From 2ce218042d2aebdfa4c5a58f19e6550f367c5d81 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sun, 29 Jan 2017 13:21:17 +0100
Subject: [PATCH] CHG: 'hf 14a sim e'  - it now has a parameter for
 setfoundkeys to emulator memory. CHG: textual changes.

---
 client/cmdhf14a.c | 38 ++++++++++++++++++++++----------------
 client/cmdhfmf.c  | 17 +++++++++--------
 2 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 6411a919..ca8b8c1d 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -130,9 +130,9 @@ char* getTagInfo(uint8_t uid) {
 int usage_hf_14a_sim(void) {
 //	PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n");
 	PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 byte UID\n");
-	PrintAndLog("Usage: hf 14a sim t <type> u <uid> x");
-	PrintAndLog("  Options : ");
-	PrintAndLog("    h     : this help");
+	PrintAndLog("usage: hf 14a sim [h] t <type> u <uid> [x] [e] [v]");
+	PrintAndLog("options: ");
+	PrintAndLog("    h     : This help");
 	PrintAndLog("    t     : 1 = MIFARE Classic");
 	PrintAndLog("            2 = MIFARE Ultralight");
 	PrintAndLog("            3 = MIFARE Desfire");
@@ -142,12 +142,14 @@ int usage_hf_14a_sim(void) {
 	PrintAndLog("            7 = AMIIBO (NTAG 215),  pack 0x8080");
 //	PrintAndLog("    u     : 4, 7 or 10 byte UID");
 	PrintAndLog("    u     : 4, 7 byte UID");
-	PrintAndLog("    x     : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
-	PrintAndLog("    v     : (Optional) show maths used for cracking reader. Useful for debugging.");
-	PrintAndLog("\n   sample : hf 14a sim t 1 u 11223344 x");
-	PrintAndLog("          : hf 14a sim t 1 u 11223344");
-	PrintAndLog("          : hf 14a sim t 1 u 11223344556677");
-//	PrintAndLog("          : hf 14a sim t 1 u 11223445566778899AA\n");
+	PrintAndLog("    x     : (Optional) Performs the 'reader attack', nr/ar attack against a reader");
+	PrintAndLog("    e     : (Optional) Fill simulator keys from found keys");	
+	PrintAndLog("    v     : (Optional) Verbose");
+	PrintAndLog("samples:");
+	PrintAndLog("          hf 14a sim t 1 u 11223344 x");
+	PrintAndLog("          hf 14a sim t 1 u 11223344");
+	PrintAndLog("          hf 14a sim t 1 u 11223344556677");
+//	PrintAndLog("          hf 14a sim t 1 u 11223445566778899AA\n");
 	return 0;
 }
 int usage_hf_14a_sniff(void){
@@ -447,7 +449,8 @@ int CmdHF14ASim(const char *Cmd) {
 	uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0};
 	int uidlen = 0;
 	bool useUIDfromEML = TRUE;
-	bool verbose = false;
+	bool setEmulatorMem = FALSE;
+	bool verbose = FALSE;
 
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
@@ -459,7 +462,7 @@ int CmdHF14ASim(const char *Cmd) {
 				// Retrieve the tag type
 				tagtype = param_get8ex(Cmd, cmdp+1, 0, 10);
 				if (tagtype == 0)
-					errors = true; 
+					errors = TRUE; 
 				cmdp += 2;
 				break;
 			case 'u':
@@ -488,6 +491,11 @@ int CmdHF14ASim(const char *Cmd) {
 				flags |= FLAG_NR_AR_ATTACK;
 				cmdp++;
 				break;
+			case 'e':
+			case 'E':
+				setEmulatorMem = TRUE;
+				cmdp++;
+				break;				
 			default:
 				PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
 				errors = true;
@@ -502,8 +510,6 @@ int CmdHF14ASim(const char *Cmd) {
 	if ( useUIDfromEML ) 
 		flags |= FLAG_UID_IN_EMUL;
 	
