]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdhfmf.c
fix hf search (#908)
[proxmark3-svn] / client / cmdhfmf.c
index c38e276ed51515d75ed8ef342feb1df3a26b34cb..22e6efac643716b1536d9f95844733c91d6a3830 100644 (file)
@@ -34,6 +34,7 @@
 #include "mifare/mad.h"\r
 #include "mifare/ndef.h"\r
 #include "emv/dump.h"\r
+#include "protocols.h"\r
 \r
 #define NESTED_SECTOR_RETRY     10          // how often we try mfested() until we give up\r
 \r
@@ -92,10 +93,10 @@ int CmdHF14AMfWrBl(const char *Cmd)
        PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
        PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
 \r
-  UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+       UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
        memcpy(c.d.asBytes, key, 6);\r
        memcpy(c.d.asBytes + 10, bldata, 16);\r
-  SendCommand(&c);\r
+       SendCommand(&c);\r
 \r
        UsbCommand resp;\r
        if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -136,9 +137,9 @@ int CmdHF14AMfRdBl(const char *Cmd)
        }\r
        PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
 \r
-  UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+       UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
        memcpy(c.d.asBytes, key, 6);\r
-  SendCommand(&c);\r
+       SendCommand(&c);\r
 \r
        UsbCommand resp;\r
        if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
@@ -167,7 +168,7 @@ int CmdHF14AMfRdBl(const char *Cmd)
                return 2;\r
        }\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 int CmdHF14AMfRdSc(const char *Cmd)\r
@@ -233,7 +234,7 @@ int CmdHF14AMfRdSc(const char *Cmd)
                PrintAndLog("Command execute timeout");\r
        }\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
@@ -706,17 +707,17 @@ int CmdHF14AMfNested(const char *Cmd)
        if (cmdp == 'o') { // ------------------------------------  one sector working\r
                PrintAndLog("--target block no:%3d, target key type:%c ", trgBlockNo, trgKeyType?'B':'A');\r
                int16_t isOK = mfnested(blockNo, keyType, key, trgBlockNo, trgKeyType, keyBlock, true);\r
-               if (isOK) {\r
+               if (isOK < 0) {\r
                        switch (isOK) {\r
                                case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
                                case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
                                case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
-                               default : PrintAndLog("Unknown Error.\n");\r
+                               default : PrintAndLog("Unknown Error (%d)\n", isOK);\r
                        }\r
                        return 2;\r
                }\r
                key64 = bytes_to_num(keyBlock, 6);\r
-               if (key64) {\r
+               if (!isOK) {\r
                        PrintAndLog("Found valid key:%012" PRIx64, key64);\r
 \r
                        // transfer key to the emulator\r
@@ -791,12 +792,12 @@ int CmdHF14AMfNested(const char *Cmd)
                                        if (e_sector[sectorNo].foundKey[trgKeyType]) continue;\r
                                        PrintAndLog("-----------------------------------------------");\r
                                        int16_t isOK = mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate);\r
-                                       if(isOK) {\r
+                                       if(isOK < 0) {\r
                                                switch (isOK) {\r
                                                        case -1 : PrintAndLog("Error: No response from Proxmark.\n"); break;\r
                                                        case -2 : PrintAndLog("Button pressed. Aborted.\n"); break;\r
                                                        case -3 : PrintAndLog("Tag isn't vulnerable to Nested Attack (random numbers are not predictable).\n"); break;\r
-                                                       default : PrintAndLog("Unknown Error.\n");\r
+                                                       default : PrintAndLog("Unknown Error (%d)\n", isOK);\r
                                                }\r
                                                free(e_sector);\r
