Skip to content

Commit ccf61de

Browse files
iceman1001iceman1001
authored
Merge pull request #3072 from aaronjamt/patch-keyset-update
[hf seos] Combine read/write/admin keys
2 parents f843454 + d0ad38d commit ccf61de

File tree

1 file changed

+24
-60
lines changed

1 file changed

+24
-60
lines changed

client/src/cmdhfseos.c

Lines changed: 24 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,7 @@ typedef struct {
5151
uint8_t nonce[8];
5252
uint8_t privEncKey[16];
5353
uint8_t privMacKey[16];
54-
uint8_t readKey[16];
55-
uint8_t writeKey[16];
56-
uint8_t adminKey[16];
54+
uint8_t authKey[16];
5755
} keyset_t;
5856

5957
keyset_t keys[] = {
@@ -62,36 +60,28 @@ keyset_t keys[] = {
6260
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce
6361
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privEncKey
6462
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privMacKey
65-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // readKey
66-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // writeKey
67-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } // adminKey
63+
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // authKey
6864
},
6965
{
7066
0x01, // Keyslot
7167
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce
7268
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privEncKey
7369
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privMacKey
74-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // readKey
75-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // writeKey
76-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } // adminKey
70+
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // authKey
7771
},
7872
{
7973
0x02, // Keyslot
8074
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce
8175
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privEncKey
8276
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privMacKey
83-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // readKey
84-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // writeKey
85-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } // adminKey
77+
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // authKey
8678
},
8779
{
8880
0x09, // Keyslot
8981
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce
9082
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privEncKey
9183
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // privMacKey
92-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // readKey
93-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // writeKey
94-
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } // adminKey
84+
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // authKey
9585
},
9686
};
9787

@@ -898,7 +888,7 @@ static int seos_mutual_auth(uint8_t *adfOID, size_t adfoid_len, uint8_t *randomI
898888

899889
// ---------------- Diversify Keys ----------------
900890
uint8_t mk[16] = { 0x00 };
901-
memcpy(mk, keys[key_index].readKey, 16);
891+
memcpy(mk, keys[key_index].authKey, 16);
902892
uint8_t AES_key[24] = {0x00};
903893
uint8_t MAC_key[24] = {0x00};
904894

@@ -1432,9 +1422,7 @@ static int seos_print_keys(bool verbose) {
14321422
PrintAndLogEx(INFO, "Nonce............................ " _YELLOW_("%s"), sprint_hex(keys[i].nonce, 8));
14331423
PrintAndLogEx(INFO, "Privacy Encryption Key........... " _YELLOW_("%s"), sprint_hex(keys[i].privEncKey, 16));
14341424
PrintAndLogEx(INFO, "Privacy MAC Key.................. " _YELLOW_("%s"), sprint_hex(keys[i].privMacKey, 16));
1435-
PrintAndLogEx(INFO, "Read Key......................... " _YELLOW_("%s"), sprint_hex(keys[i].readKey, 16));
1436-
PrintAndLogEx(INFO, "Write Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].writeKey, 16));
1437-
PrintAndLogEx(INFO, "Admin Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].adminKey, 16));
1425+
PrintAndLogEx(INFO, "Auth Key......................... " _YELLOW_("%s"), sprint_hex(keys[i].authKey, 16));
14381426
PrintAndLogEx(INFO, "----------------------------");
14391427
}
14401428
} else {
@@ -1477,9 +1465,7 @@ static int seos_load_keys(char *filename) {
14771465
memcpy(keys[i].nonce, dump + ((i * kn) + 1), 8);
14781466
memcpy(keys[i].privEncKey, dump + ((i * kn) + 9), 16);
14791467
memcpy(keys[i].privMacKey, dump + ((i * kn) + 25), 16);
1480-
memcpy(keys[i].readKey, dump + ((i * kn) + 41), 16);
1481-
memcpy(keys[i].writeKey, dump + ((i * kn) + 57), 16);
1482-
memcpy(keys[i].adminKey, dump + ((i * kn) + 73), 16);
1468+
memcpy(keys[i].authKey, dump + ((i * kn) + 41), 16);
14831469
}
14841470

14851471
free(dump);
@@ -1797,7 +1783,7 @@ static int CmdHfSeosSim(const char *Cmd) {
17971783
// Copy all the provided values into the request object
17981784
memcpy(request.privenc, keys[key_index].privEncKey, 16);
17991785
memcpy(request.privmac, keys[key_index].privMacKey, 16);
1800-
memcpy(request.authkey, keys[key_index].readKey, 16);
1786+
memcpy(request.authkey, keys[key_index].authKey, 16);
18011787

18021788
memcpy(request.uid, uid, uid_len);
18031789
memcpy(request.diversifier, diversifier, diversifier_len);
@@ -1841,9 +1827,7 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
18411827
arg_str0(NULL, "nonce", "<hex>", "Nonce value as 8 hex bytes"),
18421828
arg_str0(NULL, "privenc", "<hex>", "Privacy Encryption key as 16 hex bytes"),
18431829
arg_str0(NULL, "privmac", "<hex>", "Privacy MAC key as 16 hex bytes"),
1844-
arg_str0(NULL, "read", "<hex>", "Undiversified Read key as 16 hex bytes"),
1845-
arg_str0(NULL, "write", "<hex>", "Undiversified Write key as 16 hex bytes"),
1846-
arg_str0(NULL, "admin", "<hex>", "Undiversified Admin key as 16 hex bytes"),
1830+
arg_str0(NULL, "auth", "<hex>", "Undiversified Auth key as 16 hex bytes"),
18471831

