]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhfmfu.c
e9a12083ec3a39fa0f666c9a7371ebc976e1b1dc
[proxmark3-svn] / client / cmdhfmfu.c
1 //-----------------------------------------------------------------------------
2 // Ultralight Code (c) 2013,2014 Midnitesnake & Andy Davies of Pentura
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency MIFARE ULTRALIGHT (C) commands
9 //-----------------------------------------------------------------------------
10 #include <openssl/des.h>
11 #include "cmdhfmf.h"
12
13 uint8_t MAX_ULTRA_BLOCKS= 0x0f;
14 uint8_t MAX_ULTRAC_BLOCKS= 0x2c;
15 uint8_t key1_blnk_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
16 uint8_t key2_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
17 uint8_t key3_3des_data[16] = { 0x49,0x45,0x4D,0x4B,0x41,0x45,0x52,0x42,0x21,0x4E,0x41,0x43,0x55,0x4F,0x59,0x46 };
18 uint8_t key4_nfc_data[16] = { 0x42,0x52,0x45,0x41,0x4b,0x4d,0x45,0x49,0x46,0x59,0x4f,0x55,0x43,0x41,0x4e,0x21 };
19 uint8_t key5_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
20
21 static int CmdHelp(const char *Cmd);
22
23 int CmdHF14AMfUInfo(const char *Cmd){
24
25 uint8_t datatemp[7] = {0x00};
26 uint8_t isOK = 0;
27 uint8_t *data = NULL;
28
29 UsbCommand c = {CMD_MIFAREU_READCARD, {0, 4}};
30 SendCommand(&c);
31 UsbCommand resp;
32
33 if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
34 isOK = resp.arg[0] & 0xff;
35 data = resp.d.asBytes;
36
37 if (!isOK) {
38 PrintAndLog("Error reading from tag");
39 return -1;
40 }
41 } else {
42 PrintAndLog("Command execute timed out");
43 return -1;
44 }
45
46 // UID
47 memcpy( datatemp, data,3);
48 memcpy( datatemp+3, data+4, 4);
49 PrintAndLog(" UID :%s ", sprint_hex(datatemp, 7));
50 // BBC
51 // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2
52 int crc0 = 0x88 ^ data[0] ^ data[1] ^data[2];
53 if ( data[3] == crc0 )
54 PrintAndLog(" BCC0 :%02x - Ok", data[3]);
55 else
56 PrintAndLog(" BCC0 :%02x - crc should be %02x", data[3], crc0);
57
58 int crc1 = data[4] ^ data[5] ^ data[6] ^data[7];
59 if ( data[8] == crc1 )
60 PrintAndLog(" BCC1 :%02x - Ok", data[8]);
61 else
62 PrintAndLog(" BCC1 :%02x - crc should be %02x", data[8], crc1 );
63
64 PrintAndLog(" Internal :%s ", sprint_hex(data + 9, 1));
65
66 memcpy(datatemp, data+10, 2);
67 PrintAndLog(" Lock :%s - %s", sprint_hex(datatemp, 2),printBits( 2, &datatemp) );
68 PrintAndLog(" OneTimePad :%s ", sprint_hex(data + 3*4, 4));
69 PrintAndLog("");
70
71 return 0;
72 }
73
74 //
75 // Mifare Ultralight Write Single Block
76 //
77 int CmdHF14AMfUWrBl(const char *Cmd){
78 uint8_t blockNo = 0;
79 bool chinese_card = 0;
80 uint8_t bldata[16] = {0x00};
81 UsbCommand resp;
82
83 if (strlen(Cmd)<3) {
84 PrintAndLog("Usage: hf mfu uwrbl <block number> <block data (8 hex symbols)> [w]");
85 PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
86 return 0;
87 }
88 blockNo = param_get8(Cmd, 0);
89 if (blockNo>MAX_ULTRA_BLOCKS){
90 PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
91 return 1;
92 }
93 if (param_gethex(Cmd, 1, bldata, 8)) {
94 PrintAndLog("Block data must include 8 HEX symbols");
95 return 1;
96 }
97 if (strchr(Cmd,'w') != 0) {
98 chinese_card=1;
99 }
100 switch(blockNo){
101 case 0:
102 if (!chinese_card){
103 PrintAndLog("Access Denied");
104 }else{
105 PrintAndLog("--specialblock no:%02x", blockNo);
106 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
107 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
108 memcpy(d.d.asBytes,bldata, 4);
109 SendCommand(&d);
110 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
111 uint8_t isOK = resp.arg[0] & 0xff;
112 PrintAndLog("isOk:%02x", isOK);
113 } else {
114 PrintAndLog("Command execute timeout");
115 }
116 }
117 break;
118 case 1:
119 if (!chinese_card){
120 PrintAndLog("Access Denied");
121 }else{
122 PrintAndLog("--specialblock no:%02x", blockNo);
123 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
124 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
125 memcpy(d.d.asBytes,bldata, 4);
126 SendCommand(&d);
127 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
128 uint8_t isOK = resp.arg[0] & 0xff;
129 PrintAndLog("isOk:%02x", isOK);
130 } else {
131 PrintAndLog("Command execute timeout");
132 }
133 }
134 break;
135 case 2:
136 if (!chinese_card){
137 PrintAndLog("Access Denied");
138 }else{
139 PrintAndLog("--specialblock no:%02x", blockNo);
