X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/1888664863b3f2d3b185fd1c724a6dcf4f4cb15a..dda5a928f0a598f21ee01396eae9b2c6da603f11:/client/cmdhfmf.c?ds=sidebyside
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index cdac6476..d5ce118b 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -8,6 +8,7 @@
// High frequency MIFARE commands
//-----------------------------------------------------------------------------
+#include <inttypes.h>
#include "cmdhfmf.h"
#include "./nonce2key/nonce2key.h"
@@ -34,8 +35,10 @@ int CmdHF14AMifare(const char *Cmd)
SendCommand(&c);
//flush queue
- while (ukbhit()) getchar();
-
+ while (ukbhit()) {
+ int c = getchar(); (void) c;
+ }
+
// wait cycle
while (true) {
printf(".");
@@ -82,7 +85,7 @@ int CmdHF14AMifare(const char *Cmd)
} else {
isOK = 0;
printf("------------------------------------------------------------------\n");
- PrintAndLog("Found valid key:%012"llx" \n", r_key);
+ PrintAndLog("Found valid key:%012" PRIx64 " \n", r_key);
}
PrintAndLog("");
@@ -302,7 +305,8 @@ int CmdHF14AMfDump(const char *Cmd)
// Read keys A from file
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
- if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {
+ size_t bytes_read = fread(keyA[sectorNo], 1, 6, fin);
+ if (bytes_read != 6) {
PrintAndLog("File reading error.");
fclose(fin);
return 2;
@@ -311,7 +315,8 @@ int CmdHF14AMfDump(const char *Cmd)
// Read keys B from file
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
- if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {
+ size_t bytes_read = fread(keyB[sectorNo], 1, 6, fin);
+ if (bytes_read != 6) {
PrintAndLog("File reading error.");
fclose(fin);
return 2;
@@ -323,29 +328,32 @@ int CmdHF14AMfDump(const char *Cmd)
PrintAndLog("|-----------------------------------------|");
PrintAndLog("|------ Reading sector access bits...-----|");
PrintAndLog("|-----------------------------------------|");
-
+ uint8_t tries = 0;
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};
- memcpy(c.d.asBytes, keyA[sectorNo], 6);
- SendCommand(&c);
+ for (tries = 0; tries < 3; tries++) {
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);
+ SendCommand(&c);
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- uint8_t isOK = resp.arg[0] & 0xff;
- uint8_t *data = resp.d.asBytes;
- if (isOK){
- rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0
- rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1
- rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2
- rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ uint8_t isOK = resp.arg[0] & 0xff;
+ uint8_t *data = resp.d.asBytes;
+ if (isOK){
+ rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0
+ rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1
+ rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2
+ rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer
+ break;
+ } else if (tries == 2) { // on last try set defaults
+ PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);
+ rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
+ rights[sectorNo][3] = 0x01;
+ }
} else {
- PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);
+ PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
rights[sectorNo][3] = 0x01;
}
- } else {
- PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
- rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
- rights[sectorNo][3] = 0x01;
}
}
@@ -357,27 +365,33 @@ int CmdHF14AMfDump(const char *Cmd)
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
bool received = false;
-
- if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
- memcpy(c.d.asBytes, keyA[sectorNo], 6);
- SendCommand(&c);
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
- } else { // data block. Check if it can be read with key A or key B
- uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
- if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
- memcpy(c.d.asBytes, keyB[sectorNo], 6);
- SendCommand(&c);
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
- } else if (rights[sectorNo][data_area] == 0x07) { // no key would work
- isOK = false;
- PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
- } else { // key A would work
+ for (tries = 0; tries < 3; tries++) {
+ if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
memcpy(c.d.asBytes, keyA[sectorNo], 6);
SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
+ } else { // data block. Check if it can be read with key A or key B
+ uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
+ if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
+ memcpy(c.d.asBytes, keyB[sectorNo], 6);
+ SendCommand(&c);
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
+ } else if (rights[sectorNo][data_area] == 0x07) { // no key would work
+ isOK = false;
+ PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
+ tries = 2;
+ } else { // key A would work
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);
+ SendCommand(&c);
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
+ }
+ }
+ if (received) {
+ isOK = resp.arg[0] & 0xff;
+ if (isOK) break;
