PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
\r
- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- clearCommandBuffer();\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
-\r
+ \r
char cmdp = 0x00;\r
\r
\r
PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r
PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r
return 0;\r
- }\r
-\r
+ } \r
+ \r
blockNo = param_get8(Cmd, 0);\r
cmdp = param_getchar(Cmd, 1);\r
if (cmdp == 0x00) {\r
return 1;\r
}\r
PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
-\r
- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+ \r
+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- clearCommandBuffer();\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
return 1;\r
}\r
PrintAndLog("--sector no:%d key type:%c key:%s ", sectorNo, keyType?'B':'A', sprint_hex(key, 6));\r
-\r
+ \r
UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
PrintAndLog(" ");\r
\r
PrintAndLog("Command execute timeout");\r
}\r
\r
- return 0;\r
+ return 0;\r
}\r
\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
-\r
+ \r
uint8_t keyA[40][6];\r
uint8_t keyB[40][6];\r
uint8_t rights[40][4];\r
return 2;\r
}\r
}\r
-\r
+ \r
fclose(fin);\r
\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
-\r
+ \r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
rights[sectorNo][3] = 0x01;\r
}\r
}\r
-\r
+ \r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|----- Dumping all blocks to file... -----|");\r
PrintAndLog("|-----------------------------------------|");\r
-\r
+ \r
bool isOK = true;\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else { // data block. Check if it can be read with key A or key B\r
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
} else { // key A would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
}\r
PrintAndLog("Writing to block %3d: %s", FirstBlockOfSector(sectorNo) + blockNo, sprint_hex(bldata, 16));\r
\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
UsbCommand resp;\r
\r
UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};\r
memcpy(c.d.asBytes, uid, sizeof(uid));\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
if(flags & FLAG_INTERACTIVE)\r
PrintAndLog("Press pm3-button to abort simulation");\r
while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
//We're waiting only 1.5 s at a time, otherwise we get the\r
- //annoying message about "Waiting for a response... "\r
+ // annoying message about "Waiting for a response... "\r
}\r
}\r
\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfESet(const char *Cmd)\r
{\r
uint8_t memBlock[16];\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfELoad(const char *Cmd)\r
{\r
FILE * f;\r
uint8_t buf8[64] = {0x00};\r
int i, len, blockNum, numBlocks;\r
int nameParamNo = 1;\r
- uint8_t blockWidth = 32; \r
+ \r
char ctmp = param_getchar(Cmd, 0);\r
\r
if ( ctmp == 'h' || ctmp == 0x00) {\r
PrintAndLog("It loads emul dump from the file `filename.eml`");\r
- PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`> [numblocks]");\r
- PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL");\r
+ PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`>");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
PrintAndLog("");\r
PrintAndLog(" sample: hf mf eload filename");\r
PrintAndLog(" hf mf eload 4 filename");\r
case '\0': numBlocks = 16*4; break;\r
case '2' : numBlocks = 32*4; break;\r
case '4' : numBlocks = 256; break;\r
- case 'U' : // fall through\r
- case 'u' : numBlocks = 255; blockWidth = 8; break;\r
default: {\r
numBlocks = 16*4;\r
nameParamNo = 0;\r
}\r
}\r
- uint32_t numblk2 = param_get32ex(Cmd,2,0,10);\r
- if (numblk2 > 0) numBlocks = numblk2; \r
\r
len = param_getstr(Cmd,nameParamNo,filename);\r
+ \r
if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
\r
fnameptr += len;\r
return 2;\r
}\r
\r
- if (strlen(buf) < blockWidth){\r
+ if (strlen(buf) < 32){\r
if(strlen(buf) && feof(f))\r
break;\r
- PrintAndLog("File content error. Block data must include %d HEX symbols", blockWidth);\r
+ PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
fclose(f);\r
return 2;\r
}\r
\r
- for (i = 0; i < blockWidth; i += 2) {\r
+ for (i = 0; i < 32; i += 2) {\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
- } \r
- if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) {\r
+ }\r
+ \r
+ if (mfEmlSetMem(buf8, blockNum, 1)) {\r
PrintAndLog("Cant set emul block: %3d", blockNum);\r
fclose(f);\r
return 3;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfESave(const char *Cmd)\r
{\r
FILE * f;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfECFill(const char *Cmd)\r
{\r
uint8_t keyType = 0;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfEKeyPrn(const char *Cmd)\r
{\r
int i;\r
uint8_t data[16];\r
uint64_t keyA, keyB;\r
\r
- char cmdp = param_getchar(Cmd, 0);\r
-\r
- if ( cmdp == 'h' || cmdp == 'H') {\r
+ if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It prints the keys loaded in the emulator memory");\r
PrintAndLog("Usage: hf mf ekeyprn [card memory]");\r
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
return 0;\r
} \r
\r
+ char cmdp = param_getchar(Cmd, 0);\r
+ \r
switch (cmdp) {\r
case '0' : numSectors = 5; break;\r
case '1' : \r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
uint8_t wipeCard = 0;\r
{\r
uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
- uint8_t params = MAGIC_SINGLE;\r
+ bool wipeCard = FALSE;\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
}\r
\r
char ctmp = param_getchar(Cmd, 2);\r
- if (ctmp == 'w' || ctmp == 'W')\r
- params |= MAGIC_WIPE;\r
-\r
+ wipeCard = (ctmp == 'w' || ctmp == 'W');\r
PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r
\r
- res = mfCSetBlock(blockNo, memBlock, NULL, params);\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r
if (res) {\r
PrintAndLog("Can't write block. error=%d", res);\r
return 1;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCLoad(const char *Cmd)\r
{\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char * fnameptr = filename;\r
char buf[64] = {0x00};\r
uint8_t buf8[64] = {0x00};\r
uint8_t fillFromEmulator = 0;\r
int i, len, blockNum, flags=0;\r
\r
- memset(filename, 0, sizeof(filename));\r
-\r
- char ctmp = param_getchar(Cmd, 0);\r
-\r
- if (ctmp == 'h' || ctmp == 'H' || ctmp == 0x00) {\r
+ if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
PrintAndLog("or from emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf cload <file name w/o `.eml`>");\r
return 0;\r
} \r
\r
+ char ctmp = param_getchar(Cmd, 0);\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
PrintAndLog("Cant get block: %d", blockNum);\r
return 2;\r
}\r
- if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Magic Halt and switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Cant set magic card block: %d", blockNum);\r
return 3;\r
}\r
for (i = 0; i < 32; i += 2)\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
\r
- if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Can't set magic card block: %d", blockNum);\r
return 3;\r
}\r
}\r
\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
- uint8_t data[16];\r
+ uint8_t memBlock[16];\r
uint8_t blockNo = 0;\r
int res;\r
- memset(data, 0x00, sizeof(data));\r
- char ctmp = param_getchar(Cmd, 0);\r
+ memset(memBlock, 0x00, sizeof(memBlock));\r
\r
- if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetblk <block number>");\r
PrintAndLog("sample: hf mf cgetblk 1");\r
PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r
\r
PrintAndLog("--block number:%2d ", blockNo);\r
\r
- res = mfCGetBlock(blockNo, data, MAGIC_SINGLE);\r
+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r
if (res) {\r
PrintAndLog("Can't read block. error=%d", res);\r
return 1;\r
}\r
\r
- PrintAndLog("block data:%s", sprint_hex(data, sizeof(data)));\r
+ PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCGetSc(const char *Cmd) {\r
- uint8_t data[16];\r
+ uint8_t memBlock[16] = {0x00};\r
uint8_t sectorNo = 0;\r
