]> git.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhfmfu.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ADD: new defines: iso14443_CMD_AUTH_KEYA, iso14443_CMD_AUTH_KEYB, iso14443_CMD_AUTH_R...
[proxmark3-svn] / client / cmdhfmfu.c
1 //-----------------------------------------------------------------------------
2 // Ultralight Code (c) 2013,2014 Midnitesnake & Andy Davies of Pentura
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency MIFARE ULTRALIGHT (C) commands
9 //-----------------------------------------------------------------------------
10 #include <openssl/des.h>
11 #include "cmdhfmf.h"
12 #include "cmdhf14a.h"
13
14 uint8_t MAX_ULTRA_BLOCKS = 0x0f;
15 uint8_t MAX_ULTRAC_BLOCKS = 0x2c;
16 uint8_t key1_blnk_data[16] = { 0x00 };
17 uint8_t key2_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
18 uint8_t key3_3des_data[16] = { 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 };
19 uint8_t key4_nfc_data[16] = { 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 };
20 uint8_t key5_ones_data[16] = { 0x01 };
21
22 static int CmdHelp(const char *Cmd);
23
24 int CmdHF14AMfUInfo(const char *Cmd){
25
26 uint8_t datatemp[7] = {0x00};
27 uint8_t isOK = 0;
28 uint8_t *data = NULL;
29
30 UsbCommand c = {CMD_MIFAREU_READCARD, {0, 4}};
31 SendCommand(&c);
32 UsbCommand resp;
33
34 if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
35 isOK = resp.arg[0] & 0xff;
36 data = resp.d.asBytes;
37
38 if (!isOK) {
39 PrintAndLog("Error reading from tag");
40 return -1;
41 }
42 } else {
43 PrintAndLog("Command execute timed out");
44 return -1;
45 }
46
47 PrintAndLog("");
48 PrintAndLog("-- Mifare Ultralight / Ultralight-C Tag Information ---------");
49 PrintAndLog("-------------------------------------------------------------");
50
51 // UID
52 memcpy( datatemp, data, 3);
53 memcpy( datatemp+3, data+4, 4);
54
55 PrintAndLog("MANUFACTURER : %s", getTagInfo(datatemp[0]));
56 PrintAndLog(" UID : %s ", sprint_hex(datatemp, 7));
57 // BBC
58 // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2
59 int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2];
60 if ( data[3] == crc0 )
61 PrintAndLog(" BCC0 : %02x - Ok", data[3]);
62 else
63 PrintAndLog(" BCC0 : %02x - crc should be %02x", data[3], crc0);
64
65 int crc1 = data[4] ^ data[5] ^ data[6] ^data[7];
66 if ( data[8] == crc1 )
67 PrintAndLog(" BCC1 : %02x - Ok", data[8]);
68 else
69 PrintAndLog(" BCC1 : %02x - crc should be %02x", data[8], crc1 );
70
71 PrintAndLog(" Internal : %s ", sprint_hex(data + 9, 1));
72
73 memcpy(datatemp, data+10, 2);
74 PrintAndLog(" Lock : %s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) );
75 PrintAndLog(" OneTimePad : %s ", sprint_hex(data + 3*4, 4));
76 PrintAndLog("");
77
78 return 0;
79 }
80
81 //
82 // Mifare Ultralight Write Single Block
83 //
84 int CmdHF14AMfUWrBl(const char *Cmd){
85 uint8_t blockNo = 0;
86 bool chinese_card = 0;
87 uint8_t bldata[16] = {0x00};
88 UsbCommand resp;
89
90 if (strlen(Cmd)<3) {
91 PrintAndLog("Usage: hf mfu wrbl <block number> <block data > [w]");
92 PrintAndLog(" [block number] ");
93 PrintAndLog(" [block data] - (8 hex symbols)");
94 PrintAndLog(" [w] - Chinese magic ultralight-c tag ");
95 PrintAndLog("");
96 PrintAndLog(" sample: hf mfu wrbl 0 01020304");
97 return 0;
98 }
99 blockNo = param_get8(Cmd, 0);
100 if (blockNo>MAX_ULTRA_BLOCKS){
101 PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
102 return 1;
103 }
104 if (param_gethex(Cmd, 1, bldata, 8)) {
105 PrintAndLog("Block data must include 8 HEX symbols");
106 return 1;
107 }
108 if (strchr(Cmd,'w') != 0) {
109 chinese_card=1;
110 }
111 switch(blockNo){
