From ece631fd06bfc1de1ca017c9c8154d4447f98cdb Mon Sep 17 00:00:00 2001 From: angelsl Date: Thu, 9 Mar 2017 21:36:19 +0800 Subject: [PATCH] Add Mifare Classic EV1 set load modulation command --- armsrc/appmain.c | 4 +++ armsrc/apps.h | 1 + armsrc/mifarecmd.c | 58 ++++++++++++++++++++++++++++++++++++ client/cmdhfmf.c | 38 +++++++++++++++++++++++ client/cmdhfmf.h | 1 + client/hid-flasher/usb_cmd.h | 1 + client/lualibs/commands.lua | 1 + include/usb_cmd.h | 1 + 8 files changed, 105 insertions(+) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index bcff7476..ee6ab7fb 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1196,6 +1196,10 @@ void UsbPacketReceived(uint8_t *packet, int len) SniffMifare(c->arg[0]); break; + case CMD_MIFARE_SETMOD: + MifareSetMod(c->arg[0], c->d.asBytes); + break; + //mifare desfire case CMD_MIFARE_DESFIRE_READBL: break; case CMD_MIFARE_DESFIRE_WRITEBL: break; diff --git a/armsrc/apps.h b/armsrc/apps.h index 4f1b622a..032c4f9d 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -148,6 +148,7 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); // Work with "magic Chinese" card void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); void MifareCIdent(); // is "magic chinese" card? +void MifareSetMod(uint8_t mod, uint8_t *key); void MifareUSetPwd(uint8_t arg0, uint8_t *datain); void OnSuccessMagic(); void OnErrorMagic(uint8_t reason); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 4bb01a4c..da574fd0 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1429,6 +1429,64 @@ void OnErrorMagic(uint8_t reason){ cmd_send(CMD_ACK,0,reason,0,0,0); OnSuccessMagic(); } + +void MifareSetMod(uint8_t mod, uint8_t *key) { + uint64_t ui64Key = bytes_to_num(key, 6); + + // variables + uint8_t isOK = 0; + uint8_t uid[10] = {0}; + uint32_t cuid = 0; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs = &mpcs; + int respLen = 0; + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0}; + uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0}; + + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + clear_trace(); + set_tracing(true); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while (true) { + if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + break; + } + + if(mifare_classic_auth(pcs, cuid, 0, 0, ui64Key, AUTH_FIRST)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Auth error"); + break; + } + + if (((respLen = mifare_sendcmd_short(pcs, 1, 0x43, mod, receivedAnswer, receivedAnswerPar, NULL)) != 1) || (receivedAnswer[0] != 0x0a)) { + if (MF_DBGLEVEL >= 1) Dbprintf("SetMod error; response[0]: %hhX, len: %d", receivedAnswer[0], respLen); + break; + } + + if(mifare_classic_halt(pcs, cuid)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + break; + } + + isOK = 1; + break; + } + + crypto1_destroy(pcs); + + LED_B_ON(); + cmd_send(CMD_ACK, isOK, 0, 0, 0, 0); + LED_B_OFF(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + // // DESFIRE // diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 4ebef19c..13cbee68 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2451,6 +2451,43 @@ int CmdHf14MfDecryptBytes(const char *Cmd){ return tryDecryptWord( nt, ar_enc, at_enc, data, len); } +int CmdHf14AMfSetMod(const char *Cmd) { + uint8_t key[6] = {0, 0, 0, 0, 0, 0}; + uint8_t mod = 2; + + char ctmp = param_getchar(Cmd, 0); + if (ctmp == '0') { + mod = 0; + } else if (ctmp == '1') { + mod = 1; + } + int gethexfail = param_gethex(Cmd, 1, key, 12); + if (mod == 2 || gethexfail) { + PrintAndLog("Sets the load modulation strength of a MIFARE Classic EV1 card."); + PrintAndLog("Usage: hf mf setmod <0/1> "); + PrintAndLog(" 0 = normal modulation"); + PrintAndLog(" 1 = strong modulation (default)"); + return 1; + } + + UsbCommand c = {CMD_MIFARE_SETMOD, {mod, 0, 0}}; + memcpy(c.d.asBytes, key, 6); + clearCommandBuffer(); + SendCommand(&c); + + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + uint8_t ok = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", ok); + if (!ok) { + PrintAndLog("Failed."); + } + } else { + PrintAndLog("Command execute timeout"); + } + return 0; +} + static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"}, @@ -2480,6 +2517,7 @@ static command_t CommandTable[] = { {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"}, {"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"}, {"decrypt", CmdHf14MfDecryptBytes, 1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"}, + {"setmod", CmdHf14AMfSetMod, 0, "Set MIFARE Classic EV1 load modulation strength"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h index e102dbd0..72924cae 100644 --- a/client/cmdhfmf.h +++ b/client/cmdhfmf.h @@ -58,6 +58,7 @@ int CmdHF14AMfCGetSc(const char* cmd); int CmdHF14AMfCLoad(const char* cmd); int CmdHF14AMfCSave(const char* cmd); int CmdHf14MfDecryptBytes(const char *Cmd); +int CmdHf14AMfSetMod(const char *Cmd); void showSectorTable(void); void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index 4d0f5e8e..133a9eda 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -186,6 +186,7 @@ typedef struct { #define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 #define CMD_MIFARE_CHKKEYS 0x0623 +#define CMD_MIFARE_SETMOD 0x0624 #define CMD_MIFARE_SNIFFER 0x0630 //ultralightC diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 7aaa1745..a14288c2 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -159,6 +159,7 @@ local _commands = { CMD_MIFAREU_WRITEBL_COMPAT = 0x0723, CMD_MIFARE_CHKKEYS = 0x0623, + CMD_MIFARE_SETMOD = 0x0624, CMD_MIFARE_SNIFFER = 0x0630, diff --git a/include/usb_cmd.h b/include/usb_cmd.h index e312f93a..b2189ef2 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -200,6 +200,7 @@ typedef struct{ #define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 #define CMD_MIFARE_CHKKEYS 0x0623 +#define CMD_MIFARE_SETMOD 0x0624 #define CMD_MIFARE_SNIFFER 0x0630 //ultralightC -- 2.39.2