//flush queue\r
while (ukbhit()) getchar();\r
\r
- \r
// wait cycle\r
while (true) {\r
printf(".");\r
num_to_bytes(r_key, 6, keyBlock);\r
isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
}\r
+ \r
if (!isOK) \r
PrintAndLog("Found valid key:%012"llx, r_key);\r
else\r
goto start;\r
}\r
\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
return 0;\r
}\r
\r
-\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
uint8_t NumBlocksPerSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
return 1;\r
}\r
\r
- // Read key file\r
-\r
+ // Read keys A from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
}\r
}\r
\r
+ // Read keys B from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
bool received = false;\r
+ \r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
break;\r
}\r
}\r
-\r
}\r
\r
if (isOK) {\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfRestore(const char *Cmd)\r
{\r
-\r
uint8_t sectorNo,blockNo;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
int i, j, res, iterations;\r
PrintAndLog("-----------------------------------------------");\r
if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {\r
PrintAndLog("Nested error.\n");\r
+ free(e_sector);\r
return 2;\r
}\r
else {\r
\r
free(e_sector);\r
}\r
-\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
int transferToEml = 0;\r
int createDumpFile = 0;\r
\r
-\r
keyBlock = calloc(stKeyBlock, 6);\r
if (keyBlock == NULL) return 1;\r
\r
num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
}\r
\r
- \r
if (param_getchar(Cmd, 0)=='*') {\r
blockNo = 3;\r
switch(param_getchar(Cmd+1, 0)) {\r
PrintAndLog("File: %s: not found or locked.", filename);\r
free(keyBlock);\r
return 1;\r
+ \r
}\r
}\r
}\r
}\r
\r
free(keyBlock);\r
-\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMf1kSim(const char *Cmd)\r
{\r
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfDbg(const char *Cmd)\r
{\r
int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEGet(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEClear(const char *Cmd)\r
{\r
if (param_getchar(Cmd, 0) == 'h') {\r
// open file\r
f = fopen(filename, "r");\r
if (f == NULL) {\r
- PrintAndLog("File not found or locked.");\r
+ PrintAndLog("File %s not found or locked", filename);\r
return 1;\r
}\r
\r
}\r
for (i = 0; i < 32; i += 2) {\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
-// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));\r
}\r
+ \r
if (mfEmlSetMem(buf8, blockNum, 1)) {\r
PrintAndLog("Cant set emul block: %3d", blockNum);\r
fclose(f);\r
break;\r
}\r
for (j = 0; j < 16; j++)\r
- fprintf(f, "%02x", buf[j]); \r
+ fprintf(f, "%02X", buf[j]); \r
fprintf(f,"\n");\r
}\r
fclose(f);\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
uint8_t wipeCard = 0;\r
- uint8_t uid[8] = {0};\r
- uint8_t oldUid[8]= {0};\r
+ uint8_t uid[8] = {0x00};\r
+ uint8_t oldUid[8] = {0x00};\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
}\r
\r
PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r
+ PrintAndLog("new UID:%s", sprint_hex(uid, 4));\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCSetBlk(const char *Cmd)\r
{\r
uint8_t uid[8];\r
}\r
}\r
\r
-\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
uint8_t memBlock[16];\r
uint8_t blockNo = 0;\r
\r
\r
int CmdHF14AMfSniff(const char *Cmd){\r
- // params\r
+\r
bool wantLogToFile = 0;\r
bool wantDecrypt = 0;\r
//bool wantSaveToEml = 0; TODO\r
uint8_t atqa[2];\r
uint8_t sak;\r
bool isTag;\r
- uint32_t parity;\r
uint8_t buf[3000];\r
uint8_t * bufPtr = buf;\r
memset(buf, 0x00, 3000);\r
PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r
PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r
PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
- PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
- PrintAndLog("Usage: hf mf sniff [l][d][e][r]");\r
+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");\r
PrintAndLog(" sample: hf mf sniff l d e");\r
return 0;\r
} \r
printf(">\n");\r
PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
num = 0;\r
- while (bufPtr - buf + 9 < blockLen) {\r
- isTag = bufPtr[3] & 0x80 ? true:false;\r
- bufPtr += 4;\r
- parity = *((uint32_t *)(bufPtr));\r
- bufPtr += 4;\r
- len = bufPtr[0];\r
- bufPtr++;\r
- if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff)) {\r
+ while (bufPtr - buf < blockLen) {\r
+ bufPtr += 6;\r
+ len = *((uint16_t *)bufPtr);\r
+\r
+ if(len & 0x8000) {\r
+ isTag = true;\r
+ len &= 0x7fff;\r
+ } else {\r
+ isTag = false;\r
+ }\r
+ bufPtr += 2;\r
+ if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
+ \r
memcpy(uid, bufPtr + 2, 7);\r
memcpy(atqa, bufPtr + 2 + 7, 2);\r
uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r
FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
AddLogCurrentDT(logHexFileName);\r
} \r
- if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+ if (wantDecrypt) \r
+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
} else {\r
PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
- if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
- if (wantDecrypt) mfTraceDecode(bufPtr, len, parity, wantSaveToEmlFile);\r
+ if (wantLogToFile) \r
+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+ if (wantDecrypt) \r
+ mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
}\r
bufPtr += len;\r
+ bufPtr += ((len-1)/8+1); // ignore parity\r
num++;\r
}\r
}\r
- } // resp not NILL\r
+ } // resp not NULL\r
} // while (true)\r
\r
return 0;\r
projects / proxmark3-svn / blobdiff