X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/9492e0b0986a557afe1c85f08fd02a7fb979f536..refs/heads/unstable:/client/cmdhfmf.c
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 956bbc0e..5d2d3222 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -380,6 +380,8 @@ int CmdHF14AMfDump(const char *Cmd)
}
if (isOK) {
fwrite ( data, 1, 16, fout );
+ PrintAndLog("Dumped card data into 'dumpdata.bin'");
+
}
else {
PrintAndLog("Could not get access rights for block %d", i);
@@ -393,7 +395,6 @@ int CmdHF14AMfDump(const char *Cmd)
fclose(fin);
fclose(fout);
-
return 0;
}
@@ -421,13 +422,13 @@ int CmdHF14AMfRestore(const char *Cmd)
for (i=0 ; i<16 ; i++) {
if (fread(keyA[i], 1, 6, fkeys) == 0) {
- PrintAndLog("File reading error.");
+ PrintAndLog("File reading error.");
return 2;
}
}
for (i=0 ; i<16 ; i++) {
if (fread(keyB[i], 1, 6, fkeys) == 0) {
- PrintAndLog("File reading error.");
+ PrintAndLog("File reading error.");
return 2;
}
}
@@ -440,8 +441,8 @@ int CmdHF14AMfRestore(const char *Cmd)
memcpy(c.d.asBytes, key, 6);
if (fread(bldata, 1, 16, fdump) == 0) {
- PrintAndLog("File reading error.");
- return 2;
+ PrintAndLog("File reading error.");
+ return 2;
}
if (j == 3) {
@@ -475,7 +476,7 @@ int CmdHF14AMfRestore(const char *Cmd)
SendCommand(&c);
UsbCommand resp;
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
uint8_t isOK = resp.arg[0] & 0xff;
PrintAndLog("isOk:%02x", isOK);
} else {
@@ -655,7 +656,7 @@ int CmdHF14AMfNested(const char *Cmd)
}
}
- printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/1000.0, ((float)clock() - time1)/iterations/1000.0);
+ printf("Time in nested: %1.3f (%1.3f sec per key)\n\n", ((float)clock() - time1)/CLOCKS_PER_SEC, ((float)clock() - time1)/iterations/CLOCKS_PER_SEC);
PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations);
//print them
@@ -749,19 +750,28 @@ int CmdHF14AMfChk(const char *Cmd)
keyBlock = calloc(stKeyBlock, 6);
if (keyBlock == NULL) return 1;
- num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 0 * 6)); // Default key (first key used by program if no user defined key)
- num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 1 * 6)); // Blank key
- num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 2 * 6)); // NFCForum MAD key
- num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 3 * 6));
- num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 4 * 6));
- num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 5 * 6));
- num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 6 * 6));
- num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 7 * 6));
- num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 8 * 6));
- num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 9 * 6));
- num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 10 * 6));
- num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 11 * 6));
- num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 12 * 6));
+ uint64_t defaultKeys[] =
+ {
+ 0xffffffffffff, // Default key (first key used by program if no user defined key)
+ 0x000000000000, // Blank key
+ 0xa0a1a2a3a4a5, // NFCForum MAD key
+ 0xb0b1b2b3b4b5,
+ 0xaabbccddeeff,
+ 0x4d3a99c351dd,
+ 0x1a982c7e459a,
+ 0xd3f7d3f7d3f7,
+ 0x714c5c886e97,
+ 0x587ee5f9350f,
+ 0xa0478cc39091,
+ 0x533cb6c723f6,
+ 0x8fd0a4f256e9
+ };
+ int defaultKeysSize = (sizeof(defaultKeys) / 7) - 1;
+
+ for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++)
+ {
+ num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));
+ }
if (strlen(Cmd)<3) {
PrintAndLog("Usage: hf mf chk <block number>/<*card memory> <key type (A/B/?)> [t] [<key (12 hex symbols)>] [<dic (*.dic)>]");
@@ -831,13 +841,7 @@ int CmdHF14AMfChk(const char *Cmd)
}
if ( (f = fopen( filename , "r")) ) {
- while( !feof(f) ){
- memset(buf, 0, sizeof(buf));
- if (fgets(buf, sizeof(buf), f) == NULL) {
- PrintAndLog("File reading error.");
- return 2;
- }
-
+ while( fgets(buf, sizeof(buf), f) ){