140 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
141 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
142 memcpy(c.d.asBytes, bldata, 4);
143 SendCommand(&c);
144 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
145 uint8_t isOK = resp.arg[0] & 0xff;
146 PrintAndLog("isOk:%02x", isOK);
147 } else {
148 PrintAndLog("Command execute timeout");
149 }
150 }
151 break;
152 case 3:
153 PrintAndLog("--specialblock no:%02x", blockNo);
154 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
155 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
156 memcpy(d.d.asBytes,bldata, 4);
157 SendCommand(&d);
158 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
159 uint8_t isOK = resp.arg[0] & 0xff;
160 PrintAndLog("isOk:%02x", isOK);
161 } else {
162 PrintAndLog("Command execute timeout");
163 }
164 break;
165 default:
166 PrintAndLog("--block no:%02x", blockNo);
167 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
168 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
169 memcpy(e.d.asBytes,bldata, 4);
170 SendCommand(&e);
171 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
172 uint8_t isOK = resp.arg[0] & 0xff;
173 PrintAndLog("isOk:%02x", isOK);
174 } else {
175 PrintAndLog("Command execute timeout");
176 }
177 break;
178 }
179 return 0;
180 }
181
182 //
183 // Mifare Ultralight Read Single Block
184 //
185 int CmdHF14AMfURdBl(const char *Cmd){
186
187 uint8_t blockNo = 0;
188
189 if (strlen(Cmd)<1) {
190 PrintAndLog("Usage: hf mfu urdbl <block number>");
191 PrintAndLog(" sample: hfu mfu urdbl 0");
192 return 0;
193 }
194
195 blockNo = param_get8(Cmd, 0);
196 // if (blockNo>MAX_ULTRA_BLOCKS){
197 // PrintAndLog("Error: Maximum number of blocks is 15 for Ultralight Cards!");
198 // return 1;
199 // }
200 PrintAndLog("--block no:%02x", (int)blockNo);
201 UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}};
202 SendCommand(&c);
203
204 UsbCommand resp;
205 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
206 uint8_t isOK = resp.arg[0] & 0xff;
207 uint8_t * data = resp.d.asBytes;
208
209 if (isOK)
210 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
211 else
212 PrintAndLog("isOk:%02x", isOK);
213 }
214 else {
215 PrintAndLog("Command execute timeout");
216 }
217 return 0;
218 }
219
220 //
221 // Mifare Ultralight Read (Dump) Card Contents
222 //
223 int CmdHF14AMfURdCard(const char *Cmd){
224 int i;
225 uint8_t BlockNo = 0;
226 int pages = 16;
227 uint8_t *lockbytes_t = NULL;
228 uint8_t lockbytes[2] = {0x00};
229 bool bit[16] = {0x00};
230 bool dump = false;
231 uint8_t datatemp[7] = {0x00};
232 uint8_t isOK = 0;
233 uint8_t * data = NULL;
234 FILE *fout = NULL;
235
236 if (strchr(Cmd,'x') != 0){
237 dump = true;
238 if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) {
239 PrintAndLog("Could not create file name dumpdata.bin");
240 return 1;
241 }
242 PrintAndLog("Dumping Ultralight Card Data...");
243 }
244 PrintAndLog("Attempting to Read Ultralight... ");
245 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo, pages}};
246 SendCommand(&c);
247 UsbCommand resp;
248
249 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
250 isOK = resp.arg[0] & 0xff;
251 data = resp.d.asBytes;
252 PrintAndLog("isOk:%02x", isOK);
253 if (isOK) {
254
255 for (i = 0; i < pages; i++) {
256 switch(i){
257 case 2:
258 //process lock bytes
259 lockbytes_t=data+(i*4);
260 lockbytes[0]=lockbytes_t[2];
261 lockbytes[1]=lockbytes_t[3];
262 for(int j=0; j<16; j++){
263 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
264 }
265 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
266 memcpy(datatemp,data + i * 4,4);
267 if (dump) fwrite ( datatemp, 1, 4, fout );
268 break;
269 case 3:
270 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
271 memcpy(datatemp,data + i * 4,4);
272 if (dump) fwrite ( datatemp, 1, 4, fout );
273 break;
274 case 4:
275 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
276 memcpy(datatemp,data + i * 4,4);
277 if (dump) fwrite ( datatemp, 1, 4, fout );
278 break;
279 case 5:
280 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
281 memcpy(datatemp,data + i * 4,4);
282 if (dump) fwrite ( datatemp, 1, 4, fout );
283 break;
284 case 6:
285 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
286 memcpy(datatemp,data + i * 4,4);
287 if (dump) fwrite ( datatemp, 1, 4, fout );
288 break;
289 case 7:
290 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
