X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/f38a152863a5eb289acb169c5a38b4b77e87956e..95e635947bc4628b713fa00d7a533a881bca7fc4:/client/cmdhfmf.c diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 37c6fe94..54d0f4f1 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -36,7 +36,6 @@ start: //flush queue while (ukbhit()) getchar(); - // wait cycle while (true) { printf("."); @@ -511,6 +510,7 @@ int CmdHF14AMfDump(const char *Cmd) uint8_t keyA[40][6]; uint8_t keyB[40][6]; uint8_t rights[40][4]; + uint8_t carddata[256][16]; uint8_t numSectors = 16; FILE *fin; @@ -520,14 +520,12 @@ int CmdHF14AMfDump(const char *Cmd) int size = GetCardSize(); char cmdp = param_getchar(Cmd, 0); - - PrintAndLog("Got %d",size); - - return; - + if ( size > -1) - cmdp = (char)48+size; - + cmdp = (char)(48+size); + + PrintAndLog("Got %d",cmdp); + switch (cmdp) { case '0' : numSectors = 5; break; case '1' : @@ -547,12 +545,7 @@ int CmdHF14AMfDump(const char *Cmd) } if ((fin = fopen("dumpkeys.bin","rb")) == NULL) { - PrintAndLog("Could not find file dumpkeys.bin"); - return 1; - } - - if ((fout = fopen("dumpdata.bin","wb")) == NULL) { - PrintAndLog("Could not create file name dumpdata.bin"); + PrintAndLog("Could not find file dumpkeys.bin"); return 1; } @@ -560,6 +553,7 @@ int CmdHF14AMfDump(const char *Cmd) for (sectorNo=0; sectorNo>4) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>2); - rights[sectorNo][1] = ((data[7] & 0x20)>>5) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>3); - rights[sectorNo][2] = ((data[7] & 0x40)>>6) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>4); - rights[sectorNo][3] = ((data[7] & 0x80)>>7) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>5); + rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0 + rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1 + rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2 + rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer } else { - PrintAndLog("Could not get access rights for sector %2d.", sectorNo); + PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo); + rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00; + rights[sectorNo][3] = 0x01; } } else { - PrintAndLog("Command execute timeout"); + PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo); + rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00; + rights[sectorNo][3] = 0x01; } } @@ -601,8 +602,9 @@ int CmdHF14AMfDump(const char *Cmd) PrintAndLog("|----- Dumping all blocks to file... -----|"); PrintAndLog("|-----------------------------------------|"); - for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { - for (blockNo = 0; blockNo < NumBlocksPerSector(sectorNo); blockNo++) { + bool isOK = true; + for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) { + for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) { bool received = false; if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. @@ -612,12 +614,13 @@ int CmdHF14AMfDump(const char *Cmd) received = WaitForResponseTimeout(CMD_ACK,&resp,1500); } else { // data block. Check if it can be read with key A or key B uint8_t data_area = sectorNo<32?blockNo:blockNo/5; - if ((rights[sectorNo][data_area] == 3) || (rights[sectorNo][data_area] == 5)) { // only key B would work + if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}}; memcpy(c.d.asBytes, keyB[sectorNo], 6); SendCommand(&c); received = WaitForResponseTimeout(CMD_ACK,&resp,1500); - } else if (rights[sectorNo][data_area] == 7) { // no key would work + } else if (rights[sectorNo][data_area] == 0x07) { // no key would work + isOK = false; PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo); } else { // key A would work UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}}; @@ -628,7 +631,7 @@ int CmdHF14AMfDump(const char *Cmd) } if (received) { - uint8_t isOK = resp.arg[0] & 0xff; + isOK = resp.arg[0] & 0xff; uint8_t *data = resp.d.asBytes; if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. Fill in the keys. data[0] = (keyA[sectorNo][0]); @@ -645,31 +648,42 @@ int CmdHF14AMfDump(const char *Cmd) data[15] = (keyB[sectorNo][5]); } if (isOK) { - fwrite ( data, 1, 16, fout ); - PrintAndLog("Dumped block %2d of sector %2d into 'dumpdata.bin'", blockNo, sectorNo); + memcpy(carddata[FirstBlockOfSector(sectorNo) + blockNo], data, 16); + PrintAndLog("Successfully read block %2d of sector %2d.", blockNo, sectorNo); } else { PrintAndLog("Could not read block %2d of sector %2d", blockNo, sectorNo); + break; } } else { - PrintAndLog("Command execute timeout"); + isOK = false; + PrintAndLog("Command execute timeout when trying to read block %2d of sector %2d.", blockNo, sectorNo); + break; } } } + + if (isOK) { + if ((fout = fopen("dumpdata.bin","wb")) == NULL) { + PrintAndLog("Could not create file name dumpdata.bin"); + return 1; + } + uint16_t numblocks = FirstBlockOfSector(numSectors - 1) + NumBlocksPerSector(numSectors - 1); + fwrite(carddata, 1, 16*numblocks, fout); + fclose(fout); + PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks); + } - fclose(fin); - fclose(fout); return 0; } int CmdHF14AMfRestore(const char *Cmd) { - uint8_t sectorNo,blockNo; uint8_t keyType = 0; - uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint8_t key[6] = {0xFF}; + uint8_t bldata[16] = {0x00}; uint8_t keyA[40][6]; uint8_t keyB[40][6]; uint8_t numSectors; @@ -687,7 +701,7 @@ int CmdHF14AMfRestore(const char *Cmd) default: numSectors = 16; } - if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') { + if (cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: hf mf restore [card memory]"); PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); PrintAndLog(""); @@ -695,11 +709,7 @@ int CmdHF14AMfRestore(const char *Cmd) PrintAndLog(" hf mf restore 4"); return 0; } - - if ((fdump = fopen("dumpdata.bin","rb")) == NULL) { - PrintAndLog("Could not find file dumpdata.bin"); - return 1; - } + if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) { PrintAndLog("Could not find file dumpkeys.bin"); return 1; @@ -718,7 +728,13 @@ int CmdHF14AMfRestore(const char *Cmd) return 2; } } + + fclose(fkeys); + if ((fdump = fopen("dumpdata.bin","rb")) == NULL) { + PrintAndLog("Could not find file dumpdata.bin"); + return 1; + } PrintAndLog("Restoring dumpdata.bin to card"); for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { @@ -762,7 +778,7 @@ int CmdHF14AMfRestore(const char *Cmd) } fclose(fdump); - fclose(fkeys); + return 0; } @@ -798,9 +814,9 @@ int CmdHF14AMfNested(const char *Cmd) PrintAndLog("d - write keys to binary file"); PrintAndLog(" "); PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF "); - PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF t "); - PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF d "); - PrintAndLog(" sample2: hf mf nested o 0 A FFFFFFFFFFFF 4 A"); + PrintAndLog(" sample2: hf mf nested 1 0 A FFFFFFFFFFFF t "); + PrintAndLog(" sample3: hf mf nested 1 0 A FFFFFFFFFFFF d "); + PrintAndLog(" sample4: hf mf nested o 0 A FFFFFFFFFFFF 4 A"); return 0; } @@ -832,9 +848,7 @@ int CmdHF14AMfNested(const char *Cmd) if (ctmp != 'A' && ctmp != 'a') trgKeyType = 1; } else { - - - + switch (cmdp) { case '0': SectorsCnt = 05; break; case '1': SectorsCnt = 16; break; @@ -919,20 +933,26 @@ int CmdHF14AMfNested(const char *Cmd) } } - // nested sectors iterations = 0; PrintAndLog("nested..."); bool calibrate = true; for (i = 0; i < NESTED_SECTOR_RETRY; i++) { for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) { + + if (ukbhit()) { + printf("\naborted via keyboard!