if (strlen(buf) < 12 || buf[11] == '\n')
continue;
@@ -865,6 +869,7 @@ int CmdHF14AMfChk(const char *Cmd)
num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);
PrintAndLog("chk custom key[%d] %012"llx, keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));
keycnt++;
+ memset(buf, 0, sizeof(buf));
}
} else {
PrintAndLog("File: %s: not found or locked.", filename);
@@ -877,7 +882,7 @@ int CmdHF14AMfChk(const char *Cmd)
if (keycnt == 0) {
PrintAndLog("No key specified,try default keys");
- for (;keycnt <=12; keycnt++)
+ for (;keycnt < defaultKeysSize; keycnt++)
PrintAndLog("chk default key[%d] %02x%02x%02x%02x%02x%02x", keycnt,
(keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2],
(keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6);
@@ -946,24 +951,68 @@ int CmdHF14AMfChk(const char *Cmd)
int CmdHF14AMf1kSim(const char *Cmd)
{
- uint8_t uid[4] = {0, 0, 0, 0};
-
+ uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};
+ uint8_t exitAfterNReads = 0;
+ uint8_t flags = 0;
+
if (param_getchar(Cmd, 0) == 'h') {
- PrintAndLog("Usage: hf mf sim <uid (8 hex symbols)>");
+ PrintAndLog("Usage: hf mf sim u <uid (8 hex symbols)> n <numreads> i x");
+ PrintAndLog(" u (Optional) UID. If not specified, the UID from emulator memory will be used");
+ PrintAndLog(" n (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
+ PrintAndLog(" i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");
+ PrintAndLog(" x (Optional) Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s)");
PrintAndLog(" sample: hf mf sim 0a0a0a0a ");
return 0;
- }
-
- if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
- PrintAndLog("UID must include 8 HEX symbols");
- return 1;
}
- PrintAndLog(" uid:%s ", sprint_hex(uid, 4));
-
- UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {0, 0, 0}};
- memcpy(c.d.asBytes, uid, 4);
+ uint8_t pnr = 0;
+ if (param_getchar(Cmd, pnr) == 'u') {
+ if(param_gethex(Cmd, pnr+1, uid, 8) == 0)
+ {
+ flags |=FLAG_4B_UID_IN_DATA; // UID from packet
+ }else if(param_gethex(Cmd,pnr+1,uid,14) == 0)
+ {
+ flags |= FLAG_7B_UID_IN_DATA;// UID from packet
+ }else
+ {
+ PrintAndLog("UID, if specified, must include 8 or 14 HEX symbols");
+ return 1;
+ }
+ pnr +=2;
+ }
+ if (param_getchar(Cmd, pnr) == 'n') {
+ exitAfterNReads = param_get8(Cmd,pnr+1);
+ pnr += 2;
+ }
+ if (param_getchar(Cmd, pnr) == 'i' ) {
+ //Using a flag to signal interactiveness, least significant bit
+ flags |= FLAG_INTERACTIVE;
+ pnr++;
+ }
+
+ if (param_getchar(Cmd, pnr) == 'x' ) {
+ //Using a flag to signal interactiveness, least significant bit
+ flags |= FLAG_NR_AR_ATTACK;
+ }
+ PrintAndLog(" uid:%s, numreads:%d, flags:%d (0x%02x) ",
+ flags & FLAG_4B_UID_IN_DATA ? sprint_hex(uid,4):
+ flags & FLAG_7B_UID_IN_DATA ? sprint_hex(uid,7): "N/A"
+ , exitAfterNReads, flags,flags);
+
+
+ UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};
+ memcpy(c.d.asBytes, uid, sizeof(uid));
SendCommand(&c);
+ if(flags & FLAG_INTERACTIVE)
+ {
+ UsbCommand resp;
+ PrintAndLog("Press pm3-button to abort simulation");
+ while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ //We're waiting only 1.5 s at a time, otherwise we get the
+ // annoying message about "Waiting for a response... "
+ }
+ }
+
return 0;
}
@@ -1058,24 +1107,28 @@ int CmdHF14AMfESet(const char *Cmd)
int CmdHF14AMfELoad(const char *Cmd)
{
FILE * f;
- char filename[20];
+ char filename[255];
char * fnameptr = filename;
char buf[64];
uint8_t buf8[64];
int i, len, blockNum;
+ bool 4kcard = 0;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
PrintAndLog("It loads emul dump from the file `filename.eml`");
- PrintAndLog("Usage: hf mf eload <file name w/o `.eml`>");
- PrintAndLog(" sample: hf mf eload filename");
+ PrintAndLog("Usage: hf mf eload <file name w/o `.eml`> <4 - 4kcard>");
+ PrintAndLog(" sample: hf mf eload filename [4]");
return 0;
}
+ size = param_getchar(Cmd, 1);
+ if (size == '4') 4kcard = 1;
+
len = strlen(Cmd);
- if (len > 14) len = 14;
