git.zerfleddert.de Git - proxmark3-svn/blobdiff

//-----------------------------------------------------------------------------\r

//\r

// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r

// at your option, any later version. See the LICENSE.txt file for the text of\r

//\r

// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r

// at your option, any later version. See the LICENSE.txt file for the text of\r

//-----------------------------------------------------------------------------\r

\r

#include "cmdhfmf.h"\r

//-----------------------------------------------------------------------------\r

\r

#include "cmdhfmf.h"\r

-#include "proxmark3.h"\r

+\r

+#include <inttypes.h>\r

+#include <string.h>\r

+#include <stdio.h>\r

+#include <stdlib.h>\r

+#include <ctype.h>\r

+#include "comms.h"\r

+#include "cmdmain.h"\r

+#include "cmdhfmfhard.h"\r

+#include "parity.h"\r

+#include "util.h"\r

+#include "util_posix.h"\r

+#include "usb_cmd.h"\r

+#include "ui.h"\r

+#include "mifare/mifarehost.h"\r

+#include "mifare.h"\r

+#include "mifare/mfkey.h"\r

+#include "hardnested/hardnested_bf_core.h"\r

+#include "cliparser/cliparser.h"\r

+#include "cmdhf14a.h"\r

+#include "mifare/mifaredefault.h"\r

+#include "mifare/mifare4.h"\r

+#include "mifare/mad.h"\r

+#include "mifare/ndef.h"\r

+#include "emv/dump.h"\r

+#include "protocols.h"\r

+\r

+#define NESTED_SECTOR_RETRY 10 // how often we try mfested() until we give up\r

\r

static int CmdHelp(const char *Cmd);\r

\r

int CmdHF14AMifare(const char *Cmd)\r

{\r

\r

static int CmdHelp(const char *Cmd);\r

\r

int CmdHF14AMifare(const char *Cmd)\r

{\r

- uint32_t uid = 0;\r

- uint32_t nt = 0;\r

- uint64_t par_list = 0, ks_list = 0, r_key = 0;\r

- uint8_t isOK = 0;\r

- uint8_t keyBlock[8] = {0};\r

-\r

- if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, keyBlock, 8)) {\r

- PrintAndLog("Nt must include 8 HEX symbols");\r

- return 1;\r

+ int isOK = 0;\r

+ uint64_t key = 0;\r

+ isOK = mfDarkside(&key);\r

+ switch (isOK) {\r

+ case -1 : PrintAndLog("Button pressed. Aborted."); return 1;\r

+ case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests)."); return 1;\r

+ case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable)."); return 1;\r

+ case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown");\r

+ PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour."); return 1;\r

+ case -5 : PrintAndLog("Aborted via keyboard."); return 1;\r

+ default : PrintAndLog("Found valid key:%012" PRIx64 "\n", key);\r

}\r

\r

}\r

\r

- \r

- UsbCommand c = {CMD_READER_MIFARE, {(uint32_t)bytes_to_num(keyBlock, 4), 0, 0}};\r

-start:\r

- SendCommand(&c);\r

- \r

- //flush queue\r

- while (ukbhit()) getchar();\r

-\r

- // message\r

- printf("-------------------------------------------------------------------------\n");\r

- printf("Executing command. It may take up to 30 min.\n");\r

- printf("Press the key on proxmark3 device to abort proxmark3.\n");\r

- printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r

- printf("-------------------------------------------------------------------------\n");\r

- \r

- // wait cycle\r

- while (true) {\r

- printf(".");\r

- fflush(stdout);\r

- if (ukbhit()) {\r

- getchar();\r

- printf("\naborted via keyboard!\n");\r

- break;\r

- }\r

- \r

- UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 2000);\r

- if (resp != NULL) {\r

- isOK = resp->arg[0] & 0xff;\r

- \r

- uid = (uint32_t)bytes_to_num(resp->d.asBytes + 0, 4);\r

- nt = (uint32_t)bytes_to_num(resp->d.asBytes + 4, 4);\r

- par_list = bytes_to_num(resp->d.asBytes + 8, 8);\r

- ks_list = bytes_to_num(resp->d.asBytes + 16, 8);\r

- \r

- printf("\n\n");\r

- PrintAndLog("isOk:%02x", isOK);\r

- if (!isOK) PrintAndLog("Proxmark can't get statistic info. Execution aborted.\n");\r

- break;\r

- }\r

- } \r

- printf("\n");\r

- \r

- // error\r

- if (isOK != 1) return 1;\r

- \r

- // execute original function from util nonce2key\r

- if (nonce2key(uid, nt, par_list, ks_list, &r_key)) return 2;\r

- printf("------------------------------------------------------------------\n");\r

- PrintAndLog("Key found:%012llx \n", r_key);\r

-\r

- num_to_bytes(r_key, 6, keyBlock);\r

- isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r

- if (!isOK) \r

- PrintAndLog("Found valid key:%012llx", r_key);\r

- else\r

- {\r

- PrintAndLog("Found invalid key. ( Nt=%08x ,Trying use it to run again...", nt); \r

- c.arg[0] = nt;\r

- goto start;\r

- }\r

- \r

+ PrintAndLog("");\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

+\r

int CmdHF14AMfWrBl(const char *Cmd)\r

{\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r

int CmdHF14AMfWrBl(const char *Cmd)\r

{\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r

- \r

- char cmdp = 0x00;\r

+\r

+ char cmdp = 0x00;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");\r

PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");\r

return 0;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");\r

PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");\r

return 0;\r

- } \r

+ }\r

\r

blockNo = param_get8(Cmd, 0);\r

cmdp = param_getchar(Cmd, 1);\r

\r

blockNo = param_get8(Cmd, 0);\r

cmdp = param_getchar(Cmd, 1);\r

PrintAndLog("Block data must include 32 HEX symbols");\r

return 1;\r

}\r

PrintAndLog("Block data must include 32 HEX symbols");\r

return 1;\r

}\r

- PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));\r

+ PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r

PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r

- \r

- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r

+\r

+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r

memcpy(c.d.asBytes, key, 6);\r

memcpy(c.d.asBytes + 10, bldata, 16);\r

memcpy(c.d.asBytes, key, 6);\r

memcpy(c.d.asBytes + 10, bldata, 16);\r

- SendCommand(&c);\r

- UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

-\r

- if (resp != NULL) {\r

- uint8_t isOK = resp->arg[0] & 0xff;\r

+ SendCommand(&c);\r

\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ uint8_t isOK = resp.arg[0] & 0xff;\r

PrintAndLog("isOk:%02x", isOK);\r

} else {\r

PrintAndLog("Command execute timeout");\r

PrintAndLog("isOk:%02x", isOK);\r

} else {\r

PrintAndLog("Command execute timeout");\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

- \r

- char cmdp = 0x00;\r

+\r

+ char cmdp = 0x00;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r

return 0;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r

return 0;\r

- } \r

- \r

+ }\r

+\r

blockNo = param_get8(Cmd, 0);\r

cmdp = param_getchar(Cmd, 1);\r

if (cmdp == 0x00) {\r

blockNo = param_get8(Cmd, 0);\r

cmdp = param_getchar(Cmd, 1);\r

if (cmdp == 0x00) {\r

PrintAndLog("Key must include 12 HEX symbols");\r

return 1;\r

}\r

PrintAndLog("Key must include 12 HEX symbols");\r

return 1;\r

}\r

- PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));\r

- \r

- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r

+ PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r

+\r

+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r

memcpy(c.d.asBytes, key, 6);\r

- SendCommand(&c);\r

- UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

+ SendCommand(&c);\r

\r

- if (resp != NULL) {\r

- uint8_t isOK = resp->arg[0] & 0xff;\r

- uint8_t * data = resp->d.asBytes;\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ uint8_t isOK = resp.arg[0] & 0xff;\r

+ uint8_t *data = resp.d.asBytes;\r

\r

- if (isOK)\r

+ if (isOK) {\r

PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));\r

- else\r

+ } else {\r

PrintAndLog("isOk:%02x", isOK);\r

+ return 1;\r

+ }\r

+\r

+ if (mfIsSectorTrailer(blockNo) && (data[6] || data[7] || data[8])) {\r

+ PrintAndLogEx(NORMAL, "Trailer decoded:");\r

+ int bln = mfFirstBlockOfSector(mfSectorNum(blockNo));\r

+ int blinc = (mfNumBlocksPerSector(mfSectorNum(blockNo)) > 4) ? 5 : 1;\r

+ for (int i = 0; i < 4; i++) {\r

+ PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &data[6]));\r

+ bln += blinc;\r

+ }\r

+ PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&data[9], 1));\r

+ }\r

} else {\r

PrintAndLog("Command execute timeout");\r

} else {\r

PrintAndLog("Command execute timeout");\r

+ return 2;\r

}\r

\r

}\r

\r

- return 0;\r

+ return 0;\r

}\r

\r

int CmdHF14AMfRdSc(const char *Cmd)\r

}\r

\r

int CmdHF14AMfRdSc(const char *Cmd)\r

uint8_t sectorNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

uint8_t sectorNo = 0;\r

uint8_t keyType = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

- \r

uint8_t isOK = 0;\r

- uint8_t * data = NULL;\r

-\r

- char cmdp = 0x00;\r

+ uint8_t *data = NULL;\r

+ char cmdp = 0x00;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf rdsc <sector number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" sample: hf mf rdsc 0 A FFFFFFFFFFFF ");\r

return 0;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage: hf mf rdsc <sector number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" sample: hf mf rdsc 0 A FFFFFFFFFFFF ");\r

return 0;\r

- } \r

- \r

+ }\r

+\r

sectorNo = param_get8(Cmd, 0);\r

- if (sectorNo > 63) {\r

- PrintAndLog("Sector number must be less than 64");\r

+ if (sectorNo > 39) {\r

+ PrintAndLog("Sector number must be less than 40");\r

return 1;\r

}\r

cmdp = param_getchar(Cmd, 1);\r

return 1;\r

}\r

cmdp = param_getchar(Cmd, 1);\r

- if (cmdp == 0x00) {\r

+ if (cmdp != 'a' && cmdp != 'A' && cmdp != 'b' && cmdp != 'B') {\r

PrintAndLog("Key type must be A or B");\r

return 1;\r

}\r

PrintAndLog("Key type must be A or B");\r

return 1;\r

}\r

PrintAndLog("Key must include 12 HEX symbols");\r

return 1;\r

}\r

PrintAndLog("Key must include 12 HEX symbols");\r

return 1;\r

}\r

- PrintAndLog("--sector no:%02x key type:%02x key:%s ", sectorNo, keyType, sprint_hex(key, 6));\r

- \r

- UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r

+ PrintAndLog("--sector no:%d key type:%c key:%s ", sectorNo, keyType?'B':'A', sprint_hex(key, 6));\r

+\r

+ UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r

memcpy(c.d.asBytes, key, 6);\r

- SendCommand(&c);\r

- UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

+ SendCommand(&c);\r

PrintAndLog(" ");\r

\r

PrintAndLog(" ");\r

\r

- if (resp != NULL) {\r

- isOK = resp->arg[0] & 0xff;\r

- data = resp->d.asBytes;\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ isOK = resp.arg[0] & 0xff;\r

+ data = resp.d.asBytes;\r

\r

PrintAndLog("isOk:%02x", isOK);\r

\r

PrintAndLog("isOk:%02x", isOK);\r

- if (isOK) \r

- for (i = 0; i < 2; i++) {\r

- PrintAndLog("data:%s", sprint_hex(data + i * 16, 16));\r

+ if (isOK) {\r

+ for (i = 0; i < (sectorNo<32?3:15); i++) {\r

+ PrintAndLog("data : %s", sprint_hex(data + i * 16, 16));\r

}\r

+ PrintAndLog("trailer: %s", sprint_hex(data + (sectorNo<32?3:15) * 16, 16));\r

+\r

+ PrintAndLogEx(NORMAL, "Trailer decoded:");\r

+ int bln = mfFirstBlockOfSector(sectorNo);\r

+ int blinc = (mfNumBlocksPerSector(sectorNo) > 4) ? 5 : 1;\r

+ for (i = 0; i < 4; i++) {\r

+ PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &(data + (sectorNo<32?3:15) * 16)[6]));\r

+ bln += blinc;\r

+ }\r

+ PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&(data + (sectorNo<32?3:15) * 16)[9], 1));\r

+ }\r

} else {\r

- PrintAndLog("Command1 execute timeout");\r

+ PrintAndLog("Command execute timeout");\r

}\r

\r

}\r

\r

- // response2\r

- resp = WaitForResponseTimeout(CMD_ACK, 500);\r

- PrintAndLog(" ");\r

+ return 0;\r

+}\r

\r

- if (resp != NULL) {\r

- isOK = resp->arg[0] & 0xff;\r

- data = resp->d.asBytes;\r

+uint8_t FirstBlockOfSector(uint8_t sectorNo)\r

+{\r

+ if (sectorNo < 32) {\r

+ return sectorNo * 4;\r

+ } else {\r

+ return 32 * 4 + (sectorNo - 32) * 16;\r

+ }\r

+}\r

\r

- if (isOK) \r

- for (i = 0; i < 2; i++) {\r

- PrintAndLog("data:%s", sprint_hex(data + i * 16, 16));\r

- }\r

+uint8_t NumBlocksPerSector(uint8_t sectorNo)\r

+{\r

+ if (sectorNo < 32) {\r

+ return 4;\r

} else {\r

- PrintAndLog("Command2 execute timeout");\r

+ return 16;\r

+ }\r

+}\r

+\r

+static int ParamCardSizeSectors(const char c) {\r

+ int numSectors = 16;\r

+ switch (c) {\r

+ case '0' : numSectors = 5; break;\r

+ case '2' : numSectors = 32; break;\r

+ case '4' : numSectors = 40; break;\r

+ default: numSectors = 16;\r

+ }\r

+ return numSectors;\r

+}\r

+\r

+static int ParamCardSizeBlocks(const char c) {\r

+ int numBlocks = 16 * 4;\r

+ switch (c) {\r

+ case '0' : numBlocks = 5 * 4; break;\r

+ case '2' : numBlocks = 32 * 4; break;\r

+ case '4' : numBlocks = 32 * 4 + 8 * 16; break;\r

+ default: numBlocks = 16 * 4;\r

}\r

- \r

- return 0;\r

+ return numBlocks;\r

}\r

\r

int CmdHF14AMfDump(const char *Cmd)\r

{\r

}\r

\r

int CmdHF14AMfDump(const char *Cmd)\r

{\r

- int i, j;\r

- \r

- uint8_t keyA[40][6];\r

- uint8_t keyB[40][6];\r

+ uint8_t sectorNo, blockNo;\r

+\r

+ uint8_t keys[2][40][6];\r

uint8_t rights[40][4];\r

- \r

+ uint8_t carddata[256][16];\r

+ uint8_t numSectors = 16;\r

+\r

FILE *fin;\r

FILE *fout;\r

FILE *fin;\r

FILE *fout;\r

- \r

- UsbCommand *resp;\r

- \r

+\r

+ UsbCommand resp;\r

+\r

+ char cmdp = param_getchar(Cmd, 0);\r

+ numSectors = ParamCardSizeSectors(cmdp);\r

+\r

+ if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') {\r

+ PrintAndLog("Usage: hf mf dump [card memory] [k|m]");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog(" k: Always try using both Key A and Key B for each sector, even if access bits would prohibit it");\r

+ PrintAndLog(" m: When missing access bits or keys, replace that block with NULL");\r

+ PrintAndLog("");\r

+ PrintAndLog("Samples: hf mf dump");\r

+ PrintAndLog(" hf mf dump 4");\r

+ PrintAndLog(" hf mf dump 4 m");\r

+ return 0;\r

+ }\r

+\r

+ char opts = param_getchar(Cmd, 1);\r

+ bool useBothKeysAlways = false;\r

+ if (opts == 'k' || opts == 'K') useBothKeysAlways = true;\r

+ bool nullMissingKeys = false;\r

+ if (opts == 'm' || opts == 'M') nullMissingKeys = true;\r

+\r

if ((fin = fopen("dumpkeys.bin","rb")) == NULL) {\r

PrintAndLog("Could not find file dumpkeys.bin");\r

return 1;\r

}\r

if ((fin = fopen("dumpkeys.bin","rb")) == NULL) {\r

PrintAndLog("Could not find file dumpkeys.bin");\r

return 1;\r

}\r

- \r

- if ((fout = fopen("dumpdata.bin","wb")) == NULL) { \r

- PrintAndLog("Could not create file name dumpdata.bin");\r

- return 1;\r

- }\r

- \r

- // Read key file\r

- \r

- for (i=0 ; i<16 ; i++) {\r

- fread ( keyA[i], 1, 6, fin );\r

- }\r

- for (i=0 ; i<16 ; i++) {\r

- fread ( keyB[i], 1, 6, fin );\r

+\r

+ // Read keys from file\r

+ for (int group=0; group<=1; group++) {\r

+ for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r

+ size_t bytes_read = fread(keys[group][sectorNo], 1, 6, fin);\r

+ if (bytes_read != 6) {\r

+ PrintAndLog("File reading error.");\r

+ fclose(fin);\r

+ return 2;\r

+ }\r

}\r

- \r

- // Read access rights to sectors\r

- \r

+\r

+ fclose(fin);\r

+\r

PrintAndLog("|-----------------------------------------|");\r

PrintAndLog("|------ Reading sector access bits...-----|");\r

PrintAndLog("|-----------------------------------------|");\r

PrintAndLog("|------ Reading sector access bits...-----|");\r

PrintAndLog("|-----------------------------------------|");\r

- \r

- for (i = 0 ; i < 16 ; i++) {\r

- UsbCommand c = {CMD_MIFARE_READBL, {4*i + 3, 0, 0}};\r

- memcpy(c.d.asBytes, keyA[i], 6);\r

- SendCommand(&c);\r

- resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

-\r

- if (resp != NULL) {\r

- uint8_t isOK = resp->arg[0] & 0xff;\r

- uint8_t *data = resp->d.asBytes;\r

- if (isOK){\r

- rights[i][0] = ((data[7] & 0x10)>>4) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>2);\r

- rights[i][1] = ((data[7] & 0x20)>>5) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>3);\r

- rights[i][2] = ((data[7] & 0x40)>>6) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>4);\r

- rights[i][3] = ((data[7] & 0x80)>>7) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>5);\r

+ uint8_t tries = 0;\r

+ for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r

+ for (tries = 0; tries < 3; tries++) {\r

+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r

+ // At least the Access Conditions can always be read with key A.\r

+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r

+ SendCommand(&c);\r

+\r

+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ uint8_t isOK = resp.arg[0] & 0xff;\r

