+\r
+int CmdHF14AMfSniff(const char *Cmd){\r
+\r
+ bool wantLogToFile = 0;\r
+ bool wantDecrypt = 0;\r
+ //bool wantSaveToEml = 0; TODO\r
+ bool wantSaveToEmlFile = 0;\r
+\r
+ //var \r
+ int res = 0;\r
+ int len = 0;\r
+ int blockLen = 0;\r
+ int num = 0;\r
+ int pckNum = 0;\r
+ uint8_t uid[7] = {0x00};\r
+ uint8_t uid_len;\r
+ uint8_t atqa[2] = {0x00};\r
+ uint8_t sak;\r
+ bool isTag;\r
+ uint8_t buf[3000] = {0x00};\r
+ uint8_t * bufPtr = buf;\r
+ \r
+ char ctmp = param_getchar(Cmd, 0);\r
+ if ( ctmp == 'h' || ctmp == 'H' ) {\r
+ PrintAndLog("It continuously gets data from the field and saves it to: log, emulator, emulator file.");\r
+ PrintAndLog("You can specify:");\r
+ PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r
+ PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r
+ PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");\r
+ PrintAndLog(" sample: hf mf sniff l d e");\r
+ return 0;\r
+ } \r
+ \r
+ for (int i = 0; i < 4; i++) {\r
+ ctmp = param_getchar(Cmd, i);\r
+ if (ctmp == 'l' || ctmp == 'L') wantLogToFile = true;\r
+ if (ctmp == 'd' || ctmp == 'D') wantDecrypt = true;\r
+ //if (ctmp == 'e' || ctmp == 'E') wantSaveToEml = true; TODO\r
+ if (ctmp == 'f' || ctmp == 'F') wantSaveToEmlFile = true;\r
+ }\r
+ \r
+ printf("-------------------------------------------------------------------------\n");\r
+ printf("Executing command. \n");\r
+ printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
+ printf("Press the key on pc keyboard to abort the client.\n");\r
+ printf("-------------------------------------------------------------------------\n");\r
+\r
+ UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+\r
+ // wait cycle\r
+ while (true) {\r
+ printf(".");\r
+ fflush(stdout);\r
+ if (ukbhit()) {\r
+ getchar();\r
+ printf("\naborted via keyboard!\n");\r
+ break;\r
+ }\r
+ \r
+ UsbCommand resp;\r
+ if (WaitForResponseTimeout(CMD_ACK,&resp,2000)) {\r
+ res = resp.arg[0] & 0xff;\r
+ len = resp.arg[1];\r
+ num = resp.arg[2];\r
+ \r
+ if (res == 0) return 0;\r
+ if (res == 1) {\r
+ if (num ==0) {\r
+ bufPtr = buf;\r
+ memset(buf, 0x00, 3000);\r
+ }\r
+ memcpy(bufPtr, resp.d.asBytes, len);\r
+ bufPtr += len;\r
+ pckNum++;\r
+ }\r
+ if (res == 2) {\r
+ blockLen = bufPtr - buf;\r
+ bufPtr = buf;\r
+ printf(">\n");\r
+ PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
+ num = 0;\r
+ while (bufPtr - buf < blockLen) {\r
+ bufPtr += 6;\r
+ len = *((uint16_t *)bufPtr);\r
+\r
+ if(len & 0x8000) {\r
+ isTag = true;\r
+ len &= 0x7fff;\r
+ } else {\r
+ isTag = false;\r
+ }\r
+ bufPtr += 2;\r
+ if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
+ \r
+ memcpy(uid, bufPtr + 2, 7);\r
+ memcpy(atqa, bufPtr + 2 + 7, 2);\r
+ uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r
+ sak = bufPtr[11];\r
+ \r
+ PrintAndLog("tag select uid:%s atqa:0x%02x%02x sak:0x%02x", \r
+ sprint_hex(uid + (7 - uid_len), uid_len),\r
+ atqa[1], \r
+ atqa[0], \r
+ sak);\r
+ if (wantLogToFile || wantDecrypt) {\r
+ FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
+ AddLogCurrentDT(logHexFileName);\r
+ } \r
+ if (wantDecrypt) \r
+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+ } else {\r
+ PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
+ if (wantLogToFile) \r
+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+ if (wantDecrypt) \r
+ mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
+ }\r
+ bufPtr += len;\r
+ bufPtr += ((len-1)/8+1); // ignore parity\r
+ num++;\r
+ }\r
+ }\r
+ } // resp not NULL\r
+ } // while (true)\r
+ \r
+ return 0;\r
+}\r
+\r