\n"); + free(e_sector); + return 2; + } + for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) { if (e_sector[sectorNo].foundKey[trgKeyType]) continue; PrintAndLog("-----------------------------------------------"); if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) { PrintAndLog("Nested error.\n"); - return 2; - } + free(e_sector); + return 2; } else { calibrate = false; } @@ -1002,31 +1022,29 @@ int CmdHF14AMfNested(const char *Cmd) } fclose(fkeys); } - + free(e_sector); } - return 0; } -static uint32_t get_trailer_block (uint32_t uiBlock) -{ - // Test if we are in the small or big sectors - uint32_t trailer_block = 0; - if (uiBlock < 128) { - trailer_block = uiBlock + (3 - (uiBlock % 4)); - } else { - trailer_block = uiBlock + (15 - (uiBlock % 16)); - } - return trailer_block; -} - - int CmdHF14AMfChk(const char *Cmd) { + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mf chk |<*card memory> [t|d] [] []"); + PrintAndLog(" * - all sectors"); + PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, - 1K"); + PrintAndLog("d - write keys to binary file\n"); + PrintAndLog("t - write keys to emulator memory"); + PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic"); + PrintAndLog(" hf mf chk *1 ? t"); + PrintAndLog(" hf mf chk *1 ? d"); + return 0; + } + FILE * f; - char filename[256]={0}; + char filename[FILE_PATH_SIZE]={0}; char buf[13]; uint8_t *keyBlock = NULL, *p; uint8_t stKeyBlock = 20; @@ -1068,17 +1086,6 @@ int CmdHF14AMfChk(const char *Cmd) num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6)); } - if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf chk |<*card memory> [t] [] []"); - PrintAndLog(" * - all sectors"); - PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, - 1K"); -// PrintAndLog("d - write keys to binary file\n"); - - PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic"); - PrintAndLog(" hf mf chk *1 ? t"); - return 0; - } - if (param_getchar(Cmd, 0)=='*') { blockNo = 3; switch(param_getchar(Cmd+1, 0)) { @@ -1129,7 +1136,7 @@ int CmdHF14AMfChk(const char *Cmd) keycnt++; } else { // May be a dic file - if ( param_getstr(Cmd, 2 + i,filename) > 255 ) { + if ( param_getstr(Cmd, 2 + i,filename) >= FILE_PATH_SIZE ) { PrintAndLog("File name too long"); free(keyBlock); return 2; @@ -1166,11 +1173,12 @@ int CmdHF14AMfChk(const char *Cmd) keycnt++; memset(buf, 0, sizeof(buf)); } + fclose(f); } else { PrintAndLog("File: %s: not found or locked.", filename); free(keyBlock); return 1; - fclose(f); + } } } @@ -1183,10 +1191,22 @@ int CmdHF14AMfChk(const char *Cmd) (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6); } + // initialize storage for found keys + bool validKey[2][40]; + uint8_t foundKey[2][40][6]; + for (uint16_t t = 0; t < 2; t++) { + for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) { + validKey[t][sectorNo] = false; + for (uint16_t i = 0; i < 6; i++) { + foundKey[t][sectorNo][i] = 0xff; + } + } + } + for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) { int b=blockNo; for (int i = 0; i < SectorsCnt; ++i) { - PrintAndLog("--SectorsCnt:%2d, block no:%3d, key type:%C, key count:%2d ", i, b, t?'B':'A', keycnt); + PrintAndLog("--sector:%2d, block:%3d, key type:%C, key count:%2d ", i, b, t?'B':'A', keycnt); uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt; for (uint32_t c = 0; c < keycnt; c+=max_keys) { uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c; @@ -1194,13 +1214,9 @@ int CmdHF14AMfChk(const char *Cmd) if (res != 1) { if (!res) { PrintAndLog("Found valid key:[%012"llx"]",key64); - if (transferToEml) { - uint8_t block[16]; - mfEmlGetMem(block, get_trailer_block(b), 1); - num_to_bytes(key64, 6, block + t*10); - mfEmlSetMem(block, get_trailer_block(b), 1); - } - } + num_to_bytes(key64, 6, foundKey[t][i]); + validKey[t][i] = true; + } } else { PrintAndLog("Command execute timeout"); } @@ -1208,42 +1224,43 @@ int CmdHF14AMfChk(const char *Cmd) b<127?