]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhfmfu.c
projects / proxmark3-svn / blob
? search:


3b9f2e6d9d4919963c9a980e43a2d894e95f49d1
[proxmark3-svn] / client / cmdhfmfu.c
1 //-----------------------------------------------------------------------------
2 // Ultralight Code (c) 2013,2014 Midnitesnake & Andy Davies of Pentura
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency MIFARE ULTRALIGHT (C) commands
9 //-----------------------------------------------------------------------------
10 #include <openssl/des.h>
11 #include "cmdhfmf.h"
12
13 uint8_t MAX_ULTRA_BLOCKS= 0x0f;
14 uint8_t MAX_ULTRAC_BLOCKS= 0x2c;
15 uint8_t key1_blnk_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
16 uint8_t key2_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
17 uint8_t key3_3des_data[16] = { 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 };
18 uint8_t key4_nfc_data[16] = { 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 };
19 uint8_t key5_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
20
21 static int CmdHelp(const char *Cmd);
22
23 //
24 // Mifare Ultralight Write Single Block
25 //
26 int CmdHF14AMfUWrBl(const char *Cmd){
27 uint8_t blockNo = 0;
28 bool chinese_card=0;
29 uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
30 UsbCommand resp;
31
32 if (strlen(Cmd)<3) {
33 PrintAndLog("Usage: hf mfu uwrbl <block number> <block data (8 hex symbols)> [w]");
34 PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
35 return 0;
36 }
37 blockNo = param_get8(Cmd, 0);
38 if (blockNo>MAX_ULTRA_BLOCKS){
39 PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
40 return 1;
41 }
42 if (param_gethex(Cmd, 1, bldata, 8)) {
43 PrintAndLog("Block data must include 8 HEX symbols");
44 return 1;
45 }
46 if (strchr(Cmd,'w') != 0) {
47 chinese_card=1;
48 }
49 switch(blockNo){
50 case 0:
51 if (!chinese_card){
52 PrintAndLog("Access Denied");
53 }else{
54 PrintAndLog("--specialblock no:%02x", blockNo);
55 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
56 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
57 memcpy(d.d.asBytes,bldata, 4);
58 SendCommand(&d);
59 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
60 uint8_t isOK = resp.arg[0] & 0xff;
61 PrintAndLog("isOk:%02x", isOK);
62 } else {
63 PrintAndLog("Command execute timeout");
64 }
65 }
66 break;
67 case 1:
68 if (!chinese_card){
69 PrintAndLog("Access Denied");
70 }else{
71 PrintAndLog("--specialblock no:%02x", blockNo);
72 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
73 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
74 memcpy(d.d.asBytes,bldata, 4);
75 SendCommand(&d);
76 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
77 uint8_t isOK = resp.arg[0] & 0xff;
78 PrintAndLog("isOk:%02x", isOK);
79 } else {
80 PrintAndLog("Command execute timeout");
81 }
82 }
83 break;
84 case 2:
85 if (!chinese_card){
86 PrintAndLog("Access Denied");
87 }else{
88 PrintAndLog("--specialblock no:%02x", blockNo);
89 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
90 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
91 memcpy(c.d.asBytes, bldata, 4);
92 SendCommand(&c);
93 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
94 uint8_t isOK = resp.arg[0] & 0xff;
95 PrintAndLog("isOk:%02x", isOK);
96 } else {
97 PrintAndLog("Command execute timeout");
98 }
99 }
100 break;
101 case 3:
102 PrintAndLog("--specialblock no:%02x", blockNo);
103 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
104 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
105 memcpy(d.d.asBytes,bldata, 4);
106 SendCommand(&d);
107 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
108 uint8_t isOK = resp.arg[0] & 0xff;
109 PrintAndLog("isOk:%02x", isOK);
110 } else {
111 PrintAndLog("Command execute timeout");
112 }
113 break;
114 default:
115 PrintAndLog("--block no:%02x", blockNo);
116 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
117 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
118 memcpy(e.d.asBytes,bldata, 4);
119 SendCommand(&e);
120 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
121 uint8_t isOK = resp.arg[0] & 0xff;
122 PrintAndLog("isOk:%02x", isOK);
123 } else {
124 PrintAndLog("Command execute timeout");
125 }
126 break;
127 }
128 return 0;
129 }
130
131 //
132 // Mifare Ultralight Read Single Block
133 //
134 int CmdHF14AMfURdBl(const char *Cmd){
135
