// High frequency MIFARE commands\r
//-----------------------------------------------------------------------------\r
\r
-#include <inttypes.h>\r
#include "cmdhfmf.h"\r
-#include "./nonce2key/nonce2key.h"\r
+\r
+#include <inttypes.h>\r
+#include <string.h>\r
+#include <stdio.h>\r
+#include <stdlib.h>\r
+#include <ctype.h>\r
+#include "proxmark3.h"\r
+#include "cmdmain.h"\r
+#include "cmdhfmfhard.h"\r
+#include "util.h"\r
+#include "util_posix.h"\r
+#include "usb_cmd.h"\r
+#include "ui.h"\r
+#include "mifarehost.h"\r
+#include "mifare.h"\r
+#include "mfkey.h"\r
+\r
+#define NESTED_SECTOR_RETRY 10 // how often we try mfested() until we give up\r
+\r
\r
static int CmdHelp(const char *Cmd);\r
\r
int CmdHF14AMifare(const char *Cmd)\r
{\r
- uint32_t uid = 0;\r
- uint32_t nt = 0, nr = 0;\r
- uint64_t par_list = 0, ks_list = 0, r_key = 0;\r
- int16_t isOK = 0;\r
-\r
- UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};\r
-\r
- // message\r
- printf("-------------------------------------------------------------------------\n");\r
- printf("Executing command. Expected execution time: 25sec on average :-)\n");\r
- printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n");\r
- printf("-------------------------------------------------------------------------\n");\r
-\r
- \r
- start:\r
- clearCommandBuffer();\r
- SendCommand(&c);\r
- \r
- //flush queue\r
- while (ukbhit()) {\r
- int c = getchar(); (void) c;\r
- }\r
- \r
- // wait cycle\r
- while (true) {\r
- printf(".");\r
- fflush(stdout);\r
- if (ukbhit()) {\r
- getchar();\r
- printf("\naborted via keyboard!\n");\r
- break;\r
- }\r
- \r
- UsbCommand resp;\r
- if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {\r
- isOK = resp.arg[0];\r
- uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);\r
- nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);\r
- par_list = bytes_to_num(resp.d.asBytes + 8, 8);\r
- ks_list = bytes_to_num(resp.d.asBytes + 16, 8);\r
- nr = bytes_to_num(resp.d.asBytes + 24, 4);\r
- printf("\n\n");\r
- switch (isOK) {\r
- case -1 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
- case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).\n"); break;\r
- case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable).\n"); break;\r
- case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown");\r
- PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour.\n"); break;\r
- default: ;\r
- }\r
- break;\r
- }\r
- } \r
-\r
- printf("\n");\r
- \r
- // error\r
- if (isOK != 1) return 1;\r
- \r
- // execute original function from util nonce2key\r
- if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) {\r
- isOK = 2;\r
- PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt); \r
- PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
- c.arg[0] = false;\r
- goto start;\r
- } else {\r
- isOK = 0;\r
- printf("------------------------------------------------------------------\n");\r
- PrintAndLog("Found valid key:%012" PRIx64 " \n", r_key);\r
+ int isOK = 0;\r
+ uint64_t key = 0;\r
+ isOK = mfDarkside(&key);\r
+ switch (isOK) {\r
+ case -1 : PrintAndLog("Button pressed. Aborted."); return 1;\r
+ case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests)."); return 1;\r
+ case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable)."); return 1;\r
+ case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown");\r
+ PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour."); return 1;\r
+ case -5 : PrintAndLog("Aborted via keyboard."); return 1;\r
+ default : PrintAndLog("Found valid key:%012" PRIx64 "\n", key);\r
}\r
\r
PrintAndLog("");\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfWrBl(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
- \r
+ uint8_t tries = 0;\r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- SendCommand(&c);\r
+ for (tries = 0; tries < 3; tries++) { \r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ SendCommand(&c);\r
\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- uint8_t *data = resp.d.asBytes;\r
- if (isOK){\r
- rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0\r
- rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1\r
- rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2\r
- rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ uint8_t *data = resp.d.asBytes;\r
+ if (isOK){\r
+ rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0\r
+ rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1\r
+ rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2\r
+ rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer\r
+ break;\r
+ } else if (tries == 2) { // on last try set defaults\r
+ PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);\r
+ rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
+ rights[sectorNo][3] = 0x01;\r
+ }\r
} else {\r
- PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);\r
+ PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);\r
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
rights[sectorNo][3] = 0x01;\r
}\r
- } else {\r
- PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);\r
- rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r
