]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmf.c
there was bug in `hf mf mifare`. and speed up this command.
[proxmark3-svn] / client / cmdhfmf.c
index 8dc59f49a0e08e23f5f6c76140829ebe06faafe1..dff5db37e08e526687e816480e66880082ae2ca0 100644 (file)
@@ -37,7 +37,6 @@ start:
        // message\r
        printf("-------------------------------------------------------------------------\n");\r
        printf("Executing command. It may take up to 30 min.\n");\r
-       printf("Press the key on proxmark3 device to abort proxmark3.\n");\r
        printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
        printf("-------------------------------------------------------------------------\n");\r
        \r
@@ -72,17 +71,22 @@ start:
        if (isOK != 1) return 1;\r
        \r
        // execute original function from util nonce2key\r
-       if (nonce2key(uid, nt, par_list, ks_list, &r_key)) return 2;\r
-       printf("------------------------------------------------------------------\n");\r
-       PrintAndLog("Key found:%012llx \n", r_key);\r
+       if (nonce2key(uid, nt, par_list, ks_list, &r_key))\r
+       {\r
+               isOK = 2;\r
+               PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt);    \r
+       } else {\r
+               printf("------------------------------------------------------------------\n");\r
+               PrintAndLog("Key found:%012llx \n", r_key);\r
 \r
-       num_to_bytes(r_key, 6, keyBlock);\r
-       isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
+               num_to_bytes(r_key, 6, keyBlock);\r
+               isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
+       }\r
        if (!isOK) \r
                PrintAndLog("Found valid key:%012llx", r_key);\r
        else\r
        {\r
-               PrintAndLog("Found invalid key. ( Nt=%08x ,Trying use it to run again...", nt); \r
+               if (isOK != 2) PrintAndLog("Found invalid key. ( Nt=%08x ,Trying use it to run again...", nt);  \r
                c.arg[0] = nt;\r
                goto start;\r
        }\r
@@ -985,10 +989,6 @@ int CmdHF14AMfEGet(const char *Cmd)
        }       \r
        \r
        blockNo = param_get8(Cmd, 0);\r
-       if (blockNo >= 32 * 4 + 8 * 16) {\r
-               PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r
-               return 1;\r
-       }\r
 \r
        PrintAndLog(" ");\r
        if (!mfEmlGetMem(data, blockNo, 3)) {\r
@@ -1029,10 +1029,6 @@ int CmdHF14AMfESet(const char *Cmd)
        }       \r
        \r
        blockNo = param_get8(Cmd, 0);\r
-       if (blockNo >= 32 * 4 + 8 * 16) {\r
-               PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r
-               return 1;\r
-       }\r
        \r
        if (param_gethex(Cmd, 1, memBlock, 32)) {\r
                PrintAndLog("block data must include 32 HEX symbols");\r
@@ -1270,10 +1266,6 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
        }       \r
 \r
        blockNo = param_get8(Cmd, 0);\r
-       if (blockNo >= 32 * 4 + 8 * 16) {\r
-               PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r
-               return 1;\r
-       }\r
 \r
        if (param_gethex(Cmd, 1, memBlock, 32)) {\r
                PrintAndLog("block data must include 32 HEX symbols");\r
@@ -1401,10 +1393,6 @@ int CmdHF14AMfCGetBlk(const char *Cmd) {
        }       \r
 \r
        blockNo = param_get8(Cmd, 0);\r
-       if (blockNo >= 32 * 4 + 8 * 16) {\r
-               PrintAndLog("Block number must be in [0..255] as in MIFARE classic.");\r
-               return 1;\r
-       }\r
 \r
        PrintAndLog("--block number:%02x ", blockNo);\r
 \r
@@ -1543,16 +1531,117 @@ int CmdHF14AMfCSave(const char *Cmd) {
 }\r
 \r
 int CmdHF14AMfSniff(const char *Cmd){\r
+       // params\r
+       bool wantLogToFile = 0;\r
+       bool wantDecrypt = 0;\r
+       //bool wantSaveToEml = 0; TODO\r
+       bool wantSaveToEmlFile = 0;\r
+\r
+       //var \r
+       int res = 0;\r
+       int len = 0;\r
+       int blockLen = 0;\r
+       int num = 0;\r
+       int pckNum = 0;\r
+       uint8_t uid[8];\r
+       uint8_t atqa[2];\r
+       uint8_t sak;\r
+       bool isTag;\r
+       uint32_t parity;\r
+       uint8_t buf[3000];\r
+       uint8_t * bufPtr = buf;\r
+       memset(buf, 0x00, 3000);\r
        \r
        if (param_getchar(Cmd, 0) == 'h') {\r
-               PrintAndLog("Usage:  hf mf sniff ");\r
-               PrintAndLog("        sample: hf mf sniff ");\r
+               PrintAndLog("It continuously get data from the field and saves it to: log, emulator, emulator file.");\r
+               PrintAndLog("You can specify:");\r
+               PrintAndLog("    l - save encrypted sequence to logfile `uid.log`");\r
+               PrintAndLog("    d - decrypt sequence and put it to log file `uid.log`");\r