+ uint8_t *data = resp.d.asBytes;\r

+ if (isOK){\r

+ rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0\r

+ rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1\r

+ rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2\r

+ rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer\r

+ break;\r

+ } else if (tries == 2) { // on last try set defaults\r

+ PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);\r

+ rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r

+ rights[sectorNo][3] = 0x01;\r

}\r

- else{\r

- PrintAndLog("Could not get access rights for block %d", i);\r

+ } else {\r

+ PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);\r

+ rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;\r

+ rights[sectorNo][3] = 0x01;\r

}\r

- else {\r

- PrintAndLog("Command execute timeout");\r

- }\r

}\r

- \r

- // Read blocks and print to file\r

- \r

+\r

PrintAndLog("|-----------------------------------------|");\r

PrintAndLog("|----- Dumping all blocks to file... -----|");\r

PrintAndLog("|-----------------------------------------|");\r

PrintAndLog("|----- Dumping all blocks to file... -----|");\r

PrintAndLog("|-----------------------------------------|");\r

- \r

- for (i=0 ; i<16 ; i++) {\r

- for (j=0 ; j<4 ; j++) {\r

- if (j == 3){\r

- UsbCommand c = {CMD_MIFARE_READBL, {i*4 + j, 0, 0}};\r

- memcpy(c.d.asBytes, keyA[i], 6);\r

- SendCommand(&c);\r

- resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

- }\r

- else{\r

- if ((rights[i][j] == 6) | (rights[i][j] == 5)) {\r

- UsbCommand c = {CMD_MIFARE_READBL, {i*4+j, 1, 0}};\r

- memcpy(c.d.asBytes, keyB[i], 6);\r

+\r

+ bool isOK = true;\r

+ for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r

+ for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r

+ bool received = false;\r

+ for (tries = 0; tries < 3; tries++) {\r

+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.\r

+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r

+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r

SendCommand(&c);\r

- resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

- }\r

- else if (rights[i][j] == 7) {\r

- PrintAndLog("Access rights do not allow reading of sector %d block %d",i,j);\r

+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r

+ } else if (useBothKeysAlways) {\r

+ // Always try both keys, even if access conditions wouldn't work.\r

+ for (int k=0; k<=1; k++) {\r

+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r

+ memcpy(c.d.asBytes, keys[k][sectorNo], 6);\r

+ SendCommand(&c);\r

+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r

+\r

+ // Don't try the other one on success.\r

+ if (resp.arg[0] & 0xff) break;\r

+ }\r

+ } else { // data block. Check if it can be read with key A or key B\r

+ uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r

+ if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r

+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r

+ memcpy(c.d.asBytes, keys[1][sectorNo], 6);\r

+ SendCommand(&c);\r

+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r

+ } else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r

+ PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r

+ if (nullMissingKeys) {\r

+ memset(resp.d.asBytes, 0, 16);\r

+ resp.arg[0] = 1;\r

+ PrintAndLog(" ... filling the block with NULL");\r

+ received = true;\r

+ } else {\r

+ isOK = false;\r

+ tries = 2;\r

+ }\r

+ } else { // key A would work\r

+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r

+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r

+ SendCommand(&c);\r

+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r

+ }\r

}\r

- else {\r

- UsbCommand c = {CMD_MIFARE_READBL, {i*4+j, 0, 0}};\r

- memcpy(c.d.asBytes, keyA[i], 6);\r

- SendCommand(&c);\r

- resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

+ if (received) {\r

+ isOK = resp.arg[0] & 0xff;\r

+ if (isOK) break;\r

}\r

\r

}\r

\r

- if (resp != NULL) {\r

- uint8_t isOK = resp->arg[0] & 0xff;\r

- uint8_t *data = resp->d.asBytes;\r

- if (j == 3) {\r

- data[0] = (keyA[i][0]);\r

- data[1] = (keyA[i][1]);\r

- data[2] = (keyA[i][2]);\r

- data[3] = (keyA[i][3]);\r

- data[4] = (keyA[i][4]);\r

- data[5] = (keyA[i][5]);\r

- data[10] = (keyB[i][0]);\r

- data[11] = (keyB[i][1]);\r

- data[12] = (keyB[i][2]);\r

- data[13] = (keyB[i][3]);\r

- data[14] = (keyB[i][4]);\r

- data[15] = (keyB[i][5]);\r

+ if (received) {\r

+ isOK = resp.arg[0] & 0xff;\r

+ uint8_t *data = resp.d.asBytes;\r

+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. Fill in the keys.\r

+ memcpy(data, keys[0][sectorNo], 6);\r

+ memcpy(data + 10, keys[1][sectorNo], 6);\r

}\r

if (isOK) {\r

}\r

if (isOK) {\r

- fwrite ( data, 1, 16, fout );\r

- }\r

- else {\r

- PrintAndLog("Could not get access rights for block %d", i);\r

+ memcpy(carddata[FirstBlockOfSector(sectorNo) + blockNo], data, 16);\r

+ PrintAndLog("Successfully read block %2d of sector %2d.", blockNo, sectorNo);\r

+ } else {\r

+ PrintAndLog("Could not read block %2d of sector %2d", blockNo, sectorNo);\r

+ break;\r

}\r

else {\r

}\r

else {\r

- PrintAndLog("Command execute timeout");\r

+ isOK = false;\r

+ PrintAndLog("Command execute timeout when trying to read block %2d of sector %2d.", blockNo, sectorNo);\r

+ break;\r

}\r

- \r

- fclose(fin);\r

- fclose(fout);\r

- \r

- return 0;\r

+\r

+ if (isOK) {\r

+ if ((fout = fopen("dumpdata.bin","wb")) == NULL) {\r

+ PrintAndLog("Could not create file name dumpdata.bin");\r

+ return 1;\r

+ }\r

+ uint16_t numblocks = FirstBlockOfSector(numSectors - 1) + NumBlocksPerSector(numSectors - 1);\r

+ fwrite(carddata, 1, 16*numblocks, fout);\r

+ fclose(fout);\r

+ PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks);\r

+ }\r

+\r

+ return 0;\r

}\r

\r

int CmdHF14AMfRestore(const char *Cmd)\r

{\r

}\r

\r

int CmdHF14AMfRestore(const char *Cmd)\r

{\r

-\r

- int i,j;\r

+ uint8_t sectorNo,blockNo;\r

uint8_t keyType = 0;\r

- uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r

- uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r

- uint8_t keyA[16][6];\r

- uint8_t keyB[16][6];\r

- \r

+ uint8_t key[6] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};\r

+ uint8_t bldata[16] = {0x00};\r

+ uint8_t keyA[40][6];\r

+ uint8_t keyB[40][6];\r

+ uint8_t numSectors;\r

+\r

FILE *fdump;\r

FILE *fkeys;\r

FILE *fdump;\r

FILE *fkeys;\r

- \r

- if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {\r

- PrintAndLog("Could not find file dumpdata.bin");\r

- return 1;\r

+\r

+ char cmdp = param_getchar(Cmd, 0);\r

+ switch (cmdp) {\r

+ case '0' : numSectors = 5; break;\r

+ case '1' :\r

+ case '\0': numSectors = 16; break;\r

+ case '2' : numSectors = 32; break;\r

+ case '4' : numSectors = 40; break;\r

+ default: numSectors = 16;\r

+ }\r

+\r

+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {\r

+ PrintAndLog("Usage: hf mf restore [card memory]");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog("");\r

+ PrintAndLog("Samples: hf mf restore");\r

+ PrintAndLog(" hf mf restore 4");\r

+ return 0;\r

}\r

+\r

if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) {\r

PrintAndLog("Could not find file dumpkeys.bin");\r

return 1;\r

}\r

if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) {\r

PrintAndLog("Could not find file dumpkeys.bin");\r

return 1;\r

}\r

- \r

- for (i=0 ; i<16 ; i++) {\r

- fread(keyA[i], 1, 6, fkeys);\r

+\r

+ for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r

+ size_t bytes_read = fread(keyA[sectorNo], 1, 6, fkeys);\r

+ if (bytes_read != 6) {\r

+ PrintAndLog("File reading error (dumpkeys.bin).");\r

+ fclose(fkeys);\r

+ return 2;\r

+ }\r

+\r

+ for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r

+ size_t bytes_read = fread(keyB[sectorNo], 1, 6, fkeys);\r

+ if (bytes_read != 6) {\r

+ PrintAndLog("File reading error (dumpkeys.bin).");\r

+ fclose(fkeys);\r

+ return 2;\r

+ }\r

}\r

- for (i=0 ; i<16 ; i++) {\r

- fread(keyB[i], 1, 6, fkeys);\r

+\r

+ fclose(fkeys);\r

+\r

+ if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {\r

+ PrintAndLog("Could not find file dumpdata.bin");\r

+ return 1;\r

}\r

- \r

PrintAndLog("Restoring dumpdata.bin to card");\r

\r

PrintAndLog("Restoring dumpdata.bin to card");\r

\r

- for (i=0 ; i<16 ; i++) {\r

- for( j=0 ; j<4 ; j++) {\r

- UsbCommand c = {CMD_MIFARE_WRITEBL, {i*4 + j, keyType, 0}};\r

+ for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r

+ for(blockNo = 0; blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r

+ UsbCommand c = {CMD_MIFARE_WRITEBL, {FirstBlockOfSector(sectorNo) + blockNo, keyType, 0}};\r

memcpy(c.d.asBytes, key, 6);\r

- \r

- fread(bldata, 1, 16, fdump);\r

- \r

- if (j == 3) {\r

- bldata[0] = (keyA[i][0]);\r

- bldata[1] = (keyA[i][1]);\r

- bldata[2] = (keyA[i][2]);\r

- bldata[3] = (keyA[i][3]);\r

- bldata[4] = (keyA[i][4]);\r

- bldata[5] = (keyA[i][5]);\r

- bldata[10] = (keyB[i][0]);\r

- bldata[11] = (keyB[i][1]);\r

- bldata[12] = (keyB[i][2]);\r

- bldata[13] = (keyB[i][3]);\r

- bldata[14] = (keyB[i][4]);\r

- bldata[15] = (keyB[i][5]);\r

- } \r

- \r

- PrintAndLog("Writing to block %2d: %s", i*4+j, sprint_hex(bldata, 16));\r

- \r

- /*\r

- PrintAndLog("Writing to block %2d: %s Confirm? [Y,N]", i*4+j, sprint_hex(bldata, 16));\r

- \r

- scanf("%c",&ch);\r

- if ((ch != 'y') && (ch != 'Y')){\r

- PrintAndLog("Aborting !");\r

- return 1;\r

+\r

+ size_t bytes_read = fread(bldata, 1, 16, fdump);\r

+ if (bytes_read != 16) {\r

+ PrintAndLog("File reading error (dumpdata.bin).");\r

+ fclose(fdump);\r

+ return 2;\r

+ }\r

+\r

+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer\r

+ bldata[0] = (keyA[sectorNo][0]);\r

+ bldata[1] = (keyA[sectorNo][1]);\r

+ bldata[2] = (keyA[sectorNo][2]);\r

+ bldata[3] = (keyA[sectorNo][3]);\r

+ bldata[4] = (keyA[sectorNo][4]);\r

+ bldata[5] = (keyA[sectorNo][5]);\r

+ bldata[10] = (keyB[sectorNo][0]);\r

+ bldata[11] = (keyB[sectorNo][1]);\r

+ bldata[12] = (keyB[sectorNo][2]);\r

+ bldata[13] = (keyB[sectorNo][3]);\r

+ bldata[14] = (keyB[sectorNo][4]);\r

+ bldata[15] = (keyB[sectorNo][5]);\r

}\r

- */\r

- \r

+\r

+ PrintAndLog("Writing to block %3d: %s", FirstBlockOfSector(sectorNo) + blockNo, sprint_hex(bldata, 16));\r

+\r

memcpy(c.d.asBytes + 10, bldata, 16);\r

SendCommand(&c);\r

memcpy(c.d.asBytes + 10, bldata, 16);\r

SendCommand(&c);\r

- UsbCommand *resp = WaitForResponseTimeout(CMD_ACK, 1500);\r

\r

- if (resp != NULL) {\r

- uint8_t isOK = resp->arg[0] & 0xff;\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ uint8_t isOK = resp.arg[0] & 0xff;\r

PrintAndLog("isOk:%02x", isOK);\r

} else {\r

PrintAndLog("Command execute timeout");\r

}\r

PrintAndLog("isOk:%02x", isOK);\r

} else {\r

PrintAndLog("Command execute timeout");\r

}\r

- \r

+\r

fclose(fdump);\r

- fclose(fkeys);\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

-int CmdHF14AMfNested(const char *Cmd)\r

-{\r

+//----------------------------------------------\r

+// Nested\r

+//----------------------------------------------\r

+\r

+static void parseParamTDS(const char *Cmd, const uint8_t indx, bool *paramT, bool *paramD, uint16_t *timeout) {\r

+ char ctmp3[4] = {0};\r

+ int len = param_getlength(Cmd, indx);\r

+ if (len > 0 && len < 4){\r

+ param_getstr(Cmd, indx, ctmp3, sizeof(ctmp3));\r

+\r

+ *paramT |= (ctmp3[0] == 't' || ctmp3[0] == 'T');\r

+ *paramD |= (ctmp3[0] == 'd' || ctmp3[0] == 'D');\r

+ bool paramS1 = *paramT || *paramD;\r

+\r

+ // slow and very slow\r

+ if (ctmp3[0] == 's' || ctmp3[0] == 'S' || ctmp3[1] == 's' || ctmp3[1] == 'S') {\r

+ *timeout = MF_CHKKEYS_SLOWTIMEOUT; // slow\r

+\r

+ if (!paramS1 && (ctmp3[1] == 's' || ctmp3[1] == 'S')) {\r

+ *timeout = MF_CHKKEYS_VERYSLOWTIMEOUT; // very slow\r

+ }\r

+ if (paramS1 && (ctmp3[2] == 's' || ctmp3[2] == 'S')) {\r

+ *timeout = MF_CHKKEYS_VERYSLOWTIMEOUT; // very slow\r

+ }\r

+}\r

+\r

+int CmdHF14AMfNested(const char *Cmd) {\r

int i, j, res, iterations;\r

- sector * e_sector = NULL;\r

+ sector_t *e_sector = NULL;\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t trgBlockNo = 0;\r

uint8_t trgKeyType = 0;\r

uint8_t blockNo = 0;\r

uint8_t keyType = 0;\r

uint8_t trgBlockNo = 0;\r

uint8_t trgKeyType = 0;\r

- uint8_t blDiff = 0;\r

- int SectorsCnt = 0;\r

+ uint8_t SectorsCnt = 0;\r

uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

- uint8_t keyBlock[16 * 6];\r

+ uint8_t keyBlock[MifareDefaultKeysSize * 6];\r

uint64_t key64 = 0;\r

- int transferToEml = 0;\r

- \r

- int createDumpFile = 0;\r

+ // timeout in units. (ms * 106) or us*0.106\r

+ uint16_t timeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default\r

+\r

+ bool autosearchKey = false;\r

+\r

+ bool transferToEml = false;\r

+ bool createDumpFile = false;\r

FILE *fkeys;\r

uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r

uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r

FILE *fkeys;\r

uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r

uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r

- \r

+\r

char cmdp, ctmp;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage:");\r

char cmdp, ctmp;\r

\r

if (strlen(Cmd)<3) {\r

PrintAndLog("Usage:");\r

- PrintAndLog(" all sectors: hf mf nested <card memory> <block number> <key A/B> <key (12 hex symbols)> [t,d]");\r

+ PrintAndLog(" all sectors: hf mf nested <card memory> <block number> <key A/B> <key (12 hex symbols)> [t|d|s|ss]");\r

+ PrintAndLog(" all sectors autosearch key: hf mf nested <card memory> * [t|d|s|ss]");\r

PrintAndLog(" one sector: hf mf nested o <block number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" <target block number> <target key A/B> [t]");\r

PrintAndLog(" one sector: hf mf nested o <block number> <key A/B> <key (12 hex symbols)>");\r

PrintAndLog(" <target block number> <target key A/B> [t]");\r

+ PrintAndLog(" ");\r

PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r

- PrintAndLog("t - transfer keys into emulator memory");\r

- PrintAndLog("d - write keys to binary file");\r

+ PrintAndLog("t - transfer keys to emulator memory");\r

+ PrintAndLog("d - write keys to binary file dumpkeys.bin");\r

+ PrintAndLog("s - Slow (1ms) check keys (required by some non standard cards)");\r

+ PrintAndLog("ss - Very slow (5ms) check keys");\r

PrintAndLog(" ");\r

PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF ");\r

PrintAndLog(" ");\r

PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF ");\r

- PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF t ");\r

- PrintAndLog(" sample1: hf mf nested 1 0 A FFFFFFFFFFFF d ");\r

- PrintAndLog(" sample2: hf mf nested o 0 A FFFFFFFFFFFF 4 A");\r

+ PrintAndLog(" sample2: hf mf nested 1 0 A FFFFFFFFFFFF t ");\r

+ PrintAndLog(" sample3: hf mf nested 1 0 A FFFFFFFFFFFF d ");\r

+ PrintAndLog(" sample4: hf mf nested o 0 A FFFFFFFFFFFF 4 A");\r

+ PrintAndLog(" sample5: hf mf nested 1 * t");\r

+ PrintAndLog(" sample6: hf mf nested 1 * ss");\r

return 0;\r

- } \r

- \r

- cmdp = param_getchar(Cmd, 0);\r

- blockNo = param_get8(Cmd, 1);\r

- ctmp = param_getchar(Cmd, 2);\r

- if (ctmp == 0x00) {\r

- PrintAndLog("Key type must be A or B");\r

- return 1;\r

- }\r

- if (ctmp != 'A' && ctmp != 'a') keyType = 1;\r

- if (param_gethex(Cmd, 3, key, 12)) {\r

- PrintAndLog("Key must include 12 HEX symbols");\r

- return 1;\r

}\r

- \r

+\r

+ // <card memory>\r

+ cmdp = param_getchar(Cmd, 0);\r

if (cmdp == 'o' || cmdp == 'O') {\r

cmdp = 'o';\r

if (cmdp == 'o' || cmdp == 'O') {\r

cmdp = 'o';\r

- trgBlockNo = param_get8(Cmd, 4);\r

- ctmp = param_getchar(Cmd, 5);\r

- if (ctmp == 0x00) {\r

- PrintAndLog("Target key type must be A or B");\r

+ SectorsCnt = 1;\r

+ } else {\r

+ SectorsCnt = ParamCardSizeSectors(cmdp);\r

+ }\r

+\r

+ // <block number>. number or autosearch key (*)\r

+ if (param_getchar(Cmd, 1) == '*') {\r

+ autosearchKey = true;\r

+\r

+ parseParamTDS(Cmd, 2, &transferToEml, &createDumpFile, &timeout14a);\r

+\r

+ PrintAndLog("--nested. sectors:%2d, block no:*, eml:%c, dmp=%c checktimeout=%d us",\r

+ SectorsCnt, transferToEml?'y':'n', createDumpFile?'y':'n', ((uint32_t)timeout14a * 1000) / 106);\r

+ } else {\r

+ blockNo = param_get8(Cmd, 1);\r

+\r

+ ctmp = param_getchar(Cmd, 2);\r

+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r

+ PrintAndLog("Key type must be A or B");\r

return 1;\r

}\r

return 1;\r

}\r

- if (ctmp != 'A' && ctmp != 'a') trgKeyType = 1;\r

- } else {\r

- switch (cmdp) {\r

- case '0': SectorsCnt = 05; break;\r

- case '1': SectorsCnt = 16; break;\r

- case '2': SectorsCnt = 32; break;\r

- case '4': SectorsCnt = 64; break;\r

- default: SectorsCnt = 16;\r

- }\r

-\r

- ctmp = param_getchar(Cmd, 4);\r

- if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r

- else if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r

- \r

- ctmp = param_getchar(Cmd, 6);\r

- transferToEml |= (ctmp == 't' || ctmp == 'T');\r

- transferToEml |= (ctmp == 'd' || ctmp == 'D');\r

- \r

- PrintAndLog("--block no:%02x key type:%02x key:%s etrans:%d", blockNo, keyType, sprint_hex(key, 6), transferToEml);\r

- if (cmdp == 'o')\r

- PrintAndLog("--target block no:%02x target key type:%02x ", trgBlockNo, trgKeyType);\r

-\r

- if (cmdp == 'o') {\r

- if (mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock)) {\r

- PrintAndLog("Nested error.");\r

- return 2;\r

+\r

+ if (ctmp != 'A' && ctmp != 'a')\r

+ keyType = 1;\r

+\r

+ if (param_gethex(Cmd, 3, key, 12)) {\r

+ PrintAndLog("Key must include 12 HEX symbols");\r

+ return 1;\r

+ }\r

+\r

+ // check if we can authenticate to sector\r

+ res = mfCheckKeys(blockNo, keyType, timeout14a, true, 1, key, &key64);\r

+ if (res) {\r

+ PrintAndLog("Can't authenticate to block:%3d key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r

+ return 3;\r

}\r

\r

}\r

\r

- for (i = 0; i < 16; i++) {\r

- PrintAndLog("count=%d key= %s", i, sprint_hex(keyBlock + i * 6, 6));\r

+ // one sector nested\r

+ if (cmdp == 'o') {\r

+ trgBlockNo = param_get8(Cmd, 4);\r

+\r

+ ctmp = param_getchar(Cmd, 5);\r

+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r

+ PrintAndLog("Target key type must be A or B");\r

+ return 1;\r

+ }\r

+ if (ctmp != 'A' && ctmp != 'a')\r

+ trgKeyType = 1;\r

+\r

+ parseParamTDS(Cmd, 6, &transferToEml, &createDumpFile, &timeout14a);\r

+ } else {\r

+ parseParamTDS(Cmd, 4, &transferToEml, &createDumpFile, &timeout14a);\r

+ }\r

+\r

+ PrintAndLog("--nested. sectors:%2d, block no:%3d, key type:%c, eml:%c, dmp=%c checktimeout=%d us",\r

+ SectorsCnt, blockNo, keyType?'B':'A', transferToEml?'y':'n', createDumpFile?'y':'n', ((uint32_t)timeout14a * 1000) / 106);\r