-	PrintAndLog("Press pm3-button to abort simulation");
-	
 	UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }};	
 	memcpy(c.d.asBytes, uid, uidlen>>1);
 	clearCommandBuffer();
@@ -511,15 +517,15 @@ int CmdHF14ASim(const char *Cmd) {
 
 	nonces_t data[ATTACK_KEY_COUNT*2];
 	UsbCommand resp;
-
+	
+	PrintAndLog("Press pm3-button to abort simulation");
 	while( !ukbhit() ){
 		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;
-
 		if ( !(flags & FLAG_NR_AR_ATTACK) ) break;
 		if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 			
 		memcpy( data, resp.d.asBytes, sizeof(data) );
-		readerAttack(data, TRUE, verbose);
+		readerAttack(data, setEmulatorMem, verbose);
 	}
 	return 0;
 }
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 6b944df3..36438d7f 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -24,19 +24,20 @@ int usage_hf14_mifare(void){
 	return 0;
 }
 int usage_hf14_mf1ksim(void){
-	PrintAndLog("Usage:  hf mf sim  [h] u <uid (8,14,20 hex symbols)> n <numreads> i x");
+	PrintAndLog("Usage:  hf mf sim [h] u <uid> n <numreads> [i] [x] [e] [v]");
 	PrintAndLog("options:");
 	PrintAndLog("      h    this help");
 	PrintAndLog("      u    (Optional) UID 4,7 or 10bytes. If not specified, the UID 4b from emulator memory will be used");
 	PrintAndLog("      n    (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
 	PrintAndLog("      i    (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");
-	PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");
-	PrintAndLog("      e    (Optional) Fill simulator keys from what we crack");
-	PrintAndLog("      v    (Optional) Show maths used for cracking reader. Useful for debugging.");
+	PrintAndLog("      x    (Optional) Crack, performs the 'reader attack', nr/ar attack against a reader");
+	PrintAndLog("      e    (Optional) Fill simulator keys from found keys");
+	PrintAndLog("      v    (Optional) Verbose");
 	PrintAndLog("samples:");
 	PrintAndLog("           hf mf sim u 0a0a0a0a");
 	PrintAndLog("           hf mf sim u 11223344556677");
 	PrintAndLog("           hf mf sim u 112233445566778899AA");	
+	PrintAndLog("           hf mf sim u 11223344 i x");	
 	return 0;
 }
 int usage_hf14_dbg(void){
@@ -1381,7 +1382,8 @@ void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {
 		k_sector[i].foundKey[1] = FALSE;
 	}
 
-	printf("enter reader attack\n");
+	if (verbose) printf("enter Moebius attack (mfkey32v2) \n");
+	
 	for (uint8_t i = 0; i < ATTACK_KEY_COUNT; ++i) {
 		
 		// if no-collected data 
@@ -1419,7 +1421,7 @@ void readerAttack(nonces_t data[], bool setEmulatorMem, bool verbose) {
 			uint8_t sectorNum = data[i+ATTACK_KEY_COUNT].sector;
 			uint8_t keyType = data[i+ATTACK_KEY_COUNT].keytype;
 
-			PrintAndLog("Found Key%s for sector %02d: [%012"llx"]"
+			PrintAndLog("Reader is trying authenticate with: Key %s, sector %02d: [%012"llx"]"
 				, keyType ? "B" : "A"
 				, sectorNum
 				, key
@@ -1528,7 +1530,6 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 
 		while( !ukbhit() ){
 			if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue;
-
 			if ( !(flags & FLAG_NR_AR_ATTACK) ) break;
 			if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break;
 
@@ -1537,7 +1538,7 @@ int CmdHF14AMf1kSim(const char *Cmd) {
 		}
 		
 		if (k_sector != NULL) {
-			printKeyTable(k_sectorsCount, k_sector );
+			printKeyTable(k_sectorsCount, k_sector);
 			free(k_sector);
 			k_sector = NULL;
 		}
-- 
2.39.5