291 memcpy(datatemp,data + i * 4,4);
292 if (dump) fwrite ( datatemp, 1, 4, fout );
293 break;
294 case 8:
295 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
296 memcpy(datatemp,data + i * 4,4);
297 if (dump) fwrite ( datatemp, 1, 4, fout );
298 break;
299 case 9:
300 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
301 memcpy(datatemp,data + i * 4,4);
302 if (dump) fwrite ( datatemp, 1, 4, fout );
303 break;
304 case 10:
305 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
306 memcpy(datatemp,data + i * 4,4);
307 if (dump) fwrite ( datatemp, 1, 4, fout );
308 break;
309 case 11:
310 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
311 memcpy(datatemp,data + i * 4,4);
312 if (dump) fwrite ( datatemp, 1, 4, fout );
313 break;
314 case 12:
315 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
316 memcpy(datatemp,data + i * 4,4);
317 if (dump) fwrite ( datatemp, 1, 4, fout );
318 break;
319 case 13:
320 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
321 memcpy(datatemp,data + i * 4,4);
322 if (dump) fwrite ( datatemp, 1, 4, fout );
323 break;
324 case 14:
325 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
326 memcpy(datatemp,data + i * 4,4);
327 if (dump) fwrite ( datatemp, 1, 4, fout );
328 break;
329 case 15:
330 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
331 memcpy(datatemp,data + i * 4,4);
332 if (dump) fwrite ( datatemp, 1, 4, fout );
333 break;
334 default:
335 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
336 memcpy(datatemp,data + i * 4,4);
337 if (dump) fwrite ( datatemp, 1, 4, fout );
338 break;
339 }
340 }
341 }
342 } else {
343 PrintAndLog("Command execute timeout");
344 }
345 if (dump) fclose(fout);
346 return 0;
347 }
348
349 int CmdHF14AMfUDump(const char *Cmd){
350 int i;
351 uint8_t BlockNo = 0;
352 int Pages = 16;
353 uint8_t *lockbytes_t = NULL;
354 uint8_t lockbytes[2] = {0x00};
355 bool bit[16] = {0x00};
356 uint8_t datatemp[5] = {0x00};
357 bool dump = true;
358 uint8_t isOK = 0;
359 uint8_t * data = NULL;
360 FILE *fout;
361
362 if ((fout = fopen("dump_ultralight_data.bin","wb")) == NULL) {
363 PrintAndLog("Could not create file name dumpdata.bin");
364 return 1;
365 }
366 PrintAndLog("Dumping Ultralight Card Data...");
367
368 PrintAndLog("Attempting to Read Ultralight... ");
369 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}};
370 SendCommand(&c);
371 UsbCommand resp;
372
373 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
374 isOK = resp.arg[0] & 0xff;
375 data = resp.d.asBytes;
376 PrintAndLog("isOk:%02x", isOK);
377 if (isOK)
378 for (i = 0; i < Pages; i++) {
379 switch(i){
380 case 2:
381 //process lock bytes
382 lockbytes_t=data+(i*4);
383 lockbytes[0]=lockbytes_t[2];
384 lockbytes[1]=lockbytes_t[3];
385 for(int j=0; j<16; j++){
386 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
387 }
388 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
389 memcpy(datatemp,data + i * 4,4);
390 if (dump) fwrite ( datatemp, 1, 4, fout );
391 break;
392 case 3:
393 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
394 memcpy(datatemp,data + i * 4,4);
395 if (dump) fwrite ( datatemp, 1, 4, fout );
396 break;
397 case 4:
398 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
399 memcpy(datatemp,data + i * 4,4);
400 if (dump) fwrite ( datatemp, 1, 4, fout );
401 break;
402 case 5:
403 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
404 memcpy(datatemp,data + i * 4,4);
405 if (dump) fwrite ( datatemp, 1, 4, fout );
406 break;
407 case 6:
408 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
409 memcpy(datatemp,data + i * 4,4);
410 if (dump) fwrite ( datatemp, 1, 4, fout );
411 break;
412 case 7:
413 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
414 memcpy(datatemp,data + i * 4,4);
415 if (dump) fwrite ( datatemp, 1, 4, fout );
416 break;
417 case 8:
418 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
419 memcpy(datatemp,data + i * 4,4);
420 if (dump) fwrite ( datatemp, 1, 4, fout );
421 break;
422 case 9:
423 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
424 memcpy(datatemp,data + i * 4,4);
425 if (dump) fwrite ( datatemp, 1, 4, fout );
426 break;
427 case 10:
428 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
429 memcpy(datatemp,data + i * 4,4);
430 if (dump) fwrite ( datatemp, 1, 4, fout );
431 break;
432 case 11:
433 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