+ }\r

+\r

+ // one-sector nested\r

+ if (cmdp == 'o') { // ------------------------------------ one sector working\r

+ PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A');\r

+ int16_t isOK = mfnested(blockNo, keyType, timeout14a, key, trgBlockNo, trgKeyType, keyBlock, true);\r

+ if (isOK < 0) {\r

+ switch (isOK) {\r

+ case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r

+ case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r

+ case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r

+ default : PrintAndLog("Unknown Error (%d)\n", isOK);\r

+ }\r

+ return 2;\r

}\r

- \r

- // test keys\r

- res = mfCheckKeys(trgBlockNo, trgKeyType, 8, keyBlock, &key64);\r

- if (res)\r

- res = mfCheckKeys(trgBlockNo, trgKeyType, 8, &keyBlock[6 * 8], &key64);\r

- if (!res) {\r

- PrintAndLog("Found valid key:%012llx", key64);\r

+ key64 = bytes_to_num(keyBlock, 6);\r

+ if (!isOK) {\r

+ PrintAndLog("Found valid key:%012" PRIx64, key64);\r

\r

// transfer key to the emulator\r

if (transferToEml) {\r

\r

// transfer key to the emulator\r

if (transferToEml) {\r

- mfEmlGetMem(keyBlock, (trgBlockNo / 4) * 4 + 3, 1);\r

- \r

+ uint8_t sectortrailer;\r

+ if (trgBlockNo < 32*4) { // 4 block sector\r

+ sectortrailer = trgBlockNo | 0x03;\r

+ } else { // 16 block sector\r

+ sectortrailer = trgBlockNo | 0x0f;\r

+ }\r

+ mfEmlGetMem(keyBlock, sectortrailer, 1);\r

+\r

if (!trgKeyType)\r

num_to_bytes(key64, 6, keyBlock);\r

else\r

num_to_bytes(key64, 6, &keyBlock[10]);\r

if (!trgKeyType)\r

num_to_bytes(key64, 6, keyBlock);\r

else\r

num_to_bytes(key64, 6, &keyBlock[10]);\r

- mfEmlSetMem(keyBlock, (trgBlockNo / 4) * 4 + 3, 1); \r

+ mfEmlSetMem(keyBlock, sectortrailer, 1);\r

+ PrintAndLog("Key transferred to emulator memory.");\r

}\r

} else {\r

PrintAndLog("No valid key found");\r

}\r

else { // ------------------------------------ multiple sectors working\r

}\r

} else {\r

PrintAndLog("No valid key found");\r

}\r

else { // ------------------------------------ multiple sectors working\r

- blDiff = blockNo % 4;\r

- PrintAndLog("Block shift=%d", blDiff);\r

- e_sector = calloc(SectorsCnt, sizeof(sector));\r

+ uint64_t msclock1;\r

+ msclock1 = msclock();\r

+\r

+ e_sector = calloc(SectorsCnt, sizeof(sector_t));\r

if (e_sector == NULL) return 1;\r

- \r

- //test current key 4 sectors\r

- memcpy(keyBlock, key, 6);\r

- num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 1 * 6));\r

- num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 2 * 6));\r

- num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 3 * 6));\r

- num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 4 * 6));\r

- num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 5 * 6));\r

+\r

+ //test current key and additional standard keys first\r

+ for (int defaultKeyCounter = 0; defaultKeyCounter < MifareDefaultKeysSize; defaultKeyCounter++){\r

+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r

+ }\r

\r

PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);\r

\r

PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);\r

- for (i = 0; i < SectorsCnt; i++) {\r

- for (j = 0; j < 2; j++) {\r

- if (e_sector[i].foundKey[j]) continue;\r

- \r

- res = mfCheckKeys(i * 4 + blDiff, j, 6, keyBlock, &key64);\r

- \r

- if (!res) {\r

- e_sector[i].Key[j] = key64;\r

- e_sector[i].foundKey[j] = 1;\r

+ mfCheckKeysSec(SectorsCnt, 2, timeout14a, true, true, true, MifareDefaultKeysSize, keyBlock, e_sector);\r

+\r

+ // get known key from array\r

+ bool keyFound = false;\r

+ if (autosearchKey) {\r

+ for (i = 0; i < SectorsCnt; i++) {\r

+ for (j = 0; j < 2; j++) {\r

+ if (e_sector[i].foundKey[j]) {\r

+ // get known key\r

+ blockNo = i * 4;\r

+ keyType = j;\r

+ num_to_bytes(e_sector[i].Key[j], 6, key);\r

+ keyFound = true;\r

+ break;\r

+ }\r

}\r

+ if (keyFound) break;\r

+ }\r

+\r

+ // Can't found a key....\r

+ if (!keyFound) {\r

+ PrintAndLog("Can't found any of the known keys.");\r

+ free(e_sector);\r

+ return 4;\r

}\r

- } \r

- \r

+ PrintAndLog("--auto key. block no:%3d, key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r

+ }\r

+\r

// nested sectors\r

iterations = 0;\r

PrintAndLog("nested...");\r

// nested sectors\r

iterations = 0;\r

PrintAndLog("nested...");\r

+ bool calibrate = true;\r

for (i = 0; i < NESTED_SECTOR_RETRY; i++) {\r

- for (trgBlockNo = blDiff; trgBlockNo < SectorsCnt * 4; trgBlockNo = trgBlockNo + 4) \r

- for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) { \r

- if (e_sector[trgBlockNo / 4].foundKey[trgKeyType]) continue;\r

- if (mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock)) continue;\r

- \r

+ for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r

+ for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) {\r

+ if (e_sector[sectorNo].foundKey[trgKeyType]) continue;\r

+ PrintAndLog("-----------------------------------------------");\r

+ int16_t isOK = mfnested(blockNo, keyType, timeout14a, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);\r

+ if(isOK < 0) {\r

+ switch (isOK) {\r

+ case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r

+ case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r

+ case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r

+ default : PrintAndLog("Unknown Error (%d)\n", isOK);\r

+ }\r

+ free(e_sector);\r

+ return 2;\r

+ } else {\r

+ calibrate = false;\r

+ }\r

+\r

iterations++;\r

- \r

- //try keys from nested\r

- res = mfCheckKeys(trgBlockNo, trgKeyType, 8, keyBlock, &key64);\r

- if (res)\r

- res = mfCheckKeys(trgBlockNo, trgKeyType, 8, &keyBlock[6 * 8], &key64);\r

- if (!res) {\r

- PrintAndLog("Found valid key:%012llx", key64); \r

- e_sector[trgBlockNo / 4].foundKey[trgKeyType] = 1;\r

- e_sector[trgBlockNo / 4].Key[trgKeyType] = key64;\r

+\r

+ key64 = bytes_to_num(keyBlock, 6);\r

+ if (!isOK) {\r

+ PrintAndLog("Found valid key:%012" PRIx64, key64);\r

+ e_sector[sectorNo].foundKey[trgKeyType] = 1;\r

+ e_sector[sectorNo].Key[trgKeyType] = key64;\r

+\r

+ // try to check this key as a key to the other sectors\r

+ mfCheckKeysSec(SectorsCnt, 2, timeout14a, true, true, true, 1, keyBlock, e_sector);\r

}\r

+ }\r

}\r

\r

}\r

\r

- PrintAndLog("Iterations count: %d", iterations);\r

- //print them\r

+ // print nested statistic\r

+ PrintAndLog("\n\n-----------------------------------------------\nNested statistic:\nIterations count: %d", iterations);\r

+ PrintAndLog("Time in nested: %1.3f (%1.3f sec per key)", ((float)(msclock() - msclock1))/1000.0, ((float)(msclock() - msclock1))/iterations/1000.0);\r

+\r

+ // print result\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

PrintAndLog("|sec|key A |res|key B |res|");\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

for (i = 0; i < SectorsCnt; i++) {\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

PrintAndLog("|sec|key A |res|key B |res|");\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

for (i = 0; i < SectorsCnt; i++) {\r

- PrintAndLog("|%03d| %012llx | %d | %012llx | %d |", i, \r

+ PrintAndLog("|%03d| %012" PRIx64 " | %d | %012" PRIx64 " | %d |", i,\r

e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);\r

}\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);\r

}\r

PrintAndLog("|---|----------------|---|----------------|---|");\r

- \r

- // transfer them to the emulator\r

+\r

+ // transfer keys to the emulator memory\r

if (transferToEml) {\r

for (i = 0; i < SectorsCnt; i++) {\r

if (transferToEml) {\r

for (i = 0; i < SectorsCnt; i++) {\r

- mfEmlGetMem(keyBlock, i * 4 + 3, 1);\r

+ mfEmlGetMem(keyBlock, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r

if (e_sector[i].foundKey[0])\r

num_to_bytes(e_sector[i].Key[0], 6, keyBlock);\r

if (e_sector[i].foundKey[1])\r

num_to_bytes(e_sector[i].Key[1], 6, &keyBlock[10]);\r

if (e_sector[i].foundKey[0])\r

num_to_bytes(e_sector[i].Key[0], 6, keyBlock);\r

if (e_sector[i].foundKey[1])\r

num_to_bytes(e_sector[i].Key[1], 6, &keyBlock[10]);\r

- mfEmlSetMem(keyBlock, i * 4 + 3, 1);\r

- } \r

+ mfEmlSetMem(keyBlock, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r

+ }\r

+ PrintAndLog("Keys transferred to emulator memory.");\r

}\r

- \r

+\r

// Create dump file\r

if (createDumpFile) {\r

// Create dump file\r

if (createDumpFile) {\r

- if ((fkeys = fopen("dumpkeys.bin","wb")) == NULL) { \r

+ if ((fkeys = fopen("dumpkeys.bin","wb")) == NULL) {\r

PrintAndLog("Could not create file dumpkeys.bin");\r

free(e_sector);\r

return 1;\r

}\r

PrintAndLog("Could not create file dumpkeys.bin");\r

free(e_sector);\r

return 1;\r

}\r

- PrintAndLog("Printing keys to bynary file dumpkeys.bin...");\r

- for(i=0; i<16; i++) {\r

+ PrintAndLog("Printing keys to binary file dumpkeys.bin...");\r

+ for(i=0; i<SectorsCnt; i++) {\r

if (e_sector[i].foundKey[0]){\r

num_to_bytes(e_sector[i].Key[0], 6, tempkey);\r

fwrite ( tempkey, 1, 6, fkeys );\r

if (e_sector[i].foundKey[0]){\r

num_to_bytes(e_sector[i].Key[0], 6, tempkey);\r

fwrite ( tempkey, 1, 6, fkeys );\r

fwrite ( &standart, 1, 6, fkeys );\r

}\r

fwrite ( &standart, 1, 6, fkeys );\r

}\r

- for(i=0; i<16; i++) {\r

+ for(i=0; i<SectorsCnt; i++) {\r

if (e_sector[i].foundKey[1]){\r

num_to_bytes(e_sector[i].Key[1], 6, tempkey);\r

fwrite ( tempkey, 1, 6, fkeys );\r

if (e_sector[i].foundKey[1]){\r

num_to_bytes(e_sector[i].Key[1], 6, tempkey);\r

fwrite ( tempkey, 1, 6, fkeys );\r

}\r

fclose(fkeys);\r

}\r

fclose(fkeys);\r

}\r

- \r

+\r

free(e_sector);\r

}\r

free(e_sector);\r

}\r

-\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

-static uint32_t\r

-get_trailer_block (uint32_t uiBlock)\r

-{\r

- // Test if we are in the small or big sectors\r

- uint32_t trailer_block = 0;\r

- if (uiBlock < 128) {\r

- trailer_block = uiBlock + (3 - (uiBlock % 4));\r

- } else {\r

- trailer_block = uiBlock + (15 - (uiBlock % 16));\r

- }\r

- return trailer_block;\r

-}\r

-int CmdHF14AMfChk(const char *Cmd)\r

+\r

+int CmdHF14AMfNestedHard(const char *Cmd)\r

{\r

- FILE * f;\r

- char filename[256]={0};\r

- char buf[13];\r

- uint8_t *keyBlock = NULL, *p;\r

- uint8_t stKeyBlock = 20;\r

- \r

- int i, res;\r

- int keycnt = 0;\r

- char ctmp = 0x00;\r

uint8_t blockNo = 0;\r

- uint8_t SectorsCnt = 1;\r

uint8_t keyType = 0;\r

- uint64_t key64 = 0;\r

- \r

- int transferToEml = 0;\r

- int createDumpFile = 0;\r

+ uint8_t trgBlockNo = 0;\r

+ uint8_t trgKeyType = 0;\r

+ uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r

+ uint8_t trgkey[6] = {0, 0, 0, 0, 0, 0};\r

\r

- keyBlock = calloc(stKeyBlock, 6);\r

- if (keyBlock == NULL) return 1;\r

+ char ctmp;\r

+ ctmp = param_getchar(Cmd, 0);\r

\r

- num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 0 * 6)); // Default key (first key used by program if no user defined key)\r

- num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 1 * 6)); // Blank key\r

- num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 2 * 6)); // NFCForum MAD key\r

- num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 3 * 6));\r

- num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 4 * 6));\r

- num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 5 * 6));\r

- num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 6 * 6));\r

- num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 7 * 6));\r

- num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 8 * 6));\r

- num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 9 * 6));\r

- num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 10 * 6));\r

- num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 11 * 6));\r

- num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 12 * 6));\r

- \r

- if (strlen(Cmd)<3) {\r

- PrintAndLog("Usage: hf mf chk <block number>/<*card memory> <key type (A/B/?)> [t] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r

- PrintAndLog(" * - all sectors");\r

- PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r

-// PrintAndLog("d - write keys to binary file\n");\r

- \r

- PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r

- PrintAndLog(" hf mf chk *1 ? t");\r

+ if (ctmp != 'R' && ctmp != 'r' && ctmp != 'T' && ctmp != 't' && strlen(Cmd) < 20) {\r

+ PrintAndLog("Usage:");\r

+ PrintAndLog(" hf mf hardnested <block number> <key A|B> <key (12 hex symbols)>");\r

+ PrintAndLog(" <target block number> <target key A|B> [known target key (12 hex symbols)] [w] [s]");\r

+ PrintAndLog(" or hf mf hardnested r [known target key]");\r

+ PrintAndLog(" ");\r

+ PrintAndLog("Options: ");\r

+ PrintAndLog(" w: Acquire nonces and write them to binary file nonces.bin");\r

+ PrintAndLog(" s: Slower acquisition (required by some non standard cards)");\r

+ PrintAndLog(" r: Read nonces.bin and start attack");\r

+ PrintAndLog(" iX: set type of SIMD instructions. Without this flag programs autodetect it.");\r

+ PrintAndLog(" i5: AVX512");\r

+ PrintAndLog(" i2: AVX2");\r

+ PrintAndLog(" ia: AVX");\r

+ PrintAndLog(" is: SSE2");\r

+ PrintAndLog(" im: MMX");\r

+ PrintAndLog(" in: none (use CPU regular instruction set)");\r

+ PrintAndLog(" ");\r

+ PrintAndLog(" sample1: hf mf hardnested 0 A FFFFFFFFFFFF 4 A");\r

+ PrintAndLog(" sample2: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w");\r

+ PrintAndLog(" sample3: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w s");\r

+ PrintAndLog(" sample4: hf mf hardnested r");\r

+ PrintAndLog(" ");\r

+ PrintAndLog("Add the known target key to check if it is present in the remaining key space:");\r

+ PrintAndLog(" sample5: hf mf hardnested 0 A A0A1A2A3A4A5 4 A FFFFFFFFFFFF");\r

return 0;\r

- } \r

- \r

- if (param_getchar(Cmd, 0)=='*') {\r

- blockNo = 3;\r

- switch(param_getchar(Cmd+1, 0)) {\r

- case '0': SectorsCnt = 5; break;\r

- case '1': SectorsCnt = 16; break;\r

- case '2': SectorsCnt = 32; break;\r

- case '4': SectorsCnt = 40; break;\r

- default: SectorsCnt = 16;\r

- }\r

}\r

- else\r

- blockNo = param_get8(Cmd, 0);\r

- \r

- ctmp = param_getchar(Cmd, 1);\r

- switch (ctmp) { \r

- case 'a': case 'A':\r

- keyType = !0;\r

- break;\r

- case 'b': case 'B':\r

- keyType = !1;\r

- break;\r

- case '?':\r

- keyType = 2;\r

- break;\r

- default:\r

- PrintAndLog("Key type must be A , B or ?");\r

- return 1;\r

- };\r

- \r

- ctmp = param_getchar(Cmd, 2);\r

- if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r

- else if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r

- \r

- for (i = transferToEml || createDumpFile; param_getchar(Cmd, 2 + i); i++) {\r

+\r

+ bool know_target_key = false;\r

+ bool nonce_file_read = false;\r

+ bool nonce_file_write = false;\r

+ bool slow = false;\r

+ int tests = 0;\r

+\r

+ uint16_t iindx = 0;\r

+ if (ctmp == 'R' || ctmp == 'r') {\r

+ nonce_file_read = true;\r

+ iindx = 1;\r

+ if (!param_gethex(Cmd, 1, trgkey, 12)) {\r

+ know_target_key = true;\r

+ iindx = 2;\r

+ }\r

+ } else if (ctmp == 'T' || ctmp == 't') {\r

+ tests = param_get32ex(Cmd, 1, 100, 10);\r

+ iindx = 2;\r

+ if (!param_gethex(Cmd, 2, trgkey, 12)) {\r

+ know_target_key = true;\r

+ iindx = 3;\r

+ }\r

+ } else {\r

+ blockNo = param_get8(Cmd, 0);\r

+ ctmp = param_getchar(Cmd, 1);\r

+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r

+ PrintAndLog("Key type must be A or B");\r

+ return 1;\r

+ }\r

+ if (ctmp != 'A' && ctmp != 'a') {\r

+ keyType = 1;\r

+ }\r

+\r

+ if (param_gethex(Cmd, 2, key, 12)) {\r

+ PrintAndLog("Key must include 12 HEX symbols");\r

+ return 1;\r

+ }\r

+\r

+ trgBlockNo = param_get8(Cmd, 3);\r

+ ctmp = param_getchar(Cmd, 4);\r

+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r

+ PrintAndLog("Target key type must be A or B");\r

+ return 1;\r

+ }\r

+ if (ctmp != 'A' && ctmp != 'a') {\r

+ trgKeyType = 1;\r

+ }\r

+\r

+ uint16_t i = 5;\r

+\r

+ if (!param_gethex(Cmd, 5, trgkey, 12)) {\r

+ know_target_key = true;\r

+ i++;\r

+ }\r

+ iindx = i;\r

+\r

+ while ((ctmp = param_getchar(Cmd, i))) {\r

+ if (ctmp == 's' || ctmp == 'S') {\r

+ slow = true;\r

+ } else if (ctmp == 'w' || ctmp == 'W') {\r

+ nonce_file_write = true;\r

+ } else if (param_getlength(Cmd, i) == 2 && ctmp == 'i') {\r

+ iindx = i;\r

+ } else {\r

+ PrintAndLog("Possible options are w , s and/or iX");\r

+ return 1;\r

+ }\r

+ i++;\r

+ }\r

+\r

+ SetSIMDInstr(SIMD_AUTO);\r

+ if (iindx > 0) {\r

+ while ((ctmp = param_getchar(Cmd, iindx))) {\r

+ if (param_getlength(Cmd, iindx) == 2 && ctmp == 'i') {\r

+ switch(param_getchar_indx(Cmd, 1, iindx)) {\r

+ case '5':\r

+ SetSIMDInstr(SIMD_AVX512);\r

+ break;\r

+ case '2':\r

+ SetSIMDInstr(SIMD_AVX2);\r

+ break;\r

+ case 'a':\r

+ SetSIMDInstr(SIMD_AVX);\r

+ break;\r

+ case 's':\r

+ SetSIMDInstr(SIMD_SSE2);\r

+ break;\r

+ case 'm':\r

+ SetSIMDInstr(SIMD_MMX);\r

+ break;\r

+ case 'n':\r

+ SetSIMDInstr(SIMD_NONE);\r

+ break;\r

+ default:\r

+ PrintAndLog("Unknown SIMD type. %c", param_getchar_indx(Cmd, 1, iindx));\r

+ return 1;\r

+ }\r

+ iindx++;\r

+ }\r

+\r

+ PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s, Tests: %d ",\r

+ trgBlockNo,\r

+ trgKeyType?'B':'A',\r

+ trgkey[0], trgkey[1], trgkey[2], trgkey[3], trgkey[4], trgkey[5],\r

+ know_target_key?"":" (not set)",\r

+ nonce_file_write?"write":nonce_file_read?"read":"none",\r

+ slow?"Yes":"No",\r

+ tests);\r

+\r

+ int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow, tests);\r

+\r

+ if (isOK) {\r

+ switch (isOK) {\r

+ case 1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r

+ case 2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r

+ default : break;\r

+ }\r

+ return 2;\r

+ }\r

+\r

+ return 0;\r

+}\r

+\r

+int CmdHF14AMfChk(const char *Cmd) {\r

+\r

+ if (strlen(Cmd)<3) {\r

+ PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d|s|ss] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r

