X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/105ce3960787184b85eb9a341d8828ade9578a36..5ce7e22af68d8fc45cd08baff67d6e49ac584f43:/client/cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 72cbf8f7..809c623a 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -9,6 +9,7 @@
//-----------------------------------------------------------------------------
#include "cmdhfmf.h"
+#include "nonce2key/nonce2key.h"
static int CmdHelp(const char *Cmd);
@@ -96,7 +97,8 @@ int CmdHF14AMfWrBl(const char *Cmd)
uint8_t blockNo = 0;
uint8_t keyType = 0;
uint8_t key[6] = {0, 0, 0, 0, 0, 0};
- uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
char cmdp = 0x00;
if (strlen(Cmd)<3) {
@@ -123,10 +125,10 @@ int CmdHF14AMfWrBl(const char *Cmd)
PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));
PrintAndLog("--data: %s", sprint_hex(bldata, 16));
- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
memcpy(c.d.asBytes, key, 6);
memcpy(c.d.asBytes + 10, bldata, 16);
- SendCommand(&c);
+ SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
@@ -143,9 +145,11 @@ int CmdHF14AMfRdBl(const char *Cmd)
{
uint8_t blockNo = 0;
uint8_t keyType = 0;
- uint8_t key[6] = {0, 0, 0, 0, 0, 0};
+ uint8_t key[6] = {0, 0, 0, 0, 0, 0};
+
char cmdp = 0x00;
+
if (strlen(Cmd)<3) {
PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");
PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
@@ -165,9 +169,9 @@ int CmdHF14AMfRdBl(const char *Cmd)
}
PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));
- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
memcpy(c.d.asBytes, key, 6);
- SendCommand(&c);
+ SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
@@ -429,13 +433,13 @@ int CmdHF14AMfDump(const char *Cmd)
int CmdHF14AMfRestore(const char *Cmd)
{
- uint8_t sectorNo,blockNo = 0;
+ uint8_t sectorNo,blockNo;
uint8_t keyType = 0;
uint8_t key[6] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
uint8_t bldata[16] = {0x00};
uint8_t keyA[40][6];
uint8_t keyB[40][6];
- uint8_t numSectors = 0;
+ uint8_t numSectors;
FILE *fdump;
FILE *fkeys;
@@ -544,13 +548,15 @@ int CmdHF14AMfNested(const char *Cmd)
uint8_t trgKeyType = 0;
uint8_t SectorsCnt = 0;
uint8_t key[6] = {0, 0, 0, 0, 0, 0};
- uint8_t keyBlock[13*6];
+ uint8_t keyBlock[14*6];
uint64_t key64 = 0;
bool transferToEml = false;
+
bool createDumpFile = false;
FILE *fkeys;
uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+
char cmdp, ctmp;
if (strlen(Cmd)<3) {
@@ -681,6 +687,7 @@ int CmdHF14AMfNested(const char *Cmd)
}
}
}
+
// nested sectors
iterations = 0;
PrintAndLog("nested...");
@@ -775,8 +782,8 @@ int CmdHF14AMfChk(const char *Cmd)
PrintAndLog("Usage: hf mf chk <block number>|<*card memory> <key type (A/B/?)> [t|d] [<key (12 hex symbols)>] [<dic (*.dic)>]");
PrintAndLog(" * - all sectors");
PrintAndLog("card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K, <other> - 1K");
- PrintAndLog("d - write keys to binary file\n");
- PrintAndLog("t - write keys to emulator memory");
+ PrintAndLog("d - write keys to binary file");
+ PrintAndLog("t - write keys to emulator memory\n");
PrintAndLog(" sample: hf mf chk 0 A 1234567890ab keys.dic");
PrintAndLog(" hf mf chk *1 ? t");
PrintAndLog(" hf mf chk *1 ? d");
@@ -785,7 +792,7 @@ int CmdHF14AMfChk(const char *Cmd)
FILE * f;