}
}
@@ -466,16 +480,17 @@ int CmdHF14AMfRestore(const char *Cmd)
}
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
- if (fread(keyA[sectorNo], 1, 6, fkeys) == 0) {
+ size_t bytes_read = fread(keyA[sectorNo], 1, 6, fkeys);
+ if (bytes_read != 6) {
PrintAndLog("File reading error (dumpkeys.bin).");
-
fclose(fkeys);
return 2;
}
}
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
- if (fread(keyB[sectorNo], 1, 6, fkeys) == 0) {
+ size_t bytes_read = fread(keyB[sectorNo], 1, 6, fkeys);
+ if (bytes_read != 6) {
PrintAndLog("File reading error (dumpkeys.bin).");
fclose(fkeys);
return 2;
@@ -495,7 +510,8 @@ int CmdHF14AMfRestore(const char *Cmd)
UsbCommand c = {CMD_MIFARE_WRITEBL, {FirstBlockOfSector(sectorNo) + blockNo, keyType, 0}};
memcpy(c.d.asBytes, key, 6);
- if (fread(bldata, 1, 16, fdump) == 0) {
+ size_t bytes_read = fread(bldata, 1, 16, fdump);
+ if (bytes_read != 16) {
PrintAndLog("File reading error (dumpdata.bin).");
fclose(fdump);
return 2;
@@ -632,7 +648,7 @@ int CmdHF14AMfNested(const char *Cmd)
}
key64 = bytes_to_num(keyBlock, 6);
if (key64) {
- PrintAndLog("Found valid key:%012"llx, key64);
+ PrintAndLog("Found valid key:%012" PRIx64, key64);
// transfer key to the emulator
if (transferToEml) {
@@ -718,7 +734,7 @@ int CmdHF14AMfNested(const char *Cmd)
key64 = bytes_to_num(keyBlock, 6);
if (key64) {
- PrintAndLog("Found valid key:%012"llx, key64);
+ PrintAndLog("Found valid key:%012" PRIx64, key64);
e_sector[sectorNo].foundKey[trgKeyType] = 1;
e_sector[sectorNo].Key[trgKeyType] = key64;
}
@@ -734,7 +750,7 @@ int CmdHF14AMfNested(const char *Cmd)
PrintAndLog("|sec|key A |res|key B |res|");
PrintAndLog("|---|----------------|---|----------------|---|");
for (i = 0; i < SectorsCnt; i++) {
- PrintAndLog("|%03d| %012"llx" | %d | %012"llx" | %d |", i,
+ PrintAndLog("|%03d| %012" PRIx64 " | %d | %012" PRIx64 " | %d |", i,
e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);
}
PrintAndLog("|---|----------------|---|----------------|---|");
@@ -919,13 +935,14 @@ int CmdHF14AMfChk(const char *Cmd)
if (!p) {
PrintAndLog("Cannot allocate memory for defKeys");
free(keyBlock);
+ fclose(f);
return 2;
}
keyBlock = p;
}
memset(keyBlock + 6 * keycnt, 0, 6);
num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);
- PrintAndLog("chk custom key[%2d] %012"llx, keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));
+ PrintAndLog("chk custom key[%2d] %012" PRIx64 , keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));
keycnt++;
memset(buf, 0, sizeof(buf));
}
@@ -969,7 +986,7 @@ int CmdHF14AMfChk(const char *Cmd)
res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64);
if (res != 1) {
if (!res) {
- PrintAndLog("Found valid key:[%012"llx"]",key64);
+ PrintAndLog("Found valid key:[%012" PRIx64 "]",key64);
num_to_bytes(key64, 6, foundKey[t][i]);
validKey[t][i] = true;
}
@@ -1058,7 +1075,7 @@ void readerAttack(nonces_t ar_resp[], bool setEmulatorMem, bool doStandardAttack
uint8_t sectorNum = ar_resp[i+ATTACK_KEY_COUNT].sector;
uint8_t keyType = ar_resp[i+ATTACK_KEY_COUNT].keytype;
- PrintAndLog("M-Found Key%s for sector %02d: [%012"llx"]"
+ PrintAndLog("M-Found Key%s for sector %02d: [%012" PRIx64 "]"
, keyType ? "B" : "A"
, sectorNum
, key
@@ -1447,7 +1464,7 @@ int CmdHF14AMfELoad(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename);
- if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
fnameptr += len;
@@ -1546,7 +1563,7 @@ int CmdHF14AMfESave(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename);
- if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
// user supplied filename?
if (len < 1) {
@@ -1670,7 +1687,7 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
}
keyA = bytes_to_num(data, 6);
keyB = bytes_to_num(data + 10, 6);
- PrintAndLog("|%03d| %012"llx" | %012"llx" |", i, keyA, keyB);
+ PrintAndLog("|%03d| %012" PRIx64 " | %012" PRIx64 " |", i, keyA, keyB);
}
PrintAndLog("|---|----------------|----------------|");
@@ -1822,7 +1839,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
return 0;
} else {
len = strlen(Cmd);
- if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
memcpy(filename, Cmd, len);
fnameptr += len;
@@ -1863,6 +1880,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {
PrintAndLog("Can't set magic card block: %d", blockNum);
+ fclose(f);
return 3;
}
blockNum++;
@@ -1991,7 +2009,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
return 0;
} else {
len = strlen(Cmd);
- if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
+ if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;
if (len < 1) {
// get filename
@@ -2111,11 +2129,14 @@ int CmdHF14AMfSniff(const char *Cmd){
uint16_t traceLen = resp.arg[1];
len = resp.arg[2];
- if (res == 0) return 0; // we are done
+ if (res == 0) { // we are done
+ free(buf);
+ return 0;
+ }
if (res == 1) { // there is (more) data to be transferred
if (pckNum == 0) { // first packet, (re)allocate necessary buffer
- if (traceLen > bufsize) {
+ if (traceLen > bufsize || buf == NULL) {
uint8_t *p;
if (buf == NULL) { // not yet allocated
p = malloc(traceLen);