434 memcpy(datatemp,data + i * 4,4);
435 if (dump) fwrite ( datatemp, 1, 4, fout );
436 break;
437 case 12:
438 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
439 memcpy(datatemp,data + i * 4,4);
440 if (dump) fwrite ( datatemp, 1, 4, fout );
441 break;
442 case 13:
443 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
444 memcpy(datatemp,data + i * 4,4);
445 if (dump) fwrite ( datatemp, 1, 4, fout );
446 break;
447 case 14:
448 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
449 memcpy(datatemp,data + i * 4,4);
450 if (dump) fwrite ( datatemp, 1, 4, fout );
451 break;
452 case 15:
453 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
454 memcpy(datatemp,data + i * 4,4);
455 if (dump) fwrite ( datatemp, 1, 4, fout );
456 break;
457 default:
458 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
459 memcpy(datatemp,data + i * 4,4);
460 if (dump) fwrite ( datatemp, 1, 4, fout );
461 break;
462 }
463 }
464 } else {
465 PrintAndLog("Command1 execute timeout");
466 }
467 if (dump) fclose(fout);
468 return 0;
469 }
470
471 // Needed to Authenticate to Ultralight C tags
472 void rol (uint8_t *data, const size_t len){
473 uint8_t first = data[0];
474 for (size_t i = 0; i < len-1; i++) {
475 data[i] = data[i+1];
476 }
477 data[len-1] = first;
478 }
479
480 //-------------------------------------------------------------------------------
481 // Ultralight C Methods
482 //-------------------------------------------------------------------------------
483
484 //
485 // Ultralight C Authentication Demo {currently uses hard-coded key}
486 //
487 int CmdHF14AMfucAuth(const char *Cmd){
488
489 uint8_t blockNo = 0, keyNo=0;
490 uint8_t e_RndB[8] = {0x00};
491 uint32_t cuid=0;
492 unsigned char RndARndB[16] = {0x00};
493 uint8_t key[16] = {0x00};
494 DES_cblock RndA, RndB;
495 DES_cblock iv;
496 DES_key_schedule ks1,ks2;
497 DES_cblock key1,key2;
498
499 //
500 memset(iv, 0, 8);
501
502 if (strlen(Cmd)<1) {
503 PrintAndLog("Usage: hf mfu auth k <key number>");
504 PrintAndLog(" sample: hf mfu auth k 0");
505 return 0;
506 }
507
508 //Change key to user defined one
509 if (strchr(Cmd,'k') != 0){
510 //choose a key
511 keyNo = param_get8(Cmd, 1);
512 switch(keyNo){
513 case 0:
514 memcpy(key,key1_blnk_data,16);
515 break;
516 case 1:
517 memcpy(key,key2_defa_data,16);
518 break;
519 case 2:
520 memcpy(key,key4_nfc_data,16);
521 break;
522 case 3:
523 memcpy(key,key5_ones_data,16);
524 break;
525 default:
526 memcpy(key,key3_3des_data,16);
527 break;
528 }
529 }else{
530 memcpy(key,key3_3des_data,16);
531 }
532 memcpy(key1,key,8);
533 memcpy(key2,key+8,8);
534 DES_set_key((DES_cblock *)key1,&ks1);
535 DES_set_key((DES_cblock *)key2,&ks2);
536
537 //Auth1
538 UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
539 SendCommand(&c);
540 UsbCommand resp;
541 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
542 uint8_t isOK = resp.arg[0] & 0xff;
543 cuid = resp.arg[1];
544 uint8_t * data= resp.d.asBytes;
545
546 if (isOK){
547 PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
548 memcpy(e_RndB,data+1,8);
549 }
550 } else {
551 PrintAndLog("Command execute timeout");
552 }
553
554 //Do crypto magic
555 DES_random_key(&RndA);
556 DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
557 PrintAndLog(" RndB:%s",sprint_hex(RndB, 8));
558 PrintAndLog(" RndA:%s",sprint_hex(RndA, 8));
559 rol(RndB,8);
560 memcpy(RndARndB,RndA,8);
561 memcpy(RndARndB+8,RndB,8);
562 PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16));
563 DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
564 PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
565
566 //Auth2
567 UsbCommand d = {CMD_MIFAREUC_AUTH2, {cuid}};
568 memcpy(d.d.asBytes,RndARndB, 16);
569 SendCommand(&d);
570
571 UsbCommand respb;
572 if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
573 uint8_t isOK = respb.arg[0] & 0xff;
574 uint8_t * data2= respb.d.asBytes;
575
576 if (isOK){
577 PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
578 }
579
580 } else {
581 PrintAndLog("Command execute timeout");
582 }
583 return 1;
584 }
585
586 //
587 // Ultralight C Read Single Block
588 //
589 int CmdHF14AMfUCRdBl(const char *Cmd)
590 {
591 uint8_t blockNo = 0;
592
593 if (strlen(Cmd)<1) {
594 PrintAndLog("Usage: hf mfu ucrdbl <block number>");
595 PrintAndLog(" sample: hf mfu ucrdbl 0");
596 return 0;
597 }
598
599 blockNo = param_get8(Cmd, 0);