136 uint8_t blockNo = 0;
137
138 if (strlen(Cmd)<1) {
139 PrintAndLog("Usage: hf mfu urdbl <block number>");
140 PrintAndLog(" sample: hfu mfu urdbl 0");
141 return 0;
142 }
143
144 blockNo = param_get8(Cmd, 0);
145 // if (blockNo>MAX_ULTRA_BLOCKS){
146 // PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
147 // return 1;
148 // }
149 PrintAndLog("--block no:%02x", (int)blockNo);
150 UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}};
151 SendCommand(&c);
152
153 UsbCommand resp;
154 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
155 uint8_t isOK = resp.arg[0] & 0xff;
156 uint8_t * data = resp.d.asBytes;
157
158 if (isOK)
159 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
160 else
161 PrintAndLog("isOk:%02x", isOK);
162 } else {
163 PrintAndLog("Command execute timeout");
164 }
165 return 0;
166 }
167
168 //
169 // Mifare Ultralight Read (Dump) Card Contents
170 //
171 int CmdHF14AMfURdCard(const char *Cmd){
172 int i;
173 uint8_t BlockNo = 0;
174 int Pages=16;
175 uint8_t *lockbytes_t=NULL;
176 uint8_t lockbytes[2]={0,0};
177 bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
178 bool dump=false;
179 uint8_t datatemp[5]={0,0,0,0,0};
180
181 uint8_t isOK = 0;
182 uint8_t * data = NULL;
183 FILE *fout = NULL;
184
185 if (strchr(Cmd,'x') != 0){
186 dump=true;
187 if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) {
188 PrintAndLog("Could not create file name dumpdata.bin");
189 return 1;
190 }
191 PrintAndLog("Dumping Ultralight Card Data...");
192 }
193 PrintAndLog("Attempting to Read Ultralight... ");
194 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo, Pages}};
195 SendCommand(&c);
196 UsbCommand resp;
197
198 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
199 isOK = resp.arg[0] & 0xff;
200 data = resp.d.asBytes;
201 PrintAndLog("isOk:%02x", isOK);
202 if (isOK) {
203
204 // UID
205 memcpy( datatemp, data,3);
206 memcpy( datatemp+3, data+4, 4);
207 PrintAndLog(" UID :%s ", sprint_hex(datatemp, 7));
208 // BBC
209 // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2
210 int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2];
211 if ( data[3] == crc0 ) {
212 PrintAndLog(" BCC0 :%02x - Ok", data[3]);
213 }
214 else{
215 PrintAndLog(" BCC0 :%02x - crc should be %02x", data[3], crc0);
216 }
217
218 int crc1 = data[4] ^ data[5] ^ data[6] ^data[7];
219 if ( data[8] == crc1 ){
220 PrintAndLog(" BCC1 :%02x - Ok", data[8]);
221 }
222 else{
223 PrintAndLog(" BCC1 :%02x - crc should be %02x", data[8], crc1 );
224 }
225
226 PrintAndLog(" Internal :%s ", sprint_hex(data + 9, 1));
227
228 memcpy(datatemp, data+10, 2);
229 PrintAndLog(" Lock :%s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) );
230
231 PrintAndLog(" OneTimePad :%s ", sprint_hex(data + 3*4, 4));
232 PrintAndLog("");
233
234 for (i = 0; i < Pages; i++) {
235 switch(i){
236 case 2:
237 //process lock bytes
238 lockbytes_t=data+(i*4);
239 lockbytes[0]=lockbytes_t[2];
240 lockbytes[1]=lockbytes_t[3];
241 for(int j=0; j<16; j++){
242 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
243 }
244 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
245 memcpy(datatemp,data + i * 4,4);
246 if (dump) fwrite ( datatemp, 1, 4, fout );
247 break;
248 case 3:
249 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
250 memcpy(datatemp,data + i * 4,4);
251 if (dump) fwrite ( datatemp, 1, 4, fout );
252 break;
253 case 4:
254 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
255 memcpy(datatemp,data + i * 4,4);
256 if (dump) fwrite ( datatemp, 1, 4, fout );
257 break;
258 case 5:
259 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
260 memcpy(datatemp,data + i * 4,4);
261 if (dump) fwrite ( datatemp, 1, 4, fout );
262 break;
263 case 6:
264 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
265 memcpy(datatemp,data + i * 4,4);
266 if (dump) fwrite ( datatemp, 1, 4, fout );
267 break;
268 case 7:
269 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
270 memcpy(datatemp,data + i * 4,4);
271 if (dump) fwrite ( datatemp, 1, 4, fout );
272 break;
273 case 8:
274 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
275 memcpy(datatemp,data + i * 4,4);
276 if (dump) fwrite ( datatemp, 1, 4, fout );
277 break;
278 case 9:
279 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
280 memcpy(datatemp,data + i * 4,4);
281 if (dump) fwrite ( datatemp, 1, 4, fout );