int i, res, flags;\r
- memset(data, 0x00, sizeof(data));\r
- char ctmp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetsc <sector number>");\r
PrintAndLog("sample: hf mf cgetsc 0");\r
PrintAndLog("Get sector data from magic Chinese card (only works with such cards)\n");\r
return 0;\r
- }\r
+ } \r
\r
sectorNo = param_get8(Cmd, 0);\r
if (sectorNo > 15) {\r
}\r
\r
PrintAndLog("--sector number:%d ", sectorNo);\r
- PrintAndLog("block | data");\r
\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 3) flags = MAGIC_HALT + MAGIC_OFF;\r
+ if (i == 3) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
\r
- res = mfCGetBlock(sectorNo * 4 + i, data, flags);\r
+ res = mfCGetBlock(sectorNo * 4 + i, memBlock, flags);\r
if (res) {\r
PrintAndLog("Can't read block. %d error=%d", sectorNo * 4 + i, res);\r
return 1;\r
}\r
- PrintAndLog(" %3d | %s", sectorNo * 4 + i, sprint_hex(data, sizeof(data)));\r
+ \r
+ PrintAndLog("block %3d data:%s", sectorNo * 4 + i, sprint_hex(memBlock, 16));\r
}\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCSave(const char *Cmd) {\r
\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char * fnameptr = filename;\r
uint8_t fillFromEmulator = 0;\r
- uint8_t buf[64];\r
+ uint8_t buf[64] = {0x00};\r
int i, j, len, flags;\r
+ \r
+ // memset(filename, 0, sizeof(filename));\r
+ // memset(buf, 0, sizeof(buf));\r
\r
- memset(filename, 0, sizeof(filename));\r
- memset(buf, 0, sizeof(buf));\r
- char ctmp = param_getchar(Cmd, 0);\r
-\r
- if ( ctmp == 'h' || ctmp == 'H' ) {\r
+ if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r
PrintAndLog("or into emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf esave [file name w/o `.eml`][e]");\r
PrintAndLog(" hf mf esave filename");\r
PrintAndLog(" hf mf esave e \n");\r
return 0;\r
- }\r
+ } \r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
// put into emulator\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
-\r
+ if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ \r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
break;\r
}\r
-\r
+ \r
if (mfEmlSetMem(buf, i, 1)) {\r
PrintAndLog("Cant set emul block: %d", i);\r
return 3;\r
} else {\r
len = strlen(Cmd);\r
if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
-\r
- // get filename based on UID\r
+ \r
if (len < 1) {\r
-\r
- if (mfCGetBlock(0, buf, MAGIC_SINGLE)) {\r
+ // get filename\r
+ if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {\r
PrintAndLog("Cant get block: %d", 0);\r
len = sprintf(fnameptr, "dump");\r
fnameptr += len;\r
- } else {\r
+ }\r
+ else {\r
for (j = 0; j < 7; j++, fnameptr += 2)\r
sprintf(fnameptr, "%02x", buf[j]); \r
}\r
fnameptr += len;\r
}\r
\r
- // add .eml extension\r
sprintf(fnameptr, ".eml"); \r
-\r
+ \r
// open file\r
f = fopen(filename, "w+");\r
\r
}\r
\r
// put hex\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
+ if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
\r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
fprintf(f, "%02x", buf[j]); \r
fprintf(f,"\n");\r
}\r
- fflush(f);\r
fclose(f);\r
+ \r
PrintAndLog("Saved to file: %s", filename);\r
+ \r
return 0;\r
}\r
}\r
\r
+\r
int CmdHF14AMfSniff(const char *Cmd){\r
\r
bool wantLogToFile = 0;\r
uint16_t traceLen = resp.arg[1];\r
len = resp.arg[2];\r
\r
- if (res == 0) {\r
- free(buf);\r
- return 0; // we are done\r
- }\r
+ if (res == 0) return 0; // we are done\r
\r
if (res == 1) { // there is (more) data to be transferred\r
if (pckNum == 0) { // first packet, (re)allocate necessary buffer\r
}\r
\r
//needs nt, ar, at, Data to decrypt\r
-int CmdHf14MfDecryptBytes(const char *Cmd){\r
+int CmdDecryptTraceCmds(const char *Cmd){\r
uint8_t data[50];\r
int len = 0;\r
param_gethex_ex(Cmd,3,data,&len);\r
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
- {"decrypt", CmdHf14MfDecryptBytes,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+ {"decrypt", CmdDecryptTraceCmds,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
{NULL, NULL, 0, NULL}\r
};\r
\r