+\r
+ if (strlen(buf) < 32){\r
+ if(strlen(buf) && feof(f))\r
+ break;\r
+ PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
+ fclose(f);\r
+ return 2;\r
+ }\r
+\r
+ for (i = 0; i < 32; i += 2) {\r
+ sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
+ }\r
+\r
+ if (mfEmlSetMem(buf8, blockNum, 1)) {\r
+ PrintAndLog("Cant set emul block: %3d", blockNum);\r
+ fclose(f);\r
+ return 3;\r
+ }\r
+ printf(".");\r
+ blockNum++;\r
+\r
+ if (blockNum >= numBlocks) break;\r
+ }\r
+ fclose(f);\r
+ printf("\n");\r
+\r
+ if ((blockNum != numBlocks)) {\r
+ PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks);\r
+ return 4;\r
+ }\r
+ PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename);\r
+ return 0;\r
+}\r
+\r
+\r
+int CmdHF14AMfESave(const char *Cmd)\r
+{\r
+ FILE * f;\r
+ char filename[FILE_PATH_SIZE];\r
+ char * fnameptr = filename;\r
+ uint8_t buf[64];\r
+ int i, j, len, numBlocks;\r
+ int nameParamNo = 1;\r
+\r
+ memset(filename, 0, sizeof(filename));\r
+ memset(buf, 0, sizeof(buf));\r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
+\r
+ if ( ctmp == 'h' || ctmp == 'H') {\r
+ PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`");\r
+ PrintAndLog(" Usage: hf mf esave [card memory] [file name w/o `.eml`]");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("");\r
+ PrintAndLog(" sample: hf mf esave ");\r
+ PrintAndLog(" hf mf esave 4");\r
+ PrintAndLog(" hf mf esave 4 filename");\r
+ return 0;\r
+ }\r
+\r
+ switch (ctmp) {\r
+ case '0' : numBlocks = 5*4; break;\r
+ case '1' :\r
+ case '\0': numBlocks = 16*4; break;\r
+ case '2' : numBlocks = 32*4; break;\r
+ case '4' : numBlocks = 256; break;\r
+ default: {\r
+ numBlocks = 16*4;\r
+ nameParamNo = 0;\r
+ }\r
+ }\r
+\r
+ len = param_getstr(Cmd,nameParamNo,filename);\r
+\r
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
+\r
+ // user supplied filename?\r
+ if (len < 1) {\r
+ // get filename (UID from memory)\r
+ if (mfEmlGetMem(buf, 0, 1)) {\r
+ PrintAndLog("Can\'t get UID from block: %d", 0);\r
+ len = sprintf(fnameptr, "dump");\r
+ fnameptr += len;\r
+ }\r
+ else {\r
+ for (j = 0; j < 7; j++, fnameptr += 2)\r
+ sprintf(fnameptr, "%02X", buf[j]);\r
+ }\r
+ } else {\r
+ fnameptr += len;\r
+ }\r
+\r
+ // add file extension\r
+ sprintf(fnameptr, ".eml");\r
+\r
+ // open file\r
+ f = fopen(filename, "w+");\r
+\r
+ if ( !f ) {\r
+ PrintAndLog("Can't open file %s ", filename);\r
+ return 1;\r
+ }\r
+\r
+ // put hex\r
+ for (i = 0; i < numBlocks; i++) {\r
+ if (mfEmlGetMem(buf, i, 1)) {\r
+ PrintAndLog("Cant get block: %d", i);\r
+ break;\r
+ }\r
+ for (j = 0; j < 16; j++)\r
+ fprintf(f, "%02X", buf[j]);\r
+ fprintf(f,"\n");\r
+ }\r
+ fclose(f);\r
+\r
+ PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename);\r
+\r
+ return 0;\r
+}\r
+\r
+\r
+int CmdHF14AMfECFill(const char *Cmd)\r
+{\r
+ uint8_t keyType = 0;\r
+ uint8_t numSectors = 16;\r
+\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("Usage: hf mf ecfill <key A/B> [card memory]");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("");\r
+ PrintAndLog("samples: hf mf ecfill A");\r
+ PrintAndLog(" hf mf ecfill A 4");\r
+ PrintAndLog("Read card and transfer its data to emulator memory.");\r
+ PrintAndLog("Keys must be laid in the emulator memory. \n");\r
+ return 0;\r
+ }\r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a') keyType = 1;\r
+\r
+ ctmp = param_getchar(Cmd, 1);\r
+ switch (ctmp) {\r
+ case '0' : numSectors = 5; break;\r
+ case '1' :\r
+ case '\0': numSectors = 16; break;\r