600 if (blockNo>MAX_ULTRAC_BLOCKS){
601 PrintAndLog("Error: Maximum number of readable blocks is 44 for Ultralight Cards!");
602 return 1;
603 }
604 PrintAndLog("--block no:%02x", (int)blockNo);
605
606 //Read Block
607 UsbCommand e = {CMD_MIFAREU_READBL, {blockNo}};
608 SendCommand(&e);
609 UsbCommand resp_c;
610 if (WaitForResponseTimeout(CMD_ACK,&resp_c,1500)) {
611 uint8_t isOK = resp_c.arg[0] & 0xff;
612 uint8_t * data = resp_c.d.asBytes;
613 if (isOK)
614 PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));
615 else
616 PrintAndLog("isOk:%02x", isOK);
617 } else {
618 PrintAndLog("Command execute timeout");
619 }
620 return 0;
621 }
622
623 //
624 // Ultralight C Read (or Dump) Card Contents
625 //
626 int CmdHF14AMfUCRdCard(const char *Cmd){
627 int i;
628 uint8_t BlockNo = 0;
629 int Pages=44;
630 uint8_t *lockbytes_t=NULL;
631 uint8_t lockbytes[2]={0x00};
632 uint8_t *lockbytes_t2=NULL;
633 uint8_t lockbytes2[2]={0x00};
634 bool bit[16]={0x00};
635 bool bit2[16]={0x00};
636 bool dump=false;
637 uint8_t datatemp[5]={0x00};
638 uint8_t isOK = 0;
639 uint8_t * data = NULL;
640 FILE *fout = NULL;
641
642 if (strchr(Cmd,'x') != 0){
643 dump=true;
644 if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) {
645 PrintAndLog("Could not create file name dumpdata.bin");
646 return 1;
647 }
648 PrintAndLog("Dumping Ultralight C Card Data...");
649 }
650 PrintAndLog("Attempting to Read Ultralight C... ");
651 UsbCommand c = {CMD_MIFAREUC_READCARD, {BlockNo, Pages}};
652 SendCommand(&c);
653 UsbCommand resp;
654
655 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
656 isOK = resp.arg[0] & 0xff;
657 data = resp.d.asBytes;
658
659 PrintAndLog("isOk:%02x", isOK);
660 if (isOK)
661 for (i = 0; i < Pages; i++) {
662 switch(i){
663 case 2:
664 //process lock bytes
665 lockbytes_t=data+(i*4);
666 lockbytes[0]=lockbytes_t[2];
667 lockbytes[1]=lockbytes_t[3];
668 for(int j=0; j<16; j++){
669 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
670 }
671 //might as well read bottom lockbytes too
672 lockbytes_t2=data+(40*4);
673 lockbytes2[0]=lockbytes_t2[2];
674 lockbytes2[1]=lockbytes_t2[3];
675 for(int j=0; j<16; j++){
676 bit2[j]=lockbytes2[j/8] & ( 1 <<(7-j%8));
677 }
678 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
679 memcpy(datatemp,data + i * 4,4);
680 if (dump) fwrite ( datatemp, 1, 4, fout );
681 break;
682 case 3:
683 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
684 memcpy(datatemp,data + i * 4,4);
685 if (dump) fwrite ( datatemp, 1, 4, fout );
686 break;
687 case 4:
688 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
689 memcpy(datatemp,data + i * 4,4);
690 if (dump) fwrite ( datatemp, 1, 4, fout );
691 break;
692 case 5:
693 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
694 memcpy(datatemp,data + i * 4,4);
695 if (dump) fwrite ( datatemp, 1, 4, fout );
696 break;
697 case 6:
698 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
699 memcpy(datatemp,data + i * 4,4);
700 if (dump) fwrite ( datatemp, 1, 4, fout );
701 break;
702 case 7:
703 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
704 memcpy(datatemp,data + i * 4,4);
705 if (dump) fwrite ( datatemp, 1, 4, fout );
706 break;
707 case 8:
708 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
709 memcpy(datatemp,data + i * 4,4);
710 if (dump) fwrite ( datatemp, 1, 4, fout );
711 break;
712 case 9:
713 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
714 memcpy(datatemp,data + i * 4,4);
715 if (dump) fwrite ( datatemp, 1, 4, fout );
716 break;
717 case 10:
718 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
719 memcpy(datatemp,data + i * 4,4);
720 if (dump) fwrite ( datatemp, 1, 4, fout );
721 break;
722 case 11:
723 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
724 memcpy(datatemp,data + i * 4,4);
725 if (dump) fwrite ( datatemp, 1, 4, fout );
726 break;
727 case 12:
728 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
729 memcpy(datatemp,data + i * 4,4);
730 if (dump) fwrite ( datatemp, 1, 4, fout );
731 break;
732 case 13:
733 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
734 memcpy(datatemp,data + i * 4,4);
735 if (dump) fwrite ( datatemp, 1, 4, fout );
736 break;
737 case 14:
738 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
739 memcpy(datatemp,data + i * 4,4);
740 if (dump) fwrite ( datatemp, 1, 4, fout );
741 break;
742 case 15:
743 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
