added mifare trailer block decoding (#726)

[proxmark3-svn] / client / cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c

index d9578af25768e8aa0e6e7b5d4a91101bb5ea1cd9..fa952cb9be55bba7e03323476e5b17e931253325 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -15,9 +15,10 @@
  #include <stdio.h>\r
  #include <stdlib.h>\r
  #include <ctype.h>\r
  #include <stdio.h>\r
  #include <stdlib.h>\r
  #include <ctype.h>\r
-#include "proxmark3.h"\r
+#include "comms.h"\r
  #include "cmdmain.h"\r
  #include "cmdhfmfhard.h"\r
  #include "cmdmain.h"\r
  #include "cmdhfmfhard.h"\r
+#include "parity.h"\r
  #include "util.h"\r
  #include "util_posix.h"\r
  #include "usb_cmd.h"\r
  #include "util.h"\r
  #include "util_posix.h"\r
  #include "usb_cmd.h"\r
@@ -25,6 +26,10 @@
  #include "mifarehost.h"\r
  #include "mifare.h"\r
  #include "mfkey.h"\r
  #include "mifarehost.h"\r
  #include "mifare.h"\r
  #include "mfkey.h"\r
+#include "hardnested/hardnested_bf_core.h"\r
+#include "cliparser/cliparser.h"\r
+#include "cmdhf14a.h"\r
+#include "mifare4.h"\r
  \r
  #define NESTED_SECTOR_RETRY     10                     // how often we try mfested() until we give up\r
  \r
  \r
  #define NESTED_SECTOR_RETRY     10                     // how often we try mfested() until we give up\r
  \r
@@ -136,12 +141,26 @@ int CmdHF14AMfRdBl(const char *Cmd)
                 uint8_t isOK  = resp.arg[0] & 0xff;\r
                 uint8_t *data = resp.d.asBytes;\r
  \r
                 uint8_t isOK  = resp.arg[0] & 0xff;\r
                 uint8_t *data = resp.d.asBytes;\r
  \r
-               if (isOK)\r
+               if (isOK) {\r
                         PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));\r
                         PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));\r
-               else\r
+               } else {\r
                         PrintAndLog("isOk:%02x", isOK);\r
                         PrintAndLog("isOk:%02x", isOK);\r
+                       return 1;\r
+               }\r
+\r
+               if (mfIsSectorTrailer(blockNo) && (data[6] || data[7] || data[8])) {\r
+                       PrintAndLogEx(NORMAL, "Trailer decoded:");\r
+                       int bln = mfFirstBlockOfSector(mfSectorNum(blockNo));\r
+                       int blinc = (mfNumBlocksPerSector(mfSectorNum(blockNo)) > 4) ? 5 : 1;\r
+                       for (int i = 0; i < 4; i++) {\r
+                               PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &data[6]));\r
+                               bln += blinc;\r
+                       }\r
+                       PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&data[9], 1));\r
+               }\r
         } else {\r
                 PrintAndLog("Command execute timeout");\r
         } else {\r
                 PrintAndLog("Command execute timeout");\r
+               return 2;\r
         }\r
  \r
    return 0;\r
         }\r
  \r
    return 0;\r
@@ -529,7 +548,7 @@ int CmdHF14AMfRestore(const char *Cmd)
  //----------------------------------------------\r
  \r
  static void parseParamTDS(const char *Cmd, const uint8_t indx, bool *paramT, bool *paramD, uint8_t *timeout) {\r
  //----------------------------------------------\r
  \r
  static void parseParamTDS(const char *Cmd, const uint8_t indx, bool *paramT, bool *paramD, uint8_t *timeout) {\r
-       char ctmp3[3] = {0};\r
+       char ctmp3[4] = {0};\r
         int len = param_getlength(Cmd, indx);\r
         if (len > 0 && len < 4){\r
                 param_getstr(Cmd, indx, ctmp3, sizeof(ctmp3));\r
         int len = param_getlength(Cmd, indx);\r
         if (len > 0 && len < 4){\r
                 param_getstr(Cmd, indx, ctmp3, sizeof(ctmp3));\r
@@ -682,9 +701,9 @@ int CmdHF14AMfNested(const char *Cmd)
                         if (transferToEml) {\r
                                 uint8_t sectortrailer;\r
                                 if (trgBlockNo < 32*4) {        // 4 block sector\r
                         if (transferToEml) {\r
                                 uint8_t sectortrailer;\r
                                 if (trgBlockNo < 32*4) {        // 4 block sector\r
-                                       sectortrailer = (trgBlockNo & 0x03) + 3;\r
