uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
- uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
- \r
+ uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; \r
char cmdp = 0x00;\r
\r
if (strlen(Cmd)<3) {\r
PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
\r
- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
{\r
uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
- uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
- \r
+ uint8_t key[6] = {0, 0, 0, 0, 0, 0}; \r
char cmdp = 0x00;\r
\r
-\r
if (strlen(Cmd)<3) {\r
PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r
PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r
}\r
PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
\r
- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
\r
int CmdHF14AMfRestore(const char *Cmd)\r
{\r
- uint8_t sectorNo,blockNo;\r
+ uint8_t sectorNo,blockNo = 0;\r
uint8_t keyType = 0;\r
- uint8_t key[6] = {0xFF};\r
+ uint8_t key[6] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};\r
uint8_t bldata[16] = {0x00};\r
uint8_t keyA[40][6];\r
uint8_t keyB[40][6];\r
- uint8_t numSectors;\r
+ uint8_t numSectors = 0;\r
\r
FILE *fdump;\r
FILE *fkeys;\r
uint8_t keyBlock[13*6];\r
uint64_t key64 = 0;\r
bool transferToEml = false;\r
- \r
bool createDumpFile = false;\r
FILE *fkeys;\r
uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
- \r
char cmdp, ctmp;\r
\r
if (strlen(Cmd)<3) {\r
}\r
}\r
}\r
- \r
// nested sectors\r
iterations = 0;\r
PrintAndLog("nested...");\r
\r
FILE * f;\r
char filename[FILE_PATH_SIZE]={0};\r
- char buf[13];\r
+ char buf[13] = {0x00};\r
uint8_t *keyBlock = NULL, *p;\r
uint8_t stKeyBlock = 20;\r
\r
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");\r
PrintAndLog("");\r
PrintAndLog(" sample: hf mf sim u 0a0a0a0a ");\r
+ PrintAndLog(" : hf mf sim u 0a0a0a0a i x");\r
return 0;\r
}\r
uint8_t pnr = 0;\r
\r
int CmdHF14AMfESet(const char *Cmd)\r
{\r
- uint8_t memBlock[16];\r
+ uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
\r
- memset(memBlock, 0x00, sizeof(memBlock));\r
-\r
if (strlen(Cmd) < 3 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf eset <block number> <block data (32 hex symbols)>");\r
PrintAndLog(" sample: hf mf eset 1 000102030405060708090a0b0c0d0e0f ");\r
int CmdHF14AMfELoad(const char *Cmd)\r
{\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char *fnameptr = filename;\r
char buf[64] = {0x00};\r
uint8_t buf8[64] = {0x00};\r
int CmdHF14AMfESave(const char *Cmd)\r
{\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char * fnameptr = filename;\r
- uint8_t buf[64];\r
+ uint8_t buf[64] = {0x00};\r
int i, j, len, numBlocks;\r
int nameParamNo = 1;\r
\r
{\r
int i;\r
uint8_t numSectors;\r
- uint8_t data[16];\r
- uint64_t keyA, keyB;\r
+ uint8_t data[16] = {0x00};\r
+ uint64_t keyA, keyB = 0;\r
\r
if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It prints the keys loaded in the emulator memory");\r
\r
int CmdHF14AMfCSetBlk(const char *Cmd)\r
{\r
- uint8_t uid[8] = {0x00};\r
uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
- int res;\r
+ bool wipeCard = FALSE;\r
+ int res = 0; \r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
- PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)>");\r
+ PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)> [w]");\r
PrintAndLog("sample: hf mf csetblk 1 01020304050607080910111213141516");\r
- PrintAndLog("Set block data for magic Chinese card (only works with!!!)");\r
- PrintAndLog("If you want wipe card then add 'w' into command line. \n");\r
+ PrintAndLog("Set block data for magic Chinese card (only works with such cards)");\r
+ PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");\r
return 0;\r
} \r
\r
return 1;\r
}\r
\r
+ char ctmp = param_getchar(Cmd, 2);\r
+ wipeCard = (ctmp == 'w' || ctmp == 'W');\r
+\r
PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r
\r
- res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER);\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r
if (res) {\r
- PrintAndLog("Can't write block. error=%d", res);\r
- return 1;\r
- }\r
- \r
+ PrintAndLog("Can't write block. error=%d", res);\r
+ return 1;\r
+ } \r
return 0;\r
}\r
\r
char buf[64] = {0x00};\r
uint8_t buf8[64] = {0x00};\r
uint8_t fillFromEmulator = 0;\r
- int i, len, blockNum, flags;\r
+ int i, len, blockNum, flags=0;\r
\r
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) {\r
if (mfEmlGetMem(buf8, blockNum, 1)) {\r
PrintAndLog("Cant get block: %d", blockNum);\r
return 2;\r
}\r
- \r
- if (blockNum == 2) flags = 0;\r
- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 1) flags = 0; // just write\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r
\r
if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Cant set magic card block: %d", blockNum);\r
}\r
\r
blockNum = 0;\r
- flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
while(!feof(f)){\r
\r
memset(buf, 0, sizeof(buf));\r
return 2;\r
}\r
\r
- if (strlen(buf) < 32){\r
+ if (strlen(buf) < 32) {\r
if(strlen(buf) && feof(f))\r
break;\r
PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
for (i = 0; i < 32; i += 2)\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
\r
- if (blockNum == 2) flags = 0;\r
- if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 1) flags = 0; // just write\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r
\r
if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Can't set magic card block: %d", blockNum);\r
}\r
\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
- uint8_t memBlock[16];\r
+ uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
int res;\r
- memset(memBlock, 0x00, sizeof(memBlock));\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetblk <block number>");\r
PrintAndLog("sample: hf mf cgetblk 1");\r
- PrintAndLog("Get block data from magic Chinese card (only works with!!!)\n");\r
+ PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r
return 0;\r
} \r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetsc <sector number>");\r
PrintAndLog("sample: hf mf cgetsc 0");\r
- PrintAndLog("Get sector data from magic Chinese card (only works with!!!)\n");\r
+ PrintAndLog("Get sector data from magic Chinese card (only works with such cards)\n");\r
return 0;\r
} \r
\r
int blockLen = 0;\r
int pckNum = 0;\r
int num = 0;\r
- uint8_t uid[7];\r
+ uint8_t uid[7] = {0x00};\r
uint8_t uid_len;\r
uint8_t atqa[2] = {0x00};\r
uint8_t sak;\r