+ PrintAndLog(" * - all sectors");\r

+ PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r

+ PrintAndLog("d - write keys to binary file (not used when <block number> supplied)");\r

+ PrintAndLog("t - write keys to emulator memory");\r

+ PrintAndLog("s - slow execute. timeout 1ms");\r

+ PrintAndLog("ss - very slow execute. timeout 5ms");\r

+ PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r

+ PrintAndLog(" hf mf chk *1 ? t");\r

+ PrintAndLog(" hf mf chk *1 ? d");\r

+ PrintAndLog(" hf mf chk *1 ? s");\r

+ PrintAndLog(" hf mf chk *1 ? dss");\r

+ return 0;\r

+ }\r

+\r

+ FILE * f;\r

+ char filename[FILE_PATH_SIZE]={0};\r

+ char buf[13];\r

+ uint8_t *keyBlock = NULL, *p;\r

+ uint16_t stKeyBlock = 20;\r

+ int i, res;\r

+ int keycnt = 0;\r

+ char ctmp = 0x00;\r

+ int clen = 0;\r

+ uint8_t blockNo = 0;\r

+ uint8_t SectorsCnt = 0;\r

+ uint8_t keyType = 0;\r

+ uint64_t key64 = 0;\r

+ // timeout in units. (ms * 106)/10 or us*0.0106\r

+ uint16_t timeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default\r

+ bool param3InUse = false;\r

+ bool transferToEml = 0;\r

+ bool createDumpFile = 0;\r

+ bool singleBlock = false; // Flag to ID if a single or multi key check\r

+ uint8_t keyFoundCount = 0; // Counter to display the number of keys found/transfered to emulator\r

+\r

+ sector_t *e_sector = NULL;\r

+\r

+ keyBlock = calloc(stKeyBlock, 6);\r

+ if (keyBlock == NULL) return 1;\r

+\r

+ int defaultKeysSize = MifareDefaultKeysSize;\r

+ for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++){\r

+ num_to_bytes(MifareDefaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r

+ }\r

+\r

+ if (param_getchar(Cmd, 0)=='*') {\r

+ SectorsCnt = ParamCardSizeSectors(param_getchar(Cmd + 1, 0));\r

+ } else { \r

+ blockNo = param_get8(Cmd, 0);\r

+ // Singe Key check, so Set Sector count to cover sectors (1 to sector that contains the block)\r

+ // 1 and 2 Cards : Sector = blockNo/4 + 1\r

+ // Sectors 0 - 31 : 4 blocks per sector : Blocks 0 - 127\r

+ // Sectors 32 - 39 : 16 blocks per sector : Blocks 128 - 255 (4K)\r

+ if (blockNo < 128) {\r

+ SectorsCnt = (blockNo / 4) + 1;\r

+ } else {\r

+ SectorsCnt = 32 + ((blockNo-128)/16) + 1;\r

+ }\r

+ singleBlock = true; // Set flag for single key check\r

+ }\r

+\r

+ ctmp = param_getchar(Cmd, 1);\r

+ clen = param_getlength(Cmd, 1);\r

+ if (clen == 1) {\r

+ switch (ctmp) {\r

+ case 'a': case 'A':\r

+ keyType = 0;\r

+ break;\r

+ case 'b': case 'B':\r

+ keyType = 1;\r

+ break;\r

+ case '?':\r

+ keyType = 2;\r

+ break;\r

+ default:\r

+ PrintAndLog("Key type must be A , B or ?");\r

+ free(keyBlock);\r

+ return 1;\r

+ };\r

+ }\r

+\r

+ parseParamTDS(Cmd, 2, &transferToEml, &createDumpFile, &timeout14a);\r

+\r

+ if (singleBlock & createDumpFile) {\r

+ PrintAndLog (" block key check (<block no>) and write to dump file (d) combination is not supported ");\r

+ PrintAndLog (" please remove option d and try again");\r

+ return 1;\r

+ }\r

+\r

+ param3InUse = transferToEml | createDumpFile | (timeout14a != MF_CHKKEYS_DEFTIMEOUT);\r

+\r

+ PrintAndLog("--chk keys. sectors:%2d, block no:%3d, key type:%c, eml:%c, dmp=%c checktimeout=%d us",\r

+ SectorsCnt, blockNo, keyType==0?'A':keyType==1?'B':'?', transferToEml?'y':'n', createDumpFile?'y':'n', ((uint32_t)timeout14a * 1000) / 106);\r

+\r

+ for (i = param3InUse; param_getchar(Cmd, 2 + i); i++) {\r

if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r

if ( stKeyBlock - keycnt < 2) {\r

p = realloc(keyBlock, 6*(stKeyBlock+=10));\r

if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r

if ( stKeyBlock - keycnt < 2) {\r

p = realloc(keyBlock, 6*(stKeyBlock+=10));\r

}\r

keyBlock = p;\r

}\r

keyBlock = p;\r

}\r

- PrintAndLog("chk key[%d] %02x%02x%02x%02x%02x%02x", keycnt,\r

- (keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r

- (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r

+ PrintAndLog("chk key[%2d] %02x%02x%02x%02x%02x%02x", keycnt,\r

+ (keyBlock + 6*keycnt)[0], (keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r

+ (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r

keycnt++;\r

} else {\r

// May be a dic file\r

keycnt++;\r

} else {\r

// May be a dic file\r

- if ( param_getstr(Cmd, 2 + i,filename) > 255 ) {\r

+ if ( param_getstr(Cmd, 2 + i, filename, sizeof(filename)) >= FILE_PATH_SIZE ) {\r

PrintAndLog("File name too long");\r

free(keyBlock);\r

return 2;\r

}\r

PrintAndLog("File name too long");\r

free(keyBlock);\r

return 2;\r

}\r

- \r

- if ( (f = fopen( filename , "r")) ) {\r

- while( !feof(f) ){\r

- memset(buf, 0, sizeof(buf));\r

- fgets(buf, sizeof(buf), f);\r

- \r

+\r

+ if ((f = fopen( filename , "r"))) {\r

+ while (fgets(buf, sizeof(buf), f)) {\r

if (strlen(buf) < 12 || buf[11] == '\n')\r

continue;\r

if (strlen(buf) < 12 || buf[11] == '\n')\r

continue;\r

- \r

+\r

while (fgetc(f) != '\n' && !feof(f)) ; //goto next line\r

- \r

- if( buf[0]=='#' ) continue; //The line start with # is remcommnet,skip\r

\r

- if (!isxdigit(buf[0])){\r

- PrintAndLog("File content error. '%s' must include 12 HEX symbols",buf);\r

+ if( buf[0]=='#' ) continue; //The line start with # is comment, skip\r

+\r

+ bool content_error = false;\r

+ for (int i = 0; i < 12; i++) {\r

+ if (!isxdigit((unsigned char)buf[i])) {\r

+ content_error = true;\r

+ }\r

+ if (content_error) {\r

+ PrintAndLog("File content error. '%s' must include 12 HEX symbols", buf);\r

continue;\r

}\r

continue;\r

}\r

- \r

+\r

buf[12] = 0;\r

\r

buf[12] = 0;\r

\r

- if ( stKeyBlock - keycnt < 2) {\r

+ if (stKeyBlock - keycnt < 2) {\r

p = realloc(keyBlock, 6*(stKeyBlock+=10));\r

if (!p) {\r

PrintAndLog("Cannot allocate memory for defKeys");\r

free(keyBlock);\r

p = realloc(keyBlock, 6*(stKeyBlock+=10));\r

if (!p) {\r

PrintAndLog("Cannot allocate memory for defKeys");\r

free(keyBlock);\r

+ fclose(f);\r

return 2;\r

}\r

keyBlock = p;\r

}\r

memset(keyBlock + 6 * keycnt, 0, 6);\r

num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);\r

return 2;\r

}\r

keyBlock = p;\r

}\r

memset(keyBlock + 6 * keycnt, 0, 6);\r

num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);\r

- PrintAndLog("chk custom key[%d] %012llx", keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r

+ PrintAndLog("chk custom key[%2d] %012" PRIx64 , keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r

keycnt++;\r

+ memset(buf, 0, sizeof(buf));\r

}\r

+ fclose(f);\r

} else {\r

PrintAndLog("File: %s: not found or locked.", filename);\r

free(keyBlock);\r

return 1;\r

} else {\r

PrintAndLog("File: %s: not found or locked.", filename);\r

free(keyBlock);\r

return 1;\r

- fclose(f);\r

}\r

- \r

+\r

+ // fill with default keys\r

if (keycnt == 0) {\r

- PrintAndLog("No key specified,try default keys");\r

- for (;keycnt <=12; keycnt++)\r

- PrintAndLog("chk default key[%d] %02x%02x%02x%02x%02x%02x", keycnt,\r

- (keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r

- (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r

- }\r

- \r

- for ( int t = !keyType ; t < 2 ; keyType==2?(t++):(t=2) ) {\r

- int b=blockNo;\r

- for (int i=0; i<SectorsCnt; ++i) {\r

- PrintAndLog("--SectorsCnt:%d block no:0x%02x key type:%C key count:%d ", i, b, t?'B':'A', keycnt);\r

- int size = keycnt>8?8:keycnt;\r

- for (int c = 0; c < keycnt; c+=size) {\r

- size=keycnt-c>8?8:keycnt-c; \r

- res = mfCheckKeys(b, t, size, keyBlock +6*c, &key64);\r

- if (res !=1) {\r

- if (!res) {\r

- PrintAndLog("Found valid key:[%012llx]",key64);\r

- if (transferToEml) {\r

- uint8_t block[16];\r

- mfEmlGetMem(block, get_trailer_block(b), 1);\r

- num_to_bytes(key64, 6, block + t*10);\r

- mfEmlSetMem(block, get_trailer_block(b), 1);\r

- }\r

- break;\r

- }\r

- else {\r

- printf("Not found yet, keycnt:%d\r", c+size);\r

- fflush(stdout);\r

- }\r

+ PrintAndLog("No key specified, trying default keys");\r

+ for (;keycnt < defaultKeysSize; keycnt++)\r

+ PrintAndLog("chk default key[%2d] %02x%02x%02x%02x%02x%02x", keycnt,\r

+ (keyBlock + 6*keycnt)[0], (keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r

+ (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r

+ }\r

+\r

+ // initialize storage for found keys\r

+ e_sector = calloc(SectorsCnt, sizeof(sector_t));\r

+ if (e_sector == NULL) {\r

+ free(keyBlock);\r

+ return 1;\r

+ }\r

+ for (uint8_t keyAB = 0; keyAB < 2; keyAB++) {\r

+ for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r

+ e_sector[sectorNo].Key[keyAB] = 0xffffffffffff;\r

+ e_sector[sectorNo].foundKey[keyAB] = 0;\r

+ }\r

+ printf("\n");\r

+\r

+ bool foundAKey = false;\r

+ bool clearTraceLog = true;\r

+ uint32_t max_keys = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt;\r

+\r

+ // !SingleKey, so all key check (if SectorsCnt > 0)\r

+ if (!singleBlock) {\r

+ PrintAndLog("To cancel this operation press the button on the proxmark...");\r

+ printf("--");\r

+ for (uint32_t c = 0; c < keycnt; c += max_keys) {\r

+\r

+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r

+ bool init = (c == 0);\r

+ bool drop_field = (c + size == keycnt);\r

+ res = mfCheckKeysSec(SectorsCnt, keyType, timeout14a, clearTraceLog, init, drop_field, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106\r

+ clearTraceLog = false;\r

+\r

+ if (res != 1) {\r

+ if (!res) {\r

+ printf("o");\r

+ foundAKey = true;\r

} else {\r

- PrintAndLog("Command execute timeout");\r

+ printf(".");\r

+ }\r

+ } else {\r

+ printf("\n");\r

+ PrintAndLog("Command execute timeout");\r

+ }\r

+ } else {\r

+ int keyAB = keyType;\r

+ do {\r

+ res = mfCheckKeys(blockNo, keyAB & 0x01, timeout14a, true, keycnt, keyBlock, &key64);\r

+ clearTraceLog = false;\r

+\r

+ if (res != 1) {\r

+ if (!res) {\r

+ // Use the common format below\r

+ // PrintAndLog("Found valid key:[%d:%c]%012" PRIx64, blockNo, (keyAB & 0x01)?'B':'A', key64);\r

+ foundAKey = true;\r

+\r

+ // Store the Single Key for display list\r

+ // For a single block check, SectorsCnt = Sector that contains the block\r

+ e_sector[SectorsCnt-1].foundKey[(keyAB & 0x01)] = true; // flag key found\r

+ e_sector[SectorsCnt-1].Key[(keyAB & 0x01)] = key64; // Save key data\r

+\r

+ }\r

+ } else {\r

+ PrintAndLog("Command execute timeout");\r

+ }\r

+ } while(--keyAB > 0);\r

+ }\r

+\r

+ // print result\r

+ if (foundAKey) {\r

+ PrintAndLog("");\r

+ PrintAndLog("|---|----------------|----------------|");\r

+ PrintAndLog("|sec|key A |key B |");\r

+ PrintAndLog("|---|----------------|----------------|");\r

+ for (i = 0; i < SectorsCnt; i++) {\r

+ // If a block key check, only print a line if a key was found.\r

+ if (!singleBlock || e_sector[i].foundKey[0] || e_sector[i].foundKey[1]) {\r

+ char keyAString[13] = " ? ";\r

+ char keyBString[13] = " ? ";\r

+ if (e_sector[i].foundKey[0]) {\r

+ sprintf(keyAString, "%012" PRIx64, e_sector[i].Key[0]);\r

}\r

+ if (e_sector[i].foundKey[1]) {\r

+ sprintf(keyBString, "%012" PRIx64, e_sector[i].Key[1]);\r

+ }\r

+ PrintAndLog("|%03d| %s | %s |", i, keyAString, keyBString);\r

}\r

- b<127?(b+=4):(b+=16); \r

}\r

+ PrintAndLog("|---|----------------|----------------|");\r

+ } else {\r

+ PrintAndLog("");\r

+ PrintAndLog("No valid keys found.");\r

}\r

- \r

- free(keyBlock);\r

\r

-/*\r

- // Create dump file\r

- if (createDumpFile) {\r

- if ((fkeys = fopen("dumpkeys.bin","wb")) == NULL) { \r

+ if (transferToEml) {\r

+ uint8_t block[16];\r

+ for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r

+ if (e_sector[sectorNo].foundKey[0] || e_sector[sectorNo].foundKey[1]) {\r

+ mfEmlGetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r

+ for (uint16_t t = 0; t < 2; t++) {\r

+ if (e_sector[sectorNo].foundKey[t]) {\r

+ num_to_bytes(e_sector[sectorNo].Key[t], 6, block + t * 10);\r

+ keyFoundCount++; // Key found count for information\r

+ }\r

+ mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r

+ }\r

+ // Updated to show the actual number of keys found/transfered.\r

+ PrintAndLog("%d keys(s) found have been transferred to the emulator memory",keyFoundCount);\r

+ }\r

+\r

+ if (createDumpFile && !singleBlock) {\r

+ FILE *fkeys = fopen("dumpkeys.bin","wb");\r

+ if (fkeys == NULL) {\r

PrintAndLog("Could not create file dumpkeys.bin");\r

free(e_sector);\r

PrintAndLog("Could not create file dumpkeys.bin");\r

free(e_sector);\r

+ free(keyBlock);\r

return 1;\r

}\r

return 1;\r

}\r

- PrintAndLog("Printing keys to bynary file dumpkeys.bin...");\r

- for(i=0; i<16; i++) {\r

- if (e_sector[i].foundKey[0]){\r

- num_to_bytes(e_sector[i].Key[0], 6, tempkey);\r

- fwrite ( tempkey, 1, 6, fkeys );\r

- }\r

- else{\r

- fwrite ( &standart, 1, 6, fkeys );\r

+ uint8_t mkey[6];\r

+ for (uint8_t t = 0; t < 2; t++) {\r

+ for (uint8_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r

+ num_to_bytes(e_sector[sectorNo].Key[t], 6, mkey);\r

+ fwrite(mkey, 1, 6, fkeys);\r

}\r

- for(i=0; i<16; i++) {\r

- if (e_sector[i].foundKey[1]){\r

- num_to_bytes(e_sector[i].Key[1], 6, tempkey);\r

- fwrite ( tempkey, 1, 6, fkeys );\r

+ fclose(fkeys);\r

+ PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.");\r

+ }\r

+\r

+ free(e_sector);\r

+ free(keyBlock);\r

+ PrintAndLog("");\r

+ return 0;\r

+}\r

+\r

+void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack) {\r

+ #define ATTACK_KEY_COUNT 7 // keep same as define in iso14443a.c -> Mifare1ksim()\r

+ // cannot be more than 7 or it will overrun c.d.asBytes(512)\r

+ uint64_t key = 0;\r

+ typedef struct {\r

+ uint64_t keyA;\r

+ uint64_t keyB;\r

+ } st_t;\r

+ st_t sector_trailer[ATTACK_KEY_COUNT];\r

+ memset(sector_trailer, 0x00, sizeof(sector_trailer));\r

+\r

+ uint8_t stSector[ATTACK_KEY_COUNT];\r

+ memset(stSector, 0x00, sizeof(stSector));\r

+ uint8_t key_cnt[ATTACK_KEY_COUNT];\r

+ memset(key_cnt, 0x00, sizeof(key_cnt));\r

+\r

+ for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r

+ if (ar_resp[i].ar2 > 0) {\r

+ //PrintAndLog("DEBUG: Trying sector %d, cuid %08x, nt %08x, ar %08x, nr %08x, ar2 %08x, nr2 %08x",ar_resp[i].sector, ar_resp[i].cuid,ar_resp[i].nonce,ar_resp[i].ar,ar_resp[i].nr,ar_resp[i].ar2,ar_resp[i].nr2);\r

+ if (doStandardAttack && mfkey32(ar_resp[i], &key)) {\r

+ PrintAndLog(" Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r

+\r

+ for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r

+ if (key_cnt[ii]==0 || stSector[ii]==ar_resp[i].sector) {\r

+ if (ar_resp[i].keytype==0) {\r

+ //keyA\r

+ sector_trailer[ii].keyA = key;\r

+ stSector[ii] = ar_resp[i].sector;\r

+ key_cnt[ii]++;\r

+ break;\r

+ } else {\r

+ //keyB\r

+ sector_trailer[ii].keyB = key;\r

+ stSector[ii] = ar_resp[i].sector;\r

+ key_cnt[ii]++;\r

+ break;\r

+ }\r

+ } else if (mfkey32_moebius(ar_resp[i+ATTACK_KEY_COUNT], &key)) {\r

+ uint8_t sectorNum = ar_resp[i+ATTACK_KEY_COUNT].sector;\r

+ uint8_t keyType = ar_resp[i+ATTACK_KEY_COUNT].keytype;\r

+\r

+ PrintAndLog("M-Found Key%s for sector %02d: [%012" PRIx64 "]"\r

+ , keyType ? "B" : "A"\r

+ , sectorNum\r

+ , key\r

+ );\r

+\r

+ for (uint8_t ii = 0; ii<ATTACK_KEY_COUNT; ii++) {\r

+ if (key_cnt[ii]==0 || stSector[ii]==sectorNum) {\r

+ if (keyType==0) {\r

+ //keyA\r

+ sector_trailer[ii].keyA = key;\r

+ stSector[ii] = sectorNum;\r

+ key_cnt[ii]++;\r

+ break;\r

+ } else {\r

+ //keyB\r

+ sector_trailer[ii].keyB = key;\r

+ stSector[ii] = sectorNum;\r

+ key_cnt[ii]++;\r

+ break;\r

+ }\r

+ continue;\r

}\r

- else{\r

- fwrite ( &standart, 1, 6, fkeys );\r

+ }\r

+ //set emulator memory for keys\r

+ if (setEmulatorMem) {\r

+ for (uint8_t i = 0; i<ATTACK_KEY_COUNT; i++) {\r

+ if (key_cnt[i]>0) {\r

+ uint8_t memBlock[16];\r

+ memset(memBlock, 0x00, sizeof(memBlock));\r

+ char cmd1[36];\r

+ memset(cmd1,0x00,sizeof(cmd1));\r

+ snprintf(cmd1,sizeof(cmd1),"%04x%08xFF078069%04x%08x",(uint32_t) (sector_trailer[i].keyA>>32), (uint32_t) (sector_trailer[i].keyA &0xFFFFFFFF),(uint32_t) (sector_trailer[i].keyB>>32), (uint32_t) (sector_trailer[i].keyB &0xFFFFFFFF));\r

