]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmf.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix.
[proxmark3-svn] / client / cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index f486fc2540ba16377439530ac7ef03a1856abc4d..e41afb6ad2544cfcdc7a56fc4fdfbcc37f0cbbf7 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -9,6 +9,7 @@
 //-----------------------------------------------------------------------------\r
 \r
 #include "cmdhfmf.h"\r
+#include "nonce2key/nonce2key.h"\r
 \r
 static int CmdHelp(const char *Cmd);\r
 \r
@@ -17,15 +18,14 @@ int CmdHF14AMifare(const char *Cmd)
        uint32_t uid = 0;\r
        uint32_t nt = 0, nr = 0;\r
        uint64_t par_list = 0, ks_list = 0, r_key = 0;\r
-       uint8_t isOK = 0;\r
-       uint8_t keyBlock[8] = {0};\r
+       int16_t isOK = 0;\r
 \r
        UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};\r
 \r
        // message\r
        printf("-------------------------------------------------------------------------\n");\r
        printf("Executing command. Expected execution time: 25sec on average  :-)\n");\r
-       printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
+       printf("Press button on the proxmark3 device to abort both proxmark3 and client.\n");\r
        printf("-------------------------------------------------------------------------\n");\r
 \r
        \r
@@ -34,7 +34,7 @@ start:
     SendCommand(&c);\r
        \r
        //flush queue\r
-       while (ukbhit())        getchar();\r
+       while (ukbhit()) getchar();\r
 \r
        // wait cycle\r
        while (true) {\r
@@ -48,14 +48,21 @@ start:
                \r
                UsbCommand resp;\r
                if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {\r
-                       isOK  = resp.arg[0] & 0xff;\r
+                       isOK  = resp.arg[0];\r
                        uid = (uint32_t)bytes_to_num(resp.d.asBytes +  0, 4);\r
                        nt =  (uint32_t)bytes_to_num(resp.d.asBytes +  4, 4);\r
                        par_list = bytes_to_num(resp.d.asBytes +  8, 8);\r
                        ks_list = bytes_to_num(resp.d.asBytes +  16, 8);\r
                        nr = bytes_to_num(resp.d.asBytes + 24, 4);\r
                        printf("\n\n");\r
-                       if (!isOK) PrintAndLog("Proxmark can't get statistic info. Execution aborted.\n");\r
+                       switch (isOK) {\r
+                               case -1 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+                               case -2 : PrintAndLog("Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests).\n"); break;\r
+                               case -3 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator is not predictable).\n"); break;\r
+                               case -4 : PrintAndLog("Card is not vulnerable to Darkside attack (its random number generator seems to be based on the wellknown");\r
+                                                       PrintAndLog("generating polynomial with 16 effective bits only, but shows unexpected behaviour.\n"); break;\r
+                               default: ;\r
+                       }\r
                        break;\r
                }\r
        }       \r
@@ -69,22 +76,13 @@ start:
        if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) {\r
                isOK = 2;\r
                PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt);    \r
-       } else {\r
-               printf("------------------------------------------------------------------\n");\r
-               PrintAndLog("Key found:%012"llx" \n", r_key);\r
-\r
-               num_to_bytes(r_key, 6, keyBlock);\r
-               isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
-       }\r
-       \r
-       if (!isOK) \r
-               PrintAndLog("Found valid key:%012"llx, r_key);\r
-       else\r
-       {\r
-               if (isOK != 2) PrintAndLog("Found invalid key. ");      \r
                PrintAndLog("Failing is expected to happen in 25%% of all cases. Trying again with a different reader nonce...");\r
                c.arg[0] = false;\r
                goto start;\r
+       } else {\r
+               isOK = 0;\r
+               printf("------------------------------------------------------------------\n");\r
+               PrintAndLog("Found valid key: %012"llx" \n", r_key);\r
        }\r
        \r
        PrintAndLog("");\r
@@ -124,10 +122,11 @@ int CmdHF14AMfWrBl(const char *Cmd)
        PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
        PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
        \r
-  UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+       UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
        memcpy(c.d.asBytes, key, 6);\r
        memcpy(c.d.asBytes + 10, bldata, 16);\r
-  SendCommand(&c);\r
+       clearCommandBuffer();\r
+       SendCommand(&c);\r
 \r
        UsbCommand resp;\r
        if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -168,9 +167,10 @@ int CmdHF14AMfRdBl(const char *Cmd)
        }\r
        PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
        \r
-  UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+       UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
        memcpy(c.d.asBytes, key, 6);\r
