]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmfu.c
update license conditions in armsrc/optimized_cipher.[ch] (#554)
[proxmark3-svn] / client / cmdhfmfu.c
index 731ab72f577d3de682883f5cb5521c8076b9e4d9..63c417289567815f5cf6c3967b400780eb21222a 100644 (file)
@@ -7,8 +7,16 @@
 //-----------------------------------------------------------------------------
 // High frequency MIFARE ULTRALIGHT (C) commands
 //-----------------------------------------------------------------------------
-#include "loclass/des.h"
+
 #include "cmdhfmfu.h"
+
+#include <stdint.h>
+#include <stdio.h>
+#include "proxmark3.h"
+#include "usb_cmd.h"
+#include "cmdmain.h"
+#include "ui.h"
+#include "polarssl/des.h"
 #include "cmdhfmf.h"
 #include "cmdhf14a.h"
 #include "mifare.h"
 #include "protocols.h"
 #include "data.h"
 
-#define MAX_UL_BLOCKS     0x0f
-#define MAX_ULC_BLOCKS    0x2b
-#define MAX_ULEV1a_BLOCKS 0x13
-#define MAX_ULEV1b_BLOCKS 0x28
-#define MAX_NTAG_203      0x29
-#define MAX_NTAG_210      0x13
-#define MAX_NTAG_212      0x28
-#define MAX_NTAG_213      0x2c
-#define MAX_NTAG_215      0x86
-#define MAX_NTAG_216      0xe6
+#define MAX_UL_BLOCKS      0x0f
+#define MAX_ULC_BLOCKS     0x2b
+#define MAX_ULEV1a_BLOCKS  0x13
+#define MAX_ULEV1b_BLOCKS  0x28
+#define MAX_NTAG_203       0x29
+#define MAX_NTAG_210       0x13
+#define MAX_NTAG_212       0x28
+#define MAX_NTAG_213       0x2c
+#define MAX_NTAG_215       0x86
+#define MAX_NTAG_216       0xe6
+#define MAX_MY_D_NFC       0xff
+#define MAX_MY_D_MOVE      0x25
+#define MAX_MY_D_MOVE_LEAN 0x0f
 
 #define KEYS_3DES_COUNT 7
 uint8_t default_3des_keys[KEYS_3DES_COUNT][16] = {
@@ -38,7 +49,7 @@ uint8_t default_3des_keys[KEYS_3DES_COUNT][16] = {
                { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF }     // 11 22 33
 };
 
-#define KEYS_PWD_COUNT 10
+#define KEYS_PWD_COUNT 6
 uint8_t default_pwd_pack[KEYS_PWD_COUNT][4] = {
        {0xFF,0xFF,0xFF,0xFF}, // PACK 0x00,0x00 -- factory default
 
@@ -47,24 +58,20 @@ uint8_t default_pwd_pack[KEYS_PWD_COUNT][4] = {
        {0xFF,0x90,0x6C,0xB2}, // PACK 0x12,0x9e -- italian bus (sniffed)       
        {0x46,0x1c,0xA3,0x19}, // PACK 0xE9,0x5A -- italian bus (sniffed)
        {0x35,0x1C,0xD0,0x19}, // PACK 0x9A,0x5a -- italian bus (sniffed)
-
-       {0x05,0x22,0xE6,0xB4}, // PACK 0x80,0x80 -- Amiiboo (sniffed) pikachu-b UID:
-       {0x7E,0x22,0xE6,0xB4}, // PACK 0x80,0x80 -- AMiiboo (sniffed) 
-       {0x02,0xE1,0xEE,0x36}, // PACK 0x80,0x80 -- AMiiboo (sniffed) sonic UID:  04d257 7ae33e8027
-       {0x32,0x0C,0x16,0x17}, // PACK 0x80,0x80 -- AMiiboo (sniffed) 
 };
 