+                                       sectortrailer = trgBlockNo | 0x03;\r
                                 } else {                                        // 16 block sector\r
                                 } else {                                        // 16 block sector\r
-                                       sectortrailer = (trgBlockNo & 0x0f) + 15;\r
+                                       sectortrailer = trgBlockNo | 0x0f;\r
                                 }\r
                                 mfEmlGetMem(keyBlock, sectortrailer, 1);\r
  \r
                                 }\r
                                 mfEmlGetMem(keyBlock, sectortrailer, 1);\r
  \r
@@ -724,7 +743,6 @@ int CmdHF14AMfNested(const char *Cmd)
                                                 blockNo = i * 4;\r
                                                 keyType = j;\r
                                                 num_to_bytes(e_sector[i].Key[j], 6, key);\r
                                                 blockNo = i * 4;\r
                                                 keyType = j;\r
                                                 num_to_bytes(e_sector[i].Key[j], 6, key);\r
-                                               \r
                                                 keyFound = true;\r
                                                 break;\r
                                         }\r
                                                 keyFound = true;\r
                                                 break;\r
                                         }\r
@@ -735,6 +753,7 @@ int CmdHF14AMfNested(const char *Cmd)
                         // Can't found a key....\r
                         if (!keyFound) {\r
                                 PrintAndLog("Can't found any of the known keys.");\r
                         // Can't found a key....\r
                         if (!keyFound) {\r
                                 PrintAndLog("Can't found any of the known keys.");\r
+                               free(e_sector);\r
                                 return 4;\r
                         }\r
                         PrintAndLog("--auto key. block no:%3d, key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
                                 return 4;\r
                         }\r
                         PrintAndLog("--auto key. block no:%3d, key type:%c key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
@@ -862,6 +881,13 @@ int CmdHF14AMfNestedHard(const char *Cmd)
                 PrintAndLog("      w: Acquire nonces and write them to binary file nonces.bin");\r
                 PrintAndLog("      s: Slower acquisition (required by some non standard cards)");\r
                 PrintAndLog("      r: Read nonces.bin and start attack");\r
                 PrintAndLog("      w: Acquire nonces and write them to binary file nonces.bin");\r
                 PrintAndLog("      s: Slower acquisition (required by some non standard cards)");\r
                 PrintAndLog("      r: Read nonces.bin and start attack");\r
+               PrintAndLog("      iX: set type of SIMD instructions. Without this flag programs autodetect it.");\r
+               PrintAndLog("        i5: AVX512");\r
+               PrintAndLog("        i2: AVX2");\r
+               PrintAndLog("        ia: AVX");\r
+               PrintAndLog("        is: SSE2");\r
+               PrintAndLog("        im: MMX");\r
+               PrintAndLog("        in: none (use CPU regular instruction set)");\r
                 PrintAndLog(" ");\r
                 PrintAndLog("      sample1: hf mf hardnested 0 A FFFFFFFFFFFF 4 A");\r
                 PrintAndLog("      sample2: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w");\r
                 PrintAndLog(" ");\r
                 PrintAndLog("      sample1: hf mf hardnested 0 A FFFFFFFFFFFF 4 A");\r
                 PrintAndLog("      sample2: hf mf hardnested 0 A FFFFFFFFFFFF 4 A w");\r
@@ -880,15 +906,20 @@ int CmdHF14AMfNestedHard(const char *Cmd)
         int tests = 0;\r
  \r
  \r
         int tests = 0;\r
  \r
  \r
+       uint16_t iindx = 0;\r
         if (ctmp == 'R' || ctmp == 'r') {\r