(b+=4):(b+=16); } } - - free(keyBlock); -/* - // Create dump file - if (createDumpFile) { - if ((fkeys = fopen("dumpkeys.bin","wb")) == NULL) { - PrintAndLog("Could not create file dumpkeys.bin"); - free(e_sector); - return 1; + if (transferToEml) { + uint8_t block[16]; + for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) { + if (validKey[0][sectorNo] || validKey[1][sectorNo]) { + mfEmlGetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1); + for (uint16_t t = 0; t < 2; t++) { + if (validKey[t][sectorNo]) { + memcpy(block + t*10, foundKey[t][sectorNo], 6); } - PrintAndLog("Printing keys to binary file dumpkeys.bin..."); - for(i=0; i<16; i++) { - if (e_sector[i].foundKey[0]){ - num_to_bytes(e_sector[i].Key[0], 6, tempkey); - fwrite ( tempkey, 1, 6, fkeys ); } - else{ - fwrite ( &standart, 1, 6, fkeys ); + mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1); } } - for(i=0; i<16; i++) { - if (e_sector[i].foundKey[1]){ - num_to_bytes(e_sector[i].Key[1], 6, tempkey); - fwrite ( tempkey, 1, 6, fkeys ); + PrintAndLog("Found keys have been transferred to the emulator memory"); } - else{ - fwrite ( &standart, 1, 6, fkeys ); + + if (createDumpFile) { + FILE *fkeys = fopen("dumpkeys.bin","wb"); + if (fkeys == NULL) { + PrintAndLog("Could not create file dumpkeys.bin"); + free(keyBlock); + return 1; } + for (uint16_t t = 0; t < 2; t++) { + fwrite(foundKey[t], 1, 6*SectorsCnt, fkeys); } fclose(fkeys); + PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys."); } -*/ + + free(keyBlock); + return 0; } + int CmdHF14AMf1kSim(const char *Cmd) { uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0}; @@ -1403,26 +1420,44 @@ int CmdHF14AMfESet(const char *Cmd) int CmdHF14AMfELoad(const char *Cmd) { FILE * f; - char filename[20]; + char filename[FILE_PATH_SIZE]; char *fnameptr = filename; char buf[64]; uint8_t buf8[64]; - int i, len, blockNum; + int i, len, blockNum, numBlocks; + int nameParamNo = 1; memset(filename, 0, sizeof(filename)); memset(buf, 0, sizeof(buf)); - if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { + char ctmp = param_getchar(Cmd, 0); + + if ( ctmp == 'h' || ctmp == 0x00) { PrintAndLog("It loads emul dump from the file `filename.eml`"); - PrintAndLog("Usage: hf mf eload "); + PrintAndLog("Usage: hf mf eload [card memory] "); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(""); PrintAndLog(" sample: hf mf eload filename"); + PrintAndLog(" hf mf eload 4 filename"); return 0; } - len = strlen(Cmd); - if (len > 14) len = 14; + switch (ctmp) { + case '0' : numBlocks = 5*4; break; + case '1' : + case '\0': numBlocks = 16*4; break; + case '2' : numBlocks = 32*4; break; + case '4' : numBlocks = 256; break; + default: { + numBlocks = 16*4; + nameParamNo = 0; + } + } + + len = param_getstr(Cmd,nameParamNo,filename); + + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; - memcpy(filename, Cmd, len); fnameptr += len; sprintf(fnameptr, ".eml"); @@ -1430,42 +1465,50 @@ int CmdHF14AMfELoad(const char *Cmd) // open file f = fopen(filename, "r"); if (f == NULL) { - PrintAndLog("File not found or locked."); + PrintAndLog("File %s not found or locked", filename); return 1; } +// for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { +// for(blockNo = 0; blockNo < NumBlocksPerSector(sectorNo); blockNo++) { + blockNum = 0; while(!feof(f)){ memset(buf, 0, sizeof(buf)); + if (fgets(buf, sizeof(buf), f) == NULL) { - if((blockNum == 16*4) || (blockNum == 32*4 + 8*16)) { // supports both old (1K) and new (4K) .eml files) - break; - } + + if (blockNum >= numBlocks) break; + PrintAndLog("File reading error."); + fclose(f); return 2; } + if (strlen(buf) < 32){ if(strlen(buf) && feof(f)) break; PrintAndLog("File content error. Block data must include 32 HEX symbols"); return 2; } + for (i = 0; i < 32; i += 2) { sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); -// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16)); } + if (mfEmlSetMem(buf8, blockNum, 1)) { PrintAndLog("Cant set emul block: %3d", blockNum); return 3; } blockNum++; - if (blockNum >= 32*4 + 8*16) break; + if (blockNum >= numBlocks) break; } fclose(f); - if ((blockNum != 16*4) && (blockNum != 32*4 + 8*16)) { - PrintAndLog("File content error. There must be 64 or 256 blocks."); + if ((blockNum != numBlocks)) { + PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks); + fclose(f); return 4; } PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename); @@ -1476,56 +1519,76 @@ int CmdHF14AMfELoad(const char *Cmd) int CmdHF14AMfESave(const char *Cmd) { FILE * f; - char filename[20]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; uint8_t buf[64]; - int i, j, len; + int i, j, len, numBlocks; + int nameParamNo = 1; memset(filename, 0, sizeof(filename)); memset(buf, 0, sizeof(buf)); - if (param_getchar(Cmd, 0) == 'h') { - PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`"); - PrintAndLog("Usage: hf mf esave [file name w/o `.eml`]"); + char ctmp = param_getchar(Cmd, 0); + + if ( ctmp == 'h') { + PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`"); + PrintAndLog(" Usage: hf mf esave [card memory] [file name w/o `.eml`]"); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(""); PrintAndLog(" sample: hf mf esave "); - PrintAndLog(" hf mf esave filename"); + PrintAndLog(" hf mf esave 4"); + PrintAndLog(" hf mf esave 4 filename"); return 0; } + + switch (ctmp) { + case '0' : numBlocks = 5*4; break; + case '1' : + case '\0': numBlocks = 16*4; break; + case '2' : numBlocks = 32*4; break; + case '4' : numBlocks = 256; break; + default: { + numBlocks = 16*4; + nameParamNo = 0; + } + } - len = strlen(Cmd); - if (len > 14) len = 14; + len = param_getstr(Cmd,nameParamNo,filename); + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + + // user supplied filename? if (len < 1) { - // get filename + // get filename (UID from memory) if (mfEmlGetMem(buf, 0, 1)) { - PrintAndLog("Cant get block: %d", 0); - return 1; + PrintAndLog("Can\'t get UID from block: %d", 0); + sprintf(filename, "dump.eml"); } for (j = 0; j < 7; j++, fnameptr += 2) - sprintf(fnameptr, "%02x", buf[j]); + sprintf(fnameptr, "%02X", buf[j]); } else { - memcpy(filename, Cmd, len); fnameptr += len; } + // add file extension sprintf(fnameptr, ".eml"); // open file f = fopen(filename, "w+"); // put hex - for (i = 0; i < 32*4 + 8*16; i++) { + for (i = 0; i < numBlocks; i++) { if (mfEmlGetMem(buf, i, 1)) { PrintAndLog("Cant get block: %d", i); break; } for (j = 0; j < 16; j++) - fprintf(f, "%02x", buf[j]); + fprintf(f, "%02X", buf[j]); fprintf(f,"\n"); } fclose(f); - PrintAndLog("Saved to file: %s", filename); + PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename); return 0; } @@ -1574,13 +1637,34 @@ int CmdHF14AMfECFill(const char *Cmd) int CmdHF14AMfEKeyPrn(const char *Cmd) { int i; + uint8_t numSectors; uint8_t data[16]; uint64_t keyA, keyB; + if (param_getchar(Cmd, 0) == 'h') { + PrintAndLog("It prints the keys loaded in the emulator memory"); + PrintAndLog("Usage: hf mf ekeyprn [card memory]"); + PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); + PrintAndLog(""); + PrintAndLog(" sample: hf mf ekeyprn 1"); + return 0; + } + + char cmdp = param_getchar(Cmd, 0); + + switch (cmdp) { + case '0' : numSectors = 5; break; + case '1' : + case '\0': numSectors = 16; break; + case '2' : numSectors = 32; break; + case '4' : numSectors = 40; break; + default: numSectors = 16; + } + PrintAndLog("|---|----------------|----------------|"); PrintAndLog("|sec|key A |key B |"); PrintAndLog("|---|----------------|----------------|"); - for (i = 0; i < 40; i++) { + for (i = 0; i < numSectors; i++) { if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) { PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1); break; @@ -1598,8 +1682,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd) int CmdHF14AMfCSetUID(const char *Cmd) { uint8_t wipeCard = 0; - uint8_t uid[8]; - uint8_t oldUid[8]; + uint8_t uid[8] = {0x00}; + uint8_t oldUid[8] = {0x00}; int res; if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { @@ -1669,7 +1753,7 @@ int CmdHF14AMfCSetBlk(const char *Cmd) int CmdHF14AMfCLoad(const char *Cmd) { FILE * f; - char filename[20]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; char buf[64]; uint8_t buf8[64]; @@ -1710,7 +1794,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 0; } else { len = strlen(Cmd); - if (len > 14) len = 14; + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); fnameptr += len; @@ -1833,7 +1917,7 @@ int CmdHF14AMfCGetSc(const char *Cmd) { int CmdHF14AMfCSave(const char *Cmd) { FILE * f; - char filename[20]; + char filename[FILE_PATH_SIZE]; char * fnameptr = filename; uint8_t fillFromEmulator = 0; uint8_t buf[64]; @@ -1875,7 +1959,7 @@ int CmdHF14AMfCSave(const char *Cmd) { return 0; } else { len = strlen(Cmd); - if (len > 14) len = 14; + if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len < 1) { // get filename @@ -1919,7 +2003,7 @@ int CmdHF14AMfCSave(const char *Cmd) { int CmdHF14AMfSniff(const char *Cmd){ - // params + bool wantLogToFile = 0; bool wantDecrypt = 0; //bool wantSaveToEml = 0; TODO @@ -1947,8 +2031,8 @@ int CmdHF14AMfSniff(const char *Cmd){ PrintAndLog(" l - save encrypted sequence to logfile `uid.log`"); PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`"); PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory"); - PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`"); - PrintAndLog("Usage: hf mf sniff [l][d][e][r]"); + PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`"); + PrintAndLog("Usage: hf mf sniff [l][d][e][f]"); PrintAndLog(" sample: hf mf sniff l d e"); return 0; } @@ -2080,58 +2164,62 @@ int GetCardSize() // NXP MIFARE Mini 0.3k - if ( (atqa && 0xff0f == 0x0004) && (sak == 0x09) ) return 0; + if ( ( (atqa & 0xff0f) == 0x0004) && (sak == 0x09) ) return 0; // MIFARE Classic 1K - if ( (atqa && 0xff0f == 0x0004) && (sak == 0x08) ) return 1; + if ( ((atqa & 0xff0f) == 0x0004) && (sak == 0x08) ) return 1; // MIFARE Classik 4K - if ( (atqa && 0xff0f == 0x0002) && (sak == 0x18) ) return 4; + if ( ((atqa & 0xff0f) == 0x0002) && (sak == 0x18) ) return 4; // SmartMX with MIFARE 1K emulation - if ( (atqa && 0xf0ff == 0x0004) ) return 1; + if ( ((atqa & 0xf0ff) == 0x0004) ) return 1; // SmartMX with MIFARE 4K emulation - if ( (atqa && 0xf0ff == 0x0002) ) return 4; + if ( ((atqa & 0xf0ff) == 0x0002) ) return 4; // Infineon MIFARE CLASSIC 1K - if ( (atqa && 0xffff == 0x0004) && (sak == 0x88) ) return 1; + if ( ((atqa & 0xffff) == 0x0004) && (sak == 0x88) ) return 1; // MFC 4K emulated by Nokia 6212 Classic - if ( (atqa && 0xffff == 0x0002) && (sak == 0x38) ) return 4; + if ( ((atqa & 0xffff) == 0x0002) && (sak == 0x38) ) return 4; // MFC 4K emulated by Nokia 6131 NFC - if ( (atqa && 0xffff == 0x0008) && (sak == 0x38) ) return 4; + if ( ((atqa & 0xffff) == 0x0008) && (sak == 0x38) ) return 4; + + PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f)); + // MIFARE Plus (4 Byte UID or 4 Byte RID) // MIFARE Plus (7 Byte UID) if ( - (atqa && 0xffff == 0x0002) || - (atqa && 0xffff == 0x0004) || - (atqa && 0xffff == 0x0042) || - (atqa && 0xffff == 0x0044) + ((atqa & 0xffff) == 0x0002) | + ((atqa & 0xffff) == 0x0004) | + ((atqa & 0xffff) == 0x0042) | + ((atqa & 0xffff) == 0x0044) ) { switch(sak){ case 0x08: - case 0x10: + case 0x10: { //case 0x20: + PrintAndLog("2"); return 2; break; + } case 0x11: - case 0x18: + case 0x18:{ //case 0x20: + PrintAndLog("4"); return 4; break; + } } } return -1; } - - - static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"},