Picopass fix ice (#2836)

* Fix copypaste error
* Add iCE key to dictionary
* Write iCE key as elite, others with standard kdf

Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
Eric Betts 2023-07-05 02:26:50 -07:00 committed by GitHub
parent bb16997809
commit 08bafc478e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 3 deletions

View File

@ -16,6 +16,7 @@ PicopassDevice* picopass_device_alloc() {
PicopassDevice* picopass_dev = malloc(sizeof(PicopassDevice)); PicopassDevice* picopass_dev = malloc(sizeof(PicopassDevice));
picopass_dev->dev_data.pacs.legacy = false; picopass_dev->dev_data.pacs.legacy = false;
picopass_dev->dev_data.pacs.se_enabled = false; picopass_dev->dev_data.pacs.se_enabled = false;
picopass_dev->dev_data.pacs.elite_kdf = false;
picopass_dev->dev_data.pacs.pin_length = 0; picopass_dev->dev_data.pacs.pin_length = 0;
picopass_dev->storage = furi_record_open(RECORD_STORAGE); picopass_dev->storage = furi_record_open(RECORD_STORAGE);
picopass_dev->dialogs = furi_record_open(RECORD_DIALOGS); picopass_dev->dialogs = furi_record_open(RECORD_DIALOGS);
@ -77,6 +78,7 @@ static bool picopass_device_save_file(
break; break;
} }
} }
// TODO: Add elite
if(!flipper_format_write_comment_cstr(file, "Picopass blocks")) break; if(!flipper_format_write_comment_cstr(file, "Picopass blocks")) break;
bool block_saved = true; bool block_saved = true;
@ -256,6 +258,7 @@ void picopass_device_data_clear(PicopassDeviceData* dev_data) {
} }
dev_data->pacs.legacy = false; dev_data->pacs.legacy = false;
dev_data->pacs.se_enabled = false; dev_data->pacs.se_enabled = false;
dev_data->pacs.elite_kdf = false;
dev_data->pacs.pin_length = 0; dev_data->pacs.pin_length = 0;
} }

View File

@ -62,6 +62,7 @@ typedef struct {
bool sio; bool sio;
bool biometrics; bool biometrics;
uint8_t key[8]; uint8_t key[8];
bool elite_kdf;
uint8_t pin_length; uint8_t pin_length;
PicopassEncryption encryption; PicopassEncryption encryption;
uint8_t credential[8]; uint8_t credential[8];

View File

@ -550,6 +550,7 @@ void picopass_worker_elite_dict_attack(PicopassWorker* picopass_worker) {
if(err == ERR_NONE) { if(err == ERR_NONE) {
FURI_LOG_I(TAG, "Found key"); FURI_LOG_I(TAG, "Found key");
memcpy(pacs->key, key, PICOPASS_BLOCK_LEN); memcpy(pacs->key, key, PICOPASS_BLOCK_LEN);
pacs->elite_kdf = elite;
err = picopass_read_card(AA1); err = picopass_read_card(AA1);
if(err != ERR_NONE) { if(err != ERR_NONE) {
FURI_LOG_E(TAG, "picopass_read_card error %d", err); FURI_LOG_E(TAG, "picopass_read_card error %d", err);
@ -720,7 +721,7 @@ void picopass_worker_write_key(PicopassWorker* picopass_worker) {
uint8_t* oldKey = AA1[PICOPASS_KD_BLOCK_INDEX].data; uint8_t* oldKey = AA1[PICOPASS_KD_BLOCK_INDEX].data;
uint8_t newKey[PICOPASS_BLOCK_LEN] = {0}; uint8_t newKey[PICOPASS_BLOCK_LEN] = {0};
loclass_iclass_calc_div_key(csn, pacs->key, newKey, false); loclass_iclass_calc_div_key(csn, pacs->key, newKey, pacs->elite_kdf);
if((fuses & 0x80) == 0x80) { if((fuses & 0x80) == 0x80) {
FURI_LOG_D(TAG, "Plain write for personalized mode key change"); FURI_LOG_D(TAG, "Plain write for personalized mode key change");

View File

@ -60,24 +60,28 @@ bool picopass_scene_key_menu_on_event(void* context, SceneManagerEvent event) {
scene_manager_set_scene_state( scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteStandard); picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteStandard);
memcpy(picopass->dev->dev_data.pacs.key, picopass_iclass_key, PICOPASS_BLOCK_LEN); memcpy(picopass->dev->dev_data.pacs.key, picopass_iclass_key, PICOPASS_BLOCK_LEN);
picopass->dev->dev_data.pacs.elite_kdf = false;
scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey); scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexWriteiCE) { } else if(event.event == SubmenuIndexWriteiCE) {
scene_manager_set_scene_state( scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCE); picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCE);
memcpy(picopass->dev->dev_data.pacs.key, picopass_xice_key, PICOPASS_BLOCK_LEN); memcpy(picopass->dev->dev_data.pacs.key, picopass_xice_key, PICOPASS_BLOCK_LEN);
picopass->dev->dev_data.pacs.elite_kdf = true;
scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey); scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexWriteiCL) { } else if(event.event == SubmenuIndexWriteiCL) {
scene_manager_set_scene_state( scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCE); picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCL);
memcpy(picopass->dev->dev_data.pacs.key, picopass_xicl_key, PICOPASS_BLOCK_LEN); memcpy(picopass->dev->dev_data.pacs.key, picopass_xicl_key, PICOPASS_BLOCK_LEN);
picopass->dev->dev_data.pacs.elite_kdf = false;
scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey); scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexWriteiCS) { } else if(event.event == SubmenuIndexWriteiCS) {
scene_manager_set_scene_state( scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCE); picopass->scene_manager, PicopassSceneKeyMenu, SubmenuIndexWriteiCS);
memcpy(picopass->dev->dev_data.pacs.key, picopass_xics_key, PICOPASS_BLOCK_LEN); memcpy(picopass->dev->dev_data.pacs.key, picopass_xics_key, PICOPASS_BLOCK_LEN);
picopass->dev->dev_data.pacs.elite_kdf = false;
scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey); scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteKey);
consumed = true; consumed = true;
} }

View File

@ -34,4 +34,8 @@ C1B74D7478053AE2
# default iCLASS RFIDeas # default iCLASS RFIDeas
6B65797374726B72 6B65797374726B72
# CTF key
5C100DF7042EAE64 5C100DF7042EAE64
# iCopy-X DRM key (iCE product)
2020666666668888