-#define MAX_UL_TYPES 16
-uint16_t UL_TYPES_ARRAY[MAX_UL_TYPES] = {UNKNOWN, UL, UL_C, UL_EV1_48, UL_EV1_128, NTAG, NTAG_203,
-           NTAG_210, NTAG_212, NTAG_213, NTAG_215, NTAG_216, MY_D, MY_D_NFC, MY_D_MOVE, MY_D_MOVE_NFC};
+#define MAX_UL_TYPES 18
+uint32_t UL_TYPES_ARRAY[MAX_UL_TYPES] = {UNKNOWN, UL, UL_C, UL_EV1_48, UL_EV1_128, NTAG, NTAG_203,
+           NTAG_210, NTAG_212, NTAG_213, NTAG_215, NTAG_216, MY_D, MY_D_NFC, MY_D_MOVE, MY_D_MOVE_NFC, MY_D_MOVE_LEAN, FUDAN_UL};
 
 uint8_t UL_MEMORY_ARRAY[MAX_UL_TYPES] = {MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_ULEV1a_BLOCKS,
            MAX_ULEV1b_BLOCKS, MAX_NTAG_203, MAX_NTAG_203, MAX_NTAG_210, MAX_NTAG_212, MAX_NTAG_213,
-           MAX_NTAG_215, MAX_NTAG_216, MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_UL_BLOCKS};
+           MAX_NTAG_215, MAX_NTAG_216, MAX_UL_BLOCKS, MAX_MY_D_NFC, MAX_MY_D_MOVE, MAX_MY_D_MOVE, MAX_MY_D_MOVE_LEAN, MAX_UL_BLOCKS};
 
 
 static int CmdHelp(const char *Cmd);
 
+// get version nxp product type 
 char *getProductTypeStr( uint8_t id){
 
        static char buf[20];
@@ -101,13 +108,7 @@ char *getUlev1CardSizeStr( uint8_t fsize ){
 }
 
 static void ul_switch_on_field(void) {
-       UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
-       clearCommandBuffer();
-       SendCommand(&c);
-}
-
-void ul_switch_off_field(void) {
-       UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
+       UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_NO_RATS, 0, 0}};
        clearCommandBuffer();
        SendCommand(&c);
 }
@@ -152,7 +153,7 @@ static int ul_select( iso14a_card_select_t *card ){
        ans = WaitForResponseTimeout(CMD_ACK, &resp, 1500);
        if (!ans || resp.arg[0] < 1) {
                PrintAndLog("iso14443a card select failed");
-               ul_switch_off_field();
+               DropField();
                return 0;
        }
 
@@ -225,7 +226,7 @@ static int ul_auth_select( iso14a_card_select_t *card, TagTypeUL_t tagtype, bool
 
                if (hasAuthKey) {
                        if (ulev1_requestAuthentication(authenticationkey, pack, packSize) < 1) {
-                               ul_switch_off_field();
+                               DropField();
                                PrintAndLog("Error: Authentication Failed UL-EV1/NTAG");
                                return 0;
                        }
@@ -272,6 +273,38 @@ static int ulev1_readSignature( uint8_t *response, uint16_t responseLength ){
        return len;
 }
 
+
+// Fudan check checks for which error is given for a command with incorrect crc
+// NXP UL chip responds with 01, fudan 00.
+// other possible checks:
+//  send a0 + crc 
+//  UL responds with 00, fudan doesn't respond
+//  or
+//  send a200 + crc
+//  UL doesn't respond, fudan responds with 00
+//  or
+//  send 300000 + crc (read with extra byte(s))
+//  UL responds with read of page 0, fudan doesn't respond.
+//
+// make sure field is off before calling this function
+static int ul_fudan_check( void ){
+       iso14a_card_select_t card;
+       if ( !ul_select(&card) ) 
+               return UL_ERROR;
+
+       UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_NO_DISCONNECT, 4, 0}};
+
+       uint8_t cmd[4] = {0x30,0x00,0x02,0xa7}; //wrong crc on purpose  should be 0xa8
+       memcpy(c.d.asBytes, cmd, 4);
+       clearCommandBuffer();
+       SendCommand(&c);
+       UsbCommand resp;
+       if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) return UL_ERROR;
+       if (resp.arg[0] != 1) return UL_ERROR;
+
+       return (!resp.d.asBytes[0]) ? FUDAN_UL : UL; //if response == 0x00 then Fudan, else Genuine NXP
+}
+
 static int ul_print_default( uint8_t *data){
 
        uint8_t uid[7];
@@ -285,12 +318,12 @@ static int ul_print_default( uint8_t *data){
 