112 case 0:
113 if (!chinese_card){
114 PrintAndLog("Access Denied");
115 }else{
116 PrintAndLog("--specialblock no:%02x", blockNo);
117 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
118 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
119 memcpy(d.d.asBytes,bldata, 4);
120 SendCommand(&d);
121 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
122 uint8_t isOK = resp.arg[0] & 0xff;
123 PrintAndLog("isOk:%02x", isOK);
124 } else {
125 PrintAndLog("Command execute timeout");
126 }
127 }
128 break;
129 case 1:
130 if (!chinese_card){
131 PrintAndLog("Access Denied");
132 }else{
133 PrintAndLog("--specialblock no:%02x", blockNo);
134 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
135 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
136 memcpy(d.d.asBytes,bldata, 4);
137 SendCommand(&d);
138 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
139 uint8_t isOK = resp.arg[0] & 0xff;
140 PrintAndLog("isOk:%02x", isOK);
141 } else {
142 PrintAndLog("Command execute timeout");
143 }
144 }
145 break;
146 case 2:
147 if (!chinese_card){
148 PrintAndLog("Access Denied");
149 }else{
150 PrintAndLog("--specialblock no:%02x", blockNo);
151 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
152 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
153 memcpy(c.d.asBytes, bldata, 4);
154 SendCommand(&c);
155 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
156 uint8_t isOK = resp.arg[0] & 0xff;
157 PrintAndLog("isOk:%02x", isOK);
158 } else {
159 PrintAndLog("Command execute timeout");
160 }
161 }
162 break;
163 case 3:
164 PrintAndLog("--specialblock no:%02x", blockNo);
165 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
166 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
167 memcpy(d.d.asBytes,bldata, 4);
168 SendCommand(&d);
169 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
170 uint8_t isOK = resp.arg[0] & 0xff;
171 PrintAndLog("isOk:%02x", isOK);
172 } else {
173 PrintAndLog("Command execute timeout");
174 }
175 break;
176 default:
177 PrintAndLog("--block no:%02x", blockNo);
178 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
179 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
180 memcpy(e.d.asBytes,bldata, 4);
181 SendCommand(&e);
182 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
183 uint8_t isOK = resp.arg[0] & 0xff;
184 PrintAndLog("isOk:%02x", isOK);
185 } else {
186 PrintAndLog("Command execute timeout");
187 }
188 break;
189 }
190 return 0;
191 }
192
193 //
194 // Mifare Ultralight Read Single Block
195 //
196 int CmdHF14AMfURdBl(const char *Cmd){
197
198 uint8_t blockNo = 0;
199
200 if (strlen(Cmd)<1) {
201 PrintAndLog("Usage: hf mfu rdbl <block number>");
202 PrintAndLog(" sample: hfu mfu rdbl 0");
203 return 0;
204 }
205
206 blockNo = param_get8(Cmd, 0);
207 // if (blockNo>MAX_ULTRA_BLOCKS){
208 // PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
209 // return 1;
210 // }
211 PrintAndLog("--block no:%02x", (int)blockNo);
212 UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}};
213 SendCommand(&c);
214
215 UsbCommand resp;
216 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
217 uint8_t isOK = resp.arg[0] & 0xff;
218 uint8_t * data = resp.d.asBytes;
219
220 if (isOK)
221 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
222 else
223 PrintAndLog("isOk:%02x", isOK);
224 }
225 else {
226 PrintAndLog("Command execute timeout");
227 }
228 return 0;
229 }
230
231 //
232 // Mifare Ultralight / Ultralight-C; Read and Dump Card Contents
233 //
234 int CmdHF14AMfUDump(const char *Cmd){
235
236 FILE *fout;
237 char filename[FILE_PATH_SIZE] = {0x00};
238 char * fnameptr = filename;