+ case '2' : numSectors = 32; break;\r
+ case '4' : numSectors = 40; break;\r
+ default: numSectors = 16;\r
+ }\r
+\r
+ printf("--params: numSectors: %d, keyType:%d", numSectors, keyType);\r
+ UsbCommand c = {CMD_MIFARE_EML_CARDLOAD, {numSectors, keyType, 0}};\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+int CmdHF14AMfEKeyPrn(const char *Cmd)\r
+{\r
+ int i;\r
+ uint8_t numSectors;\r
+ uint8_t data[16];\r
+ uint64_t keyA, keyB;\r
+\r
+ if (param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("It prints the keys loaded in the emulator memory");\r
+ PrintAndLog("Usage: hf mf ekeyprn [card memory]");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("");\r
+ PrintAndLog(" sample: hf mf ekeyprn 1");\r
+ return 0;\r
+ }\r
+\r
+ char cmdp = param_getchar(Cmd, 0);\r
+\r
+ switch (cmdp) {\r
+ case '0' : numSectors = 5; break;\r
+ case '1' :\r
+ case '\0': numSectors = 16; break;\r
+ case '2' : numSectors = 32; break;\r
+ case '4' : numSectors = 40; break;\r
+ default: numSectors = 16;\r
+ }\r
+\r
+ PrintAndLog("|---|----------------|----------------|");\r
+ PrintAndLog("|sec|key A |key B |");\r
+ PrintAndLog("|---|----------------|----------------|");\r
+ for (i = 0; i < numSectors; i++) {\r
+ if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {\r
+ PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
+ break;\r
+ }\r
+ keyA = bytes_to_num(data, 6);\r
+ keyB = bytes_to_num(data + 10, 6);\r
+ PrintAndLog("|%03d| %012" PRIx64 " | %012" PRIx64 " |", i, keyA, keyB);\r
+ }\r
+ PrintAndLog("|---|----------------|----------------|");\r
+\r
+ return 0;\r
+}\r
+\r
+int CmdHF14AMfCSetUID(const char *Cmd)\r
+{\r
+ uint8_t uid[8] = {0x00};\r
+ uint8_t oldUid[8] = {0x00};\r
+ uint8_t atqa[2] = {0x00};\r
+ uint8_t sak[1] = {0x00};\r
+ uint8_t atqaPresent = 0;\r
+ int res;\r
+\r
+ uint8_t needHelp = 0;\r
+ char cmdp = 1;\r
+ \r
+ if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {\r
+ PrintAndLog("UID must include 8 HEX symbols");\r
+ return 1;\r
+ }\r
+\r
+ if (param_getlength(Cmd, 1) > 1 && param_getlength(Cmd, 2) > 1) {\r
+ atqaPresent = 1;\r
+ cmdp = 3;\r
+ \r
+ if (param_gethex(Cmd, 1, atqa, 4)) {\r
+ PrintAndLog("ATQA must include 4 HEX symbols");\r
+ return 1;\r
+ }\r
+ \r
+ if (param_gethex(Cmd, 2, sak, 2)) {\r
+ PrintAndLog("SAK must include 2 HEX symbols");\r
+ return 1;\r
+ }\r
+ }\r
+\r
+ while(param_getchar(Cmd, cmdp) != 0x00)\r
+ {\r
+ switch(param_getchar(Cmd, cmdp))\r
+ {\r
+ case 'h':\r
+ case 'H':\r
+ needHelp = 1;\r
+ break;\r
+ default:\r
+ PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ needHelp = 1;\r
+ break;\r
+ }\r
+ cmdp++;\r
+ }\r
+\r
+ if (strlen(Cmd) < 1 || needHelp) {\r
+ PrintAndLog("");\r
+ PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols]");\r
+ PrintAndLog("sample: hf mf csetuid 01020304");\r
+ PrintAndLog("sample: hf mf csetuid 01020304 0004 08");\r
+ PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");\r
+ return 0;\r
+ }\r
+\r
+ PrintAndLog("uid:%s", sprint_hex(uid, 4));\r
+ if (atqaPresent) {\r
+ PrintAndLog("--atqa:%s sak:%02x", sprint_hex(atqa, 2), sak[0]);\r
+ }\r
+\r
+ res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid);\r
+ if (res) {\r
+ PrintAndLog("Can't set UID. Error=%d", res);\r
+ return 1;\r
+ }\r
+\r
+ PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r
+ PrintAndLog("new UID:%s", sprint_hex(uid, 4));\r
+ return 0;\r
+}\r
+\r
+int CmdHF14AMfCWipe(const char *Cmd)\r
+{\r
+ int res, gen = 0;\r
+ int numBlocks = 16 * 4;\r
