-int CmdHF14AMfUCRdCard(const char *Cmd){
- int i;
- uint8_t BlockNo = 0;
- int Pages=44;
- uint8_t *lockbytes_t=NULL;
- uint8_t lockbytes[2]={0x00};
- uint8_t *lockbytes_t2=NULL;
- uint8_t lockbytes2[2]={0x00};
- bool bit[16]={0x00};
- bool bit2[16]={0x00};
- bool dump=false;
- uint8_t datatemp[5]={0x00};
- uint8_t isOK = 0;
- uint8_t * data = NULL;
- FILE *fout = NULL;
-
- if (strchr(Cmd,'x') != 0){
- dump=true;
- if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) {
- PrintAndLog("Could not create file name dumpdata.bin");
- return 1;
- }
- PrintAndLog("Dumping Ultralight C Card Data...");
- }
- PrintAndLog("Attempting to Read Ultralight C... ");
- UsbCommand c = {CMD_MIFAREUC_READCARD, {BlockNo, Pages}};
- SendCommand(&c);
- UsbCommand resp;
-
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- isOK = resp.arg[0] & 0xff;
- data = resp.d.asBytes;
-
- PrintAndLog("isOk:%02x", isOK);
- if (isOK)
- for (i = 0; i < Pages; i++) {
- switch(i){
- case 2:
- //process lock bytes
- lockbytes_t=data+(i*4);
- lockbytes[0]=lockbytes_t[2];
- lockbytes[1]=lockbytes_t[3];
- for(int j=0; j<16; j++){
- bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
- }
- //might as well read bottom lockbytes too
- lockbytes_t2=data+(40*4);
- lockbytes2[0]=lockbytes_t2[2];
- lockbytes2[1]=lockbytes_t2[3];
- for(int j=0; j<16; j++){
- bit2[j]=lockbytes2[j/8] & ( 1 <<(7-j%8));
- }
- PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 3:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 4:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 5:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 6:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 7:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 8:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 9:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 10:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 11:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 12:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 13:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 14:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 15:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 16:
- case 17:
- case 18:
- case 19:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[6]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 20:
- case 21:
- case 22:
- case 23:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[5]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 24:
- case 25:
- case 26:
- case 27:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[4]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 28:
- case 29:
- case 30:
- case 31:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[2]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 32:
- case 33:
- case 34:
- case 35:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[1]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 36:
- case 37:
- case 38:
- case 39:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[0]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 40:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[12]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 41:
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[11]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 42:
- //auth0
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[10]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- case 43:
- //auth1
- PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[9]);
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- default:
- PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
- memcpy(datatemp,data + i * 4,4);
- if (dump) fwrite ( datatemp, 1, 4, fout );
- break;
- }
- }
-
- } else {
- PrintAndLog("Command1 execute timeout");
- }
- if (dump) fclose(fout);
- return 0;
+int CmdHF14AMfucSetUid(const char *Cmd){
+
+ UsbCommand c;
+ UsbCommand resp;
+ uint8_t uid[7] = {0x00};
+ char cmdp = param_getchar(Cmd, 0);
+
+ if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: hf mfu setuid <uid (14 hex symbols)>");
+ PrintAndLog(" [uid] - (14 hex symbols)");
+ PrintAndLog("\nThis only works for Magic Ultralight tags.");
+ PrintAndLog("");
+ PrintAndLog("sample: hf mfu setuid 11223344556677");
+ PrintAndLog("");
+ return 0;
+ }
+
+ if (param_gethex(Cmd, 0, uid, 14)) {
+ PrintAndLog("UID must include 14 HEX symbols");
+ return 1;
+ }
+
+ // read block2.
+ c.cmd = CMD_MIFAREU_READBL;
+ c.arg[0] = 2;
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ PrintAndLog("Command execute timeout");
+ return 2;
+ }
+
+ // save old block2.
+ uint8_t oldblock2[4] = {0x00};
+ memcpy(resp.d.asBytes, oldblock2, 4);
+
+ // block 0.
+ c.cmd = CMD_MIFAREU_WRITEBL;
+ c.arg[0] = 0;
+ c.d.asBytes[0] = uid[0];
+ c.d.asBytes[1] = uid[1];
+ c.d.asBytes[2] = uid[2];
+ c.d.asBytes[3] = 0x88 ^ uid[0] ^ uid[1] ^ uid[2];
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ PrintAndLog("Command execute timeout");
+ return 3;
+ }
+
+ // block 1.
+ c.arg[0] = 1;
+ c.d.asBytes[0] = uid[3];
+ c.d.asBytes[1] = uid[4];
+ c.d.asBytes[2] = uid[5];
+ c.d.asBytes[3] = uid[6];
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ PrintAndLog("Command execute timeout");
+ return 4;
+ }
+
+ // block 2.
+ c.arg[0] = 2;
+ c.d.asBytes[0] = uid[3] ^ uid[4] ^ uid[5] ^ uid[6];
+ c.d.asBytes[1] = oldblock2[1];
+ c.d.asBytes[2] = oldblock2[2];
+ c.d.asBytes[3] = oldblock2[3];
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ PrintAndLog("Command execute timeout");
+ return 5;
+ }
+
+ return 0;