//-----------------------------------------------------------------------------\r
// High frequency MIFARE commands\r
//-----------------------------------------------------------------------------\r
-\r
+#include "../include/mifare.h"\r
#include "cmdhfmf.h"\r
\r
static int CmdHelp(const char *Cmd);\r
return 0;\r
}\r
\r
+/* dublett finns i CMDHFMFU.C \r
int CmdHF14AMfUWrBl(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
}\r
return 0;\r
}\r
-\r
-\r
+*/\r
int CmdHF14AMfRdBl(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
return 0;\r
}\r
\r
+/* dublett finns i CMDHFMFU.C \r
int CmdHF14AMfURdBl(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
\r
return 0;\r
}\r
+*/\r
\r
-\r
+/* dublett finns i CMDHFMFU.C \r
int CmdHF14AMfURdCard(const char *Cmd)\r
{\r
int i;\r
}\r
return 0;\r
}\r
-\r
+*/\r
\r
int CmdHF14AMfRdSc(const char *Cmd)\r
{\r
\r
UsbCommand resp;\r
\r
+ int size = GetCardSize(); \r
char cmdp = param_getchar(Cmd, 0);\r
+ \r
+ \r
+\r
+ if ( size > -1) \r
+ cmdp = (char)(48+size);\r
+\r
+ PrintAndLog("Got %d",cmdp);\r
+ \r
switch (cmdp) {\r
case '0' : numSectors = 5; break;\r
case '1' : \r
return 1;\r
}\r
\r
- // Read key file\r
-\r
+ // Read keys A from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
}\r
}\r
\r
+ // Read keys B from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
}\r
}\r
\r
- // Read access rights to sectors\r
-\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
}\r
}\r
\r
- // Read blocks and print to file\r
- \r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|----- Dumping all blocks to file... -----|");\r
PrintAndLog("|-----------------------------------------|");\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
bool received = false;\r
+ \r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
isOK = false;\r
- PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
+ PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);\r
} else { // key A would work\r
- UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
- memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- SendCommand(&c);\r
- received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
+ UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
+ memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+ SendCommand(&c);\r
+ received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
}\r
}\r
\r
break;\r
}\r
}\r
-\r
}\r
\r
if (isOK) {\r
fclose(fout);\r
PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks);\r
}\r
- \r
+ \r
fclose(fin);\r
return 0;\r
}\r
uint8_t trgKeyType = 0;\r
uint8_t SectorsCnt = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
- uint8_t keyBlock[6*6];\r
+ uint8_t keyBlock[13*6];\r
uint64_t key64 = 0;\r
bool transferToEml = false;\r
\r
cmdp = param_getchar(Cmd, 0);\r
blockNo = param_get8(Cmd, 1);\r
ctmp = param_getchar(Cmd, 2);\r
+ \r
if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {\r
PrintAndLog("Key type must be A or B");\r
return 1;\r
}\r
- if (ctmp != 'A' && ctmp != 'a') keyType = 1;\r
+ \r
+ if (ctmp != 'A' && ctmp != 'a') \r
+ keyType = 1;\r
+ \r
if (param_gethex(Cmd, 3, key, 12)) {\r
PrintAndLog("Key must include 12 HEX symbols");\r
return 1;\r
PrintAndLog("Target key type must be A or B");\r
return 1;\r
}\r
- if (ctmp != 'A' && ctmp != 'a') trgKeyType = 1;\r
+ if (ctmp != 'A' && ctmp != 'a') \r
+ trgKeyType = 1;\r
} else {\r
+ \r
+ \r
+ \r
switch (cmdp) {\r
case '0': SectorsCnt = 05; break;\r
case '1': SectorsCnt = 16; break;\r
num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 3 * 6));\r
