PrintAndLog(" x0 -> <1 kByte");
break;
case 0x01:
- PrintAndLog(" x1 -> 1 kByte");
+ PrintAndLog(" x0 -> 1 kByte");
break;
case 0x02:
- PrintAndLog(" x2 -> 2 kByte");
+ PrintAndLog(" x0 -> 2 kByte");
break;
case 0x03:
- PrintAndLog(" x3 -> 4 kByte");
+ PrintAndLog(" x0 -> 4 kByte");
break;
case 0x04:
- PrintAndLog(" x4 -> 8 kByte");
+ PrintAndLog(" x0 -> 8 kByte");
break;
}
switch (card.ats[pos + 3] & 0xf0) {
return 1;
}
+int usage_hf_14a_sim(void) {
+ PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID\n");
+ PrintAndLog("Usage: hf 14a sim t <type> u <uid> x");
+ PrintAndLog(" Options : ");
+ PrintAndLog(" h : this help");
+ PrintAndLog(" t : 1 = MIFARE Classic");
+ PrintAndLog(" 2 = MIFARE Ultralight");
+ PrintAndLog(" 3 = MIFARE Desfire");
+ PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE Tnp3xxx");
+ PrintAndLog(" 6 = MIFARE Mini");
+ PrintAndLog(" 7 = NTAG 215 from emu mem");
+ PrintAndLog(" u : 4 or 7 byte UID");
+ PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
+ PrintAndLog("\n sample : hf 14a sim t 1 u 1122344");
+ PrintAndLog(" : hf 14a sim t 1 u 1122344 x\n");
+ return 0;
+}
// ## simulate iso14443a tag
// ## greg - added ability to specify tag UID
int CmdHF14ASim(const char *Cmd)
{
- UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{0,0,0}};
-
- // Retrieve the tag type
- uint8_t tagtype = param_get8ex(Cmd,0,0,10);
-
- // When no argument was given, just print help message
- if (tagtype == 0) {
- PrintAndLog("");
- PrintAndLog(" Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID");
- PrintAndLog("");
- PrintAndLog(" syntax: hf 14a sim <type> <uid>");
- PrintAndLog(" types: 1 = MIFARE Classic");
- PrintAndLog(" 2 = MIFARE Ultralight");
- PrintAndLog(" 3 = MIFARE Desfire");
- PrintAndLog(" 4 = ISO/IEC 14443-4");
- PrintAndLog(" 5 = MIFARE Tnp3xxx");
- PrintAndLog("");
- return 1;
- }
-
- // Store the tag type
- c.arg[0] = tagtype;
-
- // Retrieve the full 4 or 7 byte long uid
- uint64_t long_uid = param_get64ex(Cmd,1,0,16);
-
- // Are we handling the (optional) second part uid?
- if (long_uid > 0xffffffff) {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",long_uid);
- // Store the second part
- c.arg[2] = (long_uid & 0xffffffff);
- long_uid >>= 32;
- // Store the first part, ignore the first byte, it is replaced by cascade byte (0x88)
- c.arg[1] = (long_uid & 0xffffff);
- } else {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",long_uid);
- // Only store the first part
- c.arg[1] = long_uid & 0xffffffff;
+ bool errors = FALSE;
+ uint8_t flags = 0;
+ uint8_t tagtype = 1;
+ uint64_t uid = 0;
+ uint8_t cmdp = 0;
+
+ while(param_getchar(Cmd, cmdp) != 0x00)
+ {
+ switch(param_getchar(Cmd, cmdp))
+ {
+ case 'h':
+ case 'H':
+ return usage_hf_14a_sim();
+ case 't':
+ case 'T':
+ // Retrieve the tag type
+ tagtype = param_get8ex(Cmd, cmdp+1, 0, 10);
+ if (tagtype == 0)
+ errors = true;
+ cmdp += 2;
+ break;
+ case 'u':
+ case 'U':
+ // Retrieve the full 4 or 7 byte long uid
+ uid = param_get64ex(Cmd, cmdp+1, 0, 16);
+ if (uid == 0 )
+ errors = TRUE;
+
+ if (uid > 0xffffffff) {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",uid);
+ flags |= FLAG_7B_UID_IN_DATA;
+ } else {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",uid);
+ flags |= FLAG_4B_UID_IN_DATA;
+ }
+ cmdp += 2;
+ break;
+ case 'x':
+ case 'X':
+ flags |= FLAG_NR_AR_ATTACK;
+ cmdp++;
+ break;
+ default:
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
+ errors = true;
+ break;
+ }
+ if(errors) break;
}
-/*
- // At lease save the mandatory first part of the UID
- c.arg[0] = long_uid & 0xffffffff;