- rights[sectorNo][3] = 0x01;\r
}\r
}\r
\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
bool received = false;\r
- \r
- if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- SendCommand(&c);\r
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
- } else { // data block. Check if it can be read with key A or key B\r
- uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r
- if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
- memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
- SendCommand(&c);\r
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
- } else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
- isOK = false;\r
- PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
- } else { // key A would work\r
+ for (tries = 0; tries < 3; tries++) { \r
+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ } else { // data block. Check if it can be read with key A or key B\r
+ uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r
+ if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
+ memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ } else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
+ isOK = false;\r
+ PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
+ tries = 2;\r
+ } else { // key A would work\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ }\r
+ }\r
+ if (received) {\r
+ isOK = resp.arg[0] & 0xff;\r
+ if (isOK) break;\r
}\r
}\r
\r
return 0;\r
}\r
\r
+\r
+typedef struct {\r
+ uint64_t Key[2];\r
+ int foundKey[2];\r
+} sector_t;\r
+\r
+\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
int i, j, res, iterations;\r
- sector *e_sector = NULL;\r
+ sector_t *e_sector = NULL;\r
uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
uint8_t trgBlockNo = 0;\r
}\r
}\r
else { // ------------------------------------ multiple sectors working\r
- clock_t time1;\r
- time1 = clock();\r
+ uint64_t msclock1;\r
+ msclock1 = msclock();\r
\r
- e_sector = calloc(SectorsCnt, sizeof(sector));\r
+ e_sector = calloc(SectorsCnt, sizeof(sector_t));\r
if (e_sector == NULL) return 1;\r
\r
//test current key and additional standard keys first\r
}\r
}\r
\r
- printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);\r
+ printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)(msclock() - msclock1))/1000.0, ((float)(msclock() - msclock1))/iterations/1000.0);\r
\r
PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations);\r
//print them\r
return 0;\r
}\r
\r
+\r
+int CmdHF14AMfNestedHard(const char *Cmd)\r
+{\r
+ uint8_t blockNo = 0;\r
+ uint8_t keyType = 0;\r
+ uint8_t trgBlockNo = 0;\r
+ uint8_t trgKeyType = 0;\r
+ uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
+ uint8_t trgkey[6] = {0, 0, 0, 0, 0, 0};\r
+ \r
+ char ctmp;\r
+ ctmp = param_getchar(Cmd, 0);\r
+\r
+ if (ctmp != 'R' && ctmp != 'r' && ctmp != 'T' && ctmp != 't' && strlen(Cmd) < 20) {\r
+ PrintAndLog("Usage:");\r
+ PrintAndLog(" hf mf hardnested <block number> <key A|B> <key (12 hex symbols)>");\r
+ PrintAndLog(" <target block number> <target key A|B> [known target key (12 hex symbols)] [w] [s]");\r
+ PrintAndLog(" or hf mf hardnested r [known target key]");\r
+ PrintAndLog(" ");\r
+ PrintAndLog("Options: ");\r
+ PrintAndLog(" w: Acquire nonces and write them to binary file nonces.bin");\r
+ PrintAndLog(" s: Slower acquisition (required by some non standard cards)");\r
+ PrintAndLog(" r: Read nonces.bin and start attack");\r
+ PrintAndLog(" ");\r
+ PrintAndLog(" sample1: hf mf hardnested 0 A FFFFFFFFFFFF 4 A");\r
+ PrintAndLog(" sample2: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w");\r
+ PrintAndLog(" sample3: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w s");\r
+ PrintAndLog(" sample4: hf mf hardnested r");\r
+ PrintAndLog(" ");\r
+ PrintAndLog("Add the known target key to check if it is present in the remaining key space:");\r
+ PrintAndLog(" sample5: hf mf hardnested 0 A A0A1A2A3A4A5 4 A FFFFFFFFFFFF");\r
+ return 0;\r
+ } \r
+ \r
+ bool know_target_key = false;\r
+ bool nonce_file_read = false;\r
+ bool nonce_file_write = false;\r
+ bool slow = false;\r
+ int tests = 0;\r
+ \r
+ \r
+ if (ctmp == 'R' || ctmp == 'r') {\r
+ nonce_file_read = true;\r
+ if (!param_gethex(Cmd, 1, trgkey, 12)) {\r
+ know_target_key = true;\r
+ }\r
+ } else if (ctmp == 'T' || ctmp == 't') {\r
+ tests = param_get32ex(Cmd, 1, 100, 10);\r
+ if (!param_gethex(Cmd, 2, trgkey, 12)) {\r
+ know_target_key = true;\r
+ }\r
+ } else {\r
+ blockNo = param_get8(Cmd, 0);\r
+ ctmp = param_getchar(Cmd, 1);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a') { \r
+ keyType = 1;\r
+ }\r
+ \r
+ if (param_gethex(Cmd, 2, key, 12)) {\r
+ PrintAndLog("Key must include 12 HEX symbols");\r
+ return 1;\r
+ }\r
+ \r
+ trgBlockNo = param_get8(Cmd, 3);\r
+ ctmp = param_getchar(Cmd, 4);\r
+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
+ PrintAndLog("Target key type must be A or B");\r
+ return 1;\r
+ }\r
+ if (ctmp != 'A' && ctmp != 'a') {\r
+ trgKeyType = 1;\r
+ }\r
+\r
+ uint16_t i = 5;\r
+\r
+ if (!param_gethex(Cmd, 5, trgkey, 12)) {\r
+ know_target_key = true;\r
+ i++;\r
+ }\r
+\r
+ while ((ctmp = param_getchar(Cmd, i))) {\r