-  SendCommand(&c);\r
+       clearCommandBuffer();\r
+       SendCommand(&c);\r
 \r
        UsbCommand resp;\r
        if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -223,6 +223,7 @@ int CmdHF14AMfRdSc(const char *Cmd)
        \r
        UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r
        memcpy(c.d.asBytes, key, 6);\r
+       clearCommandBuffer();\r
        SendCommand(&c);\r
        PrintAndLog(" ");\r
 \r
@@ -329,6 +330,7 @@ int CmdHF14AMfDump(const char *Cmd)
        for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
                UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
                memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+               clearCommandBuffer();\r
                SendCommand(&c);\r
 \r
                if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -363,6 +365,7 @@ int CmdHF14AMfDump(const char *Cmd)
                        if (blockNo == NumBlocksPerSector(sectorNo) - 1) {              // sector trailer. At least the Access Conditions can always be read with key A. \r
                                UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
                                memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+                               clearCommandBuffer();\r
                                SendCommand(&c);\r
                                received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
                        } else {                                                                                                // data block. Check if it can be read with key A or key B\r
@@ -378,6 +381,7 @@ int CmdHF14AMfDump(const char *Cmd)
                                } else {                                                                                                                                                                // key A would work\r
                                        UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
                                        memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
+                                       clearCommandBuffer();\r
                                        SendCommand(&c);\r
                                        received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
                                }\r
@@ -470,7 +474,6 @@ int CmdHF14AMfRestore(const char *Cmd)
        for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
                if (fread(keyA[sectorNo], 1, 6, fkeys) == 0) {\r
                        PrintAndLog("File reading error (dumpkeys.bin).");\r
-\r
                        fclose(fkeys);\r
                        return 2;\r
                }\r
@@ -521,6 +524,7 @@ int CmdHF14AMfRestore(const char *Cmd)
                        PrintAndLog("Writing to block %3d: %s", FirstBlockOfSector(sectorNo) + blockNo, sprint_hex(bldata, 16));\r
                        \r
                        memcpy(c.d.asBytes + 10, bldata, 16);\r
+                       clearCommandBuffer();\r
                        SendCommand(&c);\r
 \r
                        UsbCommand resp;\r
@@ -622,8 +626,14 @@ int CmdHF14AMfNested(const char *Cmd)
        \r
        if (cmdp == 'o') {\r
                PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A');\r
-               if (mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true)) {\r
-                       PrintAndLog("Nested error.");\r
+               int16_t isOK = mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true);\r
+               if (isOK) {\r
+                       switch (isOK) {\r
+                               case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+                               case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+                               case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
+                               default : PrintAndLog("Unknown Error.\n");\r
+                       }\r
                        return 2;\r
                }\r
                key64 = bytes_to_num(keyBlock, 6);\r
@@ -678,7 +688,7 @@ int CmdHF14AMfNested(const char *Cmd)
                        for (j = 0; j < 2; j++) {\r
                                if (e_sector[i].foundKey[j]) continue;\r
                                \r
-                               res = mfCheckKeys(FirstBlockOfSector(i), j, 6, keyBlock, &key64);\r
+                               res = mfCheckKeys(FirstBlockOfSector(i), j, true, 6, keyBlock, &key64);\r
                                \r
                                if (!res) {\r
                                        e_sector[i].Key[j] = key64;\r
@@ -696,11 +706,17 @@ int CmdHF14AMfNested(const char *Cmd)
                                for (trgKeyType = 0; trgKeyType < 2; trgKeyType++) { \r
                                        if (e_sector[sectorNo].foundKey[trgKeyType]) continue;\r
                                        PrintAndLog("-----------------------------------------------");\r
-                                       if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {\r
-                                               PrintAndLog("Nested error.\n");\r
+                                       int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);\r