239
240 uint8_t *lockbytes_t = NULL;
241 uint8_t lockbytes[2] = {0x00};
242
243 uint8_t *lockbytes_t2 = NULL;
244 uint8_t lockbytes2[2] = {0x00};
245
246 bool bit[16] = {0x00};
247 bool bit2[16] = {0x00};
248
249 int i;
250 uint8_t BlockNo = 0;
251 int Pages = 16;
252
253 bool tmplockbit = false;
254 uint8_t isOK = 0;
255 uint8_t *data = NULL;
256
257 char cmdp = param_getchar(Cmd, 0);
258
259 if (cmdp == 'h' || cmdp == 'H') {
260 PrintAndLog("Reads all pages from Mifare Ultralight or Ultralight-C tag.");
261 PrintAndLog("It saves binary dump into the file `filename.bin` or `cardUID.bin`");
262 PrintAndLog("Usage: hf mfu dump <c> <filename w/o .bin>");
263 PrintAndLog(" <c> optional cardtype c == Ultralight-C, if not defaults to Ultralight");
264 PrintAndLog(" sample: hf mfu dump");
265 PrintAndLog(" : hf mfu dump myfile");
266 PrintAndLog(" : hf mfu dump c myfile");
267 return 0;
268 }
269
270 // UL or UL-C?
271 Pages = (cmdp == 'c' || cmdp == 'C') ? 44 : 16;
272
273 PrintAndLog("Dumping Ultralight%s Card Data...", (Pages ==16)?"":"-C");
274
275 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}};
276 SendCommand(&c);
277 UsbCommand resp;
278
279 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
280 isOK = resp.arg[0] & 0xff;
281 if (!isOK) {
282 PrintAndLog("Command error");
283 return 0;
284 }
285 data = resp.d.asBytes;
286 } else {
287 PrintAndLog("Command execute timeout");
288 return 0;
289 }
290
291 // Load lock bytes.
292 int j = 0;
293
294 lockbytes_t = data + 8;
295 lockbytes[0] = lockbytes_t[2];
296 lockbytes[1] = lockbytes_t[3];
297 for(j = 0; j < 16; j++){
298 bit[j] = lockbytes[j/8] & ( 1 <<(7-j%8));
299 }
300
301 // Load bottom lockbytes if available
302 if ( Pages == 44 ) {
303
304 lockbytes_t2 = data + (40*4);
305 lockbytes2[0] = lockbytes_t2[2];
306 lockbytes2[1] = lockbytes_t2[3];
307 for (j = 0; j < 16; j++) {
308 bit2[j] = lockbytes2[j/8] & ( 1 <<(7-j%8));
309 }
310 }
311
312 for (i = 0; i < Pages; ++i) {
313
314 if ( i < 3 ) {
315 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
316 continue;
317 }
318
319 switch(i){
320 case 3: tmplockbit = bit[4]; break;
321 case 4: tmplockbit = bit[3]; break;
322 case 5: tmplockbit = bit[2]; break;
323 case 6: tmplockbit = bit[1]; break;
324 case 7: tmplockbit = bit[0]; break;
325 case 8: tmplockbit = bit[15]; break;
326 case 9: tmplockbit = bit[14]; break;
327 case 10: tmplockbit = bit[13]; break;
328 case 11: tmplockbit = bit[12]; break;
329 case 12: tmplockbit = bit[11]; break;
330 case 13: tmplockbit = bit[10]; break;
331 case 14: tmplockbit = bit[9]; break;
332 case 15: tmplockbit = bit[8]; break;
333 case 16:
334 case 17:
335 case 18:
336 case 19: tmplockbit = bit2[6]; break;
337 case 20:
338 case 21:
339 case 22:
340 case 23: tmplockbit = bit2[5]; break;
341 case 24:
342 case 25:
343 case 26:
344 case 27: tmplockbit = bit2[4]; break;
345 case 28:
346 case 29:
347 case 30:
348 case 31: tmplockbit = bit2[2]; break;
349 case 32:
350 case 33:
351 case 34:
352 case 35: tmplockbit = bit2[1]; break;
353 case 36:
354 case 37:
355 case 38:
356 case 39: tmplockbit = bit2[0]; break;
357 case 40: tmplockbit = bit2[12]; break;
358 case 41: tmplockbit = bit2[11]; break;
359 case 42: tmplockbit = bit2[10]; break; //auth0
360 case 43: tmplockbit = bit2[9]; break; //auth1
361 default: break;
362 }
363 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),tmplockbit);
364 }
365
366 int len = 0;
367 if ( Pages == 16 )
368 len = param_getstr(Cmd,0,filename);
369 else
370 len = param_getstr(Cmd,1,filename);
371
372 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
373
374 // user supplied filename?