+               PrintAndLog(" n/a   e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
+               PrintAndLog("    r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+               PrintAndLog("Usage:  hf mf sniff [l][d][e][r]");\r
+               PrintAndLog("  sample: hf mf sniff l d e");\r
                return 0;\r
        }       \r
        \r
+       for (int i = 0; i < 4; i++) {\r
+               char ctmp = param_getchar(Cmd, i);\r
+               if (ctmp == 'l' || ctmp == 'L') wantLogToFile = true;\r
+               if (ctmp == 'd' || ctmp == 'D') wantDecrypt = true;\r
+               //if (ctmp == 'e' || ctmp == 'E') wantSaveToEml = true; TODO\r
+               if (ctmp == 'f' || ctmp == 'F') wantSaveToEmlFile = true;\r
+       }\r
+       \r
+       printf("-------------------------------------------------------------------------\n");\r
+       printf("Executing command. \n");\r
+       printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
+       printf("Press the key on pc keyboard to abort the client.\n");\r
+       printf("-------------------------------------------------------------------------\n");\r
+\r
   UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r
   SendCommand(&c);\r
 \r
+       // wait cycle\r
+       while (true) {\r
+               printf(".");\r
+               fflush(stdout);\r
+               if (ukbhit()) {\r
+                       getchar();\r
+                       printf("\naborted via keyboard!\n");\r
+                       break;\r
+               }\r
+               \r
+               UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 2000);\r
+               if (resp != NULL) {\r
+                       res = resp->arg[0] & 0xff;\r
+                       len = resp->arg[1];\r
+                       num = resp->arg[2];\r
+                       \r
+                       if (res == 0) return 0;\r
+                       if (res == 1) {\r
+                               if (num ==0) {\r
+                                       bufPtr = buf;\r
+                                       memset(buf, 0x00, 3000);\r
+                               }\r
+                               memcpy(bufPtr, resp->d.asBytes, len);\r
+                               bufPtr += len;\r
+                               pckNum++;\r
+                       }\r
+                       if (res == 2) {\r
+                               blockLen = bufPtr - buf;\r
+                               bufPtr = buf;\r
+                               printf(">\n");\r
+                               PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
+                               num = 0;\r
+                               while (bufPtr - buf + 9 < blockLen) {\r
+                                 isTag = bufPtr[3] & 0x80 ? true:false;\r
+                                       bufPtr += 4;\r
+                                       parity = *((uint32_t *)(bufPtr));\r
+                                       bufPtr += 4;\r
+                                       len = bufPtr[0];\r
+                                       bufPtr++;\r
+                                       if ((len == 14) && (bufPtr[0] = 0xff) && (bufPtr[1] = 0xff)) {\r
+                                               memcpy(uid, bufPtr + 2, 7);\r
+                                               memcpy(atqa, bufPtr + 2 + 7, 2);\r
+                                               sak = bufPtr[11];\r
+                                               \r
+                                               PrintAndLog("tag select uid:%s atqa:%02x %02x sak:0x%02x", sprint_hex(uid, 7), atqa[0], atqa[1], sak);\r
+                                               if (wantLogToFile) {\r
+                                                       FillFileNameByUID(logHexFileName, uid, ".log", 7);\r
+                                                       AddLogCurrentDT(logHexFileName);\r
+                                               }                                               \r
+                                               if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+                                       } else {\r
+                                               PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
+                                               if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+                                               if (wantDecrypt) mfTraceDecode(bufPtr, len, parity, wantSaveToEmlFile);\r
+                                       }\r
+                                       bufPtr += len;\r
+                                       num++;\r
+                               }\r
+                       }\r
+               } // resp not NILL\r
+       } // while (true)\r
   return 0;\r
 }\r
 \r
Impressum, Datenschutz