+ PrintAndLog("Setting Emulator Memory Block %02d: [%s]",stSector[i]*4+3, cmd1);\r

+ if (param_gethex(cmd1, 0, memBlock, 32)) {\r

+ PrintAndLog("block data must include 32 HEX symbols");\r

+ return;\r

+ }\r

+\r

+ UsbCommand c = {CMD_MIFARE_EML_MEMSET, {(stSector[i]*4+3), 1, 0}};\r

+ memcpy(c.d.asBytes, memBlock, 16);\r

+ clearCommandBuffer();\r

+ SendCommand(&c);\r

}\r

- fclose(fkeys);\r

}\r

-*/\r

- return 0;\r

+ /*\r

+ //un-comment to use as well moebius attack\r

+ for (uint8_t i = ATTACK_KEY_COUNT; i<ATTACK_KEY_COUNT*2; i++) {\r

+ if (ar_resp[i].ar2 > 0) {\r

+ if (tryMfk32_moebius(ar_resp[i], &key)) {\r

+ PrintAndLog("M-Found Key%s for sector %02d: [%04x%08x]", (ar_resp[i].keytype) ? "B" : "A", ar_resp[i].sector, (uint32_t) (key>>32), (uint32_t) (key &0xFFFFFFFF));\r

+ }\r

+ }*/\r

}\r

\r

}\r

\r

-int CmdHF14AMf1kSim(const char *Cmd)\r

-{\r

- uint8_t uid[4] = {0, 0, 0, 0};\r

- \r

- if (param_getchar(Cmd, 0) == 'h') {\r

- PrintAndLog("Usage: hf mf sim <uid (8 hex symbols)>");\r

- PrintAndLog(" sample: hf mf sim 0a0a0a0a ");\r

- return 0;\r

- } \r

- \r

- if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {\r

- PrintAndLog("UID must include 8 HEX symbols");\r

- return 1;\r

+int usage_hf14_mfsim(void) {\r

+ PrintAndLog("Usage: hf mf sim [h] [*<card memory>] [u <uid (8, 14, or 20 hex symbols)>] [n <numreads>] [i] [x]");\r

+ PrintAndLog("options:");\r

+ PrintAndLog(" h (Optional) this help");\r

+ PrintAndLog(" card memory: 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other, default> - 1K");\r

+ PrintAndLog(" u (Optional) UID 4 or 7 bytes. If not specified, the UID 4B from emulator memory will be used");\r

+ PrintAndLog(" n (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");\r

+ PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r

+ PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r

+ PrintAndLog(" e (Optional) set keys found from 'reader attack' to emulator memory (implies x and i)");\r

+ PrintAndLog(" f (Optional) get UIDs to use for 'reader attack' from file 'f <filename.txt>' (implies x and i)");\r

+ PrintAndLog(" r (Optional) Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works.");\r

+ PrintAndLog("samples:");\r

+ PrintAndLog(" hf mf sim u 0a0a0a0a");\r

+ PrintAndLog(" hf mf sim *4");\r

+ PrintAndLog(" hf mf sim u 11223344556677");\r

+ PrintAndLog(" hf mf sim f uids.txt");\r

+ PrintAndLog(" hf mf sim u 0a0a0a0a e");\r

+\r

+ return 0;\r

+}\r

+\r

+int CmdHF14AMfSim(const char *Cmd) {\r

+ UsbCommand resp;\r

+ uint8_t uid[7] = {0};\r

+ uint8_t exitAfterNReads = 0;\r

+ uint8_t flags = 0;\r

+ int uidlen = 0;\r

+ bool setEmulatorMem = false;\r

+ bool attackFromFile = false;\r

+ FILE *f;\r

+ char filename[FILE_PATH_SIZE];\r

+ memset(filename, 0x00, sizeof(filename));\r

+ int len = 0;\r

+ char buf[64];\r

+\r

+ uint8_t cmdp = 0;\r

+ bool errors = false;\r

+ uint8_t cardsize = '1';\r

+\r

+ while(param_getchar(Cmd, cmdp) != 0x00) {\r

+ switch(param_getchar(Cmd, cmdp)) {\r

+ case '*':\r

+ cardsize = param_getchar(Cmd + 1, cmdp);\r

+ switch(cardsize) {\r

+ case '0':\r

+ case '1':\r

+ case '2':\r

+ case '4': break;\r

+ default: cardsize = '1';\r

+ }\r

+ cmdp++;\r

+ break;\r

+ case 'e':\r

+ case 'E':\r

+ setEmulatorMem = true;\r

+ //implies x and i\r

+ flags |= FLAG_INTERACTIVE;\r

+ flags |= FLAG_NR_AR_ATTACK;\r

+ cmdp++;\r

+ break;\r

+ case 'f':\r

+ case 'F':\r

+ len = param_getstr(Cmd, cmdp+1, filename, sizeof(filename));\r

+ if (len < 1) {\r

+ PrintAndLog("error no filename found");\r

+ return 0;\r

+ }\r

+ attackFromFile = true;\r

+ //implies x and i\r

+ flags |= FLAG_INTERACTIVE;\r

+ flags |= FLAG_NR_AR_ATTACK;\r

+ cmdp += 2;\r

+ break;\r

+ case 'h':\r

+ case 'H':\r

+ return usage_hf14_mfsim();\r

+ case 'i':\r

+ case 'I':\r

+ flags |= FLAG_INTERACTIVE;\r

+ cmdp++;\r

+ break;\r

+ case 'n':\r

+ case 'N':\r

+ exitAfterNReads = param_get8(Cmd, cmdp+1);\r

+ cmdp += 2;\r

+ break;\r

+ case 'r':\r

+ case 'R':\r

+ flags |= FLAG_RANDOM_NONCE;\r

+ cmdp++;\r

+ break;\r

+ case 'u':\r

+ case 'U':\r

+ uidlen = 14;\r

+ if (param_gethex_ex(Cmd, cmdp+1, uid, &uidlen)) {\r

+ return usage_hf14_mfsim();\r

+ }\r

+ switch (uidlen) {\r

+ case 14: flags = FLAG_7B_UID_IN_DATA; break;\r

+ case 8: flags = FLAG_4B_UID_IN_DATA; break;\r

+ default: return usage_hf14_mfsim();\r

+ }\r

+ cmdp += 2;\r

+ break;\r

+ case 'x':\r

+ case 'X':\r

+ flags |= FLAG_NR_AR_ATTACK;\r

+ cmdp++;\r

+ break;\r

+ default:\r

+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r

+ errors = true;\r

+ break;\r

+ }\r

+ if(errors) break;\r

}\r

- PrintAndLog(" uid:%s ", sprint_hex(uid, 4));\r

- \r

- UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {0, 0, 0}};\r

- memcpy(c.d.asBytes, uid, 4);\r

- SendCommand(&c);\r

+ //Validations\r

+ if(errors) return usage_hf14_mfsim();\r

\r

- return 0;\r

+ //get uid from file\r

+ if (attackFromFile) {\r

+ int count = 0;\r

+ // open file\r

+ f = fopen(filename, "r");\r

+ if (f == NULL) {\r

+ PrintAndLog("File %s not found or locked", filename);\r

+ return 1;\r

+ }\r

+ PrintAndLog("Loading file and simulating. Press keyboard to abort");\r

+ while(!feof(f) && !ukbhit()){\r

+ memset(buf, 0, sizeof(buf));\r

+ memset(uid, 0, sizeof(uid));\r

+\r

+ if (fgets(buf, sizeof(buf), f) == NULL) {\r

+ if (count > 0) break;\r

+\r

+ PrintAndLog("File reading error.");\r

+ fclose(f);\r

+ return 2;\r

+ }\r

+ if(!strlen(buf) && feof(f)) break;\r

+\r

+ uidlen = strlen(buf)-1;\r

+ switch(uidlen) {\r

+ case 14: flags |= FLAG_7B_UID_IN_DATA; break;\r

+ case 8: flags |= FLAG_4B_UID_IN_DATA; break;\r

+ default:\r

+ PrintAndLog("uid in file wrong length at %d (length: %d) [%s]",count, uidlen, buf);\r

+ fclose(f);\r

+ return 2;\r

+ }\r

+\r

+ for (uint8_t i = 0; i < uidlen; i += 2) {\r

+ sscanf(&buf[i], "%02x", (unsigned int *)&uid[i / 2]);\r

+ }\r

+\r

+ PrintAndLog("mf sim cardsize: %s, uid: %s, numreads:%d, flags:%d (0x%02x) - press button to abort",\r

+ cardsize == '0' ? "Mini" :\r

+ cardsize == '2' ? "2K" :\r

+ cardsize == '4' ? "4K" : "1K",\r

+ flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4):\r

+ flags & FLAG_7B_UID_IN_DATA ? sprint_hex(uid,7): "N/A",\r

+ exitAfterNReads,\r

+ flags,\r

+ flags);\r

+\r

+ UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads, cardsize}};\r

+ memcpy(c.d.asBytes, uid, sizeof(uid));\r

+ clearCommandBuffer();\r

+ SendCommand(&c);\r

+\r

+ while (! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r

+ //We're waiting only 1.5 s at a time, otherwise we get the\r

+ // annoying message about "Waiting for a response... "\r

+ }\r

+ //got a response\r

+ nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r

+ memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp));\r

+ // We can skip the standard attack if we have RANDOM_NONCE set.\r

+ readerAttack(ar_resp, setEmulatorMem, !(flags & FLAG_RANDOM_NONCE));\r

+ if ((bool)resp.arg[1]) {\r

+ PrintAndLog("Device button pressed - quitting");\r

+ fclose(f);\r

+ return 4;\r

+ }\r

+ count++;\r

+ }\r

+ fclose(f);\r

+\r

+ } else { //not from file\r

+\r

+ PrintAndLog("mf sim cardsize: %s, uid: %s, numreads:%d, flags:%d (0x%02x) ",\r

+ cardsize == '0' ? "Mini" :\r

+ cardsize == '2' ? "2K" :\r

+ cardsize == '4' ? "4K" : "1K",\r

+ flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4):\r

+ flags & FLAG_7B_UID_IN_DATA ? sprint_hex(uid,7): "N/A",\r

+ exitAfterNReads,\r

+ flags,\r

+ flags);\r

+\r

+ UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads, cardsize}};\r

+ memcpy(c.d.asBytes, uid, sizeof(uid));\r

+ clearCommandBuffer();\r

+ SendCommand(&c);\r

+\r

+ if(flags & FLAG_INTERACTIVE) {\r

+ PrintAndLog("Press pm3-button to abort simulation");\r

+ while(! WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {\r

+ //We're waiting only 1.5 s at a time, otherwise we get the\r

+ // annoying message about "Waiting for a response... "\r

+ }\r

+ //got a response\r

+ if (flags & FLAG_NR_AR_ATTACK) {\r

+ nonces_t ar_resp[ATTACK_KEY_COUNT*2];\r

+ memcpy(ar_resp, resp.d.asBytes, sizeof(ar_resp));\r

+ // We can skip the standard attack if we have RANDOM_NONCE set.\r

+ readerAttack(ar_resp, setEmulatorMem, !(flags & FLAG_RANDOM_NONCE));\r

+ }\r

+\r

+ return 0;\r

}\r

\r

int CmdHF14AMfDbg(const char *Cmd)\r

{\r

int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r

if (dbgMode > 4) {\r

}\r

\r

int CmdHF14AMfDbg(const char *Cmd)\r

{\r

int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r

if (dbgMode > 4) {\r

- PrintAndLog("Max debud mode parameter is 4 \n");\r

+ PrintAndLog("Max debug mode parameter is 4 \n");\r

}\r

\r

if (strlen(Cmd) < 1 || !param_getchar(Cmd, 0) || dbgMode > 4) {\r

PrintAndLog("Usage: hf mf dbg <debug level>");\r

PrintAndLog(" 0 - no debug messages");\r

PrintAndLog(" 1 - error messages");\r

}\r

\r

if (strlen(Cmd) < 1 || !param_getchar(Cmd, 0) || dbgMode > 4) {\r

PrintAndLog("Usage: hf mf dbg <debug level>");\r

PrintAndLog(" 0 - no debug messages");\r

PrintAndLog(" 1 - error messages");\r

- PrintAndLog(" 2 - all messages");\r

- PrintAndLog(" 4 - extended debug mode");\r

+ PrintAndLog(" 2 - plus information messages");\r

+ PrintAndLog(" 3 - plus debug messages");\r

+ PrintAndLog(" 4 - print even debug messages in timing critical functions");\r

+ PrintAndLog(" Note: this option therefore may cause malfunction itself");\r

return 0;\r

- } \r

+ }\r

\r

- UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r

- SendCommand(&c);\r

+ UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r

+ SendCommand(&c);\r

\r

- return 0;\r

+ return 0;\r

}\r

\r

int CmdHF14AMfEGet(const char *Cmd)\r

{\r

uint8_t blockNo = 0;\r

}\r

\r

int CmdHF14AMfEGet(const char *Cmd)\r

{\r

uint8_t blockNo = 0;\r

- uint8_t data[3 * 16];\r

- int i;\r

+ uint8_t data[16] = {0x00};\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf eget <block number>");\r

PrintAndLog(" sample: hf mf eget 0 ");\r

return 0;\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf eget <block number>");\r

PrintAndLog(" sample: hf mf eget 0 ");\r

return 0;\r

- } \r

- \r

- blockNo = param_get8(Cmd, 0);\r

- if (blockNo >= 32 * 4 + 8 * 16) {\r

- PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r

- return 1;\r

}\r

\r

}\r

\r

+ blockNo = param_get8(Cmd, 0);\r

+\r

PrintAndLog(" ");\r

- if (!mfEmlGetMem(data, blockNo, 3)) {\r

- for (i = 0; i < 3; i++) {\r

- PrintAndLog("data[%d]:%s", blockNo + i, sprint_hex(data + i * 16, 16));\r

- }\r

+ if (!mfEmlGetMem(data, blockNo, 1)) {\r

+ PrintAndLog("data[%3d]:%s", blockNo, sprint_hex(data, 16));\r

} else {\r

PrintAndLog("Command execute timeout");\r

}\r

\r

} else {\r

PrintAndLog("Command execute timeout");\r

}\r

\r

- return 0;\r

+ return 0;\r

}\r

\r

int CmdHF14AMfEClear(const char *Cmd)\r

}\r

\r

int CmdHF14AMfEClear(const char *Cmd)\r

PrintAndLog("Usage: hf mf eclr");\r

PrintAndLog("It set card emulator memory to empty data blocks and key A/B FFFFFFFFFFFF \n");\r

return 0;\r

PrintAndLog("Usage: hf mf eclr");\r

PrintAndLog("It set card emulator memory to empty data blocks and key A/B FFFFFFFFFFFF \n");\r

return 0;\r

- } \r

+ }\r

\r

- UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r

- SendCommand(&c);\r

- return 0;\r

+ UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r

+ SendCommand(&c);\r

+ return 0;\r

}\r

\r

}\r

\r

+\r

int CmdHF14AMfESet(const char *Cmd)\r

{\r

uint8_t memBlock[16];\r

int CmdHF14AMfESet(const char *Cmd)\r

{\r

uint8_t memBlock[16];\r

PrintAndLog("Usage: hf mf eset <block number> <block data (32 hex symbols)>");\r

PrintAndLog(" sample: hf mf eset 1 000102030405060708090a0b0c0d0e0f ");\r

return 0;\r

PrintAndLog("Usage: hf mf eset <block number> <block data (32 hex symbols)>");\r

PrintAndLog(" sample: hf mf eset 1 000102030405060708090a0b0c0d0e0f ");\r

return 0;\r

- } \r

- \r

- blockNo = param_get8(Cmd, 0);\r

- if (blockNo >= 32 * 4 + 8 * 16) {\r

- PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r

- return 1;\r

}\r

- \r

+\r

+ blockNo = param_get8(Cmd, 0);\r

+\r

if (param_gethex(Cmd, 1, memBlock, 32)) {\r

PrintAndLog("block data must include 32 HEX symbols");\r

return 1;\r

}\r

if (param_gethex(Cmd, 1, memBlock, 32)) {\r

PrintAndLog("block data must include 32 HEX symbols");\r

return 1;\r

}\r

- \r

+\r

// 1 - blocks count\r

- UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNo, 1, 0}};\r

- memcpy(c.d.asBytes, memBlock, 16);\r

- SendCommand(&c);\r

- return 0;\r

+ return mfEmlSetMem(memBlock, blockNo, 1);\r

}\r

\r

}\r

\r

+\r

int CmdHF14AMfELoad(const char *Cmd)\r

{\r

FILE * f;\r

int CmdHF14AMfELoad(const char *Cmd)\r

{\r

FILE * f;\r

- char filename[20];\r

- char * fnameptr = filename;\r

- char buf[64];\r

- uint8_t buf8[64];\r

- int i, len, blockNum;\r

- \r

- memset(filename, 0, sizeof(filename));\r

- memset(buf, 0, sizeof(buf));\r

+ char filename[FILE_PATH_SIZE];\r

+ char *fnameptr = filename;\r

+ char buf[64] = {0x00};\r

+ uint8_t buf8[64] = {0x00};\r

+ int i, len, blockNum, numBlocks;\r

+ int nameParamNo = 1;\r

\r

- if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r

+ char ctmp = param_getchar(Cmd, 0);\r

+\r

+ if ( ctmp == 'h' || ctmp == 0x00) {\r

PrintAndLog("It loads emul dump from the file `filename.eml`");\r

- PrintAndLog("Usage: hf mf eload <file name w/o `.eml`>");\r

+ PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`>");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog("");\r