num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 4 * 6));\r
num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 5 * 6));\r
+ num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 6 * 6));\r
+ num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 7 * 6));\r
+ num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 8 * 6));\r
+ num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 9 * 6));\r
+ num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 10 * 6));\r
+ num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 11 * 6));\r
+ num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 12 * 6));\r
+ num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 13 * 6));\r
\r
PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);\r
for (i = 0; i < SectorsCnt; i++) {\r
\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
+ if (strlen(Cmd)<3) {\r
+ PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
+ PrintAndLog(" * - all sectors");\r
+ PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
+ PrintAndLog("d - write keys to binary file\n");\r
+ PrintAndLog("t - write keys to emulator memory");\r
+ PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r
+ PrintAndLog(" hf mf chk *1 ? t");\r
+ PrintAndLog(" hf mf chk *1 ? d");\r
+ return 0;\r
+ }\r
+ \r
FILE * f;\r
char filename[256]={0};\r
char buf[13];\r
num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
}\r
\r
- if (strlen(Cmd)<3) {\r
- PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t] [<key (12 hex symbols)>] [<dic (*.dic)>]");\r
- PrintAndLog(" * - all sectors");\r
- PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");\r
- PrintAndLog("d - write keys to binary file\n");\r
- PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");\r
- PrintAndLog(" hf mf chk *1 ? t");\r
- return 0;\r
- } \r
- \r
if (param_getchar(Cmd, 0)=='*') {\r
blockNo = 3;\r
switch(param_getchar(Cmd+1, 0)) {\r
PrintAndLog("No key specified, trying default keys");\r
for (;keycnt < defaultKeysSize; keycnt++)\r
PrintAndLog("chk default key[%2d] %02x%02x%02x%02x%02x%02x", keycnt,\r
- (keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r
- (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r
+ (keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],\r
+ (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);\r
}\r
\r
// initialize storage for found keys\r
for (uint16_t t = 0; t < 2; t++) {\r
if (validKey[t][sectorNo]) {\r
memcpy(block + t*10, foundKey[t][sectorNo], 6);\r
- }\r
- }\r
+ }\r
+ }\r
mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
}\r
}\r
PrintAndLog("Found keys have been transferred to the emulator memory");\r
- }\r
+ }\r
\r
if (createDumpFile) {\r
FILE *fkeys = fopen("dumpkeys.bin","wb");\r
PrintAndLog("Could not create file dumpkeys.bin");\r
free(keyBlock);\r
return 1;\r
- }\r
+ }\r
for (uint16_t t = 0; t < 2; t++) {\r
fwrite(foundKey[t], 1, 6*SectorsCnt, fkeys);\r
}\r
\r
free(keyBlock);\r
\r
- return 0;\r
+ return 0;\r
}\r
\r
\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEGet(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCSetBlk(const char *Cmd)\r
{\r
uint8_t uid[8];\r
}\r
fclose(f);\r
\r
- if (blockNum != 16 * 4){\r
+ if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){\r
PrintAndLog("File content error. There must be 64 blocks");\r
return 4;\r
}\r
}\r
}\r
\r
-\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
uint8_t memBlock[16];\r
uint8_t blockNo = 0;\r
FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
AddLogCurrentDT(logHexFileName);\r
} \r
- if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+ if (wantDecrypt) \r
