summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
fe5b3a4)
Issue: https://github.com/Proxmark/proxmark3/issues/35
Forum: http://www.proxmark.org/forum/viewtopic.php?pid=7883#p7883
Where "hf mf csetuid" empties the rest of the block0 bytes.
This fix loads the old block0 and replaces the uid+sak+ataq bytes only.
// "MAGIC" CARD\r
\r
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {\r
// "MAGIC" CARD\r
\r
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {\r
+ \r
+ uint8_t oldblock0[16] = {0x00};\r
uint8_t block0[16] = {0x00};\r
memcpy(block0, uid, 4); \r
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC\r
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)\r
uint8_t block0[16] = {0x00};\r
memcpy(block0, uid, 4); \r
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC\r
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)\r
- block0[5] = 0x08;\r
- block0[6] = 0x04;\r
- block0[7] = 0x00;\r
+ //block0[5] = 0x08;\r
+ //block0[6] = 0x04;\r
+ //block0[7] = 0x00;\r
+ \r
+ block0[5] = 0x01; //sak\r
+ block0[6] = 0x01;\r
+ block0[7] = 0x0f;\r
+ int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);\r
+ if ( old == 0) {\r
+ memcpy(block0+8, oldblock0+8, 8);\r
+ PrintAndLog("block 0: %s", sprint_hex(block0,16));\r
+ } else {\r
+ PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");\r
+ }\r
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);\r
}\r
\r
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);\r
}\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
isOK = resp.arg[0] & 0xff;\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
isOK = resp.arg[0] & 0xff;\r
- if (uid != NULL) memcpy(uid, resp.d.asBytes, 4);\r
- if (!isOK) return 2;\r
+ if (uid != NULL) \r
+ memcpy(uid, resp.d.asBytes, 4);\r
+ if (!isOK) \r
+ return 2;\r
} else {\r
PrintAndLog("Command execute timeout");\r
return 1;\r
} else {\r
PrintAndLog("Command execute timeout");\r
return 1;\r
\r
int loadTraceCard(uint8_t *tuid) {\r
FILE * f;\r
\r
int loadTraceCard(uint8_t *tuid) {\r
FILE * f;\r
- char buf[64];\r
- uint8_t buf8[64];\r
+ char buf[64] = {0x00};\r
+ uint8_t buf8[64] = {0x00};\r
- if (!isTraceCardEmpty()) saveTraceCard();\r
+ if (!isTraceCardEmpty()) \r
+ saveTraceCard();\r
+ \r
memset(traceCard, 0x00, 4096);\r
memcpy(traceCard, tuid + 3, 4);\r
memset(traceCard, 0x00, 4096);\r
memcpy(traceCard, tuid + 3, 4);\r
FillFileNameByUID(traceFileName, tuid, ".eml", 7);\r
\r
f = fopen(traceFileName, "r");\r
FillFileNameByUID(traceFileName, tuid, ".eml", 7);\r
\r
f = fopen(traceFileName, "r");\r
\r
int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {\r
\r
\r
int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {\r
\r
- if (traceCrypto1) crypto1_destroy(traceCrypto1);\r
+ if (traceCrypto1) \r
+ crypto1_destroy(traceCrypto1);\r
+\r
traceCrypto1 = NULL;\r
\r
traceCrypto1 = NULL;\r
\r
- if (wantSaveToEmlFile) loadTraceCard(tuid);\r
+ if (wantSaveToEmlFile) \r
+ loadTraceCard(tuid);\r
+ \r
traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];\r
traceCard[5] = sak;\r
memcpy(&traceCard[6], atqa, 2);\r
traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];\r
traceCard[5] = sak;\r
memcpy(&traceCard[6], atqa, 2);\r