                 nonce_file_read = true;\r
         if (ctmp == 'R' || ctmp == 'r') {\r
                 nonce_file_read = true;\r
+               iindx = 1;\r
                 if (!param_gethex(Cmd, 1, trgkey, 12)) {\r
                         know_target_key = true;\r
                 if (!param_gethex(Cmd, 1, trgkey, 12)) {\r
                         know_target_key = true;\r
+                       iindx = 2;\r
                 }\r
         } else if (ctmp == 'T' || ctmp == 't') {\r
                 tests = param_get32ex(Cmd, 1, 100, 10);\r
                 }\r
         } else if (ctmp == 'T' || ctmp == 't') {\r
                 tests = param_get32ex(Cmd, 1, 100, 10);\r
+               iindx = 2;\r
                 if (!param_gethex(Cmd, 2, trgkey, 12)) {\r
                         know_target_key = true;\r
                 if (!param_gethex(Cmd, 2, trgkey, 12)) {\r
                         know_target_key = true;\r
+                       iindx = 3;\r
                 }\r
         } else {\r
                 blockNo = param_get8(Cmd, 0);\r
                 }\r
         } else {\r
                 blockNo = param_get8(Cmd, 0);\r
@@ -922,19 +953,54 @@ int CmdHF14AMfNestedHard(const char *Cmd)
                         know_target_key = true;\r
                         i++;\r
                 }\r
                         know_target_key = true;\r
                         i++;\r
                 }\r
+               iindx = i;\r
  \r
                 while ((ctmp = param_getchar(Cmd, i))) {\r
                         if (ctmp == 's' || ctmp == 'S') {\r
                                 slow = true;\r
                         } else if (ctmp == 'w' || ctmp == 'W') {\r
                                 nonce_file_write = true;\r
  \r
                 while ((ctmp = param_getchar(Cmd, i))) {\r
                         if (ctmp == 's' || ctmp == 'S') {\r
                                 slow = true;\r
                         } else if (ctmp == 'w' || ctmp == 'W') {\r
                                 nonce_file_write = true;\r
+                       } else if (param_getlength(Cmd, i) == 2 && ctmp == 'i') {\r
+                               iindx = i;\r
                         } else {\r
                         } else {\r
-                               PrintAndLog("Possible options are w and/or s");\r
+                               PrintAndLog("Possible options are w , s and/or iX");\r
                                 return 1;\r
                         }\r
                         i++;\r
                 }\r
         }\r
                                 return 1;\r
                         }\r
                         i++;\r
                 }\r
         }\r
+       \r
+       SetSIMDInstr(SIMD_AUTO);\r
+       if (iindx > 0) {\r
+               while ((ctmp = param_getchar(Cmd, iindx))) {\r
+                       if (param_getlength(Cmd, iindx) == 2 && ctmp == 'i') {\r
+                               switch(param_getchar_indx(Cmd, 1, iindx)) {\r
+                                       case '5':\r
+                                               SetSIMDInstr(SIMD_AVX512);\r
+                                               break;\r
+                                       case '2':\r
+                                               SetSIMDInstr(SIMD_AVX2);\r
+                                               break;\r
+                                       case 'a':\r
+                                               SetSIMDInstr(SIMD_AVX);\r
+                                               break;\r
+                                       case 's':\r
+                                               SetSIMDInstr(SIMD_SSE2);\r
+                                               break;\r
+                                       case 'm':\r
+                                               SetSIMDInstr(SIMD_MMX);\r
+                                               break;\r
+                                       case 'n':\r
+                                               SetSIMDInstr(SIMD_NONE);\r
+                                               break;\r
+                                       default:\r
