+ cmdp += 2;
+ break;
+ case 'e':
+ case 'E':
+ elite = true;
+ cmdp++;
+ break;
+ case 'f':
+ case 'F':
+ fileNameLen = param_getstr(Cmd, cmdp+1, filename);
+ if (fileNameLen < 1) {
+ PrintAndLog("No filename found after f");
+ errors = true;
+ }
+ cmdp += 2;
+ break;
+ case 'k':
+ case 'K':
+ have_debit_key = true;
+ dataLen = param_getstr(Cmd, cmdp+1, tempStr);
+ if (dataLen == 16) {
+ errors = param_gethex(tempStr, 0, KEY, dataLen);
+ } else if (dataLen == 1) {
+ keyNbr = param_get8(Cmd, cmdp+1);
+ if (keyNbr <= ICLASS_KEYS_MAX) {
+ memcpy(KEY, iClass_Key_Table[keyNbr], 8);
+ } else {
+ PrintAndLog("\nERROR: Credit KeyNbr is invalid\n");
+ errors = true;
+ }
+ } else {
+ PrintAndLog("\nERROR: Credit Key is incorrect length\n");
+ errors = true;
+ }
+ cmdp += 2;
+ break;
+ default:
+ PrintAndLog("Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
+ errors = true;
+ break;
+ }
+ if(errors) return usage_hf_iclass_dump();
+ }
+
+ if (cmdp < 2) return usage_hf_iclass_dump();
+ // if no debit key given try credit key on AA1 (not for iclass but for some picopass this will work)
+ if (!have_debit_key && have_credit_key) use_credit_key = true;
+
+ //get config and first 3 blocks
+ UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN |
+ FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY}};
+ UsbCommand resp;
+ uint8_t tag_data[255*8];
+
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ PrintAndLog("Command execute timeout");
+ ul_switch_off_field();
+ return 0;
+ }
+ uint8_t readStatus = resp.arg[0] & 0xff;
+ uint8_t * data = resp.d.asBytes;
+
+ if(readStatus == 0){
+ PrintAndLog("No tag found...");
+ ul_switch_off_field();
+ return 0;
+}
+ if( readStatus & (FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_CC)){
+ memcpy(tag_data, data, 8*3);
+ blockno+=2; // 2 to force re-read of block 2 later. (seems to respond differently..)
+ numblks = data[8];
+ getMemConfig(data[13], data[12], &maxBlk, &app_areas, &kb);
+ // large memory - not able to dump pages currently
+ if (numblks > maxBlk) numblks = maxBlk;
+ }
+ ul_switch_off_field();
+ // authenticate debit key and get div_key - later store in dump block 3
+ if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+
+ // begin dump
+ UsbCommand w = {CMD_ICLASS_DUMP, {blockno, numblks-blockno+1}};
+ clearCommandBuffer();
+ SendCommand(&w);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ PrintAndLog("Command execute time-out 1");
+ ul_switch_off_field();
+ return 1;
+ }
+ uint32_t blocksRead = resp.arg[1];
+ uint8_t isOK = resp.arg[0] & 0xff;
+ if (!isOK && !blocksRead) {
+ PrintAndLog("Read Block Failed");
+ ul_switch_off_field();
+ return 0;
+ }
+ uint32_t startindex = resp.arg[2];
+ if (blocksRead*8 > sizeof(tag_data)-(blockno*8)) {
+ PrintAndLog("Data exceeded Buffer size!");
+ blocksRead = (sizeof(tag_data)/8) - blockno;
+ }
+ // response ok - now get bigbuf content of the dump
+ GetFromBigBuf(tag_data+(blockno*8), blocksRead*8, startindex);
+ WaitForResponse(CMD_ACK,NULL);
+ size_t gotBytes = blocksRead*8 + blockno*8;
+
+ // try AA2
+ if (have_credit_key) {
+ //turn off hf field before authenticating with different key
+ ul_switch_off_field();
+ memset(MAC,0,4);
+ // AA2 authenticate credit key and git c_div_key - later store in dump block 4
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ //try twice - for some reason it sometimes fails the first time...
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false)){
+ ul_switch_off_field();
+ return 0;
+ }
+ }
+ // do we still need to read more block? (aa2 enabled?)
