X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/d2f487af9cc29122d86ca4f349ba825aaf98748c..dec8e8bd9f67643c07af9b06f9d6e9e1a2fb9191:/client/cmdhfmf.c diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 637ef4a1..a2665256 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -142,76 +142,112 @@ int CmdHF14AMfWrBl(const char *Cmd) int CmdHF14AMfUWrBl(const char *Cmd) { - uint8_t blockNo = 0; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + uint8_t blockNo = 0; + bool chinese_card=0; + uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; UsbCommand resp; - - if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf uwrbl "); - PrintAndLog(" sample: hf mf uwrbl 0 01020304"); - return 0; - } + + if (strlen(Cmd)<3) { + PrintAndLog("Usage: hf mf uwrbl "); + PrintAndLog(" sample: hf mf uwrbl 0 01020304"); + return 0; + } - blockNo = param_get8(Cmd, 0); - if (param_gethex(Cmd, 1, bldata, 8)) { - PrintAndLog("Block data must include 8 HEX symbols"); - return 1; - } + blockNo = param_get8(Cmd, 0); + if (param_gethex(Cmd, 1, bldata, 8)) { + PrintAndLog("Block data must include 8 HEX symbols"); + return 1; + } + + if (strchr(Cmd,'w') != 0) { + chinese_card=1; + } + + switch(blockNo){ + case 0: + if (!chinese_card){ + PrintAndLog("Access Denied"); + }else{ + PrintAndLog("--specialblock no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(d.d.asBytes,bldata, 4); + SendCommand(&d); + + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + break; + case 1: + if (!chinese_card){ + PrintAndLog("Access Denied"); + }else{ + PrintAndLog("--specialblock no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(d.d.asBytes,bldata, 4); + SendCommand(&d); + + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + break; + case 2: + if (!chinese_card){ + PrintAndLog("Access Denied"); + }else{ + PrintAndLog("--specialblock no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(c.d.asBytes, bldata, 4); + SendCommand(&c); - switch(blockNo) - { - case 0: - PrintAndLog("Access Denied"); - break; - case 1: - PrintAndLog("Access Denied"); - break; - case 2: - PrintAndLog("--specialblock no:%02x", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(c.d.asBytes, bldata, 4); - SendCommand(&c); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - case 3: - PrintAndLog("--specialblock no:%02x", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - default: - PrintAndLog("--block no:%02x", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - //UsbCommand e = {CMD_MIFAREU_WRITEBL_COMPAT, {blockNo}}; - //memcpy(e.d.asBytes,bldata, 16); - UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(e.d.asBytes,bldata, 4); - SendCommand(&e); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + } + break; + case 3: + PrintAndLog("--specialblock no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(d.d.asBytes,bldata, 4); + SendCommand(&d); + + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + break; + default: + PrintAndLog("--block no:%02x", blockNo); + PrintAndLog("--data: %s", sprint_hex(bldata, 4)); + UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; + memcpy(e.d.asBytes,bldata, 4); + SendCommand(&e); + + if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + } else { + PrintAndLog("Command execute timeout"); + } + break; } - return 0; + return 0; } int CmdHF14AMfRdBl(const char *Cmd) @@ -947,19 +983,28 @@ int CmdHF14AMfChk(const char *Cmd) keyBlock = calloc(stKeyBlock, 6); if (keyBlock == NULL) return 1; - num_to_bytes(0xffffffffffff, 6, (uint8_t*)(keyBlock + 0 * 6)); // Default key (first key used by program if no user defined key) - num_to_bytes(0x000000000000, 6, (uint8_t*)(keyBlock + 1 * 6)); // Blank key - num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 2 * 6)); // NFCForum MAD key - num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 3 * 6)); - num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 4 * 6)); - num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 5 * 6)); - num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 6 * 6)); - num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 7 * 6)); - num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 8 * 6)); - num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 9 * 6)); - num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 10 * 6)); - num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 11 * 6)); - num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 12 * 6)); + uint64_t defaultKeys[] = + { + 0xffffffffffff, // Default key (first key used by program if no user defined key) + 0x000000000000, // Blank key + 0xa0a1a2a3a4a5, // NFCForum MAD key + 0xb0b1b2b3b4b5, + 0xaabbccddeeff, + 0x4d3a99c351dd, + 0x1a982c7e459a, + 0xd3f7d3f7d3f7, + 0x714c5c886e97, + 0x587ee5f9350f, + 0xa0478cc39091, + 0x533cb6c723f6, + 0x8fd0a4f256e9 + }; + int defaultKeysSize = (sizeof(defaultKeys) / 7) - 1; + + for (int defaultKeyCounter = 0; defaultKeyCounter < defaultKeysSize; defaultKeyCounter++) + { + num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6)); + } if (strlen(Cmd)<3) { PrintAndLog("Usage: hf mf chk /<*card memory> [t] [] []"); @@ -1029,13 +1074,7 @@ int CmdHF14AMfChk(const char *Cmd) } if ( (f = fopen( filename , "r")) ) { - while( !feof(f) ){ - memset(buf, 0, sizeof(buf)); - if (fgets(buf, sizeof(buf), f) == NULL) { - PrintAndLog("File reading error."); - return 2; - } - + while( fgets(buf, sizeof(buf), f) ){ if (strlen(buf) < 12 || buf[11] == '\n') continue; @@ -1063,6 +1102,7 @@ int CmdHF14AMfChk(const char *Cmd) num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt); PrintAndLog("chk custom key[%d] %012"llx, keycnt, bytes_to_num(keyBlock + 6*keycnt, 6)); keycnt++; + memset(buf, 0, sizeof(buf)); } } else { PrintAndLog("File: %s: not found or locked.", filename); @@ -1075,7 +1115,7 @@ int CmdHF14AMfChk(const char *Cmd) if (keycnt == 0) { PrintAndLog("No key specified,try default keys"); - for (;keycnt <=12; keycnt++) + for (;keycnt < defaultKeysSize; keycnt++) PrintAndLog("chk default key[%d] %02x%02x%02x%02x%02x%02x", keycnt, (keyBlock + 6*keycnt)[0],(keyBlock + 6*keycnt)[1], (keyBlock + 6*keycnt)[2], (keyBlock + 6*keycnt)[3], (keyBlock + 6*keycnt)[4], (keyBlock + 6*keycnt)[5], 6); @@ -1144,7 +1184,7 @@ int CmdHF14AMfChk(const char *Cmd) int CmdHF14AMf1kSim(const char *Cmd) { - uint8_t uid[7] = {0, 0, 0, 0,0,0,0}; + uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0}; uint8_t exitAfterNReads = 0; uint8_t flags = 0; @@ -1196,7 +1236,7 @@ int CmdHF14AMf1kSim(const char *Cmd) memcpy(c.d.asBytes, uid, sizeof(uid)); SendCommand(&c); - if(flags & 1) + if(flags & FLAG_INTERACTIVE) { UsbCommand resp; PrintAndLog("Press pm3-button to abort simulation"); @@ -1843,8 +1883,9 @@ int CmdHF14AMfSniff(const char *Cmd){ printf("Press the key on pc keyboard to abort the client.\n"); printf("-------------------------------------------------------------------------\n"); - UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}}; - SendCommand(&c); + UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}}; + clearCommandBuffer(); + SendCommand(&c); // wait cycle while (true) { @@ -1879,7 +1920,7 @@ int CmdHF14AMfSniff(const char *Cmd){ PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum); num = 0; while (bufPtr - buf + 9 < blockLen) { - isTag = bufPtr[3] & 0x80 ? true:false; + isTag = bufPtr[3] & 0x80 ? true:false; bufPtr += 4; parity = *((uint32_t *)(bufPtr)); bufPtr += 4; @@ -1891,7 +1932,7 @@ int CmdHF14AMfSniff(const char *Cmd){ sak = bufPtr[11]; PrintAndLog("tag select uid:%s atqa:%02x %02x sak:0x%02x", sprint_hex(uid, 7), atqa[0], atqa[1], sak); - if (wantLogToFile) { + if (wantLogToFile || wantDecrypt) { FillFileNameByUID(logHexFileName, uid, ".log", 7); AddLogCurrentDT(logHexFileName); } @@ -1907,7 +1948,8 @@ int CmdHF14AMfSniff(const char *Cmd){ } } // resp not NILL } // while (true) - return 0; + + return 0; } static command_t CommandTable[] = @@ -1923,7 +1965,7 @@ static command_t CommandTable[] = {"restore", CmdHF14AMfRestore, 0, "Restore MIFARE classic binary file to BLANK tag"}, {"wrbl", CmdHF14AMfWrBl, 0, "Write MIFARE classic block"}, {"chk", CmdHF14AMfChk, 0, "Test block keys"}, - {"mifare", CmdHF14AMifare, 0, "Read parity error messages. param - "}, + {"mifare", CmdHF14AMifare, 0, "Read parity error messages."}, {"nested", CmdHF14AMfNested, 0, "Test nested authentication"}, {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"}, {"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},