+ 1 - 0
.gitignore
Ver ficheiro 

@@ -1,3 +1,4 @@
 
 .vscode/
 
 dist/
 
 examples/*
 
+logs

+ 15 - 18
sam_api.c
Ver ficheiro 

@@ -19,12 +19,6 @@ static char display[SEADER_UART_RX_BUF_SIZE * 2 + 1] = {0};
 
 char asn1_log[SEADER_UART_RX_BUF_SIZE] = {0};
 
 #endif
 
 
-uint8_t read4Block6[] = {RFAL_PICOPASS_CMD_READ4, 0x06, 0x45, 0x56};
 
-uint8_t read4Block9[] = {RFAL_PICOPASS_CMD_READ4, 0x09, 0xB2, 0xAE};
 
-uint8_t read4Block10[] = {RFAL_PICOPASS_CMD_READ4, 0x0A, 0x29, 0x9C};
 
-uint8_t read4Block13[] = {RFAL_PICOPASS_CMD_READ4, 0x0D, 0x96, 0xE8};
 
-//uint8_t read4Block14[] = {RFAL_PICOPASS_CMD_READ4, 0x0E, 0x0d, 0xda};
 
-
 
 uint8_t updateBlock2[] = {RFAL_PICOPASS_CMD_UPDATE, 0x02};
 
 
 uint8_t ev2_request[] =
 
@@ -633,18 +627,21 @@ void seader_capture_sio(BitBuffer* tx_buffer, BitBuffer* rx_buffer, SeaderCreden
 
     const uint8_t* rxBuffer = bit_buffer_get_data(rx_buffer);
 
 
     if(credential->type == SeaderCredentialTypePicopass) {
 
-        if(memcmp(buffer, read4Block6, len) == 0 && rxBuffer[0] == 0x30) {
 
-            memcpy(credential->sio, rxBuffer, 32);
 
-            credential->sio_len += 32;
 
-        } else if(memcmp(buffer, read4Block10, len) == 0 && rxBuffer[0] == 0x30) {
 
-            memcpy(credential->sio, rxBuffer, 32);
 
-            credential->sio_len += 32;
 
-        } else if(memcmp(buffer, read4Block9, len) == 0) {
 
-            memcpy(credential->sio + 32, rxBuffer + 8, 24);
 
-            credential->sio_len += 24;
 
-        } else if(memcmp(buffer, read4Block13, len) == 0) {
 
-            memcpy(credential->sio + 32, rxBuffer + 8, 24);
 
-            credential->sio_len += 24;
 
+        if(buffer[0] == RFAL_PICOPASS_CMD_READ_OR_IDENTIFY) {
 
+            FURI_LOG_D(TAG, "Picopass Read1 block %02x", buffer[1]);
 
+        }
 
+        if(buffer[0] == RFAL_PICOPASS_CMD_READ4) {
 
+            FURI_LOG_D(TAG, "Picopass Read4 block %02x", buffer[1]);
 
+        }
 
+
 
+        if(buffer[0] == RFAL_PICOPASS_CMD_READ4) {
 
+            uint8_t block_num = buffer[1];
 
+            if(credential->sio_len == 0 && rxBuffer[0] == 0x30) {
 
+                credential->sio_start_block = block_num;
 
+            }
 
+            uint8_t offset = (block_num - credential->sio_start_block) * PICOPASS_BLOCK_LEN;
 
+            memcpy(credential->sio + offset, rxBuffer, PICOPASS_BLOCK_LEN * 4);
 
+            credential->sio_len += PICOPASS_BLOCK_LEN * 4;
 
         }
 
     } else if(credential->type == SeaderCredentialType14A) {
 
         // Desfire EV1 passes SIO in the clear

+ 1 - 0
seader_credential.c
Ver ficheiro 

@@ -639,6 +639,7 @@ void seader_credential_clear(SeaderCredential* cred) {
 
     cred->type = SeaderCredentialTypeNone;
 
     memset(cred->sio, 0, sizeof(cred->sio));
 
     cred->sio_len = 0;
 
+    cred->sio_start_block = 0;
 
     memset(cred->diversifier, 0, sizeof(cred->diversifier));
 
     cred->diversifier_len = 0;
 
     furi_string_reset(cred->load_path);

+ 1 - 0
seader_credential.h
Ver ficheiro 

@@ -41,6 +41,7 @@ typedef struct {
 
     uint8_t sio_len;
 
     uint8_t diversifier[8];
 
     uint8_t diversifier_len;
 
+    uint8_t sio_start_block; // for iClass SE vs iClass SR
 
     bool isDesfire;
 
     SeaderCredentialType type;
 
     SeaderCredentialSaveFormat save_format;