                                                return 2;\r
@@ -807,7 +808,7 @@ int CmdHF14AMfNested(const char *Cmd)
                                        iterations++;\r
 \r
                                        key64 = bytes_to_num(keyBlock, 6);\r
-                                       if (key64) {\r
+                                       if (!isOK) {\r
                                                PrintAndLog("Found valid key:%012" PRIx64, key64);\r
                                                e_sector[sectorNo].foundKey[trgKeyType] = 1;\r
                                                e_sector[sectorNo].Key[trgKeyType] = key64;\r
@@ -1086,7 +1087,7 @@ int CmdHF14AMfChk(const char *Cmd)
        bool     createDumpFile = 0;\r
        bool     singleBlock    = false;     // Flag to ID if a single or multi key check\r
        uint8_t  keyFoundCount  = 0;         // Counter to display the number of keys found/transfered to emulator\r
-    \r
+\r
        sector_t *e_sector = NULL;\r
 \r
        keyBlock = calloc(stKeyBlock, 6);\r
@@ -1132,7 +1133,7 @@ int CmdHF14AMfChk(const char *Cmd)
                        return 1;\r
                };\r
        }\r
-       \r
+\r
        parseParamTDS(Cmd, 2, &transferToEml, &createDumpFile, &btimeout14a);\r
 \r
        if (singleBlock & createDumpFile) {\r
@@ -1244,7 +1245,7 @@ int CmdHF14AMfChk(const char *Cmd)
        uint32_t max_keys  = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt;\r
 \r
        // !SingleKey, so all key check (if SectorsCnt > 0)\r
-       if (!singleBlock) { \r
+       if (!singleBlock) {\r
                PrintAndLog("To cancel this operation press the button on the proxmark...");\r
                printf("--");\r
                for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
@@ -1265,7 +1266,7 @@ int CmdHF14AMfChk(const char *Cmd)
                                PrintAndLog("Command execute timeout");\r
                        }\r
                }\r
-       } else { \r
+       } else {\r
                int keyAB = keyType;\r
                do {\r
                        for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
@@ -1275,16 +1276,16 @@ int CmdHF14AMfChk(const char *Cmd)
                                clearTraceLog = false;\r
 \r
                                if (res != 1) {\r
-                                       if (!res) {      \r
+                                       if (!res) {\r
                                                // Use the common format below\r
                                                // PrintAndLog("Found valid key:[%d:%c]%012" PRIx64, blockNo, (keyAB & 0x01)?'B':'A', key64);\r
                                                foundAKey = true;\r
-                       \r
+\r
                                                // Store the Single Key for display list\r
                                                // For a single block check, SectorsCnt = Sector that contains the block\r
-                                               e_sector[SectorsCnt-1].foundKey[(keyAB & 0x01)] = true;  // flag key found \r
-                                               e_sector[SectorsCnt-1].Key[(keyAB & 0x01)]      = key64; // Save key data  \r
-                                               \r
+                                               e_sector[SectorsCnt-1].foundKey[(keyAB & 0x01)] = true;  // flag key found\r
+                                               e_sector[SectorsCnt-1].Key[(keyAB & 0x01)]      = key64; // Save key data\r
+\r
                                        }\r
                                } else {\r
                                        PrintAndLog("Command execute timeout");\r
@@ -1327,7 +1328,7 @@ int CmdHF14AMfChk(const char *Cmd)
                                for (uint16_t t = 0; t < 2; t++) {\r
                                        if (e_sector[sectorNo].foundKey[t]) {\r
                                                num_to_bytes(e_sector[sectorNo].Key[t], 6, block + t * 10);\r
-                        keyFoundCount++; // Key found count for information\r
+                                               keyFoundCount++; // Key found count for information\r
                                        }\r
                                }\r