- if (c.arg[1] == 0) {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
+ //Validations
+ if (errors) return usage_hf_14a_sim();
+
+ PrintAndLog("Press pm3-button to abort simulation");
+
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }};
+
+ num_to_bytes(uid, 7, c.d.asBytes);
+ clearCommandBuffer();
+ SendCommand(&c);
+
+ //uint8_t data[40];
+ //uint8_t key[6];
+ UsbCommand resp;
+ while(!ukbhit()){
+ if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){
+ // attempt to get key:
+ // TODO:
+
+ //memset(data, 0x00, sizeof(data));
+ //memset(key, 0x00, sizeof(key));
+ //int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];
+ //memcpy(data, resp.d.asBytes, len);
+ //tryMfk32(uid, data, key);
+ //tryMfk32_moebius(uid, data, key);
+ //tryMfk64(uid, data, key);
+ //PrintAndLog("--");
+ }
+ }
}
-
- switch (c.arg[0]) {
- case 1: {
- PrintAndLog("Emulating ISO/IEC 14443-3 type A tag with 4 byte UID");
- UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
- } break;
- case 2: {
- PrintAndLog("Emulating ISO/IEC 14443-4 type A tag with 7 byte UID");
- } break;
- default: {
- PrintAndLog("Error: unkown tag type (%d)",c.arg[0]);
- PrintAndLog("syntax: hf 14a sim <uid>",c.arg[0]);
- PrintAndLog(" type1: 4 ",c.arg[0]);
-
- return 1;
- } break;
- }
-*/
-/*
- unsigned int hi = 0, lo = 0;
- int n = 0, i = 0;
- while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
- hi= (hi << 4) | (lo >> 28);
- lo= (lo << 4) | (n & 0xf);
- }
-*/
-// UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
-// PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
- SendCommand(&c);
- return 0;
+ return 0;
}
int CmdHF14ASnoop(const char *Cmd) {
if(topazmode)
c.arg[0] |= ISO14A_TOPAZMODE;
- // Max buffer is USB_CMD_DATA_SIZE
+ // Max buffer is USB_CMD_DATA_SIZE
+ datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
\r
- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- SendCommand(&c);\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
- \r
+\r
char cmdp = 0x00;\r
\r
\r
PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r
PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r
return 0;\r
- } \r
- \r
+ }\r
+\r
blockNo = param_get8(Cmd, 0);\r
cmdp = param_getchar(Cmd, 1);\r
if (cmdp == 0x00) {\r
return 1;\r
}\r
PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
- \r
- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+\r
+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- SendCommand(&c);\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
return 1;\r
}\r
PrintAndLog("--sector no:%d key type:%c key:%s ", sectorNo, keyType?'B':'A', sprint_hex(key, 6));\r
- \r
+\r
UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
PrintAndLog(" ");\r
\r
PrintAndLog("Command execute timeout");\r
}\r
\r
- return 0;\r
+ return 0;\r
}\r
\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
- \r
+\r
uint8_t keyA[40][6];\r
uint8_t keyB[40][6];\r
uint8_t rights[40][4];\r
return 2;\r
}\r
}\r
- \r
+\r
fclose(fin);\r
\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
- \r
+\r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
rights[sectorNo][3] = 0x01;\r
}\r
}\r
- \r
+\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|----- Dumping all blocks to file... -----|");\r
PrintAndLog("|-----------------------------------------|");\r
- \r
+\r
bool isOK = true;\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else { // data block. Check if it can be read with key A or key B\r
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
} else { // key A would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