375 if (len < 1) {
376
377 // UID = data 0-1-2 4-5-6-7 (skips a beat)
378 sprintf(fnameptr, "%02X", data[0]);
379 fnameptr += 2;
380 sprintf(fnameptr, "%02X", data[1]);
381 fnameptr += 2;
382 sprintf(fnameptr, "%02X", data[2]);
383 fnameptr += 2;
384 sprintf(fnameptr, "%02X", data[4]);
385 fnameptr += 2;
386 sprintf(fnameptr, "%02X", data[5]);
387 fnameptr += 2;
388 sprintf(fnameptr, "%02X", data[6]);
389 fnameptr += 2;
390 sprintf(fnameptr, "%02X", data[7]);
391 fnameptr += 2;
392
393 } else {
394 fnameptr += len;
395 }
396
397 // add file extension
398 sprintf(fnameptr, ".bin");
399
400 if ((fout = fopen(filename,"wb")) == NULL) {
401 PrintAndLog("Could not create file name %s", filename);
402 return 1;
403 }
404 fwrite( data, 1, Pages*4, fout );
405 fclose(fout);
406
407 PrintAndLog("Dumped %d pages, wrote %d bytes to %s", Pages, Pages*4, filename);
408 return 0;
409 }
410
411 // Needed to Authenticate to Ultralight C tags
412 void rol (uint8_t *data, const size_t len){
413 uint8_t first = data[0];
414 for (size_t i = 0; i < len-1; i++) {
415 data[i] = data[i+1];
416 }
417 data[len-1] = first;
418 }
419
420 //-------------------------------------------------------------------------------
421 // Ultralight C Methods
422 //-------------------------------------------------------------------------------
423
424 //
425 // Ultralight C Authentication Demo {currently uses hard-coded key}
426 //
427 int CmdHF14AMfucAuth(const char *Cmd){
428
429 uint8_t blockNo = 0, keyNo = 0;
430 uint8_t e_RndB[8] = {0x00};
431 uint32_t cuid = 0;
432 unsigned char RndARndB[16] = {0x00};
433 uint8_t key[16] = {0x00};
434 DES_cblock RndA, RndB;
435 DES_cblock iv;
436 DES_key_schedule ks1,ks2;
437 DES_cblock key1,key2;
438
439 char cmdp = param_getchar(Cmd, 0);
440 //
441 memset(iv, 0, 8);
442
443 if (cmdp == 'h' || cmdp == 'H') {
444 PrintAndLog("Usage: hf mfu auth k <key number>");
445 PrintAndLog(" 1 = all zeros key");
446 PrintAndLog(" 2 = 0x00-0x0F key");
447 PrintAndLog(" 3 = nfc key");
448 PrintAndLog(" 4 = all ones key");
449 PrintAndLog(" defaults to 3DES standard key");
450 PrintAndLog(" sample : hf mfu auth k");
451 PrintAndLog(" : hf mfu auth k 3");
452 return 0;
453 }
454
455 //Change key to user defined one
456 if (cmdp == 'k' || cmdp == 'K'){
457
458 keyNo = param_get8(Cmd, 1);
459
460 switch(keyNo){
461 case 0:
462 memcpy(key,key1_blnk_data,16);
463 break;
464 case 1:
465 memcpy(key,key2_defa_data,16);
466 break;
467 case 2:
468 memcpy(key,key4_nfc_data,16);
469 break;
470 case 3:
471 memcpy(key,key5_ones_data,16);
472 break;
473 default:
474 memcpy(key,key3_3des_data,16);
475 break;
476 }
477 } else {
478 memcpy(key,key3_3des_data,16);
479 }
480
481 memcpy(key1,key,8);
482 memcpy(key2,key+8,8);
483 DES_set_key((DES_cblock *)key1,&ks1);
484 DES_set_key((DES_cblock *)key2,&ks2);
485
486 //Auth1
487 UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
488 SendCommand(&c);
489 UsbCommand resp;
490 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
491 uint8_t isOK = resp.arg[0] & 0xff;
492 cuid = resp.arg[1];
493 uint8_t * data= resp.d.asBytes;
494
495 if (isOK){
496 PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