+                                               PrintAndLog("Unknown SIMD type. %c", param_getchar_indx(Cmd, 1, iindx));\r
+                                               return 1;\r
+                               }\r
+                       }\r
+                       iindx++;\r
+               }       \r
+       }\r
  \r
         PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s, Tests: %d ",\r
                         trgBlockNo,\r
  \r
         PrintAndLog("--target block no:%3d, target key type:%c, known target key: 0x%02x%02x%02x%02x%02x%02x%s, file action: %s, Slow: %s, Tests: %d ",\r
                         trgBlockNo,\r
@@ -966,10 +1032,10 @@ int CmdHF14AMfChk(const char *Cmd)
                 PrintAndLog("Usage:  hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d|s|ss] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
                 PrintAndLog("          * - all sectors");\r
                 PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
                 PrintAndLog("Usage:  hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d|s|ss] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
                 PrintAndLog("          * - all sectors");\r
                 PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
-               PrintAndLog("d - write keys to binary file\n");\r
-               PrintAndLog("t - write keys to emulator memory");\r
-               PrintAndLog("s - slow execute. timeout 1ms");\r
-               PrintAndLog("ss- very slow execute. timeout 5ms");\r
+               PrintAndLog("d  - write keys to binary file\n");\r
+               PrintAndLog("t  - write keys to emulator memory");\r
+               PrintAndLog("s  - slow execute. timeout 1ms");\r
+               PrintAndLog("ss - very slow execute. timeout 5ms");\r
                 PrintAndLog("      sample: hf mf chk 0 A 1234567890ab keys.dic");\r
                 PrintAndLog("              hf mf chk *1 ? t");\r
                 PrintAndLog("              hf mf chk *1 ? d");\r
                 PrintAndLog("      sample: hf mf chk 0 A 1234567890ab keys.dic");\r
                 PrintAndLog("              hf mf chk *1 ? t");\r
                 PrintAndLog("              hf mf chk *1 ? d");\r
@@ -987,16 +1053,17 @@ int CmdHF14AMfChk(const char *Cmd)
         int i, res;\r
         int     keycnt = 0;\r
         char ctmp       = 0x00;\r
         int i, res;\r
         int     keycnt = 0;\r
         char ctmp       = 0x00;\r
-       char ctmp3[3]   = {0x00};\r
+       int clen = 0;\r
         uint8_t blockNo = 0;\r
         uint8_t SectorsCnt = 0;\r
         uint8_t keyType = 0;\r
         uint64_t key64 = 0;\r
         uint8_t blockNo = 0;\r
         uint8_t SectorsCnt = 0;\r
         uint8_t keyType = 0;\r
         uint64_t key64 = 0;\r
-       uint32_t timeout14a = 0; // timeout in us\r
+       // timeout in units. (ms * 106)/10 or us*0.0106\r
+       uint8_t btimeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default\r
         bool param3InUse = false;\r
  \r
         bool param3InUse = false;\r
  \r
-       int transferToEml = 0;\r
-       int createDumpFile = 0;\r
+       bool transferToEml = 0;\r
+       bool createDumpFile = 0;\r
         \r
         sector_t *e_sector = NULL;\r
  \r
         \r
         sector_t *e_sector = NULL;\r
  \r
@@ -1015,48 +1082,32 @@ int CmdHF14AMfChk(const char *Cmd)
                 blockNo = param_get8(Cmd, 0);\r
  \r
         ctmp = param_getchar(Cmd, 1);\r
                 blockNo = param_get8(Cmd, 0);\r
  \r
         ctmp = param_getchar(Cmd, 1);\r
-       switch (ctmp) {\r
-       case 'a': case 'A':\r
-               keyType = 0;\r
-               break;\r
-       case 'b': case 'B':\r
-               keyType = 1;\r
-               break;\r
-       case '?':\r
-               keyType = 2;\r
-               break;\r
-       default:\r
-               PrintAndLog("Key type must be A , B or ?");\r
-               free(keyBlock);\r
-               return 1;\r
-       };\r
+       clen = param_getlength(Cmd, 1);\r
+       if (clen == 1) {\r
+               switch (ctmp) {\r
+               case 'a': case 'A':\r
+                       keyType = 0;\r
+                       break;\r
+               case 'b': case 'B':\r