+                                       if(isOK) {\r
+                                               switch (isOK) {\r
+                                                       case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
+                                                       case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
+                                                       case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
+                                                       default : PrintAndLog("Unknown Error.\n");\r
+                                               }\r
                                                free(e_sector);\r
-                                               return 2;                                       }\r
-                                       else {\r
+                                               return 2;\r
+                                       else {\r
                                                calibrate = false;\r
                                        }\r
                                        \r
@@ -956,7 +972,7 @@ int CmdHF14AMfChk(const char *Cmd)
                        uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt;\r
                        for (uint32_t c = 0; c < keycnt; c+=max_keys) {\r
                                uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c;\r
-                               res = mfCheckKeys(b, t, size, &keyBlock[6*c], &key64);\r
+                               res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64);\r
                                if (res != 1) {\r
                                        if (!res) {\r
                                                PrintAndLog("Found valid key:[%012"llx"]",key64);\r
@@ -1011,9 +1027,9 @@ int CmdHF14AMf1kSim(const char *Cmd)
        uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
        uint8_t exitAfterNReads = 0;\r
        uint8_t flags = 0;\r
-\r
-       uint8_t cmdp = param_getchar(Cmd, 0);\r
        \r
+       uint8_t cmdp = param_getchar(Cmd, 0);\r
+\r
        if (cmdp == 'h' || cmdp == 'H') {\r
                PrintAndLog("Usage:  hf mf sim  u <uid (8 hex symbols)> n <numreads> i x");\r
                PrintAndLog("           h    this help");\r
@@ -1060,18 +1076,46 @@ int CmdHF14AMf1kSim(const char *Cmd)
 \r
        UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};\r
        memcpy(c.d.asBytes, uid, sizeof(uid));\r
+       clearCommandBuffer();\r
        SendCommand(&c);\r
 \r
        if(flags & FLAG_INTERACTIVE)\r
-       {\r
-               UsbCommand resp;\r
+       {               \r
                PrintAndLog("Press pm3-button to abort simulation");\r
-               while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
-                       //We're waiting only 1.5 s at a time, otherwise we get the\r
-                       // annoying message about "Waiting for a response... "\r
+               \r
+               uint8_t data[40];\r
+               uint8_t key[6];\r
+\r
+               UsbCommand resp;                \r
+               while(!ukbhit() ){\r
+                       if ( WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {\r
+                               if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){\r
+                                       memset(data, 0x00, sizeof(data));\r
+                                       memset(key, 0x00, sizeof(key));\r
+                                       int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];\r
+                                       \r
+                                       memcpy(data, resp.d.asBytes, len);\r
+                                       \r
+                                       uint64_t corr_uid = 0;\r
+                                       if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) {\r
+                                               corr_uid = (data[3] << 24) | (data[2] << 16) | (data[1] << 8) | data[0];\r
+                                       }\r
+                                       else {\r
+                                               corr_uid |= (uint64_t)data[2] << 48; \r
+                                               corr_uid |= (uint64_t)data[1] << 40; \r
+                                               corr_uid |= (uint64_t)data[0] << 32;\r
+                                               corr_uid |= data[7] << 24;\r
+                                               corr_uid |= data[6] << 16;\r
+                                               corr_uid |= data[5] << 8;\r
+                                               corr_uid |= data[4];\r
+                                       }\r
+                                       tryMfk32(corr_uid, data, key);\r
+                                       //tryMfk64(corr_uid, data, key);\r
+                                       PrintAndLog("--");\r
+                               }\r
+                       }\r
                }\r
        }\r
-       \r
        return 0;\r
 }\r
 \r
@@ -1093,10 +1137,10 @@ int CmdHF14AMfDbg(const char *Cmd)
                return 0;\r
        }       \r
 \r
-  UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r
-  SendCommand(&c);\r
+       UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r