282 break;
283 case 10:
284 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
285 memcpy(datatemp,data + i * 4,4);
286 if (dump) fwrite ( datatemp, 1, 4, fout );
287 break;
288 case 11:
289 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
290 memcpy(datatemp,data + i * 4,4);
291 if (dump) fwrite ( datatemp, 1, 4, fout );
292 break;
293 case 12:
294 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
295 memcpy(datatemp,data + i * 4,4);
296 if (dump) fwrite ( datatemp, 1, 4, fout );
297 break;
298 case 13:
299 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
300 memcpy(datatemp,data + i * 4,4);
301 if (dump) fwrite ( datatemp, 1, 4, fout );
302 break;
303 case 14:
304 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
305 memcpy(datatemp,data + i * 4,4);
306 if (dump) fwrite ( datatemp, 1, 4, fout );
307 break;
308 case 15:
309 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
310 memcpy(datatemp,data + i * 4,4);
311 if (dump) fwrite ( datatemp, 1, 4, fout );
312 break;
313 default:
314 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
315 memcpy(datatemp,data + i * 4,4);
316 if (dump) fwrite ( datatemp, 1, 4, fout );
317 break;
318 }
319 }
320 }
321 } else {
322 PrintAndLog("Command1 execute timeout");
323 }
324 if (dump) fclose(fout);
325 return 0;
326 }
327
328 int CmdHF14AMfUDump(const char *Cmd){
329 int i;
330 uint8_t BlockNo = 0;
331 int Pages=16;
332 uint8_t *lockbytes_t=NULL;
333 uint8_t lockbytes[2]={0,0};
334 bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
335 bool dump=false;
336 uint8_t datatemp[5]={0,0,0,0,0};
337
338 uint8_t isOK = 0;
339 uint8_t * data = NULL;
340 FILE *fout;
341
342 dump=true;
343 if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) {
344 PrintAndLog("Could not create file name dumpdata.bin");
345 return 1;
346 }
347 PrintAndLog("Dumping Ultralight Card Data...");
348
349 PrintAndLog("Attempting to Read Ultralight... ");
350 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}};
351 SendCommand(&c);
352 UsbCommand resp;
353
354 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
355 isOK = resp.arg[0] & 0xff;
356 data = resp.d.asBytes;
357 PrintAndLog("isOk:%02x", isOK);
358 if (isOK)
359 for (i = 0; i < Pages; i++) {
360 switch(i){
361 case 2:
362 //process lock bytes
363 lockbytes_t=data+(i*4);
364 lockbytes[0]=lockbytes_t[2];
365 lockbytes[1]=lockbytes_t[3];
366 for(int j=0; j<16; j++){
367 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
368 }
369 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
370 memcpy(datatemp,data + i * 4,4);
371 if (dump) fwrite ( datatemp, 1, 4, fout );
372 break;
373 case 3:
374 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
375 memcpy(datatemp,data + i * 4,4);
376 if (dump) fwrite ( datatemp, 1, 4, fout );
377 break;
378 case 4:
379 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
380 memcpy(datatemp,data + i * 4,4);
381 if (dump) fwrite ( datatemp, 1, 4, fout );
382 break;
383 case 5:
384 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
385 memcpy(datatemp,data + i * 4,4);
386 if (dump) fwrite ( datatemp, 1, 4, fout );
387 break;
388 case 6:
389 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
390 memcpy(datatemp,data + i * 4,4);
391 if (dump) fwrite ( datatemp, 1, 4, fout );
392 break;
393 case 7:
394 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
395 memcpy(datatemp,data + i * 4,4);
396 if (dump) fwrite ( datatemp, 1, 4, fout );
397 break;
398 case 8:
399 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
400 memcpy(datatemp,data + i * 4,4);
401 if (dump) fwrite ( datatemp, 1, 4, fout );
402 break;
403 case 9:
404 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
405 memcpy(datatemp,data + i * 4,4);
406 if (dump) fwrite ( datatemp, 1, 4, fout );
407 break;
408 case 10:
409 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
410 memcpy(datatemp,data + i * 4,4);
411 if (dump) fwrite ( datatemp, 1, 4, fout );
412 break;
413 case 11:
414 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
415 memcpy(datatemp,data + i * 4,4);
416 if (dump) fwrite ( datatemp, 1, 4, fout );
417 break;
418 case 12:
419 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
420 memcpy(datatemp,data + i * 4,4);
421 if (dump) fwrite ( datatemp, 1, 4, fout );
422 break;
423 case 13:
424 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
