\r
int CmdHF14AMfUWrBl(const char *Cmd)\r
{\r
- uint8_t blockNo = 0;\r
- uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
+ uint8_t blockNo = 0;\r
+ bool chinese_card=0;\r
+ uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
UsbCommand resp;\r
- \r
- if (strlen(Cmd)<3) {\r
- PrintAndLog("Usage: hf mf uwrbl <block number> <block data (8 hex symbols)>");\r
- PrintAndLog(" sample: hf mf uwrbl 0 01020304");\r
- return 0;\r
- } \r
+ \r
+ if (strlen(Cmd)<3) {\r
+ PrintAndLog("Usage: hf mf uwrbl <block number> <block data (8 hex symbols)> <w>");\r
+ PrintAndLog(" sample: hf mf uwrbl 0 01020304");\r
+ return 0;\r
+ } \r
\r
- blockNo = param_get8(Cmd, 0);\r
- if (param_gethex(Cmd, 1, bldata, 8)) {\r
- PrintAndLog("Block data must include 8 HEX symbols");\r
- return 1;\r
- }\r
+ blockNo = param_get8(Cmd, 0);\r
+ if (param_gethex(Cmd, 1, bldata, 8)) {\r
+ PrintAndLog("Block data must include 8 HEX symbols");\r
+ return 1;\r
+ }\r
+ \r
+ if (strchr(Cmd,'w') != 0) {\r
+ chinese_card=1;\r
+ }\r
+ \r
+ switch(blockNo){\r
+ case 0:\r
+ if (!chinese_card){\r
+ PrintAndLog("Access Denied");\r
+ }else{\r
+ PrintAndLog("--specialblock no:%02x", blockNo);\r
+ PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
+ UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
+ memcpy(d.d.asBytes,bldata, 4);\r
+ SendCommand(&d);\r
+\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ PrintAndLog("isOk:%02x", isOK);\r
+ } else {\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ }\r
+ break;\r
+ case 1:\r
+ if (!chinese_card){\r
+ PrintAndLog("Access Denied");\r
+ }else{\r
+ PrintAndLog("--specialblock no:%02x", blockNo);\r
+ PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
+ UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
+ memcpy(d.d.asBytes,bldata, 4);\r
+ SendCommand(&d);\r
+\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ PrintAndLog("isOk:%02x", isOK);\r
+ } else {\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ }\r
+ break;\r
+ case 2:\r
+ if (!chinese_card){\r
+ PrintAndLog("Access Denied");\r
+ }else{\r
+ PrintAndLog("--specialblock no:%02x", blockNo);\r
+ PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
+ UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
+ memcpy(c.d.asBytes, bldata, 4);\r
+ SendCommand(&c);\r
\r
- switch(blockNo)\r
- {\r
- case 0:\r
- PrintAndLog("Access Denied");\r
- break;\r
- case 1:\r
- PrintAndLog("Access Denied");\r
- break;\r
- case 2:\r
- PrintAndLog("--specialblock no:%02x", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(c.d.asBytes, bldata, 4);\r
- SendCommand(&c);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- break;\r
- case 3:\r
- PrintAndLog("--specialblock no:%02x", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(d.d.asBytes,bldata, 4);\r
- SendCommand(&d);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- break;\r
- default: \r
- PrintAndLog("--block no:%02x", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4)); \r
- //UsbCommand e = {CMD_MIFAREU_WRITEBL_COMPAT, {blockNo}};\r
- //memcpy(e.d.asBytes,bldata, 16);\r
- UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(e.d.asBytes,bldata, 4);\r
- SendCommand(&e);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- break;\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ PrintAndLog("isOk:%02x", isOK);\r
+ } else {\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ }\r
+ break;\r
+ case 3:\r
+ PrintAndLog("--specialblock no:%02x", blockNo);\r
+ PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
+ UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
+ memcpy(d.d.asBytes,bldata, 4);\r
+ SendCommand(&d);\r
+\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ PrintAndLog("isOk:%02x", isOK);\r
+ } else {\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ break;\r
+ default: \r
+ PrintAndLog("--block no:%02x", blockNo);\r
+ PrintAndLog("--data: %s", sprint_hex(bldata, 4)); \r
+ UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
+ memcpy(e.d.asBytes,bldata, 4);\r
+ SendCommand(&e);\r
+\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ PrintAndLog("isOk:%02x", isOK);\r
+ } else {\r
+ PrintAndLog("Command execute timeout");\r
+ }\r
+ break;\r
}\r
- return 0;\r
+ return 0;\r
}\r
\r
int CmdHF14AMfRdBl(const char *Cmd)\r
PrintAndLog(" n (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");\r
PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");\r
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
- PrintAndLog(" sample: hf mf sim 0a0a0a0a ");\r
+ PrintAndLog(" sample: hf mf sim u 0a0a0a0a ");\r
return 0;\r
}\r
uint8_t pnr = 0;\r
PrintAndLog("Usage: hf mf dbg <debug level>");\r
PrintAndLog(" 0 - no debug messages");\r
PrintAndLog(" 1 - error messages");\r
- PrintAndLog(" 2 - all messages");\r
- PrintAndLog(" 4 - extended debug mode");\r
+ PrintAndLog(" 2 - plus information messages");\r
+ PrintAndLog(" 3 - plus debug messages");\r
+ PrintAndLog(" 4 - print even debug messages in timing critical functions");\r
+ PrintAndLog(" Note: this option therefore may cause malfunction itself");\r
return 0;\r
} \r
\r
uint8_t keyType = 0;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
- PrintAndLog("Usage: hf mf efill <key A/B>");\r
- PrintAndLog("sample: hf mf efill A");\r
+ PrintAndLog("Usage: hf mf ecfill <key A/B>");\r
+ PrintAndLog("sample: hf mf ecfill A");\r
PrintAndLog("Card data blocks transfers to card emulator memory.");\r
PrintAndLog("Keys must be laid in the simulator memory. \n");\r
return 0;\r
int blockLen = 0;\r
int num = 0;\r
int pckNum = 0;\r
- uint8_t uid[8];\r
+ uint8_t uid[7];\r
+ uint8_t uid_len;\r
uint8_t atqa[2];\r
uint8_t sak;\r
bool isTag;\r
printf("Press the key on pc keyboard to abort the client.\n");\r
printf("-------------------------------------------------------------------------\n");\r
\r
- UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r
- SendCommand(&c);\r
+ UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
\r
// wait cycle\r
while (true) {\r
bufPtr += 4;\r
len = bufPtr[0];\r
bufPtr++;\r
- if ((len == 14) && (bufPtr[0] = 0xff) && (bufPtr[1] = 0xff)) {\r
+ if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff)) {\r
memcpy(uid, bufPtr + 2, 7);\r
memcpy(atqa, bufPtr + 2 + 7, 2);\r
+ uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r
sak = bufPtr[11];\r
\r
- PrintAndLog("tag select uid:%s atqa:%02x %02x sak:0x%02x", sprint_hex(uid, 7), atqa[0], atqa[1], sak);\r
- if (wantLogToFile) {\r
- FillFileNameByUID(logHexFileName, uid, ".log", 7);\r
+ PrintAndLog("tag select uid:%s atqa:0x%02x%02x sak:0x%02x", \r
+ sprint_hex(uid + (7 - uid_len), uid_len),\r
+ atqa[1], \r
+ atqa[0], \r
+ sak);\r
+ if (wantLogToFile || wantDecrypt) {\r
+ FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
AddLogCurrentDT(logHexFileName);\r
} \r
if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
}\r
} // resp not NILL\r
} // while (true)\r
- return 0;\r
+ \r
+ return 0;\r
}\r
\r
static command_t CommandTable[] =\r
projects / proxmark3-svn / blobdiff