+ bool wipeCard = false;\r
+ bool fillCard = false;\r
+ \r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("Usage: hf mf cwipe [card size] [w] [p]");\r
+ PrintAndLog("sample: hf mf cwipe 1 w s");\r
+ PrintAndLog("[card size]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("w - Wipe magic Chinese card (only works with gen:1a cards)");\r
+ PrintAndLog("f - Fill the card with default data and keys (works with gen:1a and gen:1b cards only)");\r
+ return 0;\r
+ }\r
+\r
+ gen = mfCIdentify();\r
+ if ((gen != 1) && (gen != 2)) \r
+ return 1;\r
+ \r
+ numBlocks = ParamCardSizeBlocks(param_getchar(Cmd, 0));\r
+\r
+ char cmdp = 0;\r
+ while(param_getchar(Cmd, cmdp) != 0x00){\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'w':\r
+ case 'W':\r
+ wipeCard = 1;\r
+ break;\r
+ case 'f':\r
+ case 'F':\r
+ fillCard = 1;\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+ cmdp++;\r
+ }\r
+\r
+ if (!wipeCard && !fillCard) \r
+ wipeCard = true;\r
+\r
+ PrintAndLog("--blocks count:%2d wipe:%c fill:%c", numBlocks, (wipeCard)?'y':'n', (fillCard)?'y':'n');\r
+\r
+ if (gen == 2) {\r
+ /* generation 1b magic card */\r
+ if (wipeCard) {\r
+ PrintAndLog("WARNING: can't wipe magic card 1b generation");\r
+ }\r
+ res = mfCWipe(numBlocks, true, false, fillCard); \r
+ } else {\r
+ /* generation 1a magic card by default */\r
+ res = mfCWipe(numBlocks, false, wipeCard, fillCard); \r
+ }\r
+\r
+ if (res) {\r
+ PrintAndLog("Can't wipe. error=%d", res);\r
+ return 1;\r
+ }\r
+ PrintAndLog("OK");\r
+ return 0;\r
+}\r
+\r
+int CmdHF14AMfCSetBlk(const char *Cmd)\r
+{\r
+ uint8_t memBlock[16] = {0x00};\r
+ uint8_t blockNo = 0;\r
+ bool wipeCard = false;\r
+ int res, gen = 0;\r
+\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)> [w]");\r
+ PrintAndLog("sample: hf mf csetblk 1 01020304050607080910111213141516");\r
+ PrintAndLog("Set block data for magic Chinese card (only works with such cards)");\r
+ PrintAndLog("If you also want wipe the card then add 'w' at the end of the command line");\r
+ return 0;\r
+ }\r
+\r
+ gen = mfCIdentify();\r
+ if ((gen != 1) && (gen != 2)) \r
+ return 1;\r
+\r
+ blockNo = param_get8(Cmd, 0);\r
+\r
+ if (param_gethex(Cmd, 1, memBlock, 32)) {\r
+ PrintAndLog("block data must include 32 HEX symbols");\r
+ return 1;\r
+ }\r
+\r
+ char ctmp = param_getchar(Cmd, 2);\r
+ wipeCard = (ctmp == 'w' || ctmp == 'W');\r
+ PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r
+\r
+ if (gen == 2) {\r
+ /* generation 1b magic card */\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r
+ } else {\r
+ /* generation 1a magic card by default */\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r
+ }\r
+\r
+ if (res) {\r
+ PrintAndLog("Can't write block. error=%d", res);\r
+ return 1;\r
+ }\r
+ return 0;\r
+}\r
+\r
+\r
+int CmdHF14AMfCLoad(const char *Cmd)\r
+{\r
+ FILE * f;\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
+ char * fnameptr = filename;\r
+ char buf[256] = {0x00};\r
+ uint8_t buf8[256] = {0x00};\r
+ uint8_t fillFromEmulator = 0;\r
+ int i, len, blockNum, flags = 0, gen = 0, numblock = 64;\r
+\r
+ if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
+ PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
+ PrintAndLog("or from emulator memory (option `e`). 4K card: (option `4`)");\r
+ PrintAndLog("Usage: hf mf cload [file name w/o `.eml`][e][4]");\r
+ PrintAndLog(" or: hf mf cload e [4]");\r
+ PrintAndLog("Sample: hf mf cload filename");\r
+ PrintAndLog(" hf mf cload filname 4");\r
+ PrintAndLog(" hf mf cload e");\r