        PrintAndLog("       UID : %s ", sprint_hex(uid, 7));
        PrintAndLog("    UID[0] : %02X, %s",  uid[0], getTagInfo(uid[0]) );
-       if ( uid[0] == 0x05 ) {
+       if ( uid[0] == 0x05 && ((uid[1] & 0xf0) >> 4) == 2 ) { // is infineon and 66RxxP
                uint8_t chip = (data[8] & 0xC7); // 11000111  mask, bit 3,4,5 RFU
                switch (chip){
-                       case 0xc2: PrintAndLog("   IC type : SLE 66R04P"); break;
-                       case 0xc4: PrintAndLog("   IC type : SLE 66R16P"); break;
-                       case 0xc6: PrintAndLog("   IC type : SLE 66R32P"); break;
+                       case 0xc2: PrintAndLog("   IC type : SLE 66R04P 770 Bytes"); break; //77 pages
+                       case 0xc4: PrintAndLog("   IC type : SLE 66R16P 2560 Bytes"); break; //256 pages
+                       case 0xc6: PrintAndLog("   IC type : SLE 66R32P 5120 Bytes"); break; //512 pages /2 sectors
                }
        }
        // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2 
@@ -376,13 +409,17 @@ int ul_print_type(uint32_t tagtype, uint8_t spaces){
        else if ( tagtype & NTAG_I2C_2K )       
                PrintAndLog("%sTYPE : NTAG I%sC 1904bytes (NT3H1201FHK)", spacer, "\xFD");
        else if ( tagtype & MY_D )
-               PrintAndLog("%sTYPE : INFINEON my-d\x99", spacer);
+               PrintAndLog("%sTYPE : INFINEON my-d\x99 (SLE 66RxxS)", spacer);
        else if ( tagtype & MY_D_NFC )
-               PrintAndLog("%sTYPE : INFINEON my-d\x99 NFC", spacer);
+               PrintAndLog("%sTYPE : INFINEON my-d\x99 NFC (SLE 66RxxP)", spacer);
        else if ( tagtype & MY_D_MOVE )
-               PrintAndLog("%sTYPE : INFINEON my-d\x99 move", spacer);
+               PrintAndLog("%sTYPE : INFINEON my-d\x99 move (SLE 66R01P)", spacer);
        else if ( tagtype & MY_D_MOVE_NFC )
-               PrintAndLog("%sTYPE : INFINEON my-d\x99 move NFC", spacer);
+               PrintAndLog("%sTYPE : INFINEON my-d\x99 move NFC (SLE 66R01P)", spacer);
+       else if ( tagtype & MY_D_MOVE_LEAN )
+               PrintAndLog("%sTYPE : INFINEON my-d\x99 move lean (SLE 66R01L)", spacer);
+       else if ( tagtype & FUDAN_UL )
+               PrintAndLog("%sTYPE : FUDAN Ultralight Compatible (or other compatible) %s", spacer, (tagtype & MAGIC) ? "<magic>" : "" );
        else
                PrintAndLog("%sTYPE : Unknown %06x", spacer, tagtype);
        return 0;
@@ -513,7 +550,7 @@ static int ulc_magic_test(){
        } else {
                returnValue = UL;
        }       
-       ul_switch_off_field();
+       DropField();
        return returnValue;
 }
 */
@@ -526,7 +563,7 @@ static int ul_magic_test(){
        if ( !ul_select(&card) ) 
                return UL_ERROR;
        int status = ul_comp_write(0, NULL, 0);
-       ul_switch_off_field();
+       DropField();
        if ( status == 0 ) 
                return MAGIC;
        return 0;
@@ -545,14 +582,14 @@ uint32_t GetHF14AMfU_Type(void){
        // Ultralight - ATQA / SAK 
        if ( card.atqa[1] != 0x00 || card.atqa[0] != 0x44 || card.sak != 0x00 ) {
                PrintAndLog("Tag is not Ultralight | NTAG | MY-D  [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak);
-               ul_switch_off_field();
+               DropField();
                return UL_ERROR;
        }
 
        if ( card.uid[0] != 0x05) {
 
                len  = ulev1_getVersion(version, sizeof(version));
-               ul_switch_off_field();
+               DropField();
 