744 memcpy(datatemp,data + i * 4,4);
745 if (dump) fwrite ( datatemp, 1, 4, fout );
746 break;
747 case 16:
748 case 17:
749 case 18:
750 case 19:
751 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[6]);
752 memcpy(datatemp,data + i * 4,4);
753 if (dump) fwrite ( datatemp, 1, 4, fout );
754 break;
755 case 20:
756 case 21:
757 case 22:
758 case 23:
759 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[5]);
760 memcpy(datatemp,data + i * 4,4);
761 if (dump) fwrite ( datatemp, 1, 4, fout );
762 break;
763 case 24:
764 case 25:
765 case 26:
766 case 27:
767 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[4]);
768 memcpy(datatemp,data + i * 4,4);
769 if (dump) fwrite ( datatemp, 1, 4, fout );
770 break;
771 case 28:
772 case 29:
773 case 30:
774 case 31:
775 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[2]);
776 memcpy(datatemp,data + i * 4,4);
777 if (dump) fwrite ( datatemp, 1, 4, fout );
778 break;
779 case 32:
780 case 33:
781 case 34:
782 case 35:
783 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[1]);
784 memcpy(datatemp,data + i * 4,4);
785 if (dump) fwrite ( datatemp, 1, 4, fout );
786 break;
787 case 36:
788 case 37:
789 case 38:
790 case 39:
791 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[0]);
792 memcpy(datatemp,data + i * 4,4);
793 if (dump) fwrite ( datatemp, 1, 4, fout );
794 break;
795 case 40:
796 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[12]);
797 memcpy(datatemp,data + i * 4,4);
798 if (dump) fwrite ( datatemp, 1, 4, fout );
799 break;
800 case 41:
801 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[11]);
802 memcpy(datatemp,data + i * 4,4);
803 if (dump) fwrite ( datatemp, 1, 4, fout );
804 break;
805 case 42:
806 //auth0
807 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[10]);
808 memcpy(datatemp,data + i * 4,4);
809 if (dump) fwrite ( datatemp, 1, 4, fout );
810 break;
811 case 43:
812 //auth1
813 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[9]);
814 memcpy(datatemp,data + i * 4,4);
815 if (dump) fwrite ( datatemp, 1, 4, fout );
816 break;
817 default:
818 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
819 memcpy(datatemp,data + i * 4,4);
820 if (dump) fwrite ( datatemp, 1, 4, fout );
821 break;
822 }
823 }
824
825 } else {
826 PrintAndLog("Command1 execute timeout");
827 }
828 if (dump) fclose(fout);
829 return 0;
830 }
831
832 //
833 // Ultralight C Dump Card Contents to file
834 //
835 int CmdHF14AMfUCDump(const char *Cmd){
836 int i;
837 uint8_t BlockNo = 0;
838 int Pages=44;
839 uint8_t *lockbytes_t=NULL;
840 uint8_t lockbytes[2]={0x00};
841 uint8_t *lockbytes_t2=NULL;
842 uint8_t lockbytes2[2]={0x00};
843 bool bit[16]={0x00};
844 bool bit2[16]={0x00};
845 bool dump=true;
846 uint8_t datatemp[5]={0x00};
847
848 uint8_t isOK = 0;
849 uint8_t * data = NULL;
850 FILE *fout;
851
852 if ((fout = fopen("dump_ultralightc_data.bin","wb")) == NULL) {
853 PrintAndLog("Could not create file name dumpdata.bin");
854 return 1;
855 }
856 PrintAndLog("Dumping Ultralight C Card Data...");
857 PrintAndLog("Attempting to Read Ultralight C... ");
858 UsbCommand c = {CMD_MIFAREU_READCARD, {BlockNo,Pages}};
859 SendCommand(&c);
860 UsbCommand resp;
861
862 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
863 isOK = resp.arg[0] & 0xff;
864 data = resp.d.asBytes;
865 PrintAndLog("isOk:%02x", isOK);
866 if (isOK)
867 for (i = 0; i < Pages; i++) {
868 switch(i){
869 case 2:
870 //process lock bytes
871 lockbytes_t=data+(i*4);
872 lockbytes[0]=lockbytes_t[2];
873 lockbytes[1]=lockbytes_t[3];
874 for(int j=0; j<16; j++){
875 bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));
876
877 }
878 //might as well read bottom lockbytes too
879 lockbytes_t2=data+(40*4);
880 lockbytes2[0]=lockbytes_t2[2];
881 lockbytes2[1]=lockbytes_t2[3];
882 for(int j=0; j<16; j++){
883 bit2[j]=lockbytes2[j/8] & ( 1 <<(7-j%8));
884 }
885
886 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
887 memcpy(datatemp,data + i * 4,4);
888 if (dump) fwrite ( datatemp, 1, 4, fout );
889 break;
890 case 3:
891 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);
892 memcpy(datatemp,data + i * 4,4);
893 if (dump) fwrite ( datatemp, 1, 4, fout );
894 break;
895 case 4:
896 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);
897 memcpy(datatemp,data + i * 4,4);
898 if (dump) fwrite ( datatemp, 1, 4, fout );
899 break;
900 case 5:
901 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);
902 memcpy(datatemp,data + i * 4,4);
903 if (dump) fwrite ( datatemp, 1, 4, fout );
904 break;
905 case 6:
906 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);
907 memcpy(datatemp,data + i * 4,4);
908 if (dump) fwrite ( datatemp, 1, 4, fout );
909 break;
910 case 7:
911 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);
912 memcpy(datatemp,data + i * 4,4);
913 if (dump) fwrite ( datatemp, 1, 4, fout );
914 break;
915 case 8:
916 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);
917 memcpy(datatemp,data + i * 4,4);
918 if (dump) fwrite ( datatemp, 1, 4, fout );
919 break;
920 case 9:
921 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);
922 memcpy(datatemp,data + i * 4,4);
923 if (dump) fwrite ( datatemp, 1, 4, fout );
924 break;
925 case 10:
926 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);
927 memcpy(datatemp,data + i * 4,4);
928 if (dump) fwrite ( datatemp, 1, 4, fout );
929 break;
930 case 11:
931 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);
932 memcpy(datatemp,data + i * 4,4);
933 if (dump) fwrite ( datatemp, 1, 4, fout );
934 break;
935 case 12:
936 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);
937 memcpy(datatemp,data + i * 4,4);
938 if (dump) fwrite ( datatemp, 1, 4, fout );
939 break;
940 case 13:
941 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);
942 memcpy(datatemp,data + i * 4,4);
943 if (dump) fwrite ( datatemp, 1, 4, fout );
944 break;
945 case 14:
946 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);
947 memcpy(datatemp,data + i * 4,4);
948 if (dump) fwrite ( datatemp, 1, 4, fout );
949 break;
950 case 15:
951 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);
952 memcpy(datatemp,data + i * 4,4);
953 if (dump) fwrite ( datatemp, 1, 4, fout );
954 break;
955 case 16:
956 case 17:
957 case 18:
958 case 19:
959 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[6]);
960 memcpy(datatemp,data + i * 4,4);
961 if (dump) fwrite ( datatemp, 1, 4, fout );
962 break;
963 case 20:
964 case 21:
965 case 22:
966 case 23:
967 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[5]);
968 memcpy(datatemp,data + i * 4,4);
969 if (dump) fwrite ( datatemp, 1, 4, fout );
970 break;
971 case 24:
972 case 25:
973 case 26:
974 case 27:
975 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[4]);
976 memcpy(datatemp,data + i * 4,4);
977 if (dump) fwrite ( datatemp, 1, 4, fout );
978 break;
979 case 28:
980 case 29:
981 case 30:
982 case 31:
983 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[2]);
984 memcpy(datatemp,data + i * 4,4);
985 if (dump) fwrite ( datatemp, 1, 4, fout );
986 break;
987 case 32:
988 case 33:
989 case 34:
990 case 35:
991 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[1]);
992 memcpy(datatemp,data + i * 4,4);
993 if (dump) fwrite ( datatemp, 1, 4, fout );
994 break;
995 case 36:
996 case 37:
997 case 38:
998 case 39:
999 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[0]);
1000 memcpy(datatemp,data + i * 4,4);
1001 if (dump) fwrite ( datatemp, 1, 4, fout );
1002 break;
1003 case 40:
1004 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[12]);
1005 memcpy(datatemp,data + i * 4,4);
1006 if (dump) fwrite ( datatemp, 1, 4, fout );
1007 break;
1008 case 41:
1009 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[11]);
1010 memcpy(datatemp,data + i * 4,4);
1011 if (dump) fwrite ( datatemp, 1, 4, fout );
1012 break;
1013 case 42:
1014 //auth0
1015 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[10]);
1016 memcpy(datatemp,data + i * 4,4);
1017 if (dump) fwrite ( datatemp, 1, 4, fout );
1018 break;
1019 case 43:
1020 //auth1
1021 PrintAndLog("Block %02x:%s [%d]", i,sprint_hex(data + i * 4, 4),bit2[9]);
1022 memcpy(datatemp,data + i * 4,4);
1023 if (dump) fwrite ( datatemp, 1, 4, fout );
1024 break;
1025 default:
1026 PrintAndLog("Block %02x:%s ", i,sprint_hex(data + i * 4, 4));
1027 memcpy(datatemp,data + i * 4,4);
1028 if (dump) fwrite ( datatemp, 1, 4, fout );
1029 break;
1030 }
1031 }
1032
1033 } else {
1034 PrintAndLog("Command1 execute timeout");
1035 }
1036 if (dump) fclose(fout);
1037 return 0;
1038 }
1039
1040 //
1041 // Mifare Ultralight C Write Single Block
1042 //
1043 int CmdHF14AMfUCWrBl(const char *Cmd){
1044
1045 uint8_t blockNo = 0;
1046 bool chinese_card = 0;
1047 uint8_t bldata[16] = {0x00};
1048 UsbCommand resp;
1049
