PrintAndLog(" x0 -> <1 kByte");
break;
case 0x01:
- PrintAndLog(" x0 -> 1 kByte");
+ PrintAndLog(" x1 -> 1 kByte");
break;
case 0x02:
- PrintAndLog(" x0 -> 2 kByte");
+ PrintAndLog(" x2 -> 2 kByte");
break;
case 0x03:
- PrintAndLog(" x0 -> 4 kByte");
+ PrintAndLog(" x3 -> 4 kByte");
break;
case 0x04:
- PrintAndLog(" x0 -> 8 kByte");
+ PrintAndLog(" x4 -> 8 kByte");
break;
}
switch (card.ats[pos + 3] & 0xf0) {
return 1;
}
-int usage_hf_14a_sim(void) {
- PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID\n");
- PrintAndLog("Usage: hf 14a sim t <type> u <uid> x");
- PrintAndLog(" Options : ");
- PrintAndLog(" h : this help");
- PrintAndLog(" t : 1 = MIFARE Classic");
- PrintAndLog(" 2 = MIFARE Ultralight");
- PrintAndLog(" 3 = MIFARE Desfire");
- PrintAndLog(" 4 = ISO/IEC 14443-4");
- PrintAndLog(" 5 = MIFARE Tnp3xxx");
- PrintAndLog(" 6 = MIFARE Mini");
- PrintAndLog(" 7 = NTAG 215 from emu mem");
- PrintAndLog(" u : 4 or 7 byte UID");
- PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
- PrintAndLog("\n sample : hf 14a sim t 1 u 1122344");
- PrintAndLog(" : hf 14a sim t 1 u 1122344 x\n");
- return 0;
-}
// ## simulate iso14443a tag
// ## greg - added ability to specify tag UID
int CmdHF14ASim(const char *Cmd)
{
- bool errors = FALSE;
- uint8_t flags = 0;
- uint8_t tagtype = 1;
- uint64_t uid = 0;
- uint8_t cmdp = 0;
-
- while(param_getchar(Cmd, cmdp) != 0x00)
- {
- switch(param_getchar(Cmd, cmdp))
- {
- case 'h':
- case 'H':
- return usage_hf_14a_sim();
- case 't':
- case 'T':
- // Retrieve the tag type
- tagtype = param_get8ex(Cmd, cmdp+1, 0, 10);
- if (tagtype == 0)
- errors = true;
- cmdp += 2;
- break;
- case 'u':
- case 'U':
- // Retrieve the full 4 or 7 byte long uid
- uid = param_get64ex(Cmd, cmdp+1, 0, 16);
- if (uid == 0 )
- errors = TRUE;
-
- if (uid > 0xffffffff) {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",uid);
- flags |= FLAG_7B_UID_IN_DATA;
- } else {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",uid);
- flags |= FLAG_4B_UID_IN_DATA;
- }
- cmdp += 2;
- break;
- case 'x':
- case 'X':
- flags |= FLAG_NR_AR_ATTACK;
- cmdp++;
- break;
- default:
- PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
- errors = true;
- break;
- }
- if(errors) break;
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{0,0,0}};
+
+ // Retrieve the tag type
+ uint8_t tagtype = param_get8ex(Cmd,0,0,10);
+
+ // When no argument was given, just print help message
+ if (tagtype == 0) {
+ PrintAndLog("");
+ PrintAndLog(" Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID");
+ PrintAndLog("");
+ PrintAndLog(" syntax: hf 14a sim <type> <uid>");
+ PrintAndLog(" types: 1 = MIFARE Classic");
+ PrintAndLog(" 2 = MIFARE Ultralight");
+ PrintAndLog(" 3 = MIFARE Desfire");
+ PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE Tnp3xxx");
+ PrintAndLog("");
+ return 1;
}
+
+ // Store the tag type
+ c.arg[0] = tagtype;
+
+ // Retrieve the full 4 or 7 byte long uid
+ uint64_t long_uid = param_get64ex(Cmd,1,0,16);
+
+ // Are we handling the (optional) second part uid?