PrintAndLog(" sample: hf mf eload filename");\r

+ PrintAndLog(" hf mf eload 4 filename");\r

return 0;\r

- } \r

+ }\r

\r

- len = strlen(Cmd);\r

- if (len > 14) len = 14;\r

+ switch (ctmp) {\r

+ case '0' : numBlocks = 5*4; break;\r

+ case '1' :\r

+ case '\0': numBlocks = 16*4; break;\r

+ case '2' : numBlocks = 32*4; break;\r

+ case '4' : numBlocks = 256; break;\r

+ default: {\r

+ numBlocks = 16*4;\r

+ nameParamNo = 0;\r

+ }\r

+\r

+ len = param_getstr(Cmd, nameParamNo, filename, sizeof(filename));\r

+\r

+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r

\r

- memcpy(filename, Cmd, len);\r

fnameptr += len;\r

\r

fnameptr += len;\r

\r

- sprintf(fnameptr, ".eml"); \r

- \r

+ sprintf(fnameptr, ".eml");\r

+\r

// open file\r

f = fopen(filename, "r");\r

if (f == NULL) {\r

// open file\r

f = fopen(filename, "r");\r

if (f == NULL) {\r

- PrintAndLog("File not found or locked.");\r

+ PrintAndLog("File %s not found or locked", filename);\r

return 1;\r

}\r

return 1;\r

}\r

- \r

+\r

blockNum = 0;\r

while(!feof(f)){\r

memset(buf, 0, sizeof(buf));\r

blockNum = 0;\r

while(!feof(f)){\r

memset(buf, 0, sizeof(buf));\r

- fgets(buf, sizeof(buf), f);\r

+\r

+ if (fgets(buf, sizeof(buf), f) == NULL) {\r

+\r

+ if (blockNum >= numBlocks) break;\r

+\r

+ PrintAndLog("File reading error.");\r

+ fclose(f);\r

+ return 2;\r

+ }\r

\r

if (strlen(buf) < 32){\r

if(strlen(buf) && feof(f))\r

break;\r

PrintAndLog("File content error. Block data must include 32 HEX symbols");\r

\r

if (strlen(buf) < 32){\r

if(strlen(buf) && feof(f))\r

break;\r

PrintAndLog("File content error. Block data must include 32 HEX symbols");\r

+ fclose(f);\r

return 2;\r

}\r

return 2;\r

}\r

- for (i = 0; i < 32; i += 2)\r

- sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r

-// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));\r

+\r

+ for (i = 0; i < 32; i += 2) {\r

+ sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r

+ }\r

\r

if (mfEmlSetMem(buf8, blockNum, 1)) {\r

\r

if (mfEmlSetMem(buf8, blockNum, 1)) {\r

- PrintAndLog("Cant set emul block: %d", blockNum);\r

+ PrintAndLog("Cant set emul block: %3d", blockNum);\r

+ fclose(f);\r

return 3;\r

}\r

return 3;\r

}\r

+ printf(".");\r

blockNum++;\r

- \r

- if (blockNum >= 32 * 4 + 8 * 16) break;\r

+\r

+ if (blockNum >= numBlocks) break;\r

}\r

fclose(f);\r

}\r

fclose(f);\r

- \r

- if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){\r

- PrintAndLog("File content error. There must be 64 blocks");\r

+ printf("\n");\r

+\r

+ if ((blockNum != numBlocks)) {\r

+ PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks);\r

return 4;\r

}\r

return 4;\r

}\r

- PrintAndLog("Loaded from file: %s", filename);\r

- return 0;\r

+ PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename);\r

+ return 0;\r

}\r

\r

}\r

\r

+\r

int CmdHF14AMfESave(const char *Cmd)\r

{\r

FILE * f;\r

int CmdHF14AMfESave(const char *Cmd)\r

{\r

FILE * f;\r

- char filename[20];\r

+ char filename[FILE_PATH_SIZE];\r

char * fnameptr = filename;\r

uint8_t buf[64];\r

char * fnameptr = filename;\r

uint8_t buf[64];\r

- int i, j, len;\r

- \r

+ int i, j, len, numBlocks;\r

+ int nameParamNo = 1;\r

+\r

memset(filename, 0, sizeof(filename));\r

memset(buf, 0, sizeof(buf));\r

\r

memset(filename, 0, sizeof(filename));\r

memset(buf, 0, sizeof(buf));\r

\r

- if (param_getchar(Cmd, 0) == 'h') {\r

+ char ctmp = param_getchar(Cmd, 0);\r

+\r

+ if ( ctmp == 'h' || ctmp == 'H') {\r

PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`");\r

- PrintAndLog("Usage: hf mf esave [file name w/o `.eml`]");\r

+ PrintAndLog(" Usage: hf mf esave [card memory] [file name w/o `.eml`]");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog("");\r

PrintAndLog(" sample: hf mf esave ");\r

- PrintAndLog(" hf mf esave filename");\r

+ PrintAndLog(" hf mf esave 4");\r

+ PrintAndLog(" hf mf esave 4 filename");\r

return 0;\r

- } \r

+ }\r

+\r

+ switch (ctmp) {\r

+ case '0' : numBlocks = 5*4; break;\r

+ case '1' :\r

+ case '\0': numBlocks = 16*4; break;\r

+ case '2' : numBlocks = 32*4; break;\r

+ case '4' : numBlocks = 256; break;\r

+ default: {\r

+ numBlocks = 16*4;\r

+ nameParamNo = 0;\r

+ }\r

+\r

+ len = param_getstr(Cmd,nameParamNo,filename,sizeof(filename));\r

\r

- len = strlen(Cmd);\r

- if (len > 14) len = 14;\r

- \r

+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r

+\r

+ // user supplied filename?\r

if (len < 1) {\r

- // get filename\r

+ // get filename (UID from memory)\r

if (mfEmlGetMem(buf, 0, 1)) {\r

- PrintAndLog("Cant get block: %d", 0);\r

- return 1;\r

+ PrintAndLog("Can\'t get UID from block: %d", 0);\r

+ len = sprintf(fnameptr, "dump");\r

+ fnameptr += len;\r

+ }\r

+ else {\r

+ for (j = 0; j < 7; j++, fnameptr += 2)\r

+ sprintf(fnameptr, "%02X", buf[j]);\r

}\r

- for (j = 0; j < 7; j++, fnameptr += 2)\r

- sprintf(fnameptr, "%02x", buf[j]); \r

} else {\r

- memcpy(filename, Cmd, len);\r

fnameptr += len;\r

}\r

\r

fnameptr += len;\r

}\r

\r

- sprintf(fnameptr, ".eml"); \r

- \r

+ // add file extension\r

+ sprintf(fnameptr, ".eml");\r

+\r

// open file\r

f = fopen(filename, "w+");\r

\r

// open file\r

f = fopen(filename, "w+");\r

\r

+ if ( !f ) {\r

+ PrintAndLog("Can't open file %s ", filename);\r

+ return 1;\r

+ }\r

+\r

// put hex\r

- for (i = 0; i < 32 * 4 + 8 * 16; i++) {\r

+ for (i = 0; i < numBlocks; i++) {\r

if (mfEmlGetMem(buf, i, 1)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

for (j = 0; j < 16; j++)\r

if (mfEmlGetMem(buf, i, 1)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

for (j = 0; j < 16; j++)\r

- fprintf(f, "%02x", buf[j]); \r

+ fprintf(f, "%02X", buf[j]);\r

fprintf(f,"\n");\r

}\r

fclose(f);\r

fprintf(f,"\n");\r

}\r

fclose(f);\r

- \r

- PrintAndLog("Saved to file: %s", filename);\r

- \r

- return 0;\r

+\r

+ PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename);\r

+\r

+ return 0;\r

}\r

\r

}\r

\r

+\r

int CmdHF14AMfECFill(const char *Cmd)\r

{\r

uint8_t keyType = 0;\r

int CmdHF14AMfECFill(const char *Cmd)\r

{\r

uint8_t keyType = 0;\r

+ uint8_t numSectors = 16;\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

- PrintAndLog("Usage: hf mf efill <key A/B>");\r

- PrintAndLog("sample: hf mf efill A");\r

- PrintAndLog("Card data blocks transfers to card emulator memory.");\r

- PrintAndLog("Keys must be laid in the simulator memory. \n");\r

+ PrintAndLog("Usage: hf mf ecfill <key A/B> [card memory]");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog("");\r

+ PrintAndLog("samples: hf mf ecfill A");\r

+ PrintAndLog(" hf mf ecfill A 4");\r

+ PrintAndLog("Read card and transfer its data to emulator memory.");\r

+ PrintAndLog("Keys must be laid in the emulator memory. \n");\r

return 0;\r

- } \r

+ }\r

\r

char ctmp = param_getchar(Cmd, 0);\r

\r

char ctmp = param_getchar(Cmd, 0);\r

- if (ctmp == 0x00) {\r

+ if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r

PrintAndLog("Key type must be A or B");\r

return 1;\r

}\r

if (ctmp != 'A' && ctmp != 'a') keyType = 1;\r

\r

PrintAndLog("Key type must be A or B");\r

return 1;\r

}\r

if (ctmp != 'A' && ctmp != 'a') keyType = 1;\r

\r

- UsbCommand c = {CMD_MIFARE_EML_CARDLOAD, {0, keyType, 0}};\r

- SendCommand(&c);\r

- return 0;\r

+ ctmp = param_getchar(Cmd, 1);\r

+ switch (ctmp) {\r

+ case '0' : numSectors = 5; break;\r

+ case '1' :\r

+ case '\0': numSectors = 16; break;\r

+ case '2' : numSectors = 32; break;\r

+ case '4' : numSectors = 40; break;\r

+ default: numSectors = 16;\r

+ }\r

+\r

+ printf("--params: numSectors: %d, keyType:%d\n", numSectors, keyType);\r

+ UsbCommand c = {CMD_MIFARE_EML_CARDLOAD, {numSectors, keyType, 0}};\r

+ SendCommand(&c);\r

+ return 0;\r

}\r

\r

}\r

\r

+\r

int CmdHF14AMfEKeyPrn(const char *Cmd)\r

{\r

int CmdHF14AMfEKeyPrn(const char *Cmd)\r

{\r

- int i,b=-1;\r

+ int i;\r

+ uint8_t numSectors = 16;\r

uint8_t data[16];\r

uint64_t keyA, keyB;\r

uint8_t data[16];\r

uint64_t keyA, keyB;\r

- \r

+ bool createDumpFile = false;\r

+\r

+ if (param_getchar(Cmd, 0) == 'h') {\r

+ PrintAndLog("It prints the keys loaded in the emulator memory");\r

+ PrintAndLog("Usage: hf mf ekeyprn [card memory] [d]");\r

+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog(" [d] : write keys to binary file dumpkeys.bin");\r

+ PrintAndLog("");\r

+ PrintAndLog(" sample: hf mf ekeyprn 1");\r

+ return 0;\r

+ }\r

+\r

+ uint8_t cmdp = 0;\r

+ while (param_getchar(Cmd, cmdp) != 0x00) {\r

+ switch (param_getchar(Cmd, cmdp)) {\r

+ case '0' : numSectors = 5; break;\r

+ case '1' :\r

+ case '\0': numSectors = 16; break;\r

+ case '2' : numSectors = 32; break;\r

+ case '4' : numSectors = 40; break;\r

+ case 'd' :\r

+ case 'D' : createDumpFile = true; break;\r

+ }\r

+ cmdp++;\r

+ }\r

+\r

PrintAndLog("|---|----------------|----------------|");\r

PrintAndLog("|sec|key A |key B |");\r

PrintAndLog("|---|----------------|----------------|");\r

PrintAndLog("|sec|key A |key B |");\r

PrintAndLog("|---|----------------|----------------|");\r

- for (i = 0; i < 40; i++) {\r

- b<127?(b+=4):(b+=16);\r

- if (mfEmlGetMem(data, b, 1)) {\r

- PrintAndLog("error get block %d", b);\r

+ for (i = 0; i < numSectors; i++) {\r

+ if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {\r

+ PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r

break;\r

}\r

keyA = bytes_to_num(data, 6);\r

keyB = bytes_to_num(data + 10, 6);\r

break;\r

}\r

keyA = bytes_to_num(data, 6);\r

keyB = bytes_to_num(data + 10, 6);\r

- PrintAndLog("|%03d| %012llx | %012llx |", i, keyA, keyB);\r

+ PrintAndLog("|%03d| %012" PRIx64 " | %012" PRIx64 " |", i, keyA, keyB);\r

}\r

PrintAndLog("|---|----------------|----------------|");\r

}\r

PrintAndLog("|---|----------------|----------------|");\r

- \r

+\r

+ // Create dump file\r

+ if (createDumpFile) {\r

+ FILE *fkeys;\r

+ if ((fkeys = fopen("dumpkeys.bin","wb")) == NULL) {\r

+ PrintAndLog("Could not create file dumpkeys.bin");\r

+ return 1;\r

+ }\r

+ PrintAndLog("Printing keys to binary file dumpkeys.bin...");\r

+ for(i = 0; i < numSectors; i++) {\r

+ if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {\r

+ PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r

+ break;\r

+ }\r

+ fwrite(data, 1, 6, fkeys);\r

+ }\r

+ for(i = 0; i < numSectors; i++) {\r

+ if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {\r

+ PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r

+ break;\r

+ }\r

+ fwrite(data+10, 1, 6, fkeys);\r

+ }\r

+ fclose(fkeys);\r

+ }\r

+\r

+ return 0;\r

+}\r

+\r

+int CmdHF14AMfCSetUID(const char *Cmd)\r

+{\r

+ uint8_t uid[8] = {0x00};\r

+ uint8_t oldUid[8] = {0x00};\r

+ uint8_t atqa[2] = {0x00};\r

+ uint8_t sak[1] = {0x00};\r

+ uint8_t atqaPresent = 0;\r

+ int res;\r

+\r

+ uint8_t needHelp = 0;\r

+ char cmdp = 1;\r

+\r

+ if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {\r

+ PrintAndLog("UID must include 8 HEX symbols");\r

+ return 1;\r

+ }\r

+\r

+ if (param_getlength(Cmd, 1) > 1 && param_getlength(Cmd, 2) > 1) {\r

+ atqaPresent = 1;\r

+ cmdp = 3;\r

+\r

+ if (param_gethex(Cmd, 1, atqa, 4)) {\r

+ PrintAndLog("ATQA must include 4 HEX symbols");\r

+ return 1;\r

+ }\r

+\r

+ if (param_gethex(Cmd, 2, sak, 2)) {\r

+ PrintAndLog("SAK must include 2 HEX symbols");\r

+ return 1;\r

+ }\r

+\r

+ while(param_getchar(Cmd, cmdp) != 0x00)\r

+ {\r

+ switch(param_getchar(Cmd, cmdp))\r

+ {\r

+ case 'h':\r

+ case 'H':\r

+ needHelp = 1;\r

+ break;\r

+ default:\r

+ PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r

+ needHelp = 1;\r

+ break;\r

+ }\r

+ cmdp++;\r

+ }\r

+\r

+ if (strlen(Cmd) < 1 || needHelp) {\r

+ PrintAndLog("");\r

+ PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols]");\r

+ PrintAndLog("sample: hf mf csetuid 01020304");\r

+ PrintAndLog("sample: hf mf csetuid 01020304 0004 08");\r

+ PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");\r

+ return 0;\r

+ }\r

+\r

+ PrintAndLog("uid:%s", sprint_hex(uid, 4));\r

+ if (atqaPresent) {\r

+ PrintAndLog("--atqa:%s sak:%02x", sprint_hex(atqa, 2), sak[0]);\r

+ }\r

+\r

+ res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid);\r

+ if (res) {\r

+ PrintAndLog("Can't set UID. Error=%d", res);\r

+ return 1;\r

+ }\r

+\r

+ PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r

+ PrintAndLog("new UID:%s", sprint_hex(uid, 4));\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

-int CmdHF14AMfCSetUID(const char *Cmd)\r

-{\r

- uint8_t wipeCard = 0;\r

- uint8_t uid[8];\r

- uint8_t oldUid[8];\r

- int res;\r

+int CmdHF14AMfCWipe(const char *Cmd)\r

+{\r

+ int res, gen = 0;\r

+ int numBlocks = 16 * 4;\r

+ bool wipeCard = false;\r

+ bool fillCard = false;\r

+\r

+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

+ PrintAndLog("Usage: hf mf cwipe [card size] [w] [f]");\r

+ PrintAndLog("sample: hf mf cwipe 1 w f");\r

+ PrintAndLog("[card size]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r

+ PrintAndLog("w - Wipe magic Chinese card (only works with gen:1a cards)");\r

+ PrintAndLog("f - Fill the card with default data and keys (works with gen:1a and gen:1b cards only)");\r

+ return 0;\r

+ }\r

+\r

+ gen = mfCIdentify();\r

+ if ((gen != 1) && (gen != 2))\r

+ return 1;\r

+\r

+ numBlocks = ParamCardSizeBlocks(param_getchar(Cmd, 0));\r

+\r

+ char cmdp = 0;\r

+ while(param_getchar(Cmd, cmdp) != 0x00){\r

+ switch(param_getchar(Cmd, cmdp)) {\r

+ case 'w':\r

+ case 'W':\r

+ wipeCard = 1;\r

+ break;\r

+ case 'f':\r

+ case 'F':\r

+ fillCard = 1;\r

+ break;\r

+ default:\r

+ break;\r

+ }\r

+ cmdp++;\r

+ }\r

+\r

+ if (!wipeCard && !fillCard)\r

+ wipeCard = true;\r

\r

- if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

- PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> <w>");\r

- PrintAndLog("sample: hf mf csetuid 01020304 w");\r

- PrintAndLog("Set UID for magic Chinese card (only works with!!!)");\r

- PrintAndLog("If you want wipe card then add 'w' into command line. \n");\r

- return 0;\r

- } \r

+ PrintAndLog("--blocks count:%2d wipe:%c fill:%c", numBlocks, (wipeCard)?'y':'n', (fillCard)?'y':'n');\r

\r

- if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {\r

- PrintAndLog("UID must include 8 HEX symbols");\r

- return 1;\r

+ if (gen == 2) {\r

+ /* generation 1b magic card */\r

+ if (wipeCard) {\r

+ PrintAndLog("WARNING: can't wipe magic card 1b generation");\r

+ }\r

+ res = mfCWipe(numBlocks, true, false, fillCard);\r

+ } else {\r

+ /* generation 1a magic card by default */\r

+ res = mfCWipe(numBlocks, false, wipeCard, fillCard);\r

}\r

\r

}\r

\r

- char ctmp = param_getchar(Cmd, 1);\r

- if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;\r

- \r

- PrintAndLog("--wipe card:%02x uid:%s", wipeCard, sprint_hex(uid, 4));\r

-\r

- res = mfCSetUID(uid, oldUid, wipeCard);\r

if (res) {\r

- PrintAndLog("Can't set UID. error=%d", res);\r

- return 1;\r

- }\r

- \r

- PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r

+ PrintAndLog("Can't wipe. error=%d", res);\r

+ return 1;\r

+ }\r

+ PrintAndLog("OK");\r

return 0;\r

}\r

\r

int CmdHF14AMfCSetBlk(const char *Cmd)\r

{\r

return 0;\r

}\r

\r

int CmdHF14AMfCSetBlk(const char *Cmd)\r

{\r

- uint8_t uid[8];\r

- uint8_t memBlock[16];\r

+ uint8_t memBlock[16] = {0x00};\r

uint8_t blockNo = 0;\r

- int res;\r

- memset(memBlock, 0x00, sizeof(memBlock));\r

+ bool wipeCard = false;\r

+ int res, gen = 0;\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

- PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)>");\r

+ PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)> [w]");\r

PrintAndLog("sample: hf mf csetblk 1 01020304050607080910111213141516");\r

- PrintAndLog("Set block data for magic Chinese card (only works with!!!)");\r

- PrintAndLog("If you want wipe card then add 'w' into command line. \n");\r

+ PrintAndLog("Set block data for magic Chinese card (only works with such cards)");\r

+ PrintAndLog("If you also want wipe the card then add 'w' at the end of the command line");\r

return 0;\r

- } \r

+ }\r

\r

- blockNo = param_get8(Cmd, 0);\r

- if (blockNo >= 32 * 4 + 8 * 16) {\r

- PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r

+ gen = mfCIdentify();\r

+ if ((gen != 1) && (gen != 2))\r

return 1;\r

- }\r

+\r

+ blockNo = param_get8(Cmd, 0);\r

\r

if (param_gethex(Cmd, 1, memBlock, 32)) {\r

PrintAndLog("block data must include 32 HEX symbols");\r

return 1;\r

}\r

\r

if (param_gethex(Cmd, 1, memBlock, 32)) {\r

PrintAndLog("block data must include 32 HEX symbols");\r

return 1;\r

}\r

\r

- PrintAndLog("--block number:%02x data:%s", blockNo, sprint_hex(memBlock, 16));\r

+ char ctmp = param_getchar(Cmd, 2);\r

+ wipeCard = (ctmp == 'w' || ctmp == 'W');\r

+ PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r

+\r

+ if (gen == 2) {\r

+ /* generation 1b magic card */\r

+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r

+ } else {\r

+ /* generation 1a magic card by default */\r

+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r

+ }\r

\r

- res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER);\r

if (res) {\r

- PrintAndLog("Can't write block. error=%d", res);\r

- return 1;\r

- }\r

- \r

- PrintAndLog("UID:%s", sprint_hex(uid, 4));\r

+ PrintAndLog("Can't write block. error=%d", res);\r

+ return 1;\r

+ }\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

+\r

int CmdHF14AMfCLoad(const char *Cmd)\r

{\r

FILE * f;\r

int CmdHF14AMfCLoad(const char *Cmd)\r

{\r

FILE * f;\r

- char filename[20];\r

+ char filename[FILE_PATH_SIZE] = {0x00};\r

char * fnameptr = filename;\r

- char buf[64];\r

- uint8_t buf8[64];\r

+ char buf[256] = {0x00};\r

+ uint8_t buf8[256] = {0x00};\r

uint8_t fillFromEmulator = 0;\r

- int i, len, blockNum, flags;\r

- \r

- memset(filename, 0, sizeof(filename));\r

- memset(buf, 0, sizeof(buf));\r

+ int i, len, blockNum, flags = 0, gen = 0, numblock = 64;\r

\r

if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r

\r

if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r

- PrintAndLog("It loads magic Chinese card (only works with!!!) from the file `filename.eml`");\r