425 memcpy(datatemp,data + i * 4,4);
426 if (dump) fwrite ( datatemp, 1, 4, fout );
427 break;
428 case 14:
429 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
430 memcpy(datatemp,data + i * 4,4);
431 if (dump) fwrite ( datatemp, 1, 4, fout );
432 break;
433 case 15:
434 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
435 memcpy(datatemp,data + i * 4,4);
436 if (dump) fwrite ( datatemp, 1, 4, fout );
437 break;
438 default:
439 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
440 memcpy(datatemp,data + i * 4,4);
441 if (dump) fwrite ( datatemp, 1, 4, fout );
442 break;
443 }
444 }
445 } else {
446 PrintAndLog("Command1 execute timeout");
447 }
448 if (dump) fclose(fout);
449 return 0;
450 }
451
452 // Needed to Authenticate to Ultralight C tags
453 void rol (uint8_t *data, const size_t len){
454 uint8_t first = data[0];
455 for (size_t i = 0; i < len-1; i++) {
456 data[i] = data[i+1];
457 }
458 data[len-1] = first;
459 }
460
461 //-------------------------------------------------------------------------------
462 // Ultralight C Methods
463 //-------------------------------------------------------------------------------
464
465 //
466 // Ultralight C Authentication Demo {currently uses hard-coded key}
467 //
468 int CmdHF14AMfucAuth(const char *Cmd){
469
470 uint8_t blockNo = 0, keyNo=0;
471 uint8_t e_RndB[8];
472 uint32_t cuid=0;
473 unsigned char RndARndB[16];
474 uint8_t key[16];
475 DES_cblock RndA, RndB;
476 DES_cblock iv={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
477 DES_key_schedule ks1,ks2;
478 DES_cblock key1,key2;
479
480 if (strlen(Cmd)<1) {
481 PrintAndLog("Usage: hf mfu auth k <key number>");
482 PrintAndLog(" sample: hf mfu auth k 0");
483 return 0;
484 }
485
486 //Change key to user defined one
487 if (strchr(Cmd,'k') != 0){
488 //choose a key
489 keyNo = param_get8(Cmd, 1);
490 switch(keyNo){
491 case 0:
492 memcpy(key,key1_blnk_data,16);
493 break;
494 case 1:
495 memcpy(key,key2_defa_data,16);
496 break;
497 case 2:
498 memcpy(key,key4_nfc_data,16);
499 break;
500 case 3:
501 memcpy(key,key5_ones_data,16);
502 break;
503 default:
504 memcpy(key,key3_3des_data,16);
505 break;
506 }
507 }else{
508 memcpy(key,key3_3des_data,16);
509 }
510 memcpy(key1,key,8);
511 memcpy(key2,key+8,8);
512 DES_set_key((DES_cblock *)key1,&ks1);
513 DES_set_key((DES_cblock *)key2,&ks2);
514
515 //Auth1
516 UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
517 SendCommand(&c);
518 UsbCommand resp;
519 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
520 uint8_t isOK = resp.arg[0] & 0xff;
521 cuid = resp.arg[1];
522 uint8_t * data= resp.d.asBytes;
523
524 if (isOK){
525 PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
526 memcpy(e_RndB,data+1,8);
527 }
528 } else {
529 PrintAndLog("Command execute timeout");
530 }
531
532 //Do crypto magic
533 DES_random_key(&RndA);
534 DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
535 PrintAndLog(" RndB:%s",sprint_hex(RndB, 8));
536 PrintAndLog(" RndA:%s",sprint_hex(RndA, 8));
537 rol(RndB,8);
538 memcpy(RndARndB,RndA,8);
539 memcpy(RndARndB+8,RndB,8);
540 PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16));
541 DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
542 PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
543
544 //Auth2
545 UsbCommand d = {CMD_MIFAREUC_AUTH2, {cuid}};
546 memcpy(d.d.asBytes,RndARndB, 16);
547 SendCommand(&d);
548
549 UsbCommand respb;
550 if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
551 uint8_t isOK = respb.arg[0] & 0xff;
552 uint8_t * data2= respb.d.asBytes;
553
554 if (isOK){
555 PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
556 }
557
558 } else {
559 PrintAndLog("Command execute timeout");
560 }
561 return 1;
562 }
563
564 //
565 // Ultralight C Read Single Block
566 //
567 int CmdHF14AMfUCRdBl(const char *Cmd)
568 {
569
570 uint8_t blockNo = 0;
571
572 if (strlen(Cmd)<1) {
573 PrintAndLog("Usage: hf mfu ucrdbl <block number>");
574 PrintAndLog(" sample: hf mfu ucrdbl 0");
575 return 0;
576 }
577
578 blockNo = param_get8(Cmd, 0);
579 if (blockNo>MAX_ULTRAC_BLOCKS){
580 PrintAndLog("Error: Maximum number of readable blocks is 44 for Ultralight Cards!");
581 return 1;
582 }
583 PrintAndLog("--block no:%02x", (int)blockNo);
584
585 //Read Block
586 UsbCommand e = {CMD_MIFAREU_READBL, {blockNo}};
587 SendCommand(&e);
588 UsbCommand resp_c;