+                       keyType = 1;\r
+                       break;\r
+               case '?':\r
+                       keyType = 2;\r
+                       break;\r
+               default:\r
+                       PrintAndLog("Key type must be A , B or ?");\r
+                       free(keyBlock);\r
+                       return 1;\r
+               };\r
+       }\r
  \r
  \r
-       // transfer to emulator & create dump file\r
-       ctmp = param_getchar(Cmd, 2);\r
-       if (ctmp == 't' || ctmp == 'T') transferToEml = 1;\r
-       if (ctmp == 'd' || ctmp == 'D') createDumpFile = 1;\r
-       \r
-       param3InUse = transferToEml | createDumpFile;\r
+       parseParamTDS(Cmd, 2, &transferToEml, &createDumpFile, &btimeout14a);\r
         \r
         \r
-       timeout14a = 500; // fast by default\r
-       // double parameters - ts, ds\r
-       int clen = param_getlength(Cmd, 2);\r
-       if (clen == 2 || clen == 3){\r
-               param_getstr(Cmd, 2, ctmp3, sizeof(ctmp3));\r
-               ctmp = ctmp3[1];\r
-       }\r
-       //parse\r
-       if (ctmp == 's' || ctmp == 'S') {\r
-               timeout14a = 1000; // slow\r
-               if (!param3InUse && clen == 2 && (ctmp3[1] == 's' || ctmp3[1] == 'S')) {\r
-                       timeout14a = 5000; // very slow\r
-               }\r
-               if (param3InUse && clen == 3 && (ctmp3[2] == 's' || ctmp3[2] == 'S')) {\r
-                       timeout14a = 5000; // very slow\r
-               }\r
-               param3InUse = true;\r
-       }\r
+       param3InUse = transferToEml | createDumpFile | (btimeout14a != MF_CHKKEYS_DEFTIMEOUT);\r
  \r
  \r
+       PrintAndLog("--chk keys. sectors:%2d, block no:%3d, key type:%c, eml:%c, dmp=%c checktimeout=%d us", \r
+                       SectorsCnt, blockNo, keyType?'B':'A', transferToEml?'y':'n', createDumpFile?'y':'n', ((int)btimeout14a * 10000) / 106);\r
+       \r
         for (i = param3InUse; param_getchar(Cmd, 2 + i); i++) {\r
                 if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r
                         if ( stKeyBlock - keycnt < 2) {\r
         for (i = param3InUse; param_getchar(Cmd, 2 + i); i++) {\r
                 if (!param_gethex(Cmd, 2 + i, keyBlock + 6 * keycnt, 12)) {\r
                         if ( stKeyBlock - keycnt < 2) {\r
@@ -1089,7 +1140,7 @@ int CmdHF14AMfChk(const char *Cmd)
  \r
                                         if( buf[0]=='#' ) continue;     //The line start with # is comment, skip\r
  \r
  \r
                                         if( buf[0]=='#' ) continue;     //The line start with # is comment, skip\r
  \r
-                                       if (!isxdigit(buf[0])){\r
+                                       if (!isxdigit((unsigned char)buf[0])){\r
                                                 PrintAndLog("File content error. '%s' must include 12 HEX symbols",buf);\r
                                                 continue;\r
                                         }\r
                                                 PrintAndLog("File content error. '%s' must include 12 HEX symbols",buf);\r
                                                 continue;\r
                                         }\r
@@ -1133,7 +1184,10 @@ int CmdHF14AMfChk(const char *Cmd)
  \r
         // initialize storage for found keys\r
         e_sector = calloc(SectorsCnt, sizeof(sector_t));\r
  \r
         // initialize storage for found keys\r
         e_sector = calloc(SectorsCnt, sizeof(sector_t));\r
-       if (e_sector == NULL) return 1;\r
+       if (e_sector == NULL) {\r
+               free(keyBlock);\r
+               return 1;\r
+       }\r
         for (uint8_t keyAB = 0; keyAB < 2; keyAB++) {\r
                 for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
                         e_sector[sectorNo].Key[keyAB] = 0xffffffffffff;\r
         for (uint8_t keyAB = 0; keyAB < 2; keyAB++) {\r
                 for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
                         e_sector[sectorNo].Key[keyAB] = 0xffffffffffff;\r
@@ -1150,7 +1204,7 @@ int CmdHF14AMfChk(const char *Cmd)
                 for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