+       SendCommand(&c);\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 int CmdHF14AMfEGet(const char *Cmd)\r
@@ -1130,12 +1174,11 @@ int CmdHF14AMfEClear(const char *Cmd)
                return 0;\r
        }       \r
 \r
-  UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r
-  SendCommand(&c);\r
-  return 0;\r
+       UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r
+       SendCommand(&c);\r
+       return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfESet(const char *Cmd)\r
 {\r
        uint8_t memBlock[16];\r
@@ -1163,7 +1206,6 @@ int CmdHF14AMfESet(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfELoad(const char *Cmd)\r
 {\r
        FILE * f;\r
@@ -1173,13 +1215,13 @@ int CmdHF14AMfELoad(const char *Cmd)
        uint8_t buf8[64] = {0x00};\r
        int i, len, blockNum, numBlocks;\r
        int nameParamNo = 1;\r
-       \r
+       uint8_t blockWidth = 32;\r
        char ctmp = param_getchar(Cmd, 0);\r
                \r
-       if ( ctmp == 'h' || ctmp == 0x00) {\r
+       if ( ctmp == 'h' || ctmp == 'H' || ctmp == 0x00) {\r
                PrintAndLog("It loads emul dump from the file `filename.eml`");\r
                PrintAndLog("Usage:  hf mf eload [card memory] <file name w/o `.eml`>");\r
-               PrintAndLog("  [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
+               PrintAndLog("  [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL");\r
                PrintAndLog("");\r
                PrintAndLog(" sample: hf mf eload filename");\r
                PrintAndLog("         hf mf eload 4 filename");\r
@@ -1192,6 +1234,8 @@ int CmdHF14AMfELoad(const char *Cmd)
                case '\0': numBlocks = 16*4; break;\r
                case '2' : numBlocks = 32*4; break;\r
                case '4' : numBlocks = 256; break;\r
+               case 'U' : // fall through  ,  NTAG 215 has 135blocks a 540 bytes.\r
+               case 'u' : numBlocks = 135; blockWidth = 8; break;\r
                default:  {\r
                        numBlocks = 16*4;\r
                        nameParamNo = 0;\r
@@ -1200,7 +1244,7 @@ int CmdHF14AMfELoad(const char *Cmd)
 \r
        len = param_getstr(Cmd,nameParamNo,filename);\r
        \r
-       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
+       if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
 \r
        fnameptr += len;\r
 \r
@@ -1226,19 +1270,18 @@ int CmdHF14AMfELoad(const char *Cmd)
                        return 2;\r
                }\r
                \r
-               if (strlen(buf) < 32){\r
+               if (strlen(buf) < blockWidth){\r
                        if(strlen(buf) && feof(f))\r
                                break;\r
-                       PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
+                       PrintAndLog("File content error. Block data must include %d HEX symbols", blockWidth);\r
                        fclose(f);\r
                        return 2;\r
                }\r
                \r
-               for (i = 0; i < 32; i += 2) {\r
+               for (i = 0; i < blockWidth; i += 2) {\r
                        sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
                }\r
-               \r
-               if (mfEmlSetMem(buf8, blockNum, 1)) {\r
+               if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) {\r
                        PrintAndLog("Cant set emul block: %3d", blockNum);\r
                        fclose(f);\r
                        return 3;\r
@@ -1259,7 +1302,6 @@ int CmdHF14AMfELoad(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfESave(const char *Cmd)\r
 {\r
        FILE * f;\r
@@ -1299,19 +1341,19 @@ int CmdHF14AMfESave(const char *Cmd)
 \r
        len = param_getstr(Cmd,nameParamNo,filename);\r
        \r
-       if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
+       if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
        \r
        // user supplied filename?\r
        if (len < 1) {\r
                // get filename (UID from memory)\r
                if (mfEmlGetMem(buf, 0, 1)) {\r
                        PrintAndLog("Can\'t get UID from block: %d", 0);\r
-                       len = sprintf(fnameptr, "dump"); \r
+                       len = sprintf(fnameptr, "dump");\r
                        fnameptr += len;\r
                }\r
                else {\r
                        for (j = 0; j < 7; j++, fnameptr += 2)\r
-                               sprintf(fnameptr, "%02X", buf[j]); \r
+                               sprintf(fnameptr, "%02X", buf[j]);\r
                }\r
        } else {\r
                fnameptr += len;\r
@@ -1345,7 +1387,6 @@ int CmdHF14AMfESave(const char *Cmd)
   return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfECFill(const char *Cmd)\r
 {\r
        uint8_t keyType = 0;\r
@@ -1385,15 +1426,16 @@ int CmdHF14AMfECFill(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfEKeyPrn(const char *Cmd)\r
 {\r
        int i;\r
        uint8_t numSectors;\r
        uint8_t data[16];\r
        uint64_t keyA, keyB;\r
+\r
+       char cmdp = param_getchar(Cmd, 0);\r
        \r
-       if (param_getchar(Cmd, 0) == 'h') {\r
+       if ( cmdp == 'h' || cmdp == 'H' ) {\r
                PrintAndLog("It prints the keys loaded in the emulator memory");\r
                PrintAndLog("Usage:  hf mf ekeyprn [card memory]");\r