589 if (WaitForResponseTimeout(CMD_ACK,&resp_c,1500)) {
590 uint8_t isOK = resp_c.arg[0] & 0xff;
591 uint8_t * data = resp_c.d.asBytes;
592 if (isOK)
593 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
594 else
595 PrintAndLog("isOk:%02x", isOK);
596 } else {
597 PrintAndLog("Command execute timeout");
598 }
599 return 0;
600 }
601
602 //
603 // Ultralight C Read (or Dump) Card Contents
604 //
605 int CmdHF14AMfUCRdCard(const char *Cmd){
606 int i;
607 uint8_t BlockNo = 0;
608 int Pages=44;
609 uint8_t *lockbytes_t=NULL;
610 uint8_t lockbytes[2]={0,0};
611 uint8_t *lockbytes_t2=NULL;
612 uint8_t lockbytes2[2]={0,0};
613 bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
614 bool bit2[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
615 bool dump=false;
616 uint8_t datatemp[5]={0,0,0,0,0};
617
618 uint8_t isOK = 0;
619 uint8_t * data = NULL;
620 FILE *fout = NULL;
621
622 if (strchr(Cmd,'x') != 0){
623 dump=true;
624 if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) {
625 PrintAndLog("Could not create file name dumpdata.bin");
626 return 1;
627 }
628 PrintAndLog("Dumping Ultralight C Card Data...");
629 }
630 PrintAndLog("Attempting to Read Ultralight C... ");
631 UsbCommand c = {CMD_MIFAREUC_READCARD, {BlockNo, Pages}};
632 SendCommand(&c);
633 UsbCommand resp;
634
635 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
636 isOK = resp.arg[0] & 0xff;
637 data = resp.d.asBytes;
638 //Pages=sizeof(data)/sizeof(data[0]);
639 PrintAndLog("isOk:%02x", isOK);
640 if (isOK)
641 for (i = 0; i < Pages; i++) {
642 switch(i){
643 case 2:
644 //process lock bytes
645 lockbytes_t=data+(i*4);
646 lockbytes[0]=lockbytes_t[2];
647 lockbytes[1]=lockbytes_t[3];
648 for(int j=0; j<16; j++){
649 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
650 }
651 //might as well read bottom lockbytes too
652 lockbytes_t2=data+(40*4);
653 lockbytes2[0]=lockbytes_t2[2];
654 lockbytes2[1]=lockbytes_t2[3];
655 for(int j=0; j<16; j++){
656 bit2[j]=lockbytes2[j/8] & ( 1 <<(7-j%8));
657 }
658 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
659 memcpy(datatemp,data + i * 4,4);
660 if (dump) fwrite ( datatemp, 1, 4, fout );
661 break;
662 case 3:
663 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
664 memcpy(datatemp,data + i * 4,4);
665 if (dump) fwrite ( datatemp, 1, 4, fout );
666 break;
667 case 4:
668 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
669 memcpy(datatemp,data + i * 4,4);
670 if (dump) fwrite ( datatemp, 1, 4, fout );
671 break;
672 case 5:
673 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
674 memcpy(datatemp,data + i * 4,4);
675 if (dump) fwrite ( datatemp, 1, 4, fout );
676 break;
677 case 6:
678 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
679 memcpy(datatemp,data + i * 4,4);
680 if (dump) fwrite ( datatemp, 1, 4, fout );
681 break;
682 case 7:
683 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
684 memcpy(datatemp,data + i * 4,4);
685 if (dump) fwrite ( datatemp, 1, 4, fout );
686 break;
687 case 8:
688 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
689 memcpy(datatemp,data + i * 4,4);
690 if (dump) fwrite ( datatemp, 1, 4, fout );
691 break;
692 case 9:
693 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
694 memcpy(datatemp,data + i * 4,4);
695 if (dump) fwrite ( datatemp, 1, 4, fout );
696 break;
697 case 10:
698 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
699 memcpy(datatemp,data + i * 4,4);
700 if (dump) fwrite ( datatemp, 1, 4, fout );
701 break;
702 case 11:
703 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
704 memcpy(datatemp,data + i * 4,4);
705 if (dump) fwrite ( datatemp, 1, 4, fout );
706 break;
707 case 12:
708 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
709 memcpy(datatemp,data + i * 4,4);
710 if (dump) fwrite ( datatemp, 1, 4, fout );
711 break;
712 case 13:
713 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
714 memcpy(datatemp,data + i * 4,4);
715 if (dump) fwrite ( datatemp, 1, 4, fout );
716 break;
717 case 14:
718 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
719 memcpy(datatemp,data + i * 4,4);
720 if (dump) fwrite ( datatemp, 1, 4, fout );
721 break;
722 case 15:
723 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
724 memcpy(datatemp,data + i * 4,4);
725 if (dump) fwrite ( datatemp, 1, 4, fout );
726 break;
727 case 16:
728 case 17:
