From f774db9598abfe5401d2cc5a4b0ba2344ba935e9 Mon Sep 17 00:00:00 2001 From: "Merlokbr@gmail.com" Date: Thu, 5 Jul 2012 08:09:41 +0000 Subject: [PATCH] added magic card write block --- client/cmdhfmf.c | 36 +++++++++++++++++++++++++++++++++++- client/mifarehost.c | 13 +++++++++---- client/mifarehost.h | 1 + 3 files changed, 45 insertions(+), 5 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 9928cb1b..8c91e84c 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1255,6 +1255,40 @@ int CmdHF14AMfCSetUID(const char *Cmd) int CmdHF14AMfCSetBlk(const char *Cmd) { + uint8_t uid[8]; + uint8_t memBlock[16]; + uint8_t blockNo = 0; + int res; + memset(memBlock, 0x00, sizeof(memBlock)); + + if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') { + PrintAndLog("Usage: hf mf csetblk "); + PrintAndLog("sample: hf mf csetblk 1 01020304050607080910111213141516"); + PrintAndLog("Set block data for magic Chinese card (only works with!!!)"); + PrintAndLog("If you want wipe card then add 'w' into command line. \n"); + return 0; + } + + blockNo = param_get8(Cmd, 0); + if (blockNo >= 32 * 4 + 8 * 16) { + PrintAndLog("Block number must be in [0..255] as in MIFARE classic."); + return 1; + } + + if (param_gethex(Cmd, 1, memBlock, 32)) { + PrintAndLog("block data must include 32 HEX symbols"); + return 1; + } + + PrintAndLog("--block number:%02x data:%s", blockNo, sprint_hex(memBlock, 16)); + + res = mfCSetBlock(blockNo, memBlock, uid, 0); + if (res) { + PrintAndLog("Can't write block. error=%d", res); + return 1; + } + + PrintAndLog("UID:%s", sprint_hex(uid, 4)); return 0; } @@ -1284,7 +1318,7 @@ static command_t CommandTable[] = {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"}, {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"}, {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"}, - {"csetblk", CmdHF14AMfCSetBlk, 0, "(n/a)Write block into magic Chinese card"}, + {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"}, {"cload", CmdHF14AMfCLoad, 0, "(n/a)Load dump into magic Chinese card"}, {NULL, NULL, 0, NULL} }; diff --git a/client/mifarehost.c b/client/mifarehost.c index 529c248d..2ce0b5e2 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -217,14 +217,19 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) { } int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) { - uint8_t isOK = 0; uint8_t block0[16]; memset(block0, 0, 16); memcpy(block0, uid, 4); block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC + + return mfCSetBlock(0, block0, oldUID, wantWipe); +} + +int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe) { + uint8_t isOK = 0; - UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, 1, 0}}; - memcpy(c.d.asBytes, block0, 16); + UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, 1, blockNo}}; + memcpy(c.d.asBytes, data, 16); SendCommand(&c); UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500); @@ -232,7 +237,7 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) { if (resp != NULL) { isOK = resp->arg[0] & 0xff; PrintAndLog("isOk:%02x", isOK); - memcpy(oldUID, resp->d.asBytes, 4); + memcpy(uid, resp->d.asBytes, 4); if (!isOK) return 2; } else { PrintAndLog("Command execute timeout"); diff --git a/client/mifarehost.h b/client/mifarehost.h index e5d7c84a..4a107fd0 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -45,4 +45,5 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount); int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount); int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe); +int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe); -- 2.39.5