+ if (ctmp == 's' || ctmp == 'S') {\r
+ slow = true;\r
+ } else if (ctmp == 'w' || ctmp == 'W') {\r
+ nonce_file_write = true;\r
+ } else {\r
+ PrintAndLog("Possible options are w and/or s");\r
+ return 1;\r
+ }\r
+ i++;\r
+ }\r
+ }\r
+\r
+ PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s, Tests: %d ", \r
+ trgBlockNo, \r
+ trgKeyType?'B':'A',\r
+ trgkey[0], trgkey[1], trgkey[2], trgkey[3], trgkey[4], trgkey[5],\r
+ know_target_key?"":" (not set)",\r
+ nonce_file_write?"write":nonce_file_read?"read":"none",\r
+ slow?"Yes":"No",\r
+ tests);\r
+\r
+ int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow, tests);\r
+\r
+ if (isOK) {\r
+ switch (isOK) {\r
+ case 1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+ case 2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+ default : break;\r
+ }\r
+ return 2;\r
+ }\r
+\r
+ return 0;\r
+}\r
+\r
+\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
break;\r
default:\r
PrintAndLog("Key type must be A , B or ?");\r
+ free(keyBlock);\r
return 1;\r
};\r
\r
}\r
\r
void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {\r
- #define ATTACK_KEY_COUNT 8 // keep same as define in iso14443a.c -> Mifare1ksim()\r
+ #define ATTACK_KEY_COUNT 7 // keep same as define in iso14443a.c -> Mifare1ksim()\r
+ // cannot be more than 7 or it will overrun c.d.asBytes(512)\r
uint64_t key = 0;\r
typedef struct {\r
uint64_t keyA;\r
}\r
}\r
}\r
- } else if (tryMfk32_moebius(ar_resp[i+ATTACK_KEY_COUNT], &key)) {\r
+ } else if (mfkey32_moebius(ar_resp[i+ATTACK_KEY_COUNT], &key)) {\r
uint8_t sectorNum = ar_resp[i+ATTACK_KEY_COUNT].sector;\r
uint8_t keyType = ar_resp[i+ATTACK_KEY_COUNT].keytype;\r
\r
{\r
uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
- bool wipeCard = FALSE;\r
+ bool wipeCard = false;\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
\r
static command_t CommandTable[] =\r
{\r
- {"help", CmdHelp, 1, "This help"},\r
- {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r
- {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r
- {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r
- {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r
- {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r
- {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r
- {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
- {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r
- {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
- {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
- {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
- {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
- {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r
- {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r
- {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r
- {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r
- {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r
- {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r
- {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r
- {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r
- {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r
- {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
- {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
- {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
- {"decrypt", CmdDecryptTraceCmds,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
- {NULL, NULL, 0, NULL}\r
+ {"help", CmdHelp, 1, "This help"},\r
+ {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r
+ {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r
+ {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r
+ {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r
+ {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r
+ {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r
+ {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
+ {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r
+ {"hardnested", CmdHF14AMfNestedHard, 0, "Nested attack for hardened Mifare cards"},\r
+ {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
+ {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
+ {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
+ {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
+ {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r
+ {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r
+ {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r
+ {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r
+ {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r
+ {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r
+ {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r
+ {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r
+ {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r
+ {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
+ {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
+ {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
+ {"decrypt", CmdDecryptTraceCmds, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+ {NULL, NULL, 0, NULL}\r
};\r
\r
int CmdHFMF(const char *Cmd)\r
projects / proxmark3-svn / blobdiff