18481832
arg_str0("f", "file", "<fn>", "Specify a filename for load / save operations"),
18491833
arg_lit0(NULL, "save", "Save keys in memory to file specified by filename"),
@@ -1863,28 +1847,22 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
18631847
uint8_t nonce[8] = {0};
18641848
uint8_t privenc[16] = {0};
18651849
uint8_t privmac[16] = {0};
1866-
uint8_t read[16] = {0};
1867-
uint8_t write[16] = {0};
1868-
uint8_t admin[16] = {0};
1850+
uint8_t auth[16] = {0};
18691851
int keyslot_len = 0;
18701852
int nonce_len = 0;
18711853
int privenc_len = 0;
18721854
int privmac_len = 0;
1873-
int read_len = 0;
1874-
int write_len = 0;
1875-
int admin_len = 0;
1855+
int auth_len = 0;
18761856

18771857
int key_index = arg_get_int_def(ctx, 1, -1);
18781858

18791859
CLIGetHexWithReturn(ctx, 2, keyslot, &keyslot_len);
18801860
CLIGetHexWithReturn(ctx, 3, nonce, &nonce_len);
18811861
CLIGetHexWithReturn(ctx, 4, privenc, &privenc_len);
18821862
CLIGetHexWithReturn(ctx, 5, privmac, &privmac_len);
1883-
CLIGetHexWithReturn(ctx, 6, read, &read_len);
1884-
CLIGetHexWithReturn(ctx, 7, write, &write_len);
1885-
CLIGetHexWithReturn(ctx, 8, admin, &admin_len);
1863+
CLIGetHexWithReturn(ctx, 6, auth, &auth_len);
18861864

1887-
CLIParamStrToBuf(arg_get_str(ctx, 9), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
1865+
CLIParamStrToBuf(arg_get_str(ctx, 7), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
18881866

18891867
if (key_index >= 0) {
18901868
operation += 3;
@@ -1901,14 +1879,8 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
19011879
if (privmac_len != 0) {
19021880
PrintAndLogEx(SUCCESS, "Current value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16));
19031881
}
1904-
if (read_len != 0) {
1905-
PrintAndLogEx(SUCCESS, "Current value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16));
1906-
}
1907-
if (write_len != 0) {
1908-
PrintAndLogEx(SUCCESS, "Current value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16));
1909-
}
1910-
if (admin_len != 0) {
1911-
PrintAndLogEx(SUCCESS, "Current value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16));
1882+
if (auth_len != 0) {
1883+
PrintAndLogEx(SUCCESS, "Current value for Auth Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].authKey, 16));
19121884
}
19131885
} else {
19141886
PrintAndLogEx(ERR, "Key index is out-of-range");
@@ -1917,17 +1889,17 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
19171889
}
19181890
}
19191891

1920-
if (arg_get_lit(ctx, 10)) { //save
1892+
if (arg_get_lit(ctx, 8)) { //save
19211893
operation += 6;
19221894
}
1923-
if (arg_get_lit(ctx, 11)) { //load
1895+
if (arg_get_lit(ctx, 9)) { //load
19241896
operation += 5;
19251897
}
1926-
if (arg_get_lit(ctx, 12)) { //print
1898+
if (arg_get_lit(ctx, 10)) { //print
19271899
operation += 4;
19281900
}
19291901

1930-
bool verbose = arg_get_lit(ctx, 13);
1902+
bool verbose = arg_get_lit(ctx, 11);
19311903

19321904
CLIParserFree(ctx);
19331905

@@ -1943,7 +1915,7 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
19431915
PrintAndLogEx(ERR, "You must enter a filename when loading or saving\n");
19441916
return PM3_EINVARG;
19451917
}
1946-
if (((keyslot_len > 0) || (nonce_len > 0) || (privenc_len > 0) || (privmac_len > 0) || (read_len > 0) || (write_len > 0) || (admin_len > 0)) && key_index == -1) {
1918+
if (((keyslot_len > 0) || (nonce_len > 0) || (privenc_len > 0) || (privmac_len > 0) || (auth_len > 0)) && key_index == -1) {
19471919
PrintAndLogEx(ERR, "Please specify key index when specifying key");
19481920
return PM3_EINVARG;
19491921
}
@@ -1966,17 +1938,9 @@ static int CmdHfSeosManageKeys(const char *Cmd) {
19661938
memcpy(keys[key_index].privMacKey, privmac, 16);
19671939
PrintAndLogEx(SUCCESS, "New value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16));
19681940
}
1969-
if (read_len != 0) {
1970-
memcpy(keys[key_index].readKey, read, 16);
1971-
PrintAndLogEx(SUCCESS, "New value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16));
1972-
}
1973-
if (write_len != 0) {
1974-
memcpy(keys[key_index].writeKey, write, 16);
1975-
PrintAndLogEx(SUCCESS, "New value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16));
1976-
}
1977-
if (admin_len != 0) {
1978-
memcpy(keys[key_index].adminKey, admin, 16);
1979-
PrintAndLogEx(SUCCESS, "New value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16));
1941+
if (auth_len != 0) {
1942+
memcpy(keys[key_index].authKey, auth, 16);
1943+
PrintAndLogEx(SUCCESS, "New value for Auth Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].authKey, 16));
19801944
}
19811945
return PM3_SUCCESS;
19821946
case 4:

0 commit comments

Comments
 (0)