729 case 18:
730 case 19:
731 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[6]);
732 memcpy(datatemp,data + i * 4,4);
733 if (dump) fwrite ( datatemp, 1, 4, fout );
734 break;
735 case 20:
736 case 21:
737 case 22:
738 case 23:
739 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[5]);
740 memcpy(datatemp,data + i * 4,4);
741 if (dump) fwrite ( datatemp, 1, 4, fout );
742 break;
743 case 24:
744 case 25:
745 case 26:
746 case 27:
747 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[4]);
748 memcpy(datatemp,data + i * 4,4);
749 if (dump) fwrite ( datatemp, 1, 4, fout );
750 break;
751 case 28:
752 case 29:
753 case 30:
754 case 31:
755 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[2]);
756 memcpy(datatemp,data + i * 4,4);
757 if (dump) fwrite ( datatemp, 1, 4, fout );
758 break;
759 case 32:
760 case 33:
761 case 34:
762 case 35:
763 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[1]);
764 memcpy(datatemp,data + i * 4,4);
765 if (dump) fwrite ( datatemp, 1, 4, fout );
766 break;
767 case 36:
768 case 37:
769 case 38:
770 case 39:
771 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[0]);
772 memcpy(datatemp,data + i * 4,4);
773 if (dump) fwrite ( datatemp, 1, 4, fout );
774 break;
775 case 40:
776 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[12]);
777 memcpy(datatemp,data + i * 4,4);
778 if (dump) fwrite ( datatemp, 1, 4, fout );
779 break;
780 case 41:
781 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[11]);
782 memcpy(datatemp,data + i * 4,4);
783 if (dump) fwrite ( datatemp, 1, 4, fout );
784 break;
785 case 42:
786 //auth0
787 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[10]);
788 memcpy(datatemp,data + i * 4,4);
789 if (dump) fwrite ( datatemp, 1, 4, fout );
790 break;
791 case 43:
792 //auth1
793 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[9]);
794 memcpy(datatemp,data + i * 4,4);
795 if (dump) fwrite ( datatemp, 1, 4, fout );
796 break;
797 default:
798 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
799 memcpy(datatemp,data + i * 4,4);
800 if (dump) fwrite ( datatemp, 1, 4, fout );
801 break;
802 }
803 }
804
805 } else {
806 PrintAndLog("Command1 execute timeout");
807 }
808 if (dump) fclose(fout);
809 return 0;
810 }
811
812 //
813 // Ultralight C Dump Card Contents to file
814 //
815 int CmdHF14AMfUCDump(const char *Cmd){
816 int i;
817 uint8_t BlockNo = 0;
818 int Pages=44;
819 uint8_t *lockbytes_t=NULL;
820 uint8_t lockbytes[2]={0,0};
821 uint8_t *lockbytes_t2=NULL;
822 uint8_t lockbytes2[2]={0,0};
823 bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
824 bool bit2[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
825 bool dump=false;
826 uint8_t datatemp[5]={0,0,0,0,0};
827
828 uint8_t isOK = 0;
829 uint8_t * data = NULL;
830 FILE *fout;
831
832 dump=true;
833 if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) {
834 PrintAndLog("Could not create file name dumpdata.bin");
835 return 1;
836 }
837 PrintAndLog("Dumping Ultralight C Card Data...");
838 PrintAndLog("Attempting to Read Ultralight C... ");
839 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}};
840 SendCommand(&c);
841 UsbCommand resp;
842
843 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
844 isOK = resp.arg[0] & 0xff;
845 data = resp.d.asBytes;
846 PrintAndLog("isOk:%02x", isOK);
847 if (isOK)
848 for (i = 0; i < Pages; i++) {
849 switch(i){
850 case 2:
851 //process lock bytes
852 lockbytes_t=data+(i*4);
853 lockbytes[0]=lockbytes_t[2];
854 lockbytes[1]=lockbytes_t[3];
855 for(int j=0; j<16; j++){
856 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
857
858 }
859 //might as well read bottom lockbytes too
860 lockbytes_t2=data+(40*4);
861 lockbytes2[0]=lockbytes_t2[2];
862 lockbytes2[1]=lockbytes_t2[3];
863 for(int j=0; j<16; j++){
864 bit2[j]=lockbytes2[j/8] & ( 1 <<(7-j%8));
865 }
866
867 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
868 memcpy(datatemp,data + i * 4,4);
869 if (dump) fwrite ( datatemp, 1, 4, fout );
870 break;
871 case 3:
872 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
873 memcpy(datatemp,data + i * 4,4);
874 if (dump) fwrite ( datatemp, 1, 4, fout );
875 break;
876 case 4:
877 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
878 memcpy(datatemp,data + i * 4,4);
879 if (dump) fwrite ( datatemp, 1, 4, fout );
880 break;
881 case 5:
