{\r
uint8_t sectorNo, blockNo;\r
\r
- uint8_t keyA[40][6];\r
- uint8_t keyB[40][6];\r
+ uint8_t keys[2][40][6];\r
uint8_t rights[40][4];\r
uint8_t carddata[256][16];\r
uint8_t numSectors = 16;\r
char cmdp = param_getchar(Cmd, 0);\r
numSectors = ParamCardSizeSectors(cmdp);\r
\r
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {\r
- PrintAndLog("Usage: hf mf dump [card memory]");\r
+ if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') {\r
+ PrintAndLog("Usage: hf mf dump [card memory] [k|m]");\r
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog(" k: Always try using both Key A and Key B for each sector, even if access bits would prohibit it");\r
+ PrintAndLog(" m: When missing access bits or keys, replace that block with NULL");\r
PrintAndLog("");\r
PrintAndLog("Samples: hf mf dump");\r
PrintAndLog(" hf mf dump 4");\r
+ PrintAndLog(" hf mf dump 4 m");\r
return 0;\r
}\r
\r
+ char opts = param_getchar(Cmd, 1);\r
+ bool useBothKeysAlways = false;\r
+ if (opts == 'k' || opts == 'K') useBothKeysAlways = true;\r
+ bool nullMissingKeys = false;\r
+ if (opts == 'm' || opts == 'M') nullMissingKeys = true;\r
+\r
if ((fin = fopen("dumpkeys.bin","rb")) == NULL) {\r
PrintAndLog("Could not find file dumpkeys.bin");\r
return 1;\r
}\r
\r
- // Read keys A from file\r
- for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
- size_t bytes_read = fread(keyA[sectorNo], 1, 6, fin);\r
- if (bytes_read != 6) {\r
- PrintAndLog("File reading error.");\r
- fclose(fin);\r
- return 2;\r
- }\r
- }\r
-\r
- // Read keys B from file\r
- for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
- size_t bytes_read = fread(keyB[sectorNo], 1, 6, fin);\r
- if (bytes_read != 6) {\r
- PrintAndLog("File reading error.");\r
- fclose(fin);\r
- return 2;\r
- }\r
+ // Read keys from file\r
+ for (int group=0; group<=1; group++) {\r
+ for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
+ size_t bytes_read = fread(keys[group][sectorNo], 1, 6, fin);\r
+ if (bytes_read != 6) {\r
+ PrintAndLog("File reading error.");\r
+ fclose(fin);\r
+ return 2;\r
+ }\r
+ } \r
}\r
\r
fclose(fin);\r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
for (tries = 0; tries < 3; tries++) {\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ // At least the Access Conditions can always be read with key A.\r
+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r
SendCommand(&c);\r
\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
for (tries = 0; tries < 3; tries++) {\r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ } else if (useBothKeysAlways) {\r
+ // Always try both keys, even if access conditions wouldn't work.\r
+ for (int k=0; k<=1; k++) {\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
+ memcpy(c.d.asBytes, keys[k][sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+\r
+ // Don't try the other one on success.\r
+ if (resp.arg[0] & 0xff) break;\r
+ }\r
} else { // data block. Check if it can be read with key A or key B\r
uint8_t data_area = sectorNo<32?blockNo:blockNo/5;\r
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
- memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
+ memcpy(c.d.asBytes, keys[1][sectorNo], 6);\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
- isOK = false;\r
PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
- tries = 2;\r
+ if (nullMissingKeys) {\r
+ memset(resp.d.asBytes, 0, 16);\r
+ resp.arg[0] = 1;\r
+ PrintAndLog(" ... filling the block with NULL");\r
+ received = true;\r
+ } else {\r
+ isOK = false;\r
+ tries = 2;\r
+ }\r
} else { // key A would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ memcpy(c.d.asBytes, keys[0][sectorNo], 6);\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
}\r
isOK = resp.arg[0] & 0xff;\r
uint8_t *data = resp.d.asBytes;\r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. Fill in the keys.\r
- data[0] = (keyA[sectorNo][0]);\r
- data[1] = (keyA[sectorNo][1]);\r
- data[2] = (keyA[sectorNo][2]);\r
- data[3] = (keyA[sectorNo][3]);\r
- data[4] = (keyA[sectorNo][4]);\r
- data[5] = (keyA[sectorNo][5]);\r
- data[10] = (keyB[sectorNo][0]);\r
- data[11] = (keyB[sectorNo][1]);\r
- data[12] = (keyB[sectorNo][2]);\r
- data[13] = (keyB[sectorNo][3]);\r
- data[14] = (keyB[sectorNo][4]);\r
- data[15] = (keyB[sectorNo][5]);\r
+ memcpy(data, keys[0][sectorNo], 6);\r
+ memcpy(data + 10, keys[1][sectorNo], 6);\r
}\r
if (isOK) {\r
memcpy(carddata[FirstBlockOfSector(sectorNo) + blockNo], data, 16);\r
projects / proxmark3-svn / commitdiff