497 memcpy(e_RndB,data+1,8);
498 }
499 } else {
500 PrintAndLog("Command execute timeout");
501 return 0;
502 }
503
504 //Do crypto magic
505 DES_random_key(&RndA);
506 DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
507 PrintAndLog(" RndB:%s",sprint_hex(RndB, 8));
508 PrintAndLog(" RndA:%s",sprint_hex(RndA, 8));
509 rol(RndB,8);
510 memcpy(RndARndB,RndA,8);
511 memcpy(RndARndB+8,RndB,8);
512 PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16));
513 DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
514 PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
515
516 //Auth2
517 UsbCommand d = {CMD_MIFAREUC_AUTH2, {cuid}};
518 memcpy(d.d.asBytes,RndARndB, 16);
519 SendCommand(&d);
520
521 UsbCommand respb;
522 if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
523 uint8_t isOK = respb.arg[0] & 0xff;
524 uint8_t * data2= respb.d.asBytes;
525
526 if (isOK){
527 PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
528 }
529 } else {
530 PrintAndLog("Command execute timeout");
531 return 0;
532 }
533 return 1;
534 }
535
536 //
537 // Ultralight C Read Single Block
538 //
539 int CmdHF14AMfUCRdBl(const char *Cmd)
540 {
541 uint8_t blockNo = 0;
542
543 if (strlen(Cmd)<1) {
544 PrintAndLog("Usage: hf mfu crdbl <block number>");
545 PrintAndLog(" sample: hf mfu crdbl 0");
546 return 0;
547 }
548
549 blockNo = param_get8(Cmd, 0);
550 if (blockNo>MAX_ULTRAC_BLOCKS){
551 PrintAndLog("Error: Maximum number of readable blocks is 44 for Ultralight Cards!");
552 return 1;
553 }
554 PrintAndLog("--block no:%02x", (int)blockNo);
555
556 //Read Block
557 UsbCommand e = {CMD_MIFAREU_READBL, {blockNo}};
558 SendCommand(&e);
559 UsbCommand resp_c;
560 if (WaitForResponseTimeout(CMD_ACK,&resp_c,1500)) {
561 uint8_t isOK = resp_c.arg[0] & 0xff;
562 uint8_t * data = resp_c.d.asBytes;
563 if (isOK)
564 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
565 else
566 PrintAndLog("isOk:%02x", isOK);
567 } else {
568 PrintAndLog("Command execute timeout");
569 }
570 return 0;
571 }
572
573 //
574 // Mifare Ultralight C Write Single Block
575 //
576 int CmdHF14AMfUCWrBl(const char *Cmd){
577
578 uint8_t blockNo = 0;
579 bool chinese_card = 0;
580 uint8_t bldata[16] = {0x00};
581 UsbCommand resp;
582
583 if (strlen(Cmd)<3) {
584 PrintAndLog("Usage: hf mfu cwrbl <block number> <block data (8 hex symbols)> [w]");
585 PrintAndLog(" sample: hf mfu wrbl 0 01020304");
586 return 0;
587 }
588 blockNo = param_get8(Cmd, 0);
589 if (blockNo>(MAX_ULTRAC_BLOCKS+4)){
590 PrintAndLog("Error: Maximum number of blocks is 47 for Ultralight Cards!");
591 return 1;
592 }
593 if (param_gethex(Cmd, 1, bldata, 8)) {
594 PrintAndLog("Block data must include 8 HEX symbols");
595 return 1;
596 }
597 if (strchr(Cmd,'w') != 0) {
598 chinese_card=1;
599 }
600 switch(blockNo){
601 case 0:
602 if (!chinese_card){
603 PrintAndLog("Access Denied");
604 }else{
605 PrintAndLog("--specialblock no:%02x", blockNo);
606 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
607 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
608 memcpy(d.d.asBytes,bldata, 4);
609 SendCommand(&d);
610 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