882 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
883 memcpy(datatemp,data + i * 4,4);
884 if (dump) fwrite ( datatemp, 1, 4, fout );
885 break;
886 case 6:
887 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
888 memcpy(datatemp,data + i * 4,4);
889 if (dump) fwrite ( datatemp, 1, 4, fout );
890 break;
891 case 7:
892 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
893 memcpy(datatemp,data + i * 4,4);
894 if (dump) fwrite ( datatemp, 1, 4, fout );
895 break;
896 case 8:
897 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
898 memcpy(datatemp,data + i * 4,4);
899 if (dump) fwrite ( datatemp, 1, 4, fout );
900 break;
901 case 9:
902 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
903 memcpy(datatemp,data + i * 4,4);
904 if (dump) fwrite ( datatemp, 1, 4, fout );
905 break;
906 case 10:
907 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
908 memcpy(datatemp,data + i * 4,4);
909 if (dump) fwrite ( datatemp, 1, 4, fout );
910 break;
911 case 11:
912 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
913 memcpy(datatemp,data + i * 4,4);
914 if (dump) fwrite ( datatemp, 1, 4, fout );
915 break;
916 case 12:
917 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
918 memcpy(datatemp,data + i * 4,4);
919 if (dump) fwrite ( datatemp, 1, 4, fout );
920 break;
921 case 13:
922 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
923 memcpy(datatemp,data + i * 4,4);
924 if (dump) fwrite ( datatemp, 1, 4, fout );
925 break;
926 case 14:
927 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
928 memcpy(datatemp,data + i * 4,4);
929 if (dump) fwrite ( datatemp, 1, 4, fout );
930 break;
931 case 15:
932 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
933 memcpy(datatemp,data + i * 4,4);
934 if (dump) fwrite ( datatemp, 1, 4, fout );
935 break;
936 case 16:
937 case 17:
938 case 18:
939 case 19:
940 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[6]);
941 memcpy(datatemp,data + i * 4,4);
942 if (dump) fwrite ( datatemp, 1, 4, fout );
943 break;
944 case 20:
945 case 21:
946 case 22:
947 case 23:
948 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[5]);
949 memcpy(datatemp,data + i * 4,4);
950 if (dump) fwrite ( datatemp, 1, 4, fout );
951 break;
952 case 24:
953 case 25:
954 case 26:
955 case 27:
956 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[4]);
957 memcpy(datatemp,data + i * 4,4);
958 if (dump) fwrite ( datatemp, 1, 4, fout );
959 break;
960 case 28:
961 case 29:
962 case 30:
963 case 31:
964 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[2]);
965 memcpy(datatemp,data + i * 4,4);
966 if (dump) fwrite ( datatemp, 1, 4, fout );
967 break;
968 case 32:
969 case 33:
970 case 34:
971 case 35:
972 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[1]);
973 memcpy(datatemp,data + i * 4,4);
974 if (dump) fwrite ( datatemp, 1, 4, fout );
975 break;
976 case 36:
977 case 37:
978 case 38:
979 case 39:
980 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[0]);
981 memcpy(datatemp,data + i * 4,4);
982 if (dump) fwrite ( datatemp, 1, 4, fout );
983 break;
984 case 40:
985 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[12]);
986 memcpy(datatemp,data + i * 4,4);
987 if (dump) fwrite ( datatemp, 1, 4, fout );
988 break;
989 case 41:
990 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[11]);
991 memcpy(datatemp,data + i * 4,4);
992 if (dump) fwrite ( datatemp, 1, 4, fout );
993 break;
994 case 42:
995 //auth0
996 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[10]);
997 memcpy(datatemp,data + i * 4,4);
998 if (dump) fwrite ( datatemp, 1, 4, fout );
999 break;
1000 case 43:
1001 //auth1
1002 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[9]);
1003 memcpy(datatemp,data + i * 4,4);
1004 if (dump) fwrite ( datatemp, 1, 4, fout );
1005 break;
1006 default:
1007 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
1008 memcpy(datatemp,data + i * 4,4);
1009 if (dump) fwrite ( datatemp, 1, 4, fout );
1010 break;
1011 }
1012 }
1013
1014 } else {
1015 PrintAndLog("Command1 execute timeout");
1016 }
1017 if (dump) fclose(fout);
1018 return 0;
1019 }
1020
1021 //
1022 // Mifare Ultralight C Write Single Block
1023 //
1024 int CmdHF14AMfUCWrBl(const char *Cmd){
1025
1026 uint8_t blockNo = 0;
1027 bool chinese_card=0;
1028 uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1029 UsbCommand resp;
1030
1031 if (strlen(Cmd)<3) {