}\r
PrintAndLog("Writing to block %3d: %s", FirstBlockOfSector(sectorNo) + blockNo, sprint_hex(bldata, 16));\r
\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
\r
UsbCommand resp;\r
\r
UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};\r
memcpy(c.d.asBytes, uid, sizeof(uid));\r
+ clearCommandBuffer();\r
SendCommand(&c);\r
\r
if(flags & FLAG_INTERACTIVE)\r
PrintAndLog("Press pm3-button to abort simulation");\r
while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
//We're waiting only 1.5 s at a time, otherwise we get the\r
- // annoying message about "Waiting for a response... "\r
+ //annoying message about "Waiting for a response... "\r
}\r
}\r
\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfESet(const char *Cmd)\r
{\r
uint8_t memBlock[16];\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfELoad(const char *Cmd)\r
{\r
FILE * f;\r
uint8_t buf8[64] = {0x00};\r
int i, len, blockNum, numBlocks;\r
int nameParamNo = 1;\r
- \r
+ uint8_t blockWidth = 32; \r
char ctmp = param_getchar(Cmd, 0);\r
\r
if ( ctmp == 'h' || ctmp == 0x00) {\r
PrintAndLog("It loads emul dump from the file `filename.eml`");\r
- PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`>");\r
- PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+ PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`> [numblocks]");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL");\r
PrintAndLog("");\r
PrintAndLog(" sample: hf mf eload filename");\r
PrintAndLog(" hf mf eload 4 filename");\r
case '\0': numBlocks = 16*4; break;\r
case '2' : numBlocks = 32*4; break;\r
case '4' : numBlocks = 256; break;\r
+ case 'U' : // fall through\r
+ case 'u' : numBlocks = 255; blockWidth = 8; break;\r
default: {\r
numBlocks = 16*4;\r
nameParamNo = 0;\r
}\r
}\r
+ uint32_t numblk2 = param_get32ex(Cmd,2,0,10);\r
+ if (numblk2 > 0) numBlocks = numblk2; \r
\r
len = param_getstr(Cmd,nameParamNo,filename);\r
- \r
if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
\r
fnameptr += len;\r
return 2;\r
}\r
\r
- if (strlen(buf) < 32){\r
+ if (strlen(buf) < blockWidth){\r
if(strlen(buf) && feof(f))\r
break;\r
- PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
+ PrintAndLog("File content error. Block data must include %d HEX symbols", blockWidth);\r
fclose(f);\r
return 2;\r
}\r
\r
- for (i = 0; i < 32; i += 2) {\r
+ for (i = 0; i < blockWidth; i += 2) {\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
- }\r
- \r
- if (mfEmlSetMem(buf8, blockNum, 1)) {\r
+ } \r
+ if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) {\r
PrintAndLog("Cant set emul block: %3d", blockNum);\r
fclose(f);\r
return 3;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfESave(const char *Cmd)\r
{\r
FILE * f;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfECFill(const char *Cmd)\r
{\r
uint8_t keyType = 0;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEKeyPrn(const char *Cmd)\r
{\r
int i;\r
uint8_t data[16];\r
uint64_t keyA, keyB;\r
\r
- if (param_getchar(Cmd, 0) == 'h') {\r
+ char cmdp = param_getchar(Cmd, 0);\r
+\r
+ if ( cmdp == 'h' || cmdp == 'H') {\r
PrintAndLog("It prints the keys loaded in the emulator memory");\r
PrintAndLog("Usage: hf mf ekeyprn [card memory]");\r
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
return 0;\r
} \r
\r
- char cmdp = param_getchar(Cmd, 0);\r
- \r
switch (cmdp) {\r
case '0' : numSectors = 5; break;\r
case '1' : \r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
uint8_t wipeCard = 0;\r
{\r
uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
- bool wipeCard = FALSE;\r