- PrintAndLog("or from emulator memory (option `e`)");\r

- PrintAndLog("Usage: hf mf cload <file name w/o `.eml`>");\r

- PrintAndLog(" or: hf mf cload e ");\r

- PrintAndLog(" sample: hf mf cload filename");\r

+ PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r

+ PrintAndLog("or from emulator memory (option `e`). 4K card: (option `4`)");\r

+ PrintAndLog("Usage: hf mf cload [file name w/o `.eml`][e][4]");\r

+ PrintAndLog(" or: hf mf cload e [4]");\r

+ PrintAndLog("Sample: hf mf cload filename");\r

+ PrintAndLog(" hf mf cload filname 4");\r

+ PrintAndLog(" hf mf cload e");\r

+ PrintAndLog(" hf mf cload e 4");\r

return 0;\r

- } \r

+ }\r

\r

char ctmp = param_getchar(Cmd, 0);\r

if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r

\r

char ctmp = param_getchar(Cmd, 0);\r

if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r

- \r

+ ctmp = param_getchar(Cmd, 1);\r

+ if (ctmp == '4') numblock = 256;\r

+\r

+ gen = mfCIdentify();\r

+ PrintAndLog("Loading magic mifare %dK", numblock == 256 ? 4:1);\r

+\r

if (fillFromEmulator) {\r

- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

- for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) {\r

+ for (blockNum = 0; blockNum < numblock; blockNum += 1) {\r

if (mfEmlGetMem(buf8, blockNum, 1)) {\r

PrintAndLog("Cant get block: %d", blockNum);\r

return 2;\r

}\r

if (mfEmlGetMem(buf8, blockNum, 1)) {\r

PrintAndLog("Cant get block: %d", blockNum);\r

return 2;\r

}\r

- \r

- if (blockNum == 2) flags = 0;\r

- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r

+ if (blockNum == 1) flags = 0; // just write\r

+ if (blockNum == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r

\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r

PrintAndLog("Cant set magic card block: %d", blockNum);\r

return 3;\r

if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r

PrintAndLog("Cant set magic card block: %d", blockNum);\r

return 3;\r

}\r

return 0;\r

} else {\r

}\r

return 0;\r

} else {\r

- len = strlen(Cmd);\r

- if (len > 14) len = 14;\r

+ param_getstr(Cmd, 0, filename, sizeof(filename));\r

+\r

+ len = strlen(filename);\r

+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r

\r

- memcpy(filename, Cmd, len);\r

+ //memcpy(filename, Cmd, len);\r

fnameptr += len;\r

\r

fnameptr += len;\r

\r

- sprintf(fnameptr, ".eml"); \r

- \r

+ sprintf(fnameptr, ".eml");\r

+\r

// open file\r

f = fopen(filename, "r");\r

if (f == NULL) {\r

PrintAndLog("File not found or locked.");\r

return 1;\r

}\r

// open file\r

f = fopen(filename, "r");\r

if (f == NULL) {\r

PrintAndLog("File not found or locked.");\r

return 1;\r

}\r

- \r

+\r

blockNum = 0;\r

- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

while(!feof(f)){\r

+\r

memset(buf, 0, sizeof(buf));\r

- fgets(buf, sizeof(buf), f);\r

\r

- if (strlen(buf) < 32){\r

+ if (fgets(buf, sizeof(buf), f) == NULL) {\r

+ fclose(f);\r

+ PrintAndLog("File reading error.");\r

+ return 2;\r

+ }\r

+\r

+ if (strlen(buf) < 32) {\r

if(strlen(buf) && feof(f))\r

break;\r

PrintAndLog("File content error. Block data must include 32 HEX symbols");\r

if(strlen(buf) && feof(f))\r

break;\r

PrintAndLog("File content error. Block data must include 32 HEX symbols");\r

+ fclose(f);\r

return 2;\r

}\r

for (i = 0; i < 32; i += 2)\r

sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r

\r

return 2;\r

}\r

for (i = 0; i < 32; i += 2)\r

sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r

\r

- if (blockNum == 2) flags = 0;\r

- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r

+ if (blockNum == 1) flags = 0; // just write\r

+ if (blockNum == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r

\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r

- PrintAndLog("Cant set magic card block: %d", blockNum);\r

+ PrintAndLog("Can't set magic card block: %d", blockNum);\r

+ fclose(f);\r

return 3;\r

}\r

blockNum++;\r

return 3;\r

}\r

blockNum++;\r

- \r

- if (blockNum >= 16 * 4) break; // magic card type - mifare 1K\r

+\r

+ if (blockNum >= numblock) break; // magic card type - mifare 1K 64 blocks, mifare 4k 256 blocks\r

}\r

fclose(f);\r

}\r

fclose(f);\r

- \r

- if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){\r

- PrintAndLog("File content error. There must be 64 blocks");\r

+\r

+ //if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){\r

+ if (blockNum != numblock){\r

+ PrintAndLog("File content error. There must be %d blocks", numblock);\r

return 4;\r

}\r

PrintAndLog("Loaded from file: %s", filename);\r

return 0;\r

}\r

return 4;\r

}\r

PrintAndLog("Loaded from file: %s", filename);\r

return 0;\r

}\r

+ return 0;\r

}\r

\r

int CmdHF14AMfCGetBlk(const char *Cmd) {\r

uint8_t memBlock[16];\r

uint8_t blockNo = 0;\r

}\r

\r

int CmdHF14AMfCGetBlk(const char *Cmd) {\r

uint8_t memBlock[16];\r

uint8_t blockNo = 0;\r

- int res;\r

+ int res, gen = 0;\r

memset(memBlock, 0x00, sizeof(memBlock));\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf cgetblk <block number>");\r

PrintAndLog("sample: hf mf cgetblk 1");\r

memset(memBlock, 0x00, sizeof(memBlock));\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf cgetblk <block number>");\r

PrintAndLog("sample: hf mf cgetblk 1");\r

- PrintAndLog("Get block data from magic Chinese card (only works with!!!)\n");\r

+ PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r

return 0;\r

- } \r

+ }\r

+\r

+ gen = mfCIdentify();\r

\r

blockNo = param_get8(Cmd, 0);\r

\r

blockNo = param_get8(Cmd, 0);\r

- if (blockNo >= 32 * 4 + 8 * 16) {\r

- PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r

- return 1;\r

- }\r

\r

- PrintAndLog("--block number:%02x ", blockNo);\r

+ PrintAndLog("--block number:%2d ", blockNo);\r

\r

- res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r

+ if (gen == 2) {\r

+ /* generation 1b magic card */\r

+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);\r

+ } else {\r

+ /* generation 1a magic card by default */\r

+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r

+ }\r

if (res) {\r

PrintAndLog("Can't read block. error=%d", res);\r

return 1;\r

}\r

if (res) {\r

PrintAndLog("Can't read block. error=%d", res);\r

return 1;\r

}\r

- \r

+\r

PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r

+\r

+ if (mfIsSectorTrailer(blockNo)) {\r

+ PrintAndLogEx(NORMAL, "Trailer decoded:");\r

+ PrintAndLogEx(NORMAL, "Key A: %s", sprint_hex_inrow(memBlock, 6));\r

+ PrintAndLogEx(NORMAL, "Key B: %s", sprint_hex_inrow(&memBlock[10], 6));\r

+ int bln = mfFirstBlockOfSector(mfSectorNum(blockNo));\r

+ int blinc = (mfNumBlocksPerSector(mfSectorNum(blockNo)) > 4) ? 5 : 1;\r

+ for (int i = 0; i < 4; i++) {\r

+ PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &memBlock[6]));\r

+ bln += blinc;\r

+ }\r

+ PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&memBlock[9], 1));\r

+ }\r

+\r

return 0;\r

}\r

\r

int CmdHF14AMfCGetSc(const char *Cmd) {\r

return 0;\r

}\r

\r

int CmdHF14AMfCGetSc(const char *Cmd) {\r

- uint8_t memBlock[16];\r

+ uint8_t memBlock[16] = {0x00};\r

uint8_t sectorNo = 0;\r

- int i, res, flags;\r

- memset(memBlock, 0x00, sizeof(memBlock));\r

+ int i, res, flags, gen = 0, baseblock = 0, sect_size = 4;\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf cgetsc <sector number>");\r

PrintAndLog("sample: hf mf cgetsc 0");\r

\r

if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("Usage: hf mf cgetsc <sector number>");\r

PrintAndLog("sample: hf mf cgetsc 0");\r

- PrintAndLog("Get sector data from magic Chinese card (only works with!!!)\n");\r

+ PrintAndLog("Get sector data from magic Chinese card (only works with such cards)\n");\r

return 0;\r

- } \r

+ }\r

\r

sectorNo = param_get8(Cmd, 0);\r

\r

sectorNo = param_get8(Cmd, 0);\r

- if (sectorNo > 15) {\r

- PrintAndLog("Sector number must be in [0..15] as in MIFARE classic.");\r

+\r

+ if (sectorNo > 39) {\r

+ PrintAndLog("Sector number must be in [0..15] in MIFARE classic 1k and [0..39] in MIFARE classic 4k.");\r

return 1;\r

}\r

\r

return 1;\r

}\r

\r

- PrintAndLog("--sector number:%02x ", sectorNo);\r

+ PrintAndLog("--sector number:%d ", sectorNo);\r

+\r

+ gen = mfCIdentify();\r

\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

- for (i = 0; i < 4; i++) {\r

+ if (sectorNo < 32 ) {\r

+ baseblock = sectorNo * 4;\r

+ } else {\r

+ baseblock = 128 + 16 * (sectorNo - 32);\r

+\r

+ }\r

+ if (sectorNo > 31) sect_size = 16;\r

+\r

+ for (i = 0; i < sect_size; i++) {\r

if (i == 1) flags = 0;\r

- if (i == 3) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

+ if (i == sect_size - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

\r

- res = mfCGetBlock(sectorNo * 4 + i, memBlock, flags);\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

+\r

+ res = mfCGetBlock(baseblock + i, memBlock, flags);\r

if (res) {\r

- PrintAndLog("Can't read block. %02x error=%d", sectorNo * 4 + i, res);\r

+ PrintAndLog("Can't read block. %d error=%d", baseblock + i, res);\r

return 1;\r

}\r

return 1;\r

}\r

- \r

- PrintAndLog("block %02x data:%s", sectorNo * 4 + i, sprint_hex(memBlock, 16));\r

+\r

+ PrintAndLog("block %3d data:%s", baseblock + i, sprint_hex(memBlock, 16));\r

+\r

+ if (mfIsSectorTrailer(baseblock + i)) {\r

+ PrintAndLogEx(NORMAL, "Trailer decoded:");\r

+ PrintAndLogEx(NORMAL, "Key A: %s", sprint_hex_inrow(memBlock, 6));\r

+ PrintAndLogEx(NORMAL, "Key B: %s", sprint_hex_inrow(&memBlock[10], 6));\r

+ int bln = baseblock;\r

+ int blinc = (mfNumBlocksPerSector(sectorNo) > 4) ? 5 : 1;\r

+ for (int i = 0; i < 4; i++) {\r

+ PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &memBlock[6]));\r

+ bln += blinc;\r

+ }\r

+ PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&memBlock[9], 1));\r

+ }\r

}\r

return 0;\r

}\r

\r

}\r

return 0;\r

}\r

\r

+\r

int CmdHF14AMfCSave(const char *Cmd) {\r

\r

FILE * f;\r

int CmdHF14AMfCSave(const char *Cmd) {\r

\r

FILE * f;\r

- char filename[20];\r

+ char filename[FILE_PATH_SIZE] = {0x00};\r

char * fnameptr = filename;\r

uint8_t fillFromEmulator = 0;\r

char * fnameptr = filename;\r

uint8_t fillFromEmulator = 0;\r

- uint8_t buf[64];\r

- int i, j, len, flags;\r

- \r

- memset(filename, 0, sizeof(filename));\r

- memset(buf, 0, sizeof(buf));\r

+ uint8_t buf[256] = {0x00};\r

+ int i, j, len, flags, gen = 0, numblock = 64;\r

+\r

+ // memset(filename, 0, sizeof(filename));\r

+ // memset(buf, 0, sizeof(buf));\r

\r

if (param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r

\r

if (param_getchar(Cmd, 0) == 'h') {\r

PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r

- PrintAndLog("or into emulator memory (option `e`)");\r

- PrintAndLog("Usage: hf mf esave [file name w/o `.eml`][e]");\r

- PrintAndLog(" sample: hf mf esave ");\r

- PrintAndLog(" hf mf esave filename");\r

- PrintAndLog(" hf mf esave e \n");\r

+ PrintAndLog("or into emulator memory (option `e`). 4K card: (option `4`)");\r

+ PrintAndLog("Usage: hf mf csave [file name w/o `.eml`][e][4]");\r

+ PrintAndLog("Sample: hf mf csave ");\r

+ PrintAndLog(" hf mf csave filename");\r

+ PrintAndLog(" hf mf csave e");\r

+ PrintAndLog(" hf mf csave 4");\r

+ PrintAndLog(" hf mf csave filename 4");\r

+ PrintAndLog(" hf mf csave e 4");\r

return 0;\r

- } \r

+ }\r

\r

char ctmp = param_getchar(Cmd, 0);\r

if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r

\r

char ctmp = param_getchar(Cmd, 0);\r

if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r

+ if (ctmp == '4') numblock = 256;\r

+ ctmp = param_getchar(Cmd, 1);\r

+ if (ctmp == '4') numblock = 256;\r

+\r

+ gen = mfCIdentify();\r

+ PrintAndLog("Saving magic mifare %dK", numblock == 256 ? 4:1);\r

\r

if (fillFromEmulator) {\r

// put into emulator\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

\r

if (fillFromEmulator) {\r

// put into emulator\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

- for (i = 0; i < 16 * 4; i++) {\r

+ for (i = 0; i < numblock; i++) {\r

if (i == 1) flags = 0;\r

- if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

- \r

+ if (i == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

+\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

+\r

if (mfCGetBlock(i, buf, flags)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

if (mfCGetBlock(i, buf, flags)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

- \r

+\r

if (mfEmlSetMem(buf, i, 1)) {\r

PrintAndLog("Cant set emul block: %d", i);\r

return 3;\r

if (mfEmlSetMem(buf, i, 1)) {\r

PrintAndLog("Cant set emul block: %d", i);\r

return 3;\r

}\r

return 0;\r

} else {\r

}\r

return 0;\r

} else {\r

- len = strlen(Cmd);\r

- if (len > 14) len = 14;\r

- \r

- if (len < 1) {\r

+ param_getstr(Cmd, 0, filename, sizeof(filename));\r

+\r

+ len = strlen(filename);\r

+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r

+\r

+ ctmp = param_getchar(Cmd, 0);\r

+ if (len < 1 || (ctmp == '4')) {\r

// get filename\r

- if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {\r

+\r

+ flags = CSETBLOCK_SINGLE_OPER;\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

+ if (mfCGetBlock(0, buf, flags)) {\r

PrintAndLog("Cant get block: %d", 0);\r

- return 1;\r

+ len = sprintf(fnameptr, "dump");\r

+ fnameptr += len;\r

+ }\r

+ else {\r

+ for (j = 0; j < 7; j++, fnameptr += 2)\r

+ sprintf(fnameptr, "%02x", buf[j]);\r

}\r

- for (j = 0; j < 7; j++, fnameptr += 2)\r

- sprintf(fnameptr, "%02x", buf[j]); \r

} else {\r

- memcpy(filename, Cmd, len);\r

+ //memcpy(filename, Cmd, len);\r

fnameptr += len;\r

}\r

\r

fnameptr += len;\r

}\r

\r

- sprintf(fnameptr, ".eml"); \r

- \r

+ sprintf(fnameptr, ".eml");\r

+\r

// open file\r

f = fopen(filename, "w+");\r

\r

// open file\r

f = fopen(filename, "w+");\r

\r

+ if (f == NULL) {\r

+ PrintAndLog("File not found or locked.");\r

+ return 1;\r

+ }\r

+\r

// put hex\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

// put hex\r

flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r

- for (i = 0; i < 16 * 4; i++) {\r

+ for (i = 0; i < numblock; i++) {\r

if (i == 1) flags = 0;\r

- if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

- \r

+ if (i == numblock - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r

+\r

+ if (gen == 2)\r

+ /* generation 1b magic card */\r

+ flags |= CSETBLOCK_MAGIC_1B;\r

if (mfCGetBlock(i, buf, flags)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

for (j = 0; j < 16; j++)\r

if (mfCGetBlock(i, buf, flags)) {\r

PrintAndLog("Cant get block: %d", i);\r

break;\r

}\r

for (j = 0; j < 16; j++)\r

- fprintf(f, "%02x", buf[j]); \r

+ fprintf(f, "%02x", buf[j]);\r

fprintf(f,"\n");\r

}\r

fclose(f);\r

fprintf(f,"\n");\r

}\r

fclose(f);\r

- \r

+\r

PrintAndLog("Saved to file: %s", filename);\r

- \r

+\r

return 0;\r

}\r

\r

return 0;\r

}\r

\r

-static command_t CommandTable[] =\r

-{\r

- {"help", CmdHelp, 1, "This help"},\r

- {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r

- {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r

- {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r

- {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r

- {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r

- {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r

- {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r

- {"mifare", CmdHF14AMifare, 0, "Read parity error messages. param - <used card nonce>"},\r

- {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r

- {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r

- {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r

- {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r

- {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r

- {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r

- {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r

- {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r

- {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r

- {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r

- {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"},\r

- {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block from magic Chinese card"},\r

- {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector from magic Chinese card"},\r

- {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r

- {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r

- {NULL, NULL, 0, NULL}\r

+\r

+int CmdHF14AMfSniff(const char *Cmd){\r

+\r

+ bool wantLogToFile = 0;\r

+ bool wantDecrypt = 0;\r

+ //bool wantSaveToEml = 0; TODO\r

+ bool wantSaveToEmlFile = 0;\r

+\r

+ //var\r

+ int res = 0;\r

+ int len = 0;\r

+ int parlen = 0;\r

+ int blockLen = 0;\r

+ int pckNum = 0;\r

+ int num = 0;\r

+ uint8_t uid[7];\r

+ uint8_t uid_len;\r

+ uint8_t atqa[2] = {0x00};\r

+ uint8_t sak;\r

+ bool isTag;\r

+ uint8_t *buf = NULL;\r

+ uint16_t bufsize = 0;\r

+ uint8_t *bufPtr = NULL;\r

+ uint8_t parity[16];\r

+\r

+ char ctmp = param_getchar(Cmd, 0);\r

+ if ( ctmp == 'h' || ctmp == 'H' ) {\r

+ PrintAndLog("It continuously gets data from the field and saves it to: log, emulator, emulator file.");\r

+ PrintAndLog("You can specify:");\r

+ PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r

+ PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r

+ PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r

+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r

+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");\r

+ PrintAndLog(" sample: hf mf sniff l d e");\r

+ return 0;\r

+ }\r

+\r

+ for (int i = 0; i < 4; i++) {\r

+ ctmp = param_getchar(Cmd, i);\r

+ if (ctmp == 'l' || ctmp == 'L') wantLogToFile = true;\r

+ if (ctmp == 'd' || ctmp == 'D') wantDecrypt = true;\r

+ //if (ctmp == 'e' || ctmp == 'E') wantSaveToEml = true; TODO\r

+ if (ctmp == 'f' || ctmp == 'F') wantSaveToEmlFile = true;\r

+ }\r

+\r

+ printf("-------------------------------------------------------------------------\n");\r

+ printf("Executing command. \n");\r

+ printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r

+ printf("Press the key on pc keyboard to abort the client.\n");\r

+ printf("-------------------------------------------------------------------------\n");\r

+\r

+ UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r

+ clearCommandBuffer();\r

+ SendCommand(&c);\r

+\r

+ // wait cycle\r

+ while (true) {\r

+ printf(".");\r

+ fflush(stdout);\r

+ if (ukbhit()) {\r

+ getchar();\r

+ printf("\naborted via keyboard!\n");\r

+ break;\r

+ }\r

+\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeoutW(CMD_UNKNOWN, &resp, 2000, false)) {\r