1032 PrintAndLog("Usage: hf mfu ucwrbl <block number> <block data (8 hex symbols)> [w]");
1033 PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
1034 return 0;
1035 }
1036 blockNo = param_get8(Cmd, 0);
1037 if (blockNo>(MAX_ULTRAC_BLOCKS+4)){
1038 PrintAndLog("Error: Maximum number of blocks is 47 for Ultralight Cards!");
1039 return 1;
1040 }
1041 if (param_gethex(Cmd, 1, bldata, 8)) {
1042 PrintAndLog("Block data must include 8 HEX symbols");
1043 return 1;
1044 }
1045 if (strchr(Cmd,'w') != 0) {
1046 chinese_card=1;
1047 }
1048 switch(blockNo){
1049 case 0:
1050 if (!chinese_card){
1051 PrintAndLog("Access Denied");
1052 }else{
1053 PrintAndLog("--specialblock no:%02x", blockNo);
1054 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1055 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1056 memcpy(d.d.asBytes,bldata, 4);
1057 SendCommand(&d);
1058 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1059 uint8_t isOK = resp.arg[0] & 0xff;
1060 PrintAndLog("isOk:%02x", isOK);
1061 } else {
1062 PrintAndLog("Command execute timeout");
1063 }
1064 }
1065 break;
1066 case 1:
1067 if (!chinese_card){
1068 PrintAndLog("Access Denied");
1069 }else{
1070 PrintAndLog("--specialblock no:%02x", blockNo);
1071 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1072 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1073 memcpy(d.d.asBytes,bldata, 4);
1074 SendCommand(&d);
1075 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1076 uint8_t isOK = resp.arg[0] & 0xff;
1077 PrintAndLog("isOk:%02x", isOK);
1078 } else {
1079 PrintAndLog("Command execute timeout");
1080 }
1081 }
1082 break;
1083 case 2:
1084 if (!chinese_card){
1085 PrintAndLog("Access Denied");
1086 }else{
1087 PrintAndLog("--specialblock no:%02x", blockNo);
1088 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1089 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
1090 memcpy(c.d.asBytes, bldata, 4);
1091 SendCommand(&c);
1092 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1093 uint8_t isOK = resp.arg[0] & 0xff;
1094 PrintAndLog("isOk:%02x", isOK);
1095 } else {
1096 PrintAndLog("Command execute timeout");
1097 }
1098 }
1099 break;
1100 case 3:
1101 PrintAndLog("--specialblock no:%02x", blockNo);
1102 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1103 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1104 memcpy(d.d.asBytes,bldata, 4);
1105 SendCommand(&d);
1106 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1107 uint8_t isOK = resp.arg[0] & 0xff;
1108 PrintAndLog("isOk:%02x", isOK);
1109 } else {
1110 PrintAndLog("Command execute timeout");
1111 }
1112 break;
1113 default:
1114 PrintAndLog("--block no:%02x", blockNo);
1115 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1116 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
1117 memcpy(e.d.asBytes,bldata, 4);
1118 SendCommand(&e);
1119 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1120 uint8_t isOK = resp.arg[0] & 0xff;
1121 PrintAndLog("isOk:%02x", isOK);
1122 } else {
1123 PrintAndLog("Command execute timeout");
1124 }
1125 break;
1126 }
1127 return 0;
1128 }
1129
1130 //------------------------------------
1131 // Menu Stuff
1132 //------------------------------------
1133 static command_t CommandTable[] =
1134 {
1135 {"help", CmdHelp, 1,"This help"},
1136 {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"},
1137 {"urdbl", CmdHF14AMfURdBl, 0,"Read MIFARE Ultralight block"},
1138 {"urdcard", CmdHF14AMfURdCard, 0,"Read MIFARE Ultralight Card"},
1139 {"udump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight tag to binary file"},
1140 {"uwrbl", CmdHF14AMfUWrBl, 0,"Write MIFARE Ultralight block"},
1141 {"ucrdbl", CmdHF14AMfUCRdBl, 0,"Read MIFARE Ultralight C block"},
1142 {"ucrdcard",CmdHF14AMfUCRdCard, 0,"Read MIFARE Ultralight C Card"},
1143 {"ucdump", CmdHF14AMfUCDump, 0,"Dump MIFARE Ultralight C tag to binary file"},
1144 {"ucwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"},
1145 {"auth", CmdHF14AMfucAuth, 0,"Ultralight C Authentication"},
1146 {NULL, NULL, 0, NULL}
1147 };
1148
1149 int CmdHFMFUltra(const char *Cmd){
1150 // flush
1151 WaitForResponseTimeout(CMD_ACK,NULL,100);
1152 CmdsParse(CommandTable, Cmd);
1153 return 0;
1154 }
1155
1156 int CmdHelp(const char *Cmd){
1157 CmdsHelp(CommandTable);
1158 return 0;
1159 }
Proxmark3 GIT tracking
Impressum, Datenschutz