X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/e3c235654f60acf16d13581d952b4125a774cdcd..5ff3c4017bdbfe78238ef48c3b521e79819ed359:/client/cmdhfmf.c diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 24d04dc2..53e71743 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1023,6 +1023,7 @@ int CmdHF14AMf1kSim(const char *Cmd) PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)"); PrintAndLog(""); PrintAndLog(" sample: hf mf sim u 0a0a0a0a "); + PrintAndLog(" : hf mf sim u 0a0a0a0a i x"); return 0; } uint8_t pnr = 0; @@ -1433,27 +1434,60 @@ int CmdHF14AMfCSetUID(const char *Cmd) uint8_t wipeCard = 0; uint8_t uid[8] = {0x00}; uint8_t oldUid[8] = {0x00}; + uint8_t atqa[2] = {0x00}; + uint8_t sak[1] = {0x00}; + uint8_t atqaPresent = 1; int res; - - if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { - PrintAndLog("Usage: hf mf csetuid "); - PrintAndLog("sample: hf mf csetuid 01020304 w"); - PrintAndLog("Set UID for magic Chinese card (only works with!!!)"); - PrintAndLog("If you want wipe card then add 'w' into command line. \n"); + char ctmp; + int argi=0; + + if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') { + PrintAndLog("Usage: hf mf csetuid [ATQA 4 hex symbols SAK 2 hex symbols] [w]"); + PrintAndLog("sample: hf mf csetuid 01020304"); + PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w"); + PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)"); + PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line."); return 0; - } + } - if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) { + if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) { PrintAndLog("UID must include 8 HEX symbols"); return 1; } + argi++; + + ctmp = param_getchar(Cmd, argi); + if (ctmp == 'w' || ctmp == 'W') { + wipeCard = 1; + atqaPresent = 0; + } + + if (atqaPresent) { + if (param_getchar(Cmd, argi)) { + if (param_gethex(Cmd, argi, atqa, 4)) { + PrintAndLog("ATQA must include 4 HEX symbols"); + return 1; + } + argi++; + if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) { + PrintAndLog("SAK must include 2 HEX symbols"); + return 1; + } + argi++; + } else + atqaPresent = 0; + } + + if(!wipeCard) { + ctmp = param_getchar(Cmd, argi); + if (ctmp == 'w' || ctmp == 'W') { + wipeCard = 1; + } + } - char ctmp = param_getchar(Cmd, 1); - if (ctmp == 'w' || ctmp == 'W') wipeCard = 1; - PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4)); - res = mfCSetUID(uid, oldUid, wipeCard); + res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard); if (res) { PrintAndLog("Can't set UID. error=%d", res); return 1; @@ -1466,7 +1500,7 @@ int CmdHF14AMfCSetUID(const char *Cmd) int CmdHF14AMfCSetBlk(const char *Cmd) { - uint8_t uid[8] = {0x00}; + //uint8_t uid[8] = {0x00}; uint8_t memBlock[16] = {0x00}; uint8_t blockNo = 0; int res; @@ -1488,7 +1522,8 @@ int CmdHF14AMfCSetBlk(const char *Cmd) PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16)); - res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER); + //res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER); + res = mfCSetBlock(blockNo, memBlock, NULL, 0, CSETBLOCK_SINGLE_OPER); if (res) { PrintAndLog("Can't write block. error=%d", res); return 1; @@ -1521,15 +1556,14 @@ int CmdHF14AMfCLoad(const char *Cmd) if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1; if (fillFromEmulator) { - flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) { if (mfEmlGetMem(buf8, blockNum, 1)) { PrintAndLog("Cant get block: %d", blockNum); return 2; } - - if (blockNum == 2) flags = 0; - if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence + if (blockNum == 1) flags = 0; // just write + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field. if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { PrintAndLog("Cant set magic card block: %d", blockNum); @@ -1554,7 +1588,6 @@ int CmdHF14AMfCLoad(const char *Cmd) } blockNum = 0; - flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; while(!feof(f)){ memset(buf, 0, sizeof(buf)); @@ -1564,7 +1597,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 2; } - if (strlen(buf) < 32){ + if (strlen(buf) < 32) { if(strlen(buf) && feof(f)) break; PrintAndLog("File content error. Block data must include 32 HEX symbols"); @@ -1573,8 +1606,9 @@ int CmdHF14AMfCLoad(const char *Cmd) for (i = 0; i < 32; i += 2) sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); - if (blockNum == 2) flags = 0; - if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence + if (blockNum == 1) flags = 0; // just write + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field. if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { PrintAndLog("Can't set magic card block: %d", blockNum); @@ -1765,15 +1799,16 @@ int CmdHF14AMfSniff(const char *Cmd){ int res = 0; int len = 0; int blockLen = 0; - int num = 0; int pckNum = 0; - uint8_t uid[7] = {0x00}; + int num = 0; + uint8_t uid[7]; uint8_t uid_len; uint8_t atqa[2] = {0x00}; uint8_t sak; bool isTag; - uint8_t buf[3000] = {0x00}; - uint8_t * bufPtr = buf; + uint8_t *buf = NULL; + uint16_t bufsize = 0; + uint8_t *bufPtr = NULL; char ctmp = param_getchar(Cmd, 0); if ( ctmp == 'h' || ctmp == 'H' ) { @@ -1816,32 +1851,47 @@ int CmdHF14AMfSniff(const char *Cmd){ break; } - UsbCommand resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,2000)) { + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,2000)) { res = resp.arg[0] & 0xff; - len = resp.arg[1]; - num = resp.arg[2]; - - if (res == 0) return 0; - if (res == 1) { - if (num ==0) { + uint16_t traceLen = resp.arg[1]; + len = resp.arg[2]; + + if (res == 0) return 0; // we are done + + if (res == 1) { // there is (more) data to be transferred + if (pckNum == 0) { // first packet, (re)allocate necessary buffer + if (traceLen > bufsize) { + uint8_t *p; + if (buf == NULL) { // not yet allocated + p = malloc(traceLen); + } else { // need more memory + p = realloc(buf, traceLen); + } + if (p == NULL) { + PrintAndLog("Cannot allocate memory for trace"); + free(buf); + return 2; + } + buf = p; + } bufPtr = buf; - memset(buf, 0x00, 3000); + bufsize = traceLen; + memset(buf, 0x00, traceLen); } memcpy(bufPtr, resp.d.asBytes, len); bufPtr += len; pckNum++; } - if (res == 2) { + + if (res == 2) { // received all data, start displaying blockLen = bufPtr - buf; bufPtr = buf; printf(">\n"); PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum); - num = 0; while (bufPtr - buf < blockLen) { - bufPtr += 6; + bufPtr += 6; // skip (void) timing information len = *((uint16_t *)bufPtr); - if(len & 0x8000) { isTag = true; len &= 0x7fff; @@ -1850,12 +1900,10 @@ int CmdHF14AMfSniff(const char *Cmd){ } bufPtr += 2; if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) { - memcpy(uid, bufPtr + 2, 7); memcpy(atqa, bufPtr + 2 + 7, 2); uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4; sak = bufPtr[11]; - PrintAndLog("tag select uid:%s atqa:0x%02x%02x sak:0x%02x", sprint_hex(uid + (7 - uid_len), uid_len), atqa[1], @@ -1873,18 +1921,21 @@ int CmdHF14AMfSniff(const char *Cmd){ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len); if (wantDecrypt) mfTraceDecode(bufPtr, len, wantSaveToEmlFile); + num++; } bufPtr += len; bufPtr += ((len-1)/8+1); // ignore parity - num++; } + pckNum = 0; } } // resp not NULL } // while (true) - + + free(buf); return 0; } + static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"},