                switch (len) {
                        case 0x0A: {
@@ -592,7 +629,7 @@ uint32_t GetHF14AMfU_Type(void){
                        // do UL_C check first...
                        uint8_t nonce[11] = {0x00};
                        status = ulc_requestAuthentication(nonce, sizeof(nonce));
-                       ul_switch_off_field();
+                       DropField();
                        if (status > 1) {
                                tagtype = UL_C;
                        } else { 
@@ -613,17 +650,23 @@ uint32_t GetHF14AMfU_Type(void){
                                                tagtype = UNKNOWN;
                                        }
                                }
-                               ul_switch_off_field();
+                               DropField();
                        }
                }
+               if (tagtype & UL) {
+                       tagtype = ul_fudan_check(); 
+                       DropField();
+               }
        } else {
-               ul_switch_off_field();
+               DropField();
                // Infinition MY-D tests   Exam high nibble 
                uint8_t nib = (card.uid[1] & 0xf0) >> 4;
                switch ( nib ){
-                       case 1: tagtype =  MY_D; break;
-                       case 2: tagtype = (MY_D | MY_D_NFC); break; //notice: we can not currently distinguish between these two
-                       case 3: tagtype = (MY_D_MOVE | MY_D_MOVE_NFC); break; //notice: we can not currently distinguish between these two
+                       // case 0: tagtype =  SLE66R35E7; break; //or SLE 66R35E7 - mifare compat... should have different sak/atqa for mf 1k
+                       case 1: tagtype =  MY_D; break; //or SLE 66RxxS ... up to 512 pages of 8 user bytes...
+                       case 2: tagtype = (MY_D_NFC); break; //or SLE 66RxxP ... up to 512 pages of 8 user bytes... (or in nfc mode FF pages of 4 bytes)
+                       case 3: tagtype = (MY_D_MOVE | MY_D_MOVE_NFC); break; //or SLE 66R01P // 38 pages of 4 bytes //notice: we can not currently distinguish between these two
+                       case 7: tagtype =  MY_D_MOVE_LEAN; break; //or SLE 66R01L  // 16 pages of 4 bytes
                }
        }
 
@@ -660,7 +703,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                        return usage_hf_mfu_info();
                case 'k':
                case 'K':
-                       dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+                       dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr));
                        if (dataLen == 32 || dataLen == 8) { //ul-c or ev1/ntag key length
                                errors = param_gethex(tempStr, 0, authenticationkey, dataLen);
                                dataLen /= 2; // handled as bytes from now on
@@ -702,7 +745,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
        // read pages 0,1,2,3 (should read 4pages)
        status = ul_read(0, data, sizeof(data));
        if ( status == -1 ) {
-               ul_switch_off_field();
+               DropField();
                PrintAndLog("Error: tag didn't answer to READ");
                return status;
        } else if (status == 16) {
@@ -720,7 +763,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                status = ul_read(0x28, ulc_conf, sizeof(ulc_conf));
                if ( status == -1 ){
                        PrintAndLog("Error: tag didn't answer to READ UL-C");
-                       ul_switch_off_field();
+                       DropField();
                        return status;
                } 
                if (status == 16) ulc_print_configuration(ulc_conf);
@@ -731,14 +774,14 @@ int CmdHF14AMfUInfo(const char *Cmd){
                        uint8_t ulc_deskey[16] = {0x00};
                        status = ul_read(0x2C, ulc_deskey, sizeof(ulc_deskey));
                        if ( status == -1 ) {
-                               ul_switch_off_field();
+                               DropField();
                                PrintAndLog("Error: tag didn't answer to READ magic");
                                return status;
                        }
                        if (status == 16) ulc_print_3deskey(ulc_deskey);
 
                } else {
-                       ul_switch_off_field();
+                       DropField();
                        // if we called info with key, just return 
                        if ( hasAuthKey ) return 1;
 
@@ -773,7 +816,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                status = ulev1_readSignature( ulev1_signature, sizeof(ulev1_signature));
                if ( status == -1 ) {
                        PrintAndLog("Error: tag didn't answer to READ SIGNATURE");
-                       ul_switch_off_field();
+                       DropField();
                        return status;
                }
                if (status == 32) ulev1_print_signature( ulev1_signature, sizeof(ulev1_signature));
@@ -788,7 +831,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                status  = ulev1_getVersion(version, sizeof(version));
                if ( status == -1 ) {
                        PrintAndLog("Error: tag didn't answer to GETVERSION");
-                       ul_switch_off_field();
+                       DropField();
                        return status;
                } else if (status == 10) {
                        ulev1_print_version(version);
@@ -808,7 +851,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                        status = ul_read(startconfigblock, ulev1_conf, sizeof(ulev1_conf));
                        if ( status == -1 ) {
                                PrintAndLog("Error: tag didn't answer to READ EV1");
-                               ul_switch_off_field();
+                               DropField();
                                return status;
                        } else if (status == 16) {
                                // save AUTHENTICATION LIMITS for later:
@@ -838,7 +881,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
                }
        }
 