+ res = resp.arg[0] & 0xff;\r

+ uint16_t traceLen = resp.arg[1];\r

+ len = resp.arg[2];\r

+\r

+ if (res == 0) { // we are done\r

+ break;\r

+ }\r

+\r

+ if (res == 1) { // there is (more) data to be transferred\r

+ if (pckNum == 0) { // first packet, (re)allocate necessary buffer\r

+ if (traceLen > bufsize || buf == NULL) {\r

+ uint8_t *p;\r

+ if (buf == NULL) { // not yet allocated\r

+ p = malloc(traceLen);\r

+ } else { // need more memory\r

+ p = realloc(buf, traceLen);\r

+ }\r

+ if (p == NULL) {\r

+ PrintAndLog("Cannot allocate memory for trace");\r

+ free(buf);\r

+ return 2;\r

+ }\r

+ buf = p;\r

+ }\r

+ bufPtr = buf;\r

+ bufsize = traceLen;\r

+ memset(buf, 0x00, traceLen);\r

+ }\r

+ memcpy(bufPtr, resp.d.asBytes, len);\r

+ bufPtr += len;\r

+ pckNum++;\r

+ }\r

+\r

+ if (res == 2) { // received all data, start displaying\r

+ blockLen = bufPtr - buf;\r

+ bufPtr = buf;\r

+ printf(">\n");\r

+ PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r

+ while (bufPtr - buf < blockLen) {\r

+ bufPtr += 6; // skip (void) timing information\r

+ len = *((uint16_t *)bufPtr);\r

+ if(len & 0x8000) {\r

+ isTag = true;\r

+ len &= 0x7fff;\r

+ } else {\r

+ isTag = false;\r

+ }\r

+ parlen = (len - 1) / 8 + 1;\r

+ bufPtr += 2;\r

+ if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r

+ memcpy(uid, bufPtr + 2, 7);\r

+ memcpy(atqa, bufPtr + 2 + 7, 2);\r

+ uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r

+ sak = bufPtr[11];\r

+ PrintAndLog("tag select uid:%s atqa:0x%02x%02x sak:0x%02x",\r

+ sprint_hex(uid + (7 - uid_len), uid_len),\r

+ atqa[1],\r

+ atqa[0],\r

+ sak);\r

+ if (wantLogToFile || wantDecrypt) {\r

+ FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r

+ AddLogCurrentDT(logHexFileName);\r

+ }\r

+ if (wantDecrypt)\r

+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r

+ } else {\r

+ oddparitybuf(bufPtr, len, parity);\r

+ PrintAndLog("%s(%d):%s [%s] c[%s]%c",\r

+ isTag ? "TAG":"RDR",\r

+ num,\r

+ sprint_hex(bufPtr, len),\r

+ printBitsPar(bufPtr + len, len),\r

+ printBitsPar(parity, len),\r

+ memcmp(bufPtr + len, parity, len / 8 + 1) ? '!' : ' ');\r

+ if (wantLogToFile)\r

+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r

+ if (wantDecrypt)\r

+ mfTraceDecode(bufPtr, len, bufPtr[len], wantSaveToEmlFile);\r

+ num++;\r

+ }\r

+ bufPtr += len;\r

+ bufPtr += parlen; // ignore parity\r

+ }\r

+ pckNum = 0;\r

+ }\r

+ } // resp not NULL\r

+ } // while (true)\r

+\r

+ free(buf);\r

+\r

+ msleep(300); // wait for exiting arm side.\r

+ PrintAndLog("Done.");\r

+ return 0;\r

+}\r

+\r

+//needs nt, ar, at, Data to decrypt\r

+int CmdDecryptTraceCmds(const char *Cmd){\r

+ uint8_t data[50];\r

+ int len = 100;\r

+ param_gethex_ex(Cmd, 3, data, &len);\r

+ return tryDecryptWord(param_get32ex(Cmd, 0, 0, 16), param_get32ex(Cmd, 1, 0, 16), param_get32ex(Cmd, 2, 0, 16), data, len/2);\r

+}\r

+\r

+int CmdHF14AMfAuth4(const char *cmd) {\r

+ uint8_t keyn[20] = {0};\r

+ int keynlen = 0;\r

+ uint8_t key[16] = {0};\r

+ int keylen = 0;\r

+\r

+ CLIParserInit("hf mf auth4",\r

+ "Executes AES authentication command in ISO14443-4",\r

+ "Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"\r

+ "\thf mf auth4 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");\r

+\r

+ void* argtable[] = {\r

+ arg_param_begin,\r

+ arg_str1(NULL, NULL, "<Key Num (HEX 2 bytes)>", NULL),\r

+ arg_str1(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),\r

+ arg_param_end\r

+ };\r

+ CLIExecWithReturn(cmd, argtable, true);\r

+\r

+ CLIGetHexWithReturn(1, keyn, &keynlen);\r

+ CLIGetHexWithReturn(2, key, &keylen);\r

+ CLIParserFree();\r

+\r

+ if (keynlen != 2) {\r

+ PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);\r

+ return 1;\r

+ }\r

+\r

+ if (keylen != 16) {\r

+ PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);\r

+ return 1;\r

+ }\r

+\r

+ return MifareAuth4(NULL, keyn, key, true, false, true);\r

+}\r

+\r

+// https://www.nxp.com/docs/en/application-note/AN10787.pdf\r

+int CmdHF14AMfMAD(const char *cmd) {\r

+\r

+ CLIParserInit("hf mf mad",\r

+ "Checks and prints Mifare Application Directory (MAD)",\r

+ "Usage:\n\thf mf mad -> shows MAD if exists\n"\r

+ "\thf mf mad -a 03e1 -k ffffffffffff -b -> shows NDEF data if exists. read card with custom key and key B\n");\r

+\r

+ void *argtable[] = {\r

+ arg_param_begin,\r

+ arg_lit0("vV", "verbose", "show technical data"),\r

+ arg_str0("aA", "aid", "print all sectors with aid", NULL),\r

+ arg_str0("kK", "key", "key for printing sectors", NULL),\r

+ arg_lit0("bB", "keyb", "use key B for access printing sectors (by default: key A)"),\r

+ arg_param_end\r

+ };\r

+ CLIExecWithReturn(cmd, argtable, true);\r

+ bool verbose = arg_get_lit(1);\r

+ uint8_t aid[2] = {0};\r

+ int aidlen;\r

+ CLIGetHexWithReturn(2, aid, &aidlen);\r

+ uint8_t key[6] = {0};\r

+ int keylen;\r

+ CLIGetHexWithReturn(3, key, &keylen);\r

+ bool keyB = arg_get_lit(4);\r

+\r

+ CLIParserFree();\r

+\r

+ if (aidlen != 2 && keylen > 0) {\r

+ PrintAndLogEx(WARNING, "do not need a key without aid.");\r

+ }\r

+\r

+ uint8_t sector0[16 * 4] = {0};\r

+ uint8_t sector10[16 * 4] = {0};\r

+ if (mfReadSector(MF_MAD1_SECTOR, MF_KEY_A, (uint8_t *)g_mifare_mad_key, sector0)) {\r

+ PrintAndLogEx(ERR, "read sector 0 error. card don't have MAD or don't have MAD on default keys.");\r

+ return 2;\r

+ }\r

+\r

+ if (verbose) {\r

+ for (int i = 0; i < 4; i ++)\r

+ PrintAndLogEx(NORMAL, "[%d] %s", i, sprint_hex(&sector0[i * 16], 16));\r

+ }\r

+\r

+ bool haveMAD2 = false;\r

+ MAD1DecodeAndPrint(sector0, verbose, &haveMAD2);\r

+\r

+ if (haveMAD2) {\r

+ if (mfReadSector(MF_MAD2_SECTOR, MF_KEY_A, (uint8_t *)g_mifare_mad_key, sector10)) {\r

+ PrintAndLogEx(ERR, "read sector 0x10 error. card don't have MAD or don't have MAD on default keys.");\r

+ return 2;\r

+ }\r

+\r

+ MAD2DecodeAndPrint(sector10, verbose);\r

+ }\r

+\r

+ if (aidlen == 2) {\r

+ uint16_t aaid = (aid[0] << 8) + aid[1];\r

+ PrintAndLogEx(NORMAL, "\n-------------- AID 0x%04x ---------------", aaid);\r

+\r

+ uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};\r

+ size_t madlen = 0;\r

+ if (MADDecode(sector0, sector10, mad, &madlen)) {\r

+ PrintAndLogEx(ERR, "can't decode mad.");\r

+ return 10;\r

+ }\r

+\r

+ uint8_t akey[6] = {0};\r

+ memcpy(akey, g_mifare_ndef_key, 6);\r

+ if (keylen == 6) {\r

+ memcpy(akey, key, 6);\r

+ }\r

+\r

+ for (int i = 0; i < madlen; i++) {\r

+ if (aaid == mad[i]) {\r

+ uint8_t vsector[16 * 4] = {0};\r

+ if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, akey, vsector)) {\r

+ PrintAndLogEx(NORMAL, "");\r

+ PrintAndLogEx(ERR, "read sector %d error.", i + 1);\r

+ return 2;\r

+ }\r

+\r

+ for (int j = 0; j < (verbose ? 4 : 3); j ++)\r

+ PrintAndLogEx(NORMAL, " [%03d] %s", (i + 1) * 4 + j, sprint_hex(&vsector[j * 16], 16));\r

+ }\r

+\r

+ return 0;\r

+}\r

+\r

+int CmdHFMFNDEF(const char *cmd) {\r

+\r

+ CLIParserInit("hf mf ndef",\r

+ "Prints NFC Data Exchange Format (NDEF)",\r

+ "Usage:\n\thf mf ndef -> shows NDEF data\n"\r

+ "\thf mf ndef -a 03e1 -k ffffffffffff -b -> shows NDEF data with custom AID, key and with key B\n");\r

+\r

+ void *argtable[] = {\r

+ arg_param_begin,\r

+ arg_litn("vV", "verbose", 0, 2, "show technical data"),\r

+ arg_str0("aA", "aid", "replace default aid for NDEF", NULL),\r

+ arg_str0("kK", "key", "replace default key for NDEF", NULL),\r

+ arg_lit0("bB", "keyb", "use key B for access sectors (by default: key A)"),\r

+ arg_param_end\r

+ };\r

+ CLIExecWithReturn(cmd, argtable, true);\r

+\r

+ bool verbose = arg_get_lit(1);\r

+ bool verbose2 = arg_get_lit(1) > 1;\r

+ uint8_t aid[2] = {0};\r

+ int aidlen;\r

+ CLIGetHexWithReturn(2, aid, &aidlen);\r

+ uint8_t key[6] = {0};\r

+ int keylen;\r

+ CLIGetHexWithReturn(3, key, &keylen);\r

+ bool keyB = arg_get_lit(4);\r

+\r

+ CLIParserFree();\r

+\r

+ uint16_t ndefAID = 0x03e1;\r

+ if (aidlen == 2)\r

+ ndefAID = (aid[0] << 8) + aid[1];\r

+\r

+ uint8_t ndefkey[6] = {0};\r

+ memcpy(ndefkey, g_mifare_ndef_key, 6);\r

+ if (keylen == 6) {\r

+ memcpy(ndefkey, key, 6);\r

+ }\r

+\r

+ uint8_t sector0[16 * 4] = {0};\r

+ uint8_t sector10[16 * 4] = {0};\r

+ uint8_t data[4096] = {0};\r

+ int datalen = 0;\r

+\r

+ PrintAndLogEx(NORMAL, "");\r

+\r

+ if (mfReadSector(MF_MAD1_SECTOR, MF_KEY_A, (uint8_t *)g_mifare_mad_key, sector0)) {\r

+ PrintAndLogEx(ERR, "read sector 0 error. card don't have MAD or don't have MAD on default keys.");\r

+ return 2;\r

+ }\r

+\r

+ bool haveMAD2 = false;\r

+ int res = MADCheck(sector0, NULL, verbose, &haveMAD2);\r

+ if (res) {\r

+ PrintAndLogEx(ERR, "MAD error %d.", res);\r

+ return res;\r

+ }\r

+\r

+ if (haveMAD2) {\r

+ if (mfReadSector(MF_MAD2_SECTOR, MF_KEY_A, (uint8_t *)g_mifare_mad_key, sector10)) {\r

+ PrintAndLogEx(ERR, "read sector 0x10 error. card don't have MAD or don't have MAD on default keys.");\r

+ return 2;\r

+ }\r

+\r

+ uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};\r

+ size_t madlen = 0;\r

+ if (MADDecode(sector0, (haveMAD2 ? sector10 : NULL), mad, &madlen)) {\r

+ PrintAndLogEx(ERR, "can't decode mad.");\r

+ return 10;\r

+ }\r

+\r

+ printf("data reading:");\r

+ for (int i = 0; i < madlen; i++) {\r

+ if (ndefAID == mad[i]) {\r

+ uint8_t vsector[16 * 4] = {0};\r

+ if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, ndefkey, vsector)) {\r

+ PrintAndLogEx(ERR, "read sector %d error.", i + 1);\r

+ return 2;\r

+ }\r

+\r

+ memcpy(&data[datalen], vsector, 16 * 3);\r

+ datalen += 16 * 3;\r

+\r

+ printf(".");\r

+ }\r

+ printf(" OK\n");\r

+\r

+ if (!datalen) {\r

+ PrintAndLogEx(ERR, "no NDEF data.");\r

+ return 11;\r

+ }\r

+\r

+ if (verbose2) {\r

+ PrintAndLogEx(NORMAL, "NDEF data:");\r

+ dump_buffer(data, datalen, stdout, 1);\r

+ }\r

+\r

+ NDEFDecodeAndPrint(data, datalen, verbose);\r

+\r

+ return 0;\r

+}\r

+\r

+int CmdHFMFPersonalize(const char *cmd) {\r

+\r

+ CLIParserInit("hf mf personalize",\r

+ "Personalize the UID of a Mifare Classic EV1 card. This is only possible if it is a 7Byte UID card and if it is not already personalized.",\r

+ "Usage:\n\thf mf personalize UIDF0 -> double size UID according to ISO/IEC14443-3\n"\r

+ "\thf mf personalize UIDF1 -> double size UID according to ISO/IEC14443-3, optional usage of selection process shortcut\n"\r

+ "\thf mf personalize UIDF2 -> single size random ID according to ISO/IEC14443-3\n"\r

+ "\thf mf personalize UIDF3 -> single size NUID according to ISO/IEC14443-3\n"\r

+ "\thf mf personalize -t B -k B0B1B2B3B4B5 UIDF3 -> use key B = 0xB0B1B2B3B4B5 instead of default key A\n");\r

+\r

+ void *argtable[] = {\r

+ arg_param_begin,\r

+ arg_str0("tT", "keytype", "<A|B>", "key type (A or B) to authenticate sector 0 (default: A)"),\r

+ arg_str0("kK", "key", "<key (hex 6 Bytes)>", "key to authenticate sector 0 (default: FFFFFFFFFFFF)"),\r

+ arg_str1(NULL, NULL, "<UIDF0|UIDF1|UIDF2|UIDF3>", "Personalization Option"),\r

+ arg_param_end\r

+ };\r

+ CLIExecWithReturn(cmd, argtable, true);\r

+\r

+ char keytypestr[2] = "A";\r

+ uint8_t keytype = 0x00;\r

+ int keytypestr_len;\r

+ int res = CLIParamStrToBuf(arg_get_str(1), (uint8_t*)keytypestr, 1, &keytypestr_len);\r

+ if (res || (keytypestr[0] != 'a' && keytypestr[0] != 'A' && keytypestr[0] != 'b' && keytypestr[0] != 'B')) {\r

+ PrintAndLog("ERROR: not a valid key type. Key type must be A or B");\r

+ CLIParserFree();\r

+ return 1;\r

+ }\r

+ if (keytypestr[0] == 'B' || keytypestr[0] == 'b') {\r

+ keytype = 0x01;\r

+ }\r

+\r

+ uint8_t key[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};\r

+ int key_len;\r

+ res = CLIParamHexToBuf(arg_get_str(2), key, 6, &key_len);\r

+ if (res || (!res && key_len > 0 && key_len != 6)) {\r

+ PrintAndLog("ERROR: not a valid key. Key must be 12 hex digits");\r

+ CLIParserFree();\r

+ return 1;\r

+ }\r

+\r

+ char pers_optionstr[6];\r

+ int opt_len;\r

+ uint8_t pers_option;\r

+ res = CLIParamStrToBuf(arg_get_str(3), (uint8_t*)pers_optionstr, 5, &opt_len);\r

+ if (res || (!res && opt_len > 0 && opt_len != 5)\r

+ || (strncmp(pers_optionstr, "UIDF0", 5) && strncmp(pers_optionstr, "UIDF1", 5) && strncmp(pers_optionstr, "UIDF2", 5) && strncmp(pers_optionstr, "UIDF3", 5))) {\r

+ PrintAndLog("ERROR: invalid personalization option. Must be one of UIDF0, UIDF1, UIDF2, or UIDF3");\r

+ CLIParserFree();\r

+ return 1;\r

+ }\r

+ if (!strncmp(pers_optionstr, "UIDF0", 5)) {\r

+ pers_option = MIFARE_EV1_UIDF0;\r

+ } else if (!strncmp(pers_optionstr, "UIDF1", 5)) {\r

+ pers_option = MIFARE_EV1_UIDF1;\r

+ } else if (!strncmp(pers_optionstr, "UIDF2", 5)) {\r

+ pers_option = MIFARE_EV1_UIDF2;\r

+ } else {\r

+ pers_option = MIFARE_EV1_UIDF3;\r

+ }\r

+\r

+ CLIParserFree();\r

+\r

+ UsbCommand c = {CMD_MIFARE_PERSONALIZE_UID, {keytype, pers_option, 0}};\r

+ memcpy(c.d.asBytes, key, 6);\r

+ SendCommand(&c);\r

+\r

+ UsbCommand resp;\r

+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {\r

+ uint8_t isOK = resp.arg[0] & 0xff;\r

+ PrintAndLog("Personalization %s", isOK ? "FAILED" : "SUCCEEDED");\r

+ } else {\r

+ PrintAndLog("Command execute timeout");\r

+ }\r

+\r

+ return 0;\r

+}\r

+\r

+static command_t CommandTable[] = {\r

+ {"help", CmdHelp, 1, "This help"},\r

+ {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r

+ {"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r

+ {"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r

+ {"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r

+ {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r

+ {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},\r

+ {"auth4", CmdHF14AMfAuth4, 0, "ISO14443-4 AES authentication"},\r

+ {"chk", CmdHF14AMfChk, 0, "Test block keys"},\r

+ {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},\r

+ {"hardnested", CmdHF14AMfNestedHard, 0, "Nested attack for hardened Mifare cards"},\r

+ {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r

+ {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r

+ {"sim", CmdHF14AMfSim, 0, "Simulate MIFARE card"},\r

+ {"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory"},\r

+ {"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r

+ {"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},\r

+ {"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},\r

+ {"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},\r

+ {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},\r

+ {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},\r

+ {"cwipe", CmdHF14AMfCWipe, 0, "Wipe magic Chinese card"},\r

+ {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},\r

+ {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},\r

+ {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},\r

+ {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r

+ {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r

+ {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r

+ {"decrypt", CmdDecryptTraceCmds, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r

+ {"mad", CmdHF14AMfMAD, 0, "Checks and prints MAD"},\r

+ {"ndef", CmdHFMFNDEF, 0, "Prints NDEF records from card"},\r

+ {"personalize", CmdHFMFPersonalize, 0, "Personalize UID (Mifare Classic EV1 only)"},\r

+ {NULL, NULL, 0, NULL}\r

};\r

\r

};\r

\r

-int CmdHFMF(const char *Cmd)\r

-{\r

- // flush\r

- while (WaitForResponseTimeout(CMD_ACK, 500) != NULL) ;\r

\r

- CmdsParse(CommandTable, Cmd);\r

- return 0;\r

+int CmdHFMF(const char *Cmd) {\r

+ (void)WaitForResponseTimeout(CMD_ACK,NULL,100);\r

+ CmdsParse(CommandTable, Cmd);\r

+ return 0;\r

}\r

\r

}\r

\r

-int CmdHelp(const char *Cmd)\r

-{\r

- CmdsHelp(CommandTable);\r

- return 0;\r

+\r

+int CmdHelp(const char *Cmd) {\r

+ CmdsHelp(CommandTable);\r

+ return 0;\r

}\r