+ if (maxBlk > blockno+numblks+1) {
+ // setup dump and start
+ w.arg[0] = blockno + blocksRead;
+ w.arg[1] = maxBlk - (blockno + blocksRead);
+ clearCommandBuffer();
+ SendCommand(&w);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 4500)) {
+ PrintAndLog("Command execute timeout 2");
+ ul_switch_off_field();
+ return 0;
+ }
+ uint8_t isOK = resp.arg[0] & 0xff;
+ blocksRead = resp.arg[1];
+ if (!isOK && !blocksRead) {
+ PrintAndLog("Read Block Failed 2");
+ ul_switch_off_field();
+ return 0;
+ }
+
+ startindex = resp.arg[2];
+ if (blocksRead*8 > sizeof(tag_data)-gotBytes) {
+ PrintAndLog("Data exceeded Buffer size!");
+ blocksRead = (sizeof(tag_data) - gotBytes)/8;
+ }
+ // get dumped data from bigbuf
+ GetFromBigBuf(tag_data+gotBytes, blocksRead*8, startindex);
+ WaitForResponse(CMD_ACK,NULL);
+
+ gotBytes += blocksRead*8;
+ } else { //field is still on - turn it off...
+ ul_switch_off_field();
+ }
+ }
+
+ // add diversified keys to dump
+ if (have_debit_key) memcpy(tag_data+(3*8),div_key,8);
+ if (have_credit_key) memcpy(tag_data+(4*8),c_div_key,8);
+ // print the dump
+ printf("CSN |00| %02X %02X %02X %02X %02X %02X %02X %02X |\n",tag_data[0],tag_data[1],tag_data[2]
+ ,tag_data[3],tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
+ printIclassDumpContents(tag_data, 1, (gotBytes/8)-1, gotBytes-8);
+
+ if (filename[0] == 0){
+ snprintf(filename, FILE_PATH_SIZE,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
+ tag_data[0],tag_data[1],tag_data[2],tag_data[3],
+ tag_data[4],tag_data[5],tag_data[6],tag_data[7]);
+ }
+
+ // save the dump to .bin file
+ PrintAndLog("Saving dump file - %d blocks read", gotBytes/8);
+ saveFile(filename, "bin", tag_data, gotBytes);
+ return 1;
+}
+
+static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool verbose) {
+ uint8_t MAC[4]={0x00,0x00,0x00,0x00};
+ uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, verbose))
+ return 0;
+
+ UsbCommand resp;
+
+ Calc_wb_mac(blockno,bldata,div_key,MAC);
+ UsbCommand w = {CMD_ICLASS_WRITEBLOCK, {blockno}};
+ memcpy(w.d.asBytes, bldata, 8);
+ memcpy(w.d.asBytes + 8, MAC, 4);
+
+ clearCommandBuffer();
+ SendCommand(&w);
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
+ {
+ PrintAndLog("Write Command execute timeout");
+ return 0;
+ }
+ uint8_t isOK = resp.arg[0] & 0xff;
+ if (!isOK) {
+ PrintAndLog("Write Block Failed");
+ return 0;
+ }
+ PrintAndLog("Write Block Successful");
+ return 1;
+}
+
+int usage_hf_iclass_writeblock(void) {
+ PrintAndLog("Options:");
+ PrintAndLog(" b <Block> : The block number as 2 hex symbols");
+ PrintAndLog(" d <data> : Set the Data to write as 16 hex symbols");
+ PrintAndLog(" k <Key> : Access Key as 16 hex symbols or 1 hex to select key from memory");
+ PrintAndLog(" c : If 'c' is specified, the key set is assumed to be the credit key\n");
+ PrintAndLog(" e : If 'e' is specified, elite computations applied to key");
+ PrintAndLog("Samples:");
+ PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA k 001122334455667B");
+ PrintAndLog(" hf iclass writeblk b 1B d AAAAAAAAAAAAAAAA k 001122334455667B c");
+ PrintAndLog(" hf iclass writeblk b 0A d AAAAAAAAAAAAAAAA n 0");
+ return 0;
+}
+
+int CmdHFiClass_WriteBlock(const char *Cmd) {
+ uint8_t blockno=0;
+ uint8_t bldata[8]={0,0,0,0,0,0,0,0};
+ uint8_t KEY[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ uint8_t keyNbr = 0;
+ uint8_t dataLen = 0;
+ char tempStr[50] = {0};
+ bool use_credit_key = false;
+ bool elite = false;
+ bool errors = false;
+ uint8_t cmdp = 0;
+ while(param_getchar(Cmd, cmdp) != 0x00)
+ {
+ switch(param_getchar(Cmd, cmdp))