+ uint8_t params = MAGIC_SINGLE;\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
}\r
\r
char ctmp = param_getchar(Cmd, 2);\r
- wipeCard = (ctmp == 'w' || ctmp == 'W');\r
+ if (ctmp == 'w' || ctmp == 'W')\r
+ params |= MAGIC_WIPE;\r
+\r
PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r
\r
- res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, params);\r
if (res) {\r
PrintAndLog("Can't write block. error=%d", res);\r
return 1;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCLoad(const char *Cmd)\r
{\r
FILE * f;\r
- char filename[FILE_PATH_SIZE] = {0x00};\r
+ char filename[FILE_PATH_SIZE];\r
char * fnameptr = filename;\r
char buf[64] = {0x00};\r
uint8_t buf8[64] = {0x00};\r
uint8_t fillFromEmulator = 0;\r
int i, len, blockNum, flags=0;\r
\r
- if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
+ memset(filename, 0, sizeof(filename));\r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
+\r
+ if (ctmp == 'h' || ctmp == 'H' || ctmp == 0x00) {\r
PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
PrintAndLog("or from emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf cload <file name w/o `.eml`>");\r
return 0;\r
} \r
\r
- char ctmp = param_getchar(Cmd, 0);\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
PrintAndLog("Cant get block: %d", blockNum);\r
return 2;\r
}\r
- if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Magic Halt and switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
PrintAndLog("Cant set magic card block: %d", blockNum);\r
return 3;\r
}\r
for (i = 0; i < 32; i += 2)\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
\r
- if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
PrintAndLog("Can't set magic card block: %d", blockNum);\r
return 3;\r
}\r
}\r
\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
- uint8_t memBlock[16];\r
+ uint8_t data[16];\r
uint8_t blockNo = 0;\r
int res;\r
- memset(memBlock, 0x00, sizeof(memBlock));\r
+ memset(data, 0x00, sizeof(data));\r
+ char ctmp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
PrintAndLog("Usage: hf mf cgetblk <block number>");\r
PrintAndLog("sample: hf mf cgetblk 1");\r
PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r
\r
PrintAndLog("--block number:%2d ", blockNo);\r
\r
- res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r
+ res = mfCGetBlock(blockNo, data, MAGIC_SINGLE);\r
if (res) {\r
PrintAndLog("Can't read block. error=%d", res);\r
return 1;\r
}\r
\r
- PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r
+ PrintAndLog("block data:%s", sprint_hex(data, sizeof(data)));\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCGetSc(const char *Cmd) {\r
- uint8_t memBlock[16] = {0x00};\r
+ uint8_t data[16];\r
uint8_t sectorNo = 0;\r
int i, res, flags;\r
+ memset(data, 0x00, sizeof(data));\r
+ char ctmp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
+ if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
PrintAndLog("Usage: hf mf cgetsc <sector number>");\r
PrintAndLog("sample: hf mf cgetsc 0");\r
PrintAndLog("Get sector data from magic Chinese card (only works with such cards)\n");\r
return 0;\r
- } \r
+ }\r
\r
sectorNo = param_get8(Cmd, 0);\r
if (sectorNo > 15) {\r
}\r
\r
PrintAndLog("--sector number:%d ", sectorNo);\r
+ PrintAndLog("block | data");\r
\r
- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
+ flags = MAGIC_INIT + MAGIC_WUPC;\r
for (i = 0; i < 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 3) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ if (i == 3) flags = MAGIC_HALT + MAGIC_OFF;\r
\r
- res = mfCGetBlock(sectorNo * 4 + i, memBlock, flags);\r