                                mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
@@ -1355,7 +1356,7 @@ int CmdHF14AMfChk(const char *Cmd)
                fclose(fkeys);\r
                PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.");\r
        }\r
-    \r
+\r
        free(e_sector);\r
        free(keyBlock);\r
        PrintAndLog("");\r
@@ -1710,10 +1711,10 @@ int CmdHF14AMfDbg(const char *Cmd)
                return 0;\r
        }\r
 \r
-  UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r
-  SendCommand(&c);\r
+       UsbCommand c = {CMD_MIFARE_SET_DBGMODE, {dbgMode, 0, 0}};\r
+       SendCommand(&c);\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 int CmdHF14AMfEGet(const char *Cmd)\r
@@ -1736,7 +1737,7 @@ int CmdHF14AMfEGet(const char *Cmd)
                PrintAndLog("Command execute timeout");\r
        }\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 int CmdHF14AMfEClear(const char *Cmd)\r
@@ -1747,9 +1748,9 @@ int CmdHF14AMfEClear(const char *Cmd)
                return 0;\r
        }\r
 \r
-  UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r
-  SendCommand(&c);\r
-  return 0;\r
+       UsbCommand c = {CMD_MIFARE_EML_MEMCLR, {0, 0, 0}};\r
+       SendCommand(&c);\r
+       return 0;\r
 }\r
 \r
 \r
@@ -1956,7 +1957,7 @@ int CmdHF14AMfESave(const char *Cmd)
 \r
        PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename);\r
 \r
-  return 0;\r
+       return 0;\r
 }\r
 \r
 \r
@@ -2026,7 +2027,7 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
                        case '\0': numSectors = 16; break;\r
                        case '2' : numSectors = 32; break;\r
                        case '4' : numSectors = 40; break;\r
-                       case 'd' : \r
+                       case 'd' :\r
                        case 'D' : createDumpFile = true; break;\r
                }\r
                cmdp++;\r
@@ -2059,7 +2060,7 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
                                PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
                                break;\r
                        }\r
-                       fwrite(data+6, 1, 6, fkeys);\r
+                       fwrite(data, 1, 6, fkeys);\r
                }\r
                for(i = 0; i < numSectors; i++) {\r
                        if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {\r
@@ -3009,51 +3010,130 @@ int CmdHFMFNDEF(const char *cmd) {
        return 0;\r
 }\r
 \r
-static command_t CommandTable[] =\r
-{\r
-  {"help",             CmdHelp,                 1, "This help"},\r
-  {"dbg",              CmdHF14AMfDbg,           0, "Set default debug mode"},\r
-  {"rdbl",             CmdHF14AMfRdBl,          0, "Read MIFARE classic block"},\r
-  {"rdsc",             CmdHF14AMfRdSc,          0, "Read MIFARE classic sector"},\r
-  {"dump",             CmdHF14AMfDump,          0, "Dump MIFARE classic tag to binary file"},\r
-  {"restore",          CmdHF14AMfRestore,       0, "Restore MIFARE classic binary file to BLANK tag"},\r
-  {"wrbl",             CmdHF14AMfWrBl,          0, "Write MIFARE classic block"},\r
-  {"auth4",            CmdHF14AMfAuth4,         0, "ISO14443-4 AES authentication"},\r
-  {"chk",              CmdHF14AMfChk,           0, "Test block keys"},\r
-  {"mifare",           CmdHF14AMifare,          0, "Read parity error messages."},\r
-  {"hardnested",       CmdHF14AMfNestedHard,    0, "Nested attack for hardened Mifare cards"},\r
-  {"nested",           CmdHF14AMfNested,        0, "Test nested authentication"},\r
-  {"sniff",            CmdHF14AMfSniff,         0, "Sniff card-reader communication"},\r
-  {"sim",              CmdHF14AMfSim,           0, "Simulate MIFARE card"},\r
-  {"eclr",             CmdHF14AMfEClear,        0, "Clear simulator memory"},\r
-  {"eget",             CmdHF14AMfEGet,          0, "Get simulator memory block"},\r
-  {"eset",             CmdHF14AMfESet,          0, "Set simulator memory block"},\r
-  {"eload",            CmdHF14AMfELoad,         0, "Load from file emul dump"},\r
-  {"esave",            CmdHF14AMfESave,         0, "Save to file emul dump"},\r
-  {"ecfill",           CmdHF14AMfECFill,        0, "Fill simulator memory with help of keys from simulator"},\r
-  {"ekeyprn",          CmdHF14AMfEKeyPrn,       0, "Print keys from simulator memory"},\r