1050 if (strlen(Cmd)<3) {
1051 PrintAndLog("Usage: hf mfu ucwrbl <block number> <block data (8 hex symbols)> [w]");
1052 PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
1053 return 0;
1054 }
1055 blockNo = param_get8(Cmd, 0);
1056 if (blockNo>(MAX_ULTRAC_BLOCKS+4)){
1057 PrintAndLog("Error: Maximum number of blocks is 47 for Ultralight Cards!");
1058 return 1;
1059 }
1060 if (param_gethex(Cmd, 1, bldata, 8)) {
1061 PrintAndLog("Block data must include 8 HEX symbols");
1062 return 1;
1063 }
1064 if (strchr(Cmd,'w') != 0) {
1065 chinese_card=1;
1066 }
1067 switch(blockNo){
1068 case 0:
1069 if (!chinese_card){
1070 PrintAndLog("Access Denied");
1071 }else{
1072 PrintAndLog("--specialblock no:%02x", blockNo);
1073 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1074 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1075 memcpy(d.d.asBytes,bldata, 4);
1076 SendCommand(&d);
1077 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1078 uint8_t isOK = resp.arg[0] & 0xff;
1079 PrintAndLog("isOk:%02x", isOK);
1080 } else {
1081 PrintAndLog("Command execute timeout");
1082 }
1083 }
1084 break;
1085 case 1:
1086 if (!chinese_card){
1087 PrintAndLog("Access Denied");
1088 }else{
1089 PrintAndLog("--specialblock no:%02x", blockNo);
1090 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1091 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1092 memcpy(d.d.asBytes,bldata, 4);
1093 SendCommand(&d);
1094 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1095 uint8_t isOK = resp.arg[0] & 0xff;
1096 PrintAndLog("isOk:%02x", isOK);
1097 } else {
1098 PrintAndLog("Command execute timeout");
1099 }
1100 }
1101 break;
1102 case 2:
1103 if (!chinese_card){
1104 PrintAndLog("Access Denied");
1105 }else{
1106 PrintAndLog("--specialblock no:%02x", blockNo);
1107 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1108 UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};
1109 memcpy(c.d.asBytes, bldata, 4);
1110 SendCommand(&c);
1111 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1112 uint8_t isOK = resp.arg[0] & 0xff;
1113 PrintAndLog("isOk:%02x", isOK);
1114 } else {
1115 PrintAndLog("Command execute timeout");
1116 }
1117 }
1118 break;
1119 case 3:
1120 PrintAndLog("--specialblock no:%02x", blockNo);
1121 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1122 UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};
1123 memcpy(d.d.asBytes,bldata, 4);
1124 SendCommand(&d);
1125 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1126 uint8_t isOK = resp.arg[0] & 0xff;
1127 PrintAndLog("isOk:%02x", isOK);
1128 } else {
1129 PrintAndLog("Command execute timeout");
1130 }
1131 break;
1132 default:
1133 PrintAndLog("--block no:%02x", blockNo);
1134 PrintAndLog("--data: %s", sprint_hex(bldata, 4));
1135 UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};
1136 memcpy(e.d.asBytes,bldata, 4);
1137 SendCommand(&e);
1138 if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
1139 uint8_t isOK = resp.arg[0] & 0xff;
1140 PrintAndLog("isOk:%02x", isOK);
1141 } else {
1142 PrintAndLog("Command execute timeout");
1143 }
1144 break;
1145 }
1146 return 0;
1147 }
1148
1149 //------------------------------------
1150 // Menu Stuff
1151 //------------------------------------
1152 static command_t CommandTable[] =
1153 {
1154 {"help", CmdHelp, 1,"This help"},
1155 {"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"},
1156 {"info", CmdHF14AMfUInfo, 0,"Taginfo"},
1157 {"rdbl", CmdHF14AMfURdBl, 0,"Read block - MIFARE Ultralight"},
1158 {"rdcard", CmdHF14AMfURdCard, 0,"Read card - MIFARE Ultralight"},
1159 {"dump", CmdHF14AMfUDump, 0,"Dump MIFARE Ultralight tag to binary file"},
1160 {"wrbl", CmdHF14AMfUWrBl, 0,"Write block - MIFARE Ultralight"},
1161 {"crdbl", CmdHF14AMfUCRdBl, 0,"Read block - MIFARE Ultralight C"},
1162 {"crdcard", CmdHF14AMfUCRdCard, 0,"Read card - MIFARE Ultralight C"},
1163 {"cdump", CmdHF14AMfUCDump, 0,"Dump MIFARE Ultralight C tag to binary file"},
1164 {"cwrbl", CmdHF14AMfUCWrBl, 0,"Write MIFARE Ultralight C block"},
1165 {"cauth", CmdHF14AMfucAuth, 0,"try a Ultralight C Authentication"},
1166 {NULL, NULL, 0, NULL}
1167 };
1168
1169 int CmdHFMFUltra(const char *Cmd){
1170 WaitForResponseTimeout(CMD_ACK,NULL,100);
1171 CmdsParse(CommandTable, Cmd);
1172 return 0;
1173 }
1174
1175 int CmdHelp(const char *Cmd){
1176 CmdsHelp(CommandTable);
1177 return 0;
1178 }
Impressum, Datenschutz