+ if (len > 254) len = 254;
memcpy(filename, Cmd, len);
fnameptr += len;
@@ -1093,7 +1146,11 @@ int CmdHF14AMfELoad(const char *Cmd)
while(!feof(f)){
memset(buf, 0, sizeof(buf));
if (fgets(buf, sizeof(buf), f) == NULL) {
- PrintAndLog("File reading error.");
+ if(blockNum == 16 * 4)
+ {
+ break;
+ }
+ PrintAndLog("File reading error.");
return 2;
}
@@ -1117,18 +1174,25 @@ int CmdHF14AMfELoad(const char *Cmd)
}
fclose(f);
- if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){
- PrintAndLog("File content error. There must be 64 blocks");
- return 4;
+ if(4kcard){
+ if (blockNum != 32 * 4 + 8 * 16){
+ PrintAndLog("File content error. There must be 64 blocks");
+ return 4;
+ }
+ }else{
+ if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){
+ PrintAndLog("File content error. There must be 64 blocks");
+ return 4;
+ }
}
- PrintAndLog("Loaded from file: %s", filename);
+ PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename);
return 0;
}
int CmdHF14AMfESave(const char *Cmd)
{
FILE * f;
- char filename[20];
+ char filename[255];
char * fnameptr = filename;
uint8_t buf[64];
int i, j, len;
@@ -1145,7 +1209,7 @@ int CmdHF14AMfESave(const char *Cmd)
}
len = strlen(Cmd);
- if (len > 14) len = 14;
+ if (len > 254) len = 254;
if (len < 1) {
// get filename
@@ -1633,7 +1697,7 @@ int CmdHF14AMfSniff(const char *Cmd){
PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);
num = 0;
while (bufPtr - buf + 9 < blockLen) {
- isTag = bufPtr[3] & 0x80 ? true:false;
+ isTag = bufPtr[3] & 0x80 ? true:false;
bufPtr += 4;
parity = *((uint32_t *)(bufPtr));
bufPtr += 4;
@@ -1667,28 +1731,28 @@ int CmdHF14AMfSniff(const char *Cmd){
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
- {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},
+ {"dbg", CmdHF14AMfDbg, 0, "Set default debug mode"},
{"rdbl", CmdHF14AMfRdBl, 0, "Read MIFARE classic block"},
{"rdsc", CmdHF14AMfRdSc, 0, "Read MIFARE classic sector"},
{"dump", CmdHF14AMfDump, 0, "Dump MIFARE classic tag to binary file"},
- {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},
+ {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"},
{"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"},
- {"chk", CmdHF14AMfChk, 0, "Test block keys"},
- {"mifare", CmdHF14AMifare, 0, "Read parity error messages. param - <used card nonce>"},
- {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},
+ {"chk", CmdHF14AMfChk, 0, "Test block keys"},
+ {"mifare", CmdHF14AMifare, 0, "Read parity error messages."},
+ {"nested", CmdHF14AMfNested, 0, "Test nested authentication"},
{"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},
- {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},
+ {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},
{"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},
{"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},
{"eset", CmdHF14AMfESet, 0, "Set simulator memory block"},
{"eload", CmdHF14AMfELoad, 0, "Load from file emul dump"},
{"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},
- {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},
- {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},
- {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},
- {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"},
- {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block from magic Chinese card"},
- {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector from magic Chinese card"},
+ {"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},
+ {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},
+ {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},
+ {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"},
+ {"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block from magic Chinese card"},
+ {"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector from magic Chinese card"},
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},
{NULL, NULL, 0, NULL}