+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
} else {\r
PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
- if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
- if (wantDecrypt) mfTraceDecode(bufPtr, len, parity, wantSaveToEmlFile);\r
+ if (wantLogToFile) \r
+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+ if (wantDecrypt) \r
+ mfTraceDecode(bufPtr, len, parity, wantSaveToEmlFile);\r
}\r
bufPtr += len;\r
num++;\r
}\r
}\r
- } // resp not NILL\r
+ } // resp not NULL\r
} // while (true)\r
\r
return 0;\r
}\r
\r
+// Tries to identify cardsize.\r
+// Returns <num> where num is:\r
+// -1 unidentified\r
+// 0 - MINI (320bytes)\r
+// 1 - 1K\r
+// 2 - 2K\r
+// 4 - 4K\r
+int GetCardSize()\r
+{\r
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ WaitForResponse(CMD_ACK,&resp);\r
+\r
+ if(resp.arg[0] == 0) {\r
+ PrintAndLog("iso14443a card select failed");\r
+ return -1;\r
+ }\r
+ \r
+ iso14a_card_select_t *card = (iso14a_card_select_t *)resp.d.asBytes;\r
+\r
+ PrintAndLog("Trying to detect card size.");\r
+ \r
+ uint16_t atqa = 0;\r
+ uint8_t sak = 0;\r
+ atqa = (card->atqa[1] & 0xff) << 8;\r
+ atqa += card->atqa[0] & 0xff;\r
+ sak = card->sak;\r
+ \r
+ // https://code.google.com/p/libnfc/source/browse/libnfc/target-subr.c\r
+ \r
+ PrintAndLog("found ATAQ: %04X SAK: %02X", atqa, sak);\r
+ \r
+ \r
+ // NXP MIFARE Mini 0.3k\r
+ if ( ( (atqa & 0xff0f) == 0x0004) && (sak == 0x09) ) return 0;\r
+ \r
+ // MIFARE Classic 1K\r
+ if ( ((atqa & 0xff0f) == 0x0004) && (sak == 0x08) ) return 1;\r
+ \r
+ // MIFARE Classik 4K\r
+ if ( ((atqa & 0xff0f) == 0x0002) && (sak == 0x18) ) return 4;\r
+ \r
+ // SmartMX with MIFARE 1K emulation \r
+ if ( ((atqa & 0xf0ff) == 0x0004) ) return 1;\r
+\r
+ // SmartMX with MIFARE 4K emulation \r
+ if ( ((atqa & 0xf0ff) == 0x0002) ) return 4; \r
+ \r
+ // Infineon MIFARE CLASSIC 1K\r
+ if ( ((atqa & 0xffff) == 0x0004) && (sak == 0x88) ) return 1;\r
+ \r
+ // MFC 4K emulated by Nokia 6212 Classic\r
+ if ( ((atqa & 0xffff) == 0x0002) && (sak == 0x38) ) return 4;\r
+\r
+ // MFC 4K emulated by Nokia 6131 NFC\r
+ if ( ((atqa & 0xffff) == 0x0008) && (sak == 0x38) ) return 4;\r
+\r
+ \r
+ PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f));\r
+ \r
+ // MIFARE Plus (4 Byte UID or 4 Byte RID)\r
+ // MIFARE Plus (7 Byte UID)\r
+ if (\r
+ ((atqa & 0xffff) == 0x0002) |\r
+ ((atqa & 0xffff) == 0x0004) |\r
+ ((atqa & 0xffff) == 0x0042) | \r
+ ((atqa & 0xffff) == 0x0044) \r
+ )\r
+ {\r
+ switch(sak){\r
+ case 0x08:\r
+ case 0x10: {\r
+ //case 0x20:\r
+ PrintAndLog("2");\r
+ return 2;\r
+ break;\r
+ }\r
+ case 0x11:\r
+ case 0x18:{\r
+ //case 0x20:\r
+ PrintAndLog("4");\r
+ return 4;\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ \r
+ return -1;\r
+}\r
+\r
+\r
+\r
+\r
static command_t CommandTable[] =\r
{\r
{"help", CmdHelp, 1, "This help"},\r
{"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},\r
{"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},\r
- {"urdbl", CmdHF14AMfURdBl, 0, "Read MIFARE Ultralight block"},\r
- {"urdcard", CmdHF14AMfURdCard, 0,"Read MIFARE Ultralight Card"},\r
- {"uwrbl", CmdHF14AMfUWrBl, 0,"Write MIFARE Ultralight block"},\r
+ //{"urdbl", CmdHF14AMfURdBl, 0, "Read MIFARE Ultralight block"},\r
+ //{"urdcard", CmdHF14AMfURdCard, 0,"Read MIFARE Ultralight Card"},\r
+ //{"uwrbl", CmdHF14AMfUWrBl, 0,"Write MIFARE Ultralight block"},\r
{"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},\r
{"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},\r
{"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},\r