char filename[FILE_PATH_SIZE]={0};
- char buf[13] = {0x00};
+ char buf[13];
uint8_t *keyBlock = NULL, *p;
uint8_t stKeyBlock = 20;
@@ -1005,8 +1012,10 @@ int CmdHF14AMf1kSim(const char *Cmd)
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};
uint8_t exitAfterNReads = 0;
uint8_t flags = 0;
-
+
uint8_t cmdp = param_getchar(Cmd, 0);
+
+ clearCommandBuffer();
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf mf sim u <uid (8 hex symbols)> n <numreads> i x");
@@ -1017,7 +1026,6 @@ int CmdHF14AMf1kSim(const char *Cmd)
PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");
PrintAndLog("");
PrintAndLog(" sample: hf mf sim u 0a0a0a0a ");
- PrintAndLog(" : hf mf sim u 0a0a0a0a i x");
return 0;
}
uint8_t pnr = 0;
@@ -1058,15 +1066,42 @@ int CmdHF14AMf1kSim(const char *Cmd)
SendCommand(&c);
if(flags & FLAG_INTERACTIVE)
- {
- UsbCommand resp;
+ {
PrintAndLog("Press pm3-button to abort simulation");
- while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- //We're waiting only 1.5 s at a time, otherwise we get the
- // annoying message about "Waiting for a response... "
+
+ uint8_t data[40];
+ uint8_t key[6];
+
+ UsbCommand resp;
+ while(!ukbhit() ){
+ if ( WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){
+ memset(data, 0x00, sizeof(data));
+ memset(key, 0x00, sizeof(key));
+ int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];
+
+ memcpy(data, resp.d.asBytes, len);
+
+ uint64_t corr_uid = 0;
+ if ( memcmp(data, "\x00\x00\x00\x00", 4) == 0 ) {
+ corr_uid = (data[3] << 24) | (data[2] << 16) | (data[1] << 8) | data[0];
+ }
+ else {
+ corr_uid |= (uint64_t)data[2] << 48;
+ corr_uid |= (uint64_t)data[1] << 40;
+ corr_uid |= (uint64_t)data[0] << 32;
+ corr_uid |= data[7] << 24;
+ corr_uid |= data[6] << 16;
+ corr_uid |= data[5] << 8;
+ corr_uid |= data[4];
+ }
+ tryMfk32(corr_uid, data, key);
+ //tryMfk64(corr_uid, data, key);
+ PrintAndLog("--");
+ }
+ }
}
}
-
return 0;
}
@@ -1133,9 +1168,11 @@ int CmdHF14AMfEClear(const char *Cmd)
int CmdHF14AMfESet(const char *Cmd)
{
- uint8_t memBlock[16] = {0x00};
+ uint8_t memBlock[16];
uint8_t blockNo = 0;
+ memset(memBlock, 0x00, sizeof(memBlock));
+
if (strlen(Cmd) < 3 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf eset <block number> <block data (32 hex symbols)>");
PrintAndLog(" sample: hf mf eset 1 000102030405060708090a0b0c0d0e0f ");
@@ -1160,7 +1197,7 @@ int CmdHF14AMfESet(const char *Cmd)
int CmdHF14AMfELoad(const char *Cmd)
{
FILE * f;
- char filename[FILE_PATH_SIZE] = {0x00};
+ char filename[FILE_PATH_SIZE];
char *fnameptr = filename;
char buf[64] = {0x00};
uint8_t buf8[64] = {0x00};
@@ -1193,7 +1230,7 @@ int CmdHF14AMfELoad(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename);
- if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
fnameptr += len;
@@ -1256,9 +1293,9 @@ int CmdHF14AMfELoad(const char *Cmd)
int CmdHF14AMfESave(const char *Cmd)
{
FILE * f;
- char filename[FILE_PATH_SIZE] = {0x00};
+ char filename[FILE_PATH_SIZE];
char * fnameptr = filename;
- uint8_t buf[64] = {0x00};
+ uint8_t buf[64];
int i, j, len, numBlocks;
int nameParamNo = 1;
@@ -1292,17 +1329,20 @@ int CmdHF14AMfESave(const char *Cmd)
len = param_getstr(Cmd,nameParamNo,filename);
- if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
// user supplied filename?