+ if (long_uid > 0xffffffff) {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",long_uid);
+ // Store the second part
+ c.arg[2] = (long_uid & 0xffffffff);
+ long_uid >>= 32;
+ // Store the first part, ignore the first byte, it is replaced by cascade byte (0x88)
+ c.arg[1] = (long_uid & 0xffffff);
+ } else {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",long_uid);
+ // Only store the first part
+ c.arg[1] = long_uid & 0xffffffff;
+ }
+/*
+ // At lease save the mandatory first part of the UID
+ c.arg[0] = long_uid & 0xffffffff;
- //Validations
- if (errors) return usage_hf_14a_sim();
-
- PrintAndLog("Press pm3-button to abort simulation");
-
- UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }};
-
- num_to_bytes(uid, 7, c.d.asBytes);
- clearCommandBuffer();
- SendCommand(&c);
-
- //uint8_t data[40];
- //uint8_t key[6];
- UsbCommand resp;
- while(!ukbhit()){
- if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){
- // attempt to get key:
- // TODO:
-
- //memset(data, 0x00, sizeof(data));
- //memset(key, 0x00, sizeof(key));
- //int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];
- //memcpy(data, resp.d.asBytes, len);
- //tryMfk32(uid, data, key);
- //tryMfk32_moebius(uid, data, key);
- //tryMfk64(uid, data, key);
- //PrintAndLog("--");
- }
- }
+ if (c.arg[1] == 0) {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
}
- return 0;
+
+ switch (c.arg[0]) {
+ case 1: {
+ PrintAndLog("Emulating ISO/IEC 14443-3 type A tag with 4 byte UID");
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
+ } break;
+ case 2: {
+ PrintAndLog("Emulating ISO/IEC 14443-4 type A tag with 7 byte UID");
+ } break;
+ default: {
+ PrintAndLog("Error: unkown tag type (%d)",c.arg[0]);
+ PrintAndLog("syntax: hf 14a sim <uid>",c.arg[0]);
+ PrintAndLog(" type1: 4 ",c.arg[0]);
+
+ return 1;
+ } break;
+ }
+*/
+/*
+ unsigned int hi = 0, lo = 0;
+ int n = 0, i = 0;
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi= (hi << 4) | (lo >> 28);
+ lo= (lo << 4) | (n & 0xf);
+ }
+*/
+// UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
+// PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
+ SendCommand(&c);
+ return 0;
}
int CmdHF14ASnoop(const char *Cmd) {
if(topazmode)
c.arg[0] |= ISO14A_TOPAZMODE;
- // Max buffer is USB_CMD_DATA_SIZE
- datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
- c.arg[1] = (datalen & 0xFFFF) | ( (uint32_t)(numbits) << 16);
+ // Max buffer is USB_CMD_DATA_SIZE
+ c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
SendCommand(&c);
PrintAndLog("--block no:%d, key type:%c, key:%s", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
PrintAndLog("--data: %s", sprint_hex(bldata, 16));\r
\r
- UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- clearCommandBuffer();\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
uint8_t blockNo = 0;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0, 0, 0, 0, 0, 0};\r
-\r
+ \r
char cmdp = 0x00;\r
\r
\r
PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");\r
PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");\r
return 0;\r
- }\r
-\r
+ } \r
+ \r
blockNo = param_get8(Cmd, 0);\r
cmdp = param_getchar(Cmd, 1);\r
if (cmdp == 0x00) {\r
return 1;\r
}\r
PrintAndLog("--block no:%d, key type:%c, key:%s ", blockNo, keyType?'B':'A', sprint_hex(key, 6));\r
-\r
- UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
+ \r
+ UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- clearCommandBuffer();\r
- SendCommand(&c);\r
+ SendCommand(&c);\r
\r
UsbCommand resp;\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
return 1;\r
}\r
PrintAndLog("--sector no:%d key type:%c key:%s ", sectorNo, keyType?'B':'A', sprint_hex(key, 6));\r
-\r
+ \r
UsbCommand c = {CMD_MIFARE_READSC, {sectorNo, keyType, 0}};\r
memcpy(c.d.asBytes, key, 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
PrintAndLog(" ");\r
\r
PrintAndLog("Command execute timeout");\r
}\r
\r
- return 0;\r
+ return 0;\r
}\r
\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
-\r
+ \r
uint8_t keyA[40][6];\r
uint8_t keyB[40][6];\r
uint8_t rights[40][4];\r
return 2;\r
}\r
}\r
-\r
+ \r
fclose(fin);\r
\r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|------ Reading sector access bits...-----|");\r
PrintAndLog("|-----------------------------------------|");\r
-\r
+ \r
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
rights[sectorNo][3] = 0x01;\r
}\r
}\r
-\r
+ \r
PrintAndLog("|-----------------------------------------|");\r
PrintAndLog("|----- Dumping all blocks to file... -----|");\r
PrintAndLog("|-----------------------------------------|");\r
-\r
+ \r
bool isOK = true;\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else { // data block. Check if it can be read with key A or key B\r
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};\r
memcpy(c.d.asBytes, keyB[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work\r
} else { // key A would work\r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);\r
}\r
PrintAndLog("Writing to block %3d: %s", FirstBlockOfSector(sectorNo) + blockNo, sprint_hex(bldata, 16));\r
