X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/f38a152863a5eb289acb169c5a38b4b77e87956e..e3ab50cafb66e8d594a4946537594e01882d9242:/client/cmdhfmfu.c diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 3b9f2e6d..e9a12083 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -20,13 +20,64 @@ uint8_t key5_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 static int CmdHelp(const char *Cmd); +int CmdHF14AMfUInfo(const char *Cmd){ + + uint8_t datatemp[7] = {0x00}; + uint8_t isOK = 0; + uint8_t *data = NULL; + + UsbCommand c = {CMD_MIFAREU_READCARD, {0, 4}}; + SendCommand(&c); + UsbCommand resp; + + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + isOK = resp.arg[0] & 0xff; + data = resp.d.asBytes; + + if (!isOK) { + PrintAndLog("Error reading from tag"); + return -1; + } + } else { + PrintAndLog("Command execute timed out"); + return -1; + } + + // UID + memcpy( datatemp, data,3); + memcpy( datatemp+3, data+4, 4); + PrintAndLog(" UID :%s ", sprint_hex(datatemp, 7)); + // BBC + // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2 + int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2]; + if ( data[3] == crc0 ) + PrintAndLog(" BCC0 :%02x - Ok", data[3]); + else + PrintAndLog(" BCC0 :%02x - crc should be %02x", data[3], crc0); + + int crc1 = data[4] ^ data[5] ^ data[6] ^data[7]; + if ( data[8] == crc1 ) + PrintAndLog(" BCC1 :%02x - Ok", data[8]); + else + PrintAndLog(" BCC1 :%02x - crc should be %02x", data[8], crc1 ); + + PrintAndLog(" Internal :%s ", sprint_hex(data + 9, 1)); + + memcpy(datatemp, data+10, 2); + PrintAndLog(" Lock :%s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) ); + PrintAndLog(" OneTimePad :%s ", sprint_hex(data + 3*4, 4)); + PrintAndLog(""); + + return 0; +} + // // Mifare Ultralight Write Single Block // int CmdHF14AMfUWrBl(const char *Cmd){ - uint8_t blockNo = 0; - bool chinese_card=0; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint8_t blockNo = 0; + bool chinese_card = 0; + uint8_t bldata[16] = {0x00}; UsbCommand resp; if (strlen(Cmd)<3) { @@ -158,10 +209,11 @@ int CmdHF14AMfURdBl(const char *Cmd){ if (isOK) PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4)); else - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); + PrintAndLog("isOk:%02x", isOK); } + else { + PrintAndLog("Command execute timeout"); + } return 0; } @@ -171,19 +223,18 @@ int CmdHF14AMfURdBl(const char *Cmd){ int CmdHF14AMfURdCard(const char *Cmd){ int i; uint8_t BlockNo = 0; - int Pages=16; - uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - bool dump=false; - uint8_t datatemp[5]={0,0,0,0,0}; - + int pages = 16; + uint8_t *lockbytes_t = NULL; + uint8_t lockbytes[2] = {0x00}; + bool bit[16] = {0x00}; + bool dump = false; + uint8_t datatemp[7] = {0x00}; uint8_t isOK = 0; uint8_t * data = NULL; FILE *fout = NULL; if (strchr(Cmd,'x') != 0){ - dump=true; + dump = true; if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) { PrintAndLog("Could not create file name dumpdata.bin"); return 1; @@ -191,7 +242,7 @@ int CmdHF14AMfURdCard(const char *Cmd){ PrintAndLog("Dumping Ultralight Card Data..."); } PrintAndLog("Attempting to Read Ultralight... "); - UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo, Pages}}; + UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo, pages}}; SendCommand(&c); UsbCommand resp; @@ -200,38 +251,8 @@ int CmdHF14AMfURdCard(const char *Cmd){ data = resp.d.asBytes; PrintAndLog("isOk:%02x", isOK); if (isOK) { - - // UID - memcpy( datatemp, data,3); - memcpy( datatemp+3, data+4, 4); - PrintAndLog(" UID :%s ", sprint_hex(datatemp, 7)); - // BBC - // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2 - int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2]; - if ( data[3] == crc0 ) { - PrintAndLog(" BCC0 :%02x - Ok", data[3]); - } - else{ - PrintAndLog(" BCC0 :%02x - crc should be %02x", data[3], crc0); - } - - int crc1 = data[4] ^ data[5] ^ data[6] ^data[7]; - if ( data[8] == crc1 ){ - PrintAndLog(" BCC1 :%02x - Ok", data[8]); - } - else{ - PrintAndLog(" BCC1 :%02x - crc should be %02x", data[8], crc1 ); - } - - PrintAndLog(" Internal :%s ", sprint_hex(data + 9, 1)); - - memcpy(datatemp, data+10, 2); - PrintAndLog(" Lock :%s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) ); - PrintAndLog(" OneTimePad :%s ", sprint_hex(data + 3*4, 4)); - PrintAndLog(""); - - for (i = 0; i < Pages; i++) { + for (i = 0; i < pages; i++) { switch(i){ case 2: //process lock bytes @@ -319,7 +340,7 @@ int CmdHF14AMfURdCard(const char *Cmd){ } } } else { - PrintAndLog("Command1 execute timeout"); + PrintAndLog("Command execute timeout"); } if (dump) fclose(fout); return 0; @@ -327,19 +348,17 @@ int CmdHF14AMfURdCard(const char *Cmd){ int CmdHF14AMfUDump(const char *Cmd){ int i; - uint8_t BlockNo = 0; - int Pages=16; - uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - bool dump=false; - uint8_t datatemp[5]={0,0,0,0,0}; - - uint8_t isOK = 0; - uint8_t * data = NULL; + uint8_t BlockNo = 0; + int Pages = 16; + uint8_t *lockbytes_t = NULL; + uint8_t lockbytes[2] = {0x00}; + bool bit[16] = {0x00}; + uint8_t datatemp[5] = {0x00}; + bool dump = true; + uint8_t isOK = 0; + uint8_t * data = NULL; FILE *fout; - dump=true; if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) { PrintAndLog("Could not create file name dumpdata.bin"); return 1; @@ -468,15 +487,18 @@ void rol (uint8_t *data, const size_t len){ int CmdHF14AMfucAuth(const char *Cmd){ uint8_t blockNo = 0, keyNo=0; - uint8_t e_RndB[8]; + uint8_t e_RndB[8] = {0x00}; uint32_t cuid=0; - unsigned char RndARndB[16]; - uint8_t key[16]; + unsigned char RndARndB[16] = {0x00}; + uint8_t key[16] = {0x00}; DES_cblock RndA, RndB; - DES_cblock iv={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + DES_cblock iv; DES_key_schedule ks1,ks2; DES_cblock key1,key2; + // + memset(iv, 0, 8); + if (strlen(Cmd)<1) { PrintAndLog("Usage: hf mfu auth k "); PrintAndLog(" sample: hf mfu auth k 0"); @@ -566,7 +588,6 @@ int CmdHF14AMfucAuth(const char *Cmd){ // int CmdHF14AMfUCRdBl(const char *Cmd) { - uint8_t blockNo = 0; if (strlen(Cmd)<1) { @@ -607,14 +628,13 @@ int CmdHF14AMfUCRdCard(const char *Cmd){ uint8_t BlockNo = 0; int Pages=44; uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; + uint8_t lockbytes[2]={0x00}; uint8_t *lockbytes_t2=NULL; - uint8_t lockbytes2[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - bool bit2[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + uint8_t lockbytes2[2]={0x00}; + bool bit[16]={0x00}; + bool bit2[16]={0x00}; bool dump=false; - uint8_t datatemp[5]={0,0,0,0,0}; - + uint8_t datatemp[5]={0x00}; uint8_t isOK = 0; uint8_t * data = NULL; FILE *fout = NULL; @@ -635,7 +655,7 @@ int CmdHF14AMfUCRdCard(const char *Cmd){ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { isOK = resp.arg[0] & 0xff; data = resp.d.asBytes; - //Pages=sizeof(data)/sizeof(data[0]); + PrintAndLog("isOk:%02x", isOK); if (isOK) for (i = 0; i < Pages; i++) { @@ -817,25 +837,24 @@ int CmdHF14AMfUCDump(const char *Cmd){ uint8_t BlockNo = 0; int Pages=44; uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; + uint8_t lockbytes[2]={0x00}; uint8_t *lockbytes_t2=NULL; - uint8_t lockbytes2[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - bool bit2[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - bool dump=false; - uint8_t datatemp[5]={0,0,0,0,0}; + uint8_t lockbytes2[2]={0x00}; + bool bit[16]={0x00}; + bool bit2[16]={0x00}; + bool dump=true; + uint8_t datatemp[5]={0x00}; uint8_t isOK = 0; uint8_t * data = NULL; FILE *fout; - dump=true; if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) { PrintAndLog("Could not create file name dumpdata.bin"); return 1; } PrintAndLog("Dumping Ultralight C Card Data..."); - PrintAndLog("Attempting to Read Ultralight C... "); + PrintAndLog("Attempting to Read Ultralight C... "); UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}}; SendCommand(&c); UsbCommand resp; @@ -1024,8 +1043,8 @@ int CmdHF14AMfUCDump(const char *Cmd){ int CmdHF14AMfUCWrBl(const char *Cmd){ uint8_t blockNo = 0; - bool chinese_card=0; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + bool chinese_card = 0; + uint8_t bldata[16] = {0x00}; UsbCommand resp; if (strlen(Cmd)<3) { @@ -1132,22 +1151,22 @@ int CmdHF14AMfUCWrBl(const char *Cmd){ //------------------------------------ static command_t CommandTable[] = { - {"help", CmdHelp, 1,"This help"}, - {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"}, - {"urdbl", CmdHF14AMfURdBl, 0,"Read MIFARE Ultralight block"}, - {"urdcard", CmdHF14AMfURdCard, 0,"Read MIFARE Ultralight Card"}, - {"udump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight tag to binary file"}, - {"uwrbl", CmdHF14AMfUWrBl, 0,"Write MIFARE Ultralight block"}, - {"ucrdbl", CmdHF14AMfUCRdBl, 0,"Read MIFARE Ultralight C block"}, - {"ucrdcard",CmdHF14AMfUCRdCard, 0,"Read MIFARE Ultralight C Card"}, - {"ucdump", CmdHF14AMfUCDump, 0,"Dump MIFARE Ultralight C tag to binary file"}, - {"ucwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"}, - {"auth", CmdHF14AMfucAuth, 0,"Ultralight C Authentication"}, + {"help", CmdHelp, 1,"This help"}, + {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"}, + {"info", CmdHF14AMfUInfo, 0,"Taginfo"}, + {"rdbl", CmdHF14AMfURdBl, 0,"Read block - MIFARE Ultralight"}, + {"rdcard", CmdHF14AMfURdCard, 0,"Read card - MIFARE Ultralight"}, + {"dump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight tag to binary file"}, + {"wrbl", CmdHF14AMfUWrBl, 0,"Write block - MIFARE Ultralight"}, + {"crdbl", CmdHF14AMfUCRdBl, 0,"Read block - MIFARE Ultralight C"}, + {"crdcard", CmdHF14AMfUCRdCard, 0,"Read card - MIFARE Ultralight C"}, + {"cdump", CmdHF14AMfUCDump, 0,"Dump MIFARE Ultralight C tag to binary file"}, + {"cwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"}, + {"cauth", CmdHF14AMfucAuth, 0,"try a Ultralight C Authentication"}, {NULL, NULL, 0, NULL} }; int CmdHFMFUltra(const char *Cmd){ - // flush WaitForResponseTimeout(CMD_ACK,NULL,100); CmdsParse(CommandTable, Cmd); return 0;