-       ul_switch_off_field();
+       DropField();
        if (locked) PrintAndLog("\nTag appears to be locked, try using the key to get more info");
        PrintAndLog("");
        return 1;
@@ -862,10 +905,6 @@ int CmdHF14AMfUWrBl(const char *Cmd){
        uint8_t authenticationkey[16] = {0x00};
        uint8_t *authKeyPtr = authenticationkey;
 
-       // starting with getting tagtype
-       TagTypeUL_t tagtype = GetHF14AMfU_Type();
-       if (tagtype == UL_ERROR) return -1;
-
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
                switch(param_getchar(Cmd, cmdp))
@@ -897,21 +936,10 @@ int CmdHF14AMfUWrBl(const char *Cmd){
                        case 'b':
                        case 'B':
                                blockNo = param_get8(Cmd, cmdp+1);
-                               
-                               uint8_t maxblockno = 0;
-                               for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){
-                                       if (tagtype & UL_TYPES_ARRAY[idx])
-                                               maxblockno = UL_MEMORY_ARRAY[idx];
-                               }
-               
                                if (blockNo < 0) {
                                        PrintAndLog("Wrong block number");
                                        errors = true;
                                }
-                               if (blockNo > maxblockno){
-                                       PrintAndLog("block number too large. Max block is %u/0x%02X \n", maxblockno,maxblockno);
-                                       errors = true;
-                               }
                                cmdp += 2;
                                break;
                        case 'l':
@@ -938,6 +966,19 @@ int CmdHF14AMfUWrBl(const char *Cmd){
        }
 
        if ( blockNo == -1 ) return usage_hf_mfu_wrbl();
+       // starting with getting tagtype
+       TagTypeUL_t tagtype = GetHF14AMfU_Type();
+       if (tagtype == UL_ERROR) return -1;
+
+       uint8_t maxblockno = 0;
+       for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){
+               if (tagtype & UL_TYPES_ARRAY[idx])
+                       maxblockno = UL_MEMORY_ARRAY[idx];
+       }
+       if (blockNo > maxblockno){
+               PrintAndLog("block number too large. Max block is %u/0x%02X \n", maxblockno,maxblockno);
+               return usage_hf_mfu_wrbl();
+       }
 
        // Swap endianness 
        if (swapEndian && hasAuthKey) authKeyPtr = SwapEndian64(authenticationkey, 16, 8);
@@ -989,10 +1030,6 @@ int CmdHF14AMfURdBl(const char *Cmd){
        uint8_t authenticationkey[16] = {0x00};
        uint8_t *authKeyPtr = authenticationkey;
 
-       // starting with getting tagtype
-       TagTypeUL_t tagtype = GetHF14AMfU_Type();
-       if (tagtype == UL_ERROR) return -1;
-
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
                switch(param_getchar(Cmd, cmdp))
@@ -1024,21 +1061,10 @@ int CmdHF14AMfURdBl(const char *Cmd){
                        case 'b':
                        case 'B':
                                blockNo = param_get8(Cmd, cmdp+1);
-
-                               uint8_t maxblockno = 0;
-                               for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){
-                                       if (tagtype & UL_TYPES_ARRAY[idx])
-                                               maxblockno = UL_MEMORY_ARRAY[idx];
-                               }
-
                                if (blockNo < 0) {
                                        PrintAndLog("Wrong block number");
                                        errors = true;
                                }
-                               if (blockNo > maxblockno){
-                                       PrintAndLog("block number to large. Max block is %u/0x%02X \n", maxblockno,maxblockno);
-                                       errors = true;
-                               }
                                cmdp += 2;
                                break;
                        case 'l':
@@ -1056,6 +1082,19 @@ int CmdHF14AMfURdBl(const char *Cmd){
        }
 
        if ( blockNo == -1 ) return usage_hf_mfu_rdbl();
+       // start with getting tagtype
+       TagTypeUL_t tagtype = GetHF14AMfU_Type();
+       if (tagtype == UL_ERROR) return -1;
+
+       uint8_t maxblockno = 0;
+       for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){
+               if (tagtype & UL_TYPES_ARRAY[idx])
+                       maxblockno = UL_MEMORY_ARRAY[idx];
+       }
+       if (blockNo > maxblockno){
+               PrintAndLog("block number to large. Max block is %u/0x%02X \n", maxblockno,maxblockno);
+               return usage_hf_mfu_rdbl();
+       }
 