-  {"cwipe",            CmdHF14AMfCWipe,         0, "Wipe magic Chinese card"},\r
-  {"csetuid",          CmdHF14AMfCSetUID,       0, "Set UID for magic Chinese card"},\r
-  {"csetblk",          CmdHF14AMfCSetBlk,       0, "Write block - Magic Chinese card"},\r
-  {"cgetblk",          CmdHF14AMfCGetBlk,       0, "Read block - Magic Chinese card"},\r
-  {"cgetsc",           CmdHF14AMfCGetSc,        0, "Read sector - Magic Chinese card"},\r
-  {"cload",            CmdHF14AMfCLoad,         0, "Load dump into magic Chinese card"},\r
-  {"csave",            CmdHF14AMfCSave,         0, "Save dump from magic Chinese card into file or emulator"},\r
-  {"decrypt",          CmdDecryptTraceCmds,     1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
-  {"mad",              CmdHF14AMfMAD,           0, "Checks and prints MAD"},\r
-  {"ndef",             CmdHFMFNDEF,             0, "Prints NDEF records from card"},\r
-  {NULL,               NULL,                    0, NULL}\r
+int CmdHFMFPersonalize(const char *cmd) {\r
+\r
+       CLIParserInit("hf mf personalize",\r
+                                 "Personalize the UID of a Mifare Classic EV1 card. This is only possible if it is a 7Byte UID card and if it is not already personalized.",\r
+                                 "Usage:\n\thf mf personalize UIDF0                        -> double size UID according to ISO/IEC14443-3\n"\r
+                                 "\thf mf personalize UIDF1                        -> double size UID according to ISO/IEC14443-3, optional usage of selection process shortcut\n"\r
+                                 "\thf mf personalize UIDF2                        -> single size random ID according to ISO/IEC14443-3\n"\r
+                                 "\thf mf personalize UIDF3                        -> single size NUID according to ISO/IEC14443-3\n"\r
+                                 "\thf mf personalize -t B -k B0B1B2B3B4B5 UIDF3   -> use key B = 0xB0B1B2B3B4B5 instead of default key A\n");\r
+\r
+       void *argtable[] = {\r
+               arg_param_begin,\r
+               arg_str0("tT",  "keytype", "<A|B>",                     "key type (A or B) to authenticate sector 0 (default: A)"),\r
+               arg_str0("kK",  "key",     "<key (hex 6 Bytes)>",       "key to authenticate sector 0 (default: FFFFFFFFFFFF)"),\r
+               arg_str1(NULL,  NULL,      "<UIDF0|UIDF1|UIDF2|UIDF3>", "Personalization Option"),\r
+               arg_param_end\r
+       };\r
+       CLIExecWithReturn(cmd, argtable, true);\r
+\r
+       char keytypestr[2] = "A";\r
+       uint8_t keytype = 0x00;\r
+       int keytypestr_len;\r
+       int res = CLIParamStrToBuf(arg_get_str(1), (uint8_t*)keytypestr, 1, &keytypestr_len);\r
+       if (res || (keytypestr[0] != 'a' && keytypestr[0] != 'A' && keytypestr[0] != 'b' && keytypestr[0] != 'B')) {\r
+               PrintAndLog("ERROR: not a valid key type. Key type must be A or B");\r
+               CLIParserFree();\r
+               return 1;\r
+       }\r
+       if (keytypestr[0] == 'B' || keytypestr[0] == 'b') {\r
+               keytype = 0x01;\r
+       }\r
+\r
+       uint8_t key[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};\r
+       int key_len;\r
+       res = CLIParamHexToBuf(arg_get_str(2), key, 6, &key_len);\r
+       if (res || (!res && key_len > 0 && key_len != 6)) {\r
+               PrintAndLog("ERROR: not a valid key. Key must be 12 hex digits");\r
+               CLIParserFree();\r
+               return 1;\r
+       }\r
+\r
+       char pers_optionstr[6];\r
+       int opt_len;\r
+       uint8_t pers_option;\r
+       res = CLIParamStrToBuf(arg_get_str(3), (uint8_t*)pers_optionstr, 5, &opt_len);\r
+       if (res || (!res && opt_len > 0 && opt_len != 5)\r
+                       || (strncmp(pers_optionstr, "UIDF0", 5) && strncmp(pers_optionstr, "UIDF1", 5) && strncmp(pers_optionstr, "UIDF2", 5) && strncmp(pers_optionstr, "UIDF3", 5))) {\r
+               PrintAndLog("ERROR: invalid personalization option. Must be one of UIDF0, UIDF1, UIDF2, or UIDF3");\r
+               CLIParserFree();\r
+               return 1;\r
+       }\r
+       if (!strncmp(pers_optionstr, "UIDF0", 5)) {\r
+               pers_option = MIFARE_EV1_UIDF0;\r
+       } else if (!strncmp(pers_optionstr, "UIDF1", 5)) {\r