if (len < 1) {
// get filename (UID from memory)
if (mfEmlGetMem(buf, 0, 1)) {
PrintAndLog("Can\'t get UID from block: %d", 0);
- sprintf(filename, "dump.eml");
+ len = sprintf(fnameptr, "dump");
+ fnameptr += len;
+ }
+ else {
+ for (j = 0; j < 7; j++, fnameptr += 2)
+ sprintf(fnameptr, "%02X", buf[j]);
}
- for (j = 0; j < 7; j++, fnameptr += 2)
- sprintf(fnameptr, "%02X", buf[j]);
} else {
fnameptr += len;
}
@@ -1380,8 +1420,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
{
int i;
uint8_t numSectors;
- uint8_t data[16] = {0x00};
- uint64_t keyA, keyB = 0;
+ uint8_t data[16];
+ uint64_t keyA, keyB;
if (param_getchar(Cmd, 0) == 'h') {
PrintAndLog("It prints the keys loaded in the emulator memory");
@@ -1495,13 +1535,13 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
uint8_t memBlock[16] = {0x00};
uint8_t blockNo = 0;
bool wipeCard = FALSE;
- int res = 0;
+ int res;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf csetblk <block number> <block data (32 hex symbols)> [w]");
PrintAndLog("sample: hf mf csetblk 1 01020304050607080910111213141516");
PrintAndLog("Set block data for magic Chinese card (only works with such cards)");
- PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
+ PrintAndLog("If you also want wipe the card then add 'w' at the end of the command line");
return 0;
}
@@ -1514,14 +1554,13 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
char ctmp = param_getchar(Cmd, 2);
wipeCard = (ctmp == 'w' || ctmp == 'W');
-
PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));
res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);
if (res) {
PrintAndLog("Can't write block. error=%d", res);
return 1;
- }
+ }
return 0;
}
@@ -1566,7 +1605,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
return 0;
} else {
len = strlen(Cmd);
- if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
memcpy(filename, Cmd, len);
fnameptr += len;
@@ -1586,6 +1625,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
memset(buf, 0, sizeof(buf));
if (fgets(buf, sizeof(buf), f) == NULL) {
+ fclose(f);
PrintAndLog("File reading error.");
return 2;
}
@@ -1594,6 +1634,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
if(strlen(buf) && feof(f))
break;
PrintAndLog("File content error. Block data must include 32 HEX symbols");
+ fclose(f);
return 2;
}
for (i = 0; i < 32; i += 2)
@@ -1624,9 +1665,10 @@ int CmdHF14AMfCLoad(const char *Cmd)
}
int CmdHF14AMfCGetBlk(const char *Cmd) {
- uint8_t memBlock[16] = {0x00};
+ uint8_t memBlock[16];
uint8_t blockNo = 0;
int res;
+ memset(memBlock, 0x00, sizeof(memBlock));
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf cgetblk <block number>");
@@ -1732,16 +1774,18 @@ int CmdHF14AMfCSave(const char *Cmd) {
return 0;
} else {
len = strlen(Cmd);
- if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;
if (len < 1) {
// get filename
if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {
PrintAndLog("Cant get block: %d", 0);
- return 1;
+ len = sprintf(fnameptr, "dump");
+ fnameptr += len;
+ } else {
+ for (j = 0; j < 7; j++, fnameptr += 2)
+ sprintf(fnameptr, "%02x", buf[j]);
}
- for (j = 0; j < 7; j++, fnameptr += 2)
- sprintf(fnameptr, "%02x", buf[j]);
} else {
memcpy(filename, Cmd, len);
fnameptr += len;
@@ -1793,7 +1837,7 @@ int CmdHF14AMfSniff(const char *Cmd){
int blockLen = 0;
int pckNum = 0;
int num = 0;
- uint8_t uid[7] = {0x00};
+ uint8_t uid[7];
uint8_t uid_len;
uint8_t atqa[2] = {0x00};
uint8_t sak;