        // Swap endianness 
        if (swapEndian && hasAuthKey) authKeyPtr = SwapEndian64(authenticationkey, 16, 8);
@@ -1079,9 +1118,9 @@ int CmdHF14AMfURdBl(const char *Cmd){
                uint8_t isOK = resp.arg[0] & 0xff;
                if (isOK) {
                        uint8_t *data = resp.d.asBytes;
-                       PrintAndLog("\nBlock#  | Data        | Ascii");
-                       PrintAndLog("-----------------------------");
-                       PrintAndLog("%02d/0x%02X | %s| %.4s\n", blockNo, blockNo, sprint_hex(data, 4), data);
+                       PrintAndLog("\n Block#  | Data        | Ascii");
+                       PrintAndLog("---------+-------------+------");
+                       PrintAndLog(" %02d/0x%02X | %s| %.4s\n", blockNo, blockNo, sprint_hex(data, 4), data);
                }
                else {
                        PrintAndLog("Failed reading block: (%02x)", isOK);
@@ -1188,6 +1227,7 @@ int CmdHF14AMfUDump(const char *Cmd){
        bool manualPages = false;
        uint8_t startPage = 0;
        char tempStr[50];
+       unsigned char cleanASCII[4];
 
        while(param_getchar(Cmd, cmdp) != 0x00)
        {
@@ -1198,7 +1238,7 @@ int CmdHF14AMfUDump(const char *Cmd){
                        return usage_hf_mfu_dump();
                case 'k':
                case 'K':
-                       dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+                       dataLen = param_getstr(Cmd, cmdp+1, tempStr, sizeof(tempStr));
                        if (dataLen == 32 || dataLen == 8) { //ul-c or ev1/ntag key length
                                errors = param_gethex(tempStr, 0, authenticationkey, dataLen);
                                dataLen /= 2;
@@ -1216,7 +1256,7 @@ int CmdHF14AMfUDump(const char *Cmd){
                        break;
                case 'n':
                case 'N':
-                       fileNlen = param_getstr(Cmd, cmdp+1, filename);
+                       fileNlen = param_getstr(Cmd, cmdp+1, filename, sizeof(filename));
                        if (!fileNlen) errors = true; 
                        if (fileNlen > FILE_PATH_SIZE-5) fileNlen = FILE_PATH_SIZE-5;
                        cmdp += 2;
@@ -1326,11 +1366,11 @@ int CmdHF14AMfUDump(const char *Cmd){
                }
        }
 
-       PrintAndLog("\nBlock#  | Data        |lck| Ascii");
-       PrintAndLog("---------------------------------");
+       PrintAndLog("\n Block#  | Data        |lck| Ascii");
+       PrintAndLog("---------+-------------+---+------");
        for (i = 0; i < Pages; ++i) {
                if ( i < 3 ) {
-                       PrintAndLog("%02d/0x%02X | %s|   | ", i+startPage, i+startPage, sprint_hex(data + i * 4, 4));
+                       PrintAndLog("%3d/0x%02X | %s|   | ", i+startPage, i+startPage, sprint_hex(data + i * 4, 4));
                        continue;
                }
                switch(i){
@@ -1377,7 +1417,12 @@ int CmdHF14AMfUDump(const char *Cmd){
                        case 43: tmplockbit = bit2[9]; break;  //auth1
                        default: break;
                }
-               PrintAndLog("%02d/0x%02X | %s| %d | %.4s", i+startPage, i+startPage, sprint_hex(data + i * 4, 4), tmplockbit, data+i*4);
+
+               // convert unprintable characters and line breaks to dots
+               memcpy(cleanASCII, data+i*4, 4);
+               clean_ascii(cleanASCII, 4);
+
+               PrintAndLog("%3d/0x%02X | %s| %d | %.4s", i+startPage, i+startPage, sprint_hex(data + i * 4, 4), tmplockbit, cleanASCII);
        }
        PrintAndLog("---------------------------------");
 
@@ -1418,7 +1463,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
        //Change key to user defined one
        if (cmdp == 'k' || cmdp == 'K'){
                keyNo = param_get8(Cmd, 1);
-               if(keyNo > KEYS_3DES_COUNT) 
+               if(keyNo > KEYS_3DES_COUNT-1
                        errors = true;
        }
 
Impressum, Datenschutz