{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
{"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"},
{"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"},
+ {"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},
{NULL, NULL, 0, NULL}
};
char *hexout;
- if (strlen(cmd)<3) {
+ if (strlen(cmd)<2) {
PrintAndLog("Usage: hf 15 cmd raw [-r] [-2] [-c] <0A 0B 0C ... hex>");
PrintAndLog(" -r do not read response");
PrintAndLog(" -2 use slower '1 out of 256' mode");
SendCommand(&c);
if (reply) {
- if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
recv = resp.d.asBytes;
- PrintAndLog("received %i octets",resp.arg[0]);
- hexout = (char *)malloc(resp.arg[0] * 3 + 1);
- if (hexout != NULL) {
- for (int i = 0; i < resp.arg[0]; i++) { // data in hex
- sprintf(&hexout[i * 3], "%02X ", recv[i]);
+ int recv_len = resp.arg[0];
+ if (recv_len == 0) {
+ PrintAndLog("received SOF only. Maybe Picopass/iCLASS?");
+ } else if (recv_len > 0) {
+ PrintAndLog("received %i octets", recv_len);
+ hexout = (char *)malloc(resp.arg[0] * 3 + 1);
+ if (hexout != NULL) {
+ for (int i = 0; i < resp.arg[0]; i++) { // data in hex
+ sprintf(&hexout[i * 3], "%02X ", recv[i]);
+ }
+ PrintAndLog("%s", hexout);
+ free(hexout);
}
- PrintAndLog("%s", hexout);
- free(hexout);
+ } else if (recv_len == -1) {
+ PrintAndLog("card didn't respond");
+ } else if (recv_len == -2) {
+ PrintAndLog("receive buffer overflow");
}
} else {
PrintAndLog("timeout while waiting for reply.");
}
-
- } // if reply
+ }
+
return 0;
}
return 0;
}
+int CmdHF15CSetUID(const char *Cmd)
+{
+ uint8_t uid[8] = {0x00};
+ uint8_t oldUid[8], newUid[8] = {0x00};
+
+ uint8_t needHelp = 0;
+ char cmdp = 1;
+
+ if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 16)) {
+ PrintAndLog("UID must include 16 HEX symbols");
+ return 1;
+ }
+
+ if (uid[0] != 0xe0) {
+ PrintAndLog("UID must begin with the byte 'E0'");
+ return 1;
+ }
+
+ while(param_getchar(Cmd, cmdp) != 0x00)
+ {
+ switch(param_getchar(Cmd, cmdp))
+ {
+ case 'h':
+ case 'H':
+ needHelp = 1;
+ break;
+ default:
+ PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));
+ needHelp = 1;
+ break;
+ }
+ cmdp++;
+ }
+
+ if (strlen(Cmd) < 1 || needHelp) {
+ PrintAndLog("");
+ PrintAndLog("Usage: hf 15 csetuid <UID 16 hex symbols>");
+ PrintAndLog("sample: hf 15 csetuid E004013344556677");
+ PrintAndLog("Set UID for magic Chinese card (only works with such cards)");
+ return 0;
+ }
+
+ PrintAndLog("");
+ PrintAndLog("new UID | %s", sprint_hex(uid, 8));
+ PrintAndLog("Using backdoor Magic tag function");
+
+ if (!getUID(oldUid)) {
+ PrintAndLog("Can't get old UID.");
+ return 1;
+ }
+
+ UsbCommand resp;
+ uint8_t *recv;
+ char *hexout;
+ UsbCommand c = {CMD_CSETUID_ISO_15693, {0, 0, 0}};
+ memcpy(c.d.asBytes, uid, 8);
+
+ SendCommand(&c);
+
+ for (int i=0; i<4; i++) {
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ recv = resp.d.asBytes;
+ PrintAndLog("received %i octets",resp.arg[0]);
+ hexout = (char *)malloc(resp.arg[0] * 3 + 1);
+ if (hexout != NULL) {
+ for (int i = 0; i < resp.arg[0]; i++) { // data in hex
+ sprintf(&hexout[i * 3], "%02X ", recv[i]);
+ }
+ PrintAndLog("%s", hexout);
+ free(hexout);
+ }
+ } else {
+ PrintAndLog("timeout while waiting for reply.");
+ }
+ }
+
+ if (!getUID(newUid)) {
+ PrintAndLog("Can't get new UID.");
+ return 1;
+ }
+
+ PrintAndLog("");
+ PrintAndLog("old UID : %02X %02X %02X %02X %02X %02X %02X %02X", oldUid[7], oldUid[6], oldUid[5], oldUid[4], oldUid[3], oldUid[2], oldUid[1], oldUid[0]);
+ PrintAndLog("new UID : %02X %02X %02X %02X %02X %02X %02X %02X", newUid[7], newUid[6], newUid[5], newUid[4], newUid[3], newUid[2], newUid[1], newUid[0]);
+ return 0;
+}
static command_t CommandTable15Cmd[] =
{"write", CmdHF15CmdWrite, 0, "Write a block"},
{"readmulti",CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"},
{"sysinfo",CmdHF15CmdSysinfo, 0, "Get Card Information"},
- {"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"},
+ {"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"},
+ {"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},
{"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"},
{NULL, NULL, 0, NULL}
};
projects / proxmark3-svn / blobdiff