  \r
                         uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
                 for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
  \r
                         uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
-                       res = mfCheckKeysSec(SectorsCnt, keyType, timeout14a * 1.06 / 100, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106\r
+                       res = mfCheckKeysSec(SectorsCnt, keyType, btimeout14a, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106\r
  \r
                         if (res != 1) {\r
                                 if (!res) {\r
  \r
                         if (res != 1) {\r
                                 if (!res) {\r
@@ -1632,10 +1686,7 @@ int CmdHF14AMfESet(const char *Cmd)
         }\r
  \r
         //  1 - blocks count\r
         }\r
  \r
         //  1 - blocks count\r
-       UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNo, 1, 0}};\r
-       memcpy(c.d.asBytes, memBlock, 16);\r
-       SendCommand(&c);\r
-       return 0;\r
+       return mfEmlSetMem(memBlock, blockNo, 1);\r
  }\r
  \r
  \r
  }\r
  \r
  \r
@@ -1854,7 +1905,7 @@ int CmdHF14AMfECFill(const char *Cmd)
                 default:   numSectors = 16;\r
         }\r
  \r
                 default:   numSectors = 16;\r
         }\r
  \r
-       printf("--params: numSectors: %d, keyType:%d", numSectors, keyType);\r
+       printf("--params: numSectors: %d, keyType:%d\n", numSectors, keyType);\r
         UsbCommand c = {CMD_MIFARE_EML_CARDLOAD, {numSectors, keyType, 0}};\r
         SendCommand(&c);\r
         return 0;\r
         UsbCommand c = {CMD_MIFARE_EML_CARDLOAD, {numSectors, keyType, 0}};\r
         SendCommand(&c);\r
         return 0;\r
@@ -2235,6 +2286,20 @@ int CmdHF14AMfCGetBlk(const char *Cmd) {
                 }\r
  \r
         PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r
                 }\r
  \r
         PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r
+       \r
+       if (mfIsSectorTrailer(blockNo)) {\r
+               PrintAndLogEx(NORMAL, "Trailer decoded:");\r
+               PrintAndLogEx(NORMAL, "Key A: %s", sprint_hex_inrow(memBlock, 6));\r
+               PrintAndLogEx(NORMAL, "Key B: %s", sprint_hex_inrow(&memBlock[10], 6));\r
+               int bln = mfFirstBlockOfSector(mfSectorNum(blockNo));\r
+               int blinc = (mfNumBlocksPerSector(mfSectorNum(blockNo)) > 4) ? 5 : 1;\r
+               for (int i = 0; i < 4; i++) {\r
+                       PrintAndLogEx(NORMAL, "Access block %d%s: %s", bln, ((blinc > 1) && (i < 3) ? "+" : "") , mfGetAccessConditionsDesc(i, &memBlock[6]));\r
+                       bln += blinc;\r
+               }\r
+               PrintAndLogEx(NORMAL, "UserData: %s", sprint_hex_inrow(&memBlock[9], 1));\r
+       }\r
+       \r
         return 0;\r
  }\r
  \r
         return 0;\r
  }\r
  \r
@@ -2420,6 +2485,7 @@ int CmdHF14AMfSniff(const char *Cmd){
         //var\r
         int res = 0;\r
         int len = 0;\r
         //var\r
         int res = 0;\r
         int len = 0;\r
+       int parlen = 0;\r
         int blockLen = 0;\r
         int pckNum = 0;\r
         int num = 0;\r
         int blockLen = 0;\r
         int pckNum = 0;\r
         int num = 0;\r
@@ -2431,6 +2497,7 @@ int CmdHF14AMfSniff(const char *Cmd){
         uint8_t *buf = NULL;\r
         uint16_t bufsize = 0;\r
         uint8_t *bufPtr = NULL;\r
         uint8_t *buf = NULL;\r
         uint16_t bufsize = 0;\r
         uint8_t *bufPtr = NULL;\r
+       uint8_t parity[16];\r
  \r
         char ctmp = param_getchar(Cmd, 0);\r
         if ( ctmp == 'h' || ctmp == 'H' ) {\r
  \r
         char ctmp = param_getchar(Cmd, 0);\r
         if ( ctmp == 'h' || ctmp == 'H' ) {\r
@@ -2474,14 +2541,13 @@ int CmdHF14AMfSniff(const char *Cmd){
                 }\r
  \r
                 UsbCommand resp;\r
                 }\r
  \r
                 UsbCommand resp;\r
-               if (WaitForResponseTimeout(CMD_ACK,&resp,2000)) {\r
+               if (WaitForResponseTimeoutW(CMD_ACK, &resp, 2000, false)) {\r
                         res = resp.arg[0] & 0xff;\r
                         uint16_t traceLen = resp.arg[1];\r
