X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/40762506601062bb79a0a081a7b508b8e02c29fa..aa77d2b12576bce67223f647f603b4111324a74f:/client/scripts/tnp3clone.lua

diff --git a/client/scripts/tnp3clone.lua b/client/scripts/tnp3clone.lua
index aec54838..8c9397a7 100644
--- a/client/scripts/tnp3clone.lua
+++ b/client/scripts/tnp3clone.lua
@@ -51,20 +51,31 @@ local function waitCmd()
 	return nil, "No response from device"
 end
 
-local function readblock( keyA )
+local function readblock( blocknum, keyA )
 	-- Read block 0
-	cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
+	cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blocknum, arg2 = 0, arg3 = 0, data = keyA}
 	err = core.SendCommand(cmd:getBytes())
-	if err then return oops(err) end
+	if err then return nil, err end
 	local block0, err = waitCmd()
-	if err then return oops(err) end
+	if err then return nil, err end
+	return block0
+end
+local function readmagicblock( blocknum )
+	-- Read block 0
+	local CSETBLOCK_SINGLE_OPERATION = 0x1F
+	cmd = Command:new{cmd = cmds.CMD_MIFARE_CGETBLOCK, arg1 = CSETBLOCK_SINGLE_OPERATION, arg2 = 0, arg3 = blocknum}
+	err = core.SendCommand(cmd:getBytes())
+	if err then return nil, err end
+	local block0, err = waitCmd()
+	if err then return nil, err end
 	return block0
 end
 
 local function main(args)
 
 	local numBlocks = 64
-    local cset = 'hf mf csetbl'
+    local cset = 'hf mf csetbl '
+	local cget = 'hf mf cgetbl '
 	local empty = '00000000000000000000000000000000'
 	local AccAndKeyB = '7F078869000000000000'
 	-- Defaults to Gusto
@@ -89,25 +100,37 @@ local function main(args)
 	local akeys  = pre.GetAll(result.uid)
 	local  keyA = akeys:sub(1, 12 ) 
 
-	local b0 = readblock(keyA)
-	local b1 = toytype..'000000000000000000000000'
+	local b0 = readblock(0,keyA)
+	if not b0 then
+		print('failed reading block with factorydefault key.  Trying chinese magic read.')
+	    b0, err = readmagicblock(0)
+		if not b0 then 
+			oops(err) 
+			return oops('failed reading block with chinese magic command.  quitting...')
+		end
+	end
+	
+	-- wipe card.
+	local cmd  = (cset..' %s 0004 08 w'):format( b0)	
+	core.console(cmd) 
+
 	
+	local b1 = toytype..'000000000000000000000000'
 	local calc = utils.Crc16(b0..b1)
 	local calcEndian = bor(rsh(calc,8), lsh(band(calc, 0xff), 8))
 	
-	local cmd  = ('hf mf csetbl 1 %s%04x'):format( b1, calcEndian)	
-	core.console( cmd) 
+	local cmd  = (cset..'1 %s%04x'):format( b1, calcEndian)	
+	core.console(cmd) 
 	
 	local pos, key
 	for blockNo = 2, numBlocks-1, 1 do
 		pos = (math.floor( blockNo / 4 ) * 12)+1
 		key = akeys:sub(pos, pos + 11 )
-		if  blockNo%4 ~= 3 then
-			cmd =  ('%s %d %s'):format(cset,blockNo,empty) 
-		else
+		if  blockNo%4 == 3 then
 			cmd =  ('%s %d %s%s'):format(cset,blockNo,key,AccAndKeyB) 
-		end
-		core.console(cmd)
+			core.console(cmd)
+		end		
 	end 
+	core.clearCommandBuffer()
 end
 main(args)
\ No newline at end of file