                PrintAndLog("  [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
@@ -1402,8 +1444,6 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
                return 0;\r
        }       \r
 \r
-       char cmdp = param_getchar(Cmd, 0);\r
-       \r
        switch (cmdp) {\r
                case '0' : numSectors = 5; break;\r
                case '1' : \r
@@ -1430,7 +1470,6 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfCSetUID(const char *Cmd)\r
 {\r
        uint8_t wipeCard = 0;\r
@@ -1534,7 +1573,6 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfCLoad(const char *Cmd)\r
 {\r
        FILE * f;\r
@@ -1544,8 +1582,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
        uint8_t buf8[64] = {0x00};\r
        uint8_t fillFromEmulator = 0;\r
        int i, len, blockNum, flags=0;\r
+\r
+       char ctmp = param_getchar(Cmd, 0);\r
        \r
-       if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
+       if (ctmp == 'h' || ctmp == 'H' || ctmp == 0x00) {\r
                PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
                PrintAndLog("or from emulator memory (option `e`)");\r
                PrintAndLog("Usage:  hf mf cload <file name w/o `.eml`>");\r
@@ -1554,7 +1594,6 @@ int CmdHF14AMfCLoad(const char *Cmd)
                return 0;\r
        }       \r
 \r
-       char ctmp = param_getchar(Cmd, 0);\r
        if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
        \r
        if (fillFromEmulator) {\r
@@ -1575,7 +1614,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
                return 0;\r
        } else {\r
                len = strlen(Cmd);\r
-               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
+               if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
 \r
                memcpy(filename, Cmd, len);\r
                fnameptr += len;\r
@@ -1597,7 +1636,6 @@ int CmdHF14AMfCLoad(const char *Cmd)
                        if (fgets(buf, sizeof(buf), f) == NULL) {\r
                                fclose(f);\r
                                PrintAndLog("File reading error.");\r
-                               fclose(f);\r
                                return 2;\r
                        }\r
 \r
@@ -1662,7 +1700,6 @@ int CmdHF14AMfCGetBlk(const char *Cmd) {
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfCGetSc(const char *Cmd) {\r
        uint8_t memBlock[16] = {0x00};\r
        uint8_t sectorNo = 0;\r
@@ -1699,7 +1736,6 @@ int CmdHF14AMfCGetSc(const char *Cmd) {
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfCSave(const char *Cmd) {\r
 \r
        FILE * f;\r
@@ -1711,8 +1747,9 @@ int CmdHF14AMfCSave(const char *Cmd) {
        \r
        // memset(filename, 0, sizeof(filename));\r
        // memset(buf, 0, sizeof(buf));\r
-\r
-       if (param_getchar(Cmd, 0) == 'h') {\r
+       char ctmp = param_getchar(Cmd, 0);\r
+       \r
+       if ( ctmp == 'h' || ctmp == 'H' ) {\r
                PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r
                PrintAndLog("or into emulator memory (option `e`)");\r
                PrintAndLog("Usage:  hf mf esave [file name w/o `.eml`][e]");\r
@@ -1721,8 +1758,6 @@ int CmdHF14AMfCSave(const char *Cmd) {
                PrintAndLog("         hf mf esave e \n");\r
                return 0;\r
        }       \r
-\r
-       char ctmp = param_getchar(Cmd, 0);\r
        if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
 \r
        if (fillFromEmulator) {\r
@@ -1745,7 +1780,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
                return 0;\r
        } else {\r
                len = strlen(Cmd);\r
-               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE - 4;\r
+               if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
        \r
                if (len < 1) {\r
                        // get filename\r
@@ -1794,7 +1829,6 @@ int CmdHF14AMfCSave(const char *Cmd) {
        }\r
 }\r
 \r
-\r
 int CmdHF14AMfSniff(const char *Cmd){\r
 \r
        bool wantLogToFile = 0;\r
@@ -1942,6 +1976,25 @@ int CmdHF14AMfSniff(const char *Cmd){
        return 0;\r
 }\r
 \r
+//needs nt, ar, at, Data to decrypt\r
+int CmdHf14MfDecryptBytes(const char *Cmd){\r
+       uint8_t data[50];\r
+       \r
+       uint32_t nt     = param_get32ex(Cmd,0,0,16);\r
+       uint32_t ar_enc = param_get32ex(Cmd,1,0,16);\r
+       uint32_t at_enc = param_get32ex(Cmd,2,0,16);\r
+\r
+       int len = 0;\r
+       param_gethex_ex(Cmd, 3, data, &len);\r
+       \r
+       len /= 2;       \r
+       int limit = sizeof(data) / 2;\r
+       \r
+       if ( len >= limit )\r
+               len = limit;\r
+       \r
+       return tryDecryptWord( nt, ar_enc, at_enc, data, len);\r
+}\r
 \r
 static command_t CommandTable[] =\r
 {\r
@@ -1970,6 +2023,7 @@ static command_t CommandTable[] =
   {"cgetsc",   CmdHF14AMfCGetSc,               0, "Read sector - Magic Chinese card"},\r
   {"cload",            CmdHF14AMfCLoad,                0, "Load dump into magic Chinese card"},\r
   {"csave",            CmdHF14AMfCSave,                0, "Save dump from magic Chinese card into file or emulator"},\r
+  {"decrypt",   CmdHf14MfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
   {NULL, NULL, 0, NULL}\r
 };\r
 \r
Proxmark3 GIT tracking
Impressum, Datenschutz