                         len = resp.arg[2];\r
  \r
                         if (res == 0) {                                                         // we are done\r
                         res = resp.arg[0] & 0xff;\r
                         uint16_t traceLen = resp.arg[1];\r
                         len = resp.arg[2];\r
  \r
                         if (res == 0) {                                                         // we are done\r
-                               free(buf);\r
-                               return 0;\r
+                               break;\r
                         }\r
  \r
                         if (res == 1) {                                                         // there is (more) data to be transferred\r
                         }\r
  \r
                         if (res == 1) {                                                         // there is (more) data to be transferred\r
@@ -2523,6 +2589,7 @@ int CmdHF14AMfSniff(const char *Cmd){
                                         } else {\r
                                                 isTag = false;\r
                                         }\r
                                         } else {\r
                                                 isTag = false;\r
                                         }\r
+                                       parlen = (len - 1) / 8 + 1;\r
                                         bufPtr += 2;\r
                                         if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
                                                 memcpy(uid, bufPtr + 2, 7);\r
                                         bufPtr += 2;\r
                                         if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
                                                 memcpy(uid, bufPtr + 2, 7);\r
@@ -2541,15 +2608,22 @@ int CmdHF14AMfSniff(const char *Cmd){
                                                 if (wantDecrypt)\r
                                                         mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
                                         } else {\r
                                                 if (wantDecrypt)\r
                                                         mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
                                         } else {\r
-                                               PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
+                                               oddparitybuf(bufPtr, len, parity);\r
+                                               PrintAndLog("%s(%d):%s [%s] c[%s]%c", \r
+                                                       isTag ? "TAG":"RDR", \r
+                                                       num, \r
+                                                       sprint_hex(bufPtr, len), \r
+                                                       printBitsPar(bufPtr + len, len), \r
+                                                       printBitsPar(parity, len),\r
+                                                       memcmp(bufPtr + len, parity, len / 8 + 1) ? '!' : ' ');\r
                                                 if (wantLogToFile)\r
                                                         AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
                                                 if (wantDecrypt)\r
                                                 if (wantLogToFile)\r
                                                         AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
                                                 if (wantDecrypt)\r
-                                                       mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
+                                                       mfTraceDecode(bufPtr, len, bufPtr[len], wantSaveToEmlFile);\r
                                                 num++;\r
                                         }\r
                                         bufPtr += len;\r
                                                 num++;\r
                                         }\r
                                         bufPtr += len;\r