+               pers_option = MIFARE_EV1_UIDF1;\r
+       } else if (!strncmp(pers_optionstr, "UIDF2", 5)) {\r
+               pers_option = MIFARE_EV1_UIDF2;\r
+       } else {\r
+               pers_option = MIFARE_EV1_UIDF3;\r
+       }\r
+\r
+       CLIParserFree();\r
+\r
+       UsbCommand c = {CMD_MIFARE_PERSONALIZE_UID, {keytype, pers_option, 0}};\r
+       memcpy(c.d.asBytes, key, 6);\r
+       SendCommand(&c);\r
+\r
+       UsbCommand resp;\r
+       if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {\r
+               uint8_t isOK  = resp.arg[0] & 0xff;\r
+               PrintAndLog("Personalization %s", isOK ? "FAILED" : "SUCCEEDED");\r
+       } else {\r
+               PrintAndLog("Command execute timeout");\r
+       }\r
+\r
+       return 0;\r
+}\r
+\r
+\r
+static command_t CommandTable[] = {\r
+       {"help",             CmdHelp,                 1, "This help"},\r
+       {"dbg",              CmdHF14AMfDbg,           0, "Set default debug mode"},\r
+       {"rdbl",             CmdHF14AMfRdBl,          0, "Read MIFARE classic block"},\r
+       {"rdsc",             CmdHF14AMfRdSc,          0, "Read MIFARE classic sector"},\r
+       {"dump",             CmdHF14AMfDump,          0, "Dump MIFARE classic tag to binary file"},\r
+       {"restore",          CmdHF14AMfRestore,       0, "Restore MIFARE classic binary file to BLANK tag"},\r
+       {"wrbl",             CmdHF14AMfWrBl,          0, "Write MIFARE classic block"},\r
+       {"auth4",            CmdHF14AMfAuth4,         0, "ISO14443-4 AES authentication"},\r
+       {"chk",              CmdHF14AMfChk,           0, "Test block keys"},\r
+       {"mifare",           CmdHF14AMifare,          0, "Read parity error messages."},\r
+       {"hardnested",       CmdHF14AMfNestedHard,    0, "Nested attack for hardened Mifare cards"},\r
+       {"nested",           CmdHF14AMfNested,        0, "Test nested authentication"},\r
+       {"sniff",            CmdHF14AMfSniff,         0, "Sniff card-reader communication"},\r
+       {"sim",              CmdHF14AMfSim,           0, "Simulate MIFARE card"},\r
+       {"eclr",             CmdHF14AMfEClear,        0, "Clear simulator memory"},\r
+       {"eget",             CmdHF14AMfEGet,          0, "Get simulator memory block"},\r
+       {"eset",             CmdHF14AMfESet,          0, "Set simulator memory block"},\r
+       {"eload",            CmdHF14AMfELoad,         0, "Load from file emul dump"},\r
+       {"esave",            CmdHF14AMfESave,         0, "Save to file emul dump"},\r
+       {"ecfill",           CmdHF14AMfECFill,        0, "Fill simulator memory with help of keys from simulator"},\r
+       {"ekeyprn",          CmdHF14AMfEKeyPrn,       0, "Print keys from simulator memory"},\r
+       {"cwipe",            CmdHF14AMfCWipe,         0, "Wipe magic Chinese card"},\r
+       {"csetuid",          CmdHF14AMfCSetUID,       0, "Set UID for magic Chinese card"},\r
+       {"csetblk",          CmdHF14AMfCSetBlk,       0, "Write block - Magic Chinese card"},\r
+       {"cgetblk",          CmdHF14AMfCGetBlk,       0, "Read block - Magic Chinese card"},\r
+       {"cgetsc",           CmdHF14AMfCGetSc,        0, "Read sector - Magic Chinese card"},\r
+       {"cload",            CmdHF14AMfCLoad,         0, "Load dump into magic Chinese card"},\r
+       {"csave",            CmdHF14AMfCSave,         0, "Save dump from magic Chinese card into file or emulator"},\r
+       {"decrypt",          CmdDecryptTraceCmds,     1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+       {"mad",              CmdHF14AMfMAD,           0, "Checks and prints MAD"},\r
+       {"ndef",             CmdHFMFNDEF,             0, "Prints NDEF records from card"},\r
+       {"personalize",      CmdHFMFPersonalize,      0, "Personalize UID (Mifare Classic EV1 only)"},\r
+       {NULL,               NULL,                    0, NULL}\r
 };\r
 \r
-int CmdHFMF(const char *Cmd)\r
-{\r
+\r
+int CmdHFMF(const char *Cmd) {\r
        (void)WaitForResponseTimeout(CMD_ACK,NULL,100);\r
        CmdsParse(CommandTable, Cmd);\r
        return 0;\r
 }\r
 \r
-int CmdHelp(const char *Cmd)\r
-{\r
-  CmdsHelp(CommandTable);\r
-  return 0;\r
+\r
+int CmdHelp(const char *Cmd) {\r
+       CmdsHelp(CommandTable);\r
+       return 0;\r
 }\r
Impressum, Datenschutz