+ res = mfCGetBlock(sectorNo * 4 + i, data, flags);\r
if (res) {\r
PrintAndLog("Can't read block. %d error=%d", sectorNo * 4 + i, res);\r
return 1;\r
}\r
- \r
- PrintAndLog("block %3d data:%s", sectorNo * 4 + i, sprint_hex(memBlock, 16));\r
+ PrintAndLog(" %3d | %s", sectorNo * 4 + i, sprint_hex(data, sizeof(data)));\r
}\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCSave(const char *Cmd) {\r
\r
FILE * f;\r
- char filename[FILE_PATH_SIZE] = {0x00};\r
+ char filename[FILE_PATH_SIZE];\r
char * fnameptr = filename;\r
uint8_t fillFromEmulator = 0;\r
- uint8_t buf[64] = {0x00};\r
+ uint8_t buf[64];\r
int i, j, len, flags;\r
- \r
- // memset(filename, 0, sizeof(filename));\r
- // memset(buf, 0, sizeof(buf));\r
\r
- if (param_getchar(Cmd, 0) == 'h') {\r
+ memset(filename, 0, sizeof(filename));\r
+ memset(buf, 0, sizeof(buf));\r
+ char ctmp = param_getchar(Cmd, 0);\r
+\r
+ if ( ctmp == 'h' || ctmp == 'H' ) {\r
PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r
PrintAndLog("or into emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf esave [file name w/o `.eml`][e]");\r
PrintAndLog(" hf mf esave filename");\r
PrintAndLog(" hf mf esave e \n");\r
return 0;\r
- } \r
-\r
- char ctmp = param_getchar(Cmd, 0);\r
+ }\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
// put into emulator\r
- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
+ flags = MAGIC_INIT + MAGIC_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
- \r
+ if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
+\r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
break;\r
}\r
- \r
+\r
if (mfEmlSetMem(buf, i, 1)) {\r
PrintAndLog("Cant set emul block: %d", i);\r
return 3;\r
} else {\r
len = strlen(Cmd);\r
if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
- \r
+\r
+ // get filename based on UID\r
if (len < 1) {\r
- // get filename\r
- if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {\r
+\r
+ if (mfCGetBlock(0, buf, MAGIC_SINGLE)) {\r
PrintAndLog("Cant get block: %d", 0);\r
len = sprintf(fnameptr, "dump");\r
fnameptr += len;\r
- }\r
- else {\r
+ } else {\r
for (j = 0; j < 7; j++, fnameptr += 2)\r
sprintf(fnameptr, "%02x", buf[j]); \r
}\r
fnameptr += len;\r
}\r
\r
+ // add .eml extension\r
sprintf(fnameptr, ".eml"); \r
- \r
+\r
// open file\r
f = fopen(filename, "w+");\r
\r
}\r
\r
// put hex\r
- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
+ flags = MAGIC_INIT + MAGIC_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
\r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
fprintf(f, "%02x", buf[j]); \r
fprintf(f,"\n");\r
}\r
+ fflush(f);\r
fclose(f);\r
- \r
PrintAndLog("Saved to file: %s", filename);\r
- \r
return 0;\r
}\r
}\r
\r
-\r
int CmdHF14AMfSniff(const char *Cmd){\r
\r
bool wantLogToFile = 0;\r
uint16_t traceLen = resp.arg[1];\r
len = resp.arg[2];\r
\r
- if (res == 0) return 0; // we are done\r
+ if (res == 0) {\r
+ free(buf);\r
+ return 0; // we are done\r
+ }\r
\r
if (res == 1) { // there is (more) data to be transferred\r
if (pckNum == 0) { // first packet, (re)allocate necessary buffer\r
}\r
\r
//needs nt, ar, at, Data to decrypt\r
-int CmdDecryptTraceCmds(const char *Cmd){\r
+int CmdHf14MfDecryptBytes(const char *Cmd){\r
uint8_t data[50];\r
int len = 0;\r
param_gethex_ex(Cmd,3,data,&len);\r
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
- {"decrypt", CmdDecryptTraceCmds,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+ {"decrypt", CmdHf14MfDecryptBytes,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
{NULL, NULL, 0, NULL}\r
};\r
\r
projects / proxmark3-svn / commitdiff