611 uint8_t isOK = resp.arg[0] & 0xff;
612 PrintAndLog("isOk:%02x", isOK);
613 } else {
614 PrintAndLog("Command execute timeout");
615 }
616 }
617 break;
618 case 1:
619 if (!chinese_card){
620 PrintAndLog("Access Denied");
621 }else{
622 PrintAndLog("--specialblock no:%02x", blockNo);
623 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
624 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
625 memcpy(d.d.asBytes,bldata, 4);
626 SendCommand(&d);
627 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
628 uint8_t isOK = resp.arg[0] & 0xff;
629 PrintAndLog("isOk:%02x", isOK);
630 } else {
631 PrintAndLog("Command execute timeout");
632 }
633 }
634 break;
635 case 2:
636 if (!chinese_card){
637 PrintAndLog("Access Denied");
638 }else{
639 PrintAndLog("--specialblock no:%02x", blockNo);
640 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
641 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
642 memcpy(c.d.asBytes, bldata, 4);
643 SendCommand(&c);
644 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
645 uint8_t isOK = resp.arg[0] & 0xff;
646 PrintAndLog("isOk:%02x", isOK);
647 } else {
648 PrintAndLog("Command execute timeout");
649 }
650 }
651 break;
652 case 3:
653 PrintAndLog("--specialblock no:%02x", blockNo);
654 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
655 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
656 memcpy(d.d.asBytes,bldata, 4);
657 SendCommand(&d);
658 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
659 uint8_t isOK = resp.arg[0] & 0xff;
660 PrintAndLog("isOk:%02x", isOK);
661 } else {
662 PrintAndLog("Command execute timeout");
663 }
664 break;
665 default:
666 PrintAndLog("--block no:%02x", blockNo);
667 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
668 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
669 memcpy(e.d.asBytes,bldata, 4);
670 SendCommand(&e);
671 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
672 uint8_t isOK = resp.arg[0] & 0xff;
673 PrintAndLog("isOk:%02x", isOK);
674 } else {
675 PrintAndLog("Command execute timeout");
676 }
677 break;
678 }
679 return 0;
680 }
681
682 //------------------------------------
683 // Menu Stuff
684 //------------------------------------
685 static command_t CommandTable[] =
686 {
687 {"help", CmdHelp, 1,"This help"},
688 {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"},
689 {"info", CmdHF14AMfUInfo, 0,"Taginfo"},
690 {"rdbl", CmdHF14AMfURdBl, 0,"Read block - MIFARE Ultralight"},
691 {"dump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight / Ultralight-C tag to binary file"},
692 {"wrbl", CmdHF14AMfUWrBl, 0,"Write block - MIFARE Ultralight"},
693 {"crdbl", CmdHF14AMfUCRdBl, 0,"Read block - MIFARE Ultralight C"},
694 {"cwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"},
695 {"cauth", CmdHF14AMfucAuth, 0,"try a Ultralight C Authentication"},
696 {NULL, NULL, 0, NULL}
697 };
698
699 int CmdHFMFUltra(const char *Cmd){
700 WaitForResponseTimeout(CMD_ACK,NULL,100);
701 CmdsParse(CommandTable, Cmd);
702 return 0;
703 }
704
705 int CmdHelp(const char *Cmd){
706 CmdsHelp(CommandTable);
707 return 0;
708 }
Proxmark3 GIT tracking
Impressum, Datenschutz