-                                       bufPtr += ((len-1)/8+1);        // ignore parity\r
+                                       bufPtr += parlen;       // ignore parity\r
                                 }\r
                                 pckNum = 0;\r
                         }\r
                                 }\r
                                 pckNum = 0;\r
                         }\r
@@ -2557,6 +2631,9 @@ int CmdHF14AMfSniff(const char *Cmd){
         } // while (true)\r
  \r
         free(buf);\r
         } // while (true)\r
  \r
         free(buf);\r
+       \r
+       msleep(300); // wait for exiting arm side.\r
+       PrintAndLog("Done.");\r
         return 0;\r
  }\r
  \r
         return 0;\r
  }\r
  \r
@@ -2568,6 +2645,42 @@ int CmdDecryptTraceCmds(const char *Cmd){
         return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);\r
  }\r
  \r
         return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);\r
  }\r
  \r
+int CmdHF14AMfAuth4(const char *cmd) {\r
+       uint8_t keyn[20] = {0};\r
+       int keynlen = 0;\r
+       uint8_t key[16] = {0};\r
+       int keylen = 0;\r
+\r
+       CLIParserInit("hf mf auth4", \r
+               "Executes AES authentication command in ISO14443-4", \r
+               "Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"\r
+                       "\thf mf auth4 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");\r
+\r
+       void* argtable[] = {\r
+               arg_param_begin,\r
+               arg_str1(NULL,  NULL,     "<Key Num (HEX 2 bytes)>", NULL),\r
+               arg_str1(NULL,  NULL,     "<Key Value (HEX 16 bytes)>", NULL),\r
+               arg_param_end\r
+       };\r
+       CLIExecWithReturn(cmd, argtable, true);\r
+       \r
+       CLIGetHexWithReturn(1, keyn, &keynlen);\r
+       CLIGetHexWithReturn(2, key, &keylen);\r
+       CLIParserFree();\r
+       \r
+       if (keynlen != 2) {\r
+               PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);\r
+               return 1;\r
+       }\r
+       \r
+       if (keylen != 16) {\r
+               PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);\r
+               return 1;\r
+       }\r
+\r
+       return MifareAuth4(NULL, keyn, key, true, false, true);\r
+}\r
+\r
  static command_t CommandTable[] =\r
  {\r
    {"help",             CmdHelp,                 1, "This help"},\r
  static command_t CommandTable[] =\r
  {\r
    {"help",             CmdHelp,                 1, "This help"},\r
@@ -2577,6 +2690,7 @@ static command_t CommandTable[] =
    {"dump",             CmdHF14AMfDump,          0, "Dump MIFARE classic tag to binary file"},\r
    {"restore",                 CmdHF14AMfRestore,       0, "Restore MIFARE classic binary file to BLANK tag"},\r
    {"wrbl",             CmdHF14AMfWrBl,          0, "Write MIFARE classic block"},\r
    {"dump",             CmdHF14AMfDump,          0, "Dump MIFARE classic tag to binary file"},\r
    {"restore",                 CmdHF14AMfRestore,       0, "Restore MIFARE classic binary file to BLANK tag"},\r
    {"wrbl",             CmdHF14AMfWrBl,          0, "Write MIFARE classic block"},\r
+  {"auth4",            CmdHF14AMfAuth4,         0, "ISO14443-4 AES authentication"},\r
    {"chk",              CmdHF14AMfChk,           0, "Test block keys"},\r
    {"mifare",           CmdHF14AMifare,          0, "Read parity error messages."},\r
    {"hardnested",       CmdHF14AMfNestedHard,    0, "Nested attack for hardened Mifare cards"},\r
    {"chk",              CmdHF14AMfChk,           0, "Test block keys"},\r
    {"mifare",           CmdHF14AMifare,          0, "Read parity error messages."},\r
    {"hardnested",       CmdHF14AMfNestedHard,    0, "Nested attack for hardened Mifare cards"},\r
@@ -2603,11 +2717,9 @@ static command_t CommandTable[] =
  \r
  int CmdHFMF(const char *Cmd)\r
  {\r
  \r
  int CmdHFMF(const char *Cmd)\r
  {\r
-       // flush\r
-       WaitForResponseTimeout(CMD_ACK,NULL,100);\r
-\r
-  CmdsParse(CommandTable, Cmd);\r
-  return 0;\r
+       (void)WaitForResponseTimeout(CMD_ACK,NULL,100);\r
+       CmdsParse(CommandTable, Cmd);\r
+       return 0;\r
  }\r
  \r
  int CmdHelp(const char *Cmd)\r
  }\r
  \r
  int CmdHelp(const char *Cmd)\r