+ PrintAndLog(" hf mf cload e 4");\r
+ return 0;\r
+ }\r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
+ if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
+ ctmp = param_getchar(Cmd, 1);\r
+ if (ctmp == '4') numblock = 256;\r
+\r
+ gen = mfCIdentify();\r
+ PrintAndLog("Loading magic mifare %dK", numblock == 256 ? 4:1);\r
+\r
+ if (fillFromEmulator) {\r
+ for (blockNum = 0; blockNum < numblock; blockNum += 1) {\r
+ if (mfEmlGetMem(buf8, blockNum, 1)) {\r
+ PrintAndLog("Cant get block: %d", blockNum);\r
+ return 2;\r
+ }\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 1) flags = 0; // just write\r
+ if (blockNum == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r
+\r
+ if (gen == 2)\r
+ /* generation 1b magic card */\r
+ flags |= CSETBLOCK_MAGIC_1B;\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
+ PrintAndLog("Cant set magic card block: %d", blockNum);\r
+ return 3;\r
+ }\r
+ }\r
+ return 0;\r
+ } else {\r
+ param_getstr(Cmd, 0, filename);\r
+\r
+ len = strlen(filename);\r
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
+\r
+ //memcpy(filename, Cmd, len);\r
+ fnameptr += len;\r
+\r
+ sprintf(fnameptr, ".eml");\r
+\r
+ // open file\r
+ f = fopen(filename, "r");\r
+ if (f == NULL) {\r
+ PrintAndLog("File not found or locked.");\r
+ return 1;\r
+ }\r
+\r
+ blockNum = 0;\r
+ while(!feof(f)){\r
+\r
+ memset(buf, 0, sizeof(buf));\r
+\r
+ if (fgets(buf, sizeof(buf), f) == NULL) {\r
+ fclose(f);\r
+ PrintAndLog("File reading error.");\r
+ return 2;\r
+ }\r
+\r
+ if (strlen(buf) < 32) {\r
+ if(strlen(buf) && feof(f))\r
+ break;\r
+ PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
+ fclose(f);\r
+ return 2;\r
+ }\r
+ for (i = 0; i < 32; i += 2)\r
+ sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
+\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 1) flags = 0; // just write\r
+ if (blockNum == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r
+\r
+ if (gen == 2)\r
+ /* generation 1b magic card */\r
+ flags |= CSETBLOCK_MAGIC_1B;\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
+ PrintAndLog("Can't set magic card block: %d", blockNum);\r
+ fclose(f);\r
+ return 3;\r
+ }\r
+ blockNum++;\r
+\r
+ if (blockNum >= numblock) break; // magic card type - mifare 1K 64 blocks, mifare 4k 256 blocks\r
+ }\r
+ fclose(f);\r
+\r
+ //if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){\r
+ if (blockNum != numblock){\r
+ PrintAndLog("File content error. There must be %d blocks", numblock);\r
+ return 4;\r
+ }\r
+ PrintAndLog("Loaded from file: %s", filename);\r
+ return 0;\r
+ }\r
+ return 0;\r
+}\r
+\r
+int CmdHF14AMfCGetBlk(const char *Cmd) {\r
+ uint8_t memBlock[16];\r
+ uint8_t blockNo = 0;\r
+ int res, gen = 0;\r
+ memset(memBlock, 0x00, sizeof(memBlock));\r
+\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("Usage: hf mf cgetblk <block number>");\r
+ PrintAndLog("sample: hf mf cgetblk 1");\r
+ PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r
+ return 0;\r
+ }\r
+\r
+ gen = mfCIdentify();\r
+\r
+ blockNo = param_get8(Cmd, 0);\r
+\r
+ PrintAndLog("--block number:%2d ", blockNo);\r
+\r
+ if (gen == 2) {\r
+ /* generation 1b magic card */\r
+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r
+ } else {\r
+ /* generation 1a magic card by default */\r
+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r
+ }\r
+ if (res) {\r
+ PrintAndLog("Can't read block. error=%d", res);\r
+ return 1;\r
+ }\r
+\r
+ PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r