\r
memcpy(c.d.asBytes + 10, bldata, 16);\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
UsbCommand resp;\r
break;\r
default:\r
PrintAndLog("Key type must be A , B or ?");\r
- free(keyBlock);\r
return 1;\r
};\r
\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defKeys");\r
free(keyBlock);\r
- fclose(f);\r
return 2;\r
}\r
keyBlock = p;\r
\r
UsbCommand c = {CMD_SIMULATE_MIFARE_CARD, {flags, exitAfterNReads,0}};\r
memcpy(c.d.asBytes, uid, sizeof(uid));\r
- clearCommandBuffer();\r
SendCommand(&c);\r
\r
if(flags & FLAG_INTERACTIVE)\r
PrintAndLog("Press pm3-button to abort simulation");\r
while(! WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
//We're waiting only 1.5 s at a time, otherwise we get the\r
- //annoying message about "Waiting for a response... "\r
+ // annoying message about "Waiting for a response... "\r
}\r
}\r
\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfESet(const char *Cmd)\r
{\r
uint8_t memBlock[16];\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfELoad(const char *Cmd)\r
{\r
FILE * f;\r
uint8_t buf8[64] = {0x00};\r
int i, len, blockNum, numBlocks;\r
int nameParamNo = 1;\r
- uint8_t blockWidth = 32; \r
+ \r
char ctmp = param_getchar(Cmd, 0);\r
\r
if ( ctmp == 'h' || ctmp == 0x00) {\r
PrintAndLog("It loads emul dump from the file `filename.eml`");\r
- PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`> [numblocks]");\r
- PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL");\r
+ PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`>");\r
+ PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
PrintAndLog("");\r
PrintAndLog(" sample: hf mf eload filename");\r
PrintAndLog(" hf mf eload 4 filename");\r
case '\0': numBlocks = 16*4; break;\r
case '2' : numBlocks = 32*4; break;\r
case '4' : numBlocks = 256; break;\r
- case 'U' : // fall through\r
- case 'u' : numBlocks = 255; blockWidth = 8; break;\r
default: {\r
numBlocks = 16*4;\r
nameParamNo = 0;\r
}\r
}\r
- uint32_t numblk2 = param_get32ex(Cmd,2,0,10);\r
- if (numblk2 > 0) numBlocks = numblk2; \r
\r
len = param_getstr(Cmd,nameParamNo,filename);\r
- if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
+ \r
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
\r
fnameptr += len;\r
\r
return 2;\r
}\r
\r
- if (strlen(buf) < blockWidth){\r
+ if (strlen(buf) < 32){\r
if(strlen(buf) && feof(f))\r
break;\r
- PrintAndLog("File content error. Block data must include %d HEX symbols", blockWidth);\r
+ PrintAndLog("File content error. Block data must include 32 HEX symbols");\r
fclose(f);\r
return 2;\r
}\r
\r
- for (i = 0; i < blockWidth; i += 2) {\r
+ for (i = 0; i < 32; i += 2) {\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
- } \r
- if (mfEmlSetMem_xt(buf8, blockNum, 1, blockWidth/2)) {\r
+ }\r
+ \r
+ if (mfEmlSetMem(buf8, blockNum, 1)) {\r
PrintAndLog("Cant set emul block: %3d", blockNum);\r
fclose(f);\r
return 3;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfESave(const char *Cmd)\r
{\r
FILE * f;\r
\r
len = param_getstr(Cmd,nameParamNo,filename);\r
\r
- if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
\r
// user supplied filename?\r
if (len < 1) {\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfECFill(const char *Cmd)\r
{\r
uint8_t keyType = 0;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfEKeyPrn(const char *Cmd)\r
{\r
int i;\r
uint8_t data[16];\r
uint64_t keyA, keyB;\r
\r
- char cmdp = param_getchar(Cmd, 0);\r
-\r
- if ( cmdp == 'h' || cmdp == 'H') {\r
+ if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It prints the keys loaded in the emulator memory");\r
PrintAndLog("Usage: hf mf ekeyprn [card memory]");\r
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");\r
return 0;\r
} \r
\r
+ char cmdp = param_getchar(Cmd, 0);\r
+ \r
switch (cmdp) {\r
case '0' : numSectors = 5; break;\r
case '1' : \r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
uint8_t wipeCard = 0;\r
{\r
uint8_t memBlock[16] = {0x00};\r
uint8_t blockNo = 0;\r
- uint8_t params = MAGIC_SINGLE;\r
+ bool wipeCard = FALSE;\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
}\r
\r
char ctmp = param_getchar(Cmd, 2);\r
- if (ctmp == 'w' || ctmp == 'W')\r
- params |= MAGIC_WIPE;\r
-\r
+ wipeCard = (ctmp == 'w' || ctmp == 'W');\r
PrintAndLog("--block number:%2d data:%s", blockNo, sprint_hex(memBlock, 16));\r
\r
- res = mfCSetBlock(blockNo, memBlock, NULL, params);\r
+ res = mfCSetBlock(blockNo, memBlock, NULL, wipeCard, CSETBLOCK_SINGLE_OPER);\r
if (res) {\r
PrintAndLog("Can't write block. error=%d", res);\r
return 1;\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCLoad(const char *Cmd)\r
{\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char * fnameptr = filename;\r
char buf[64] = {0x00};\r
uint8_t buf8[64] = {0x00};\r
uint8_t fillFromEmulator = 0;\r
int i, len, blockNum, flags=0;\r
\r
- memset(filename, 0, sizeof(filename));\r
-\r
- char ctmp = param_getchar(Cmd, 0);\r
-\r
- if (ctmp == 'h' || ctmp == 'H' || ctmp == 0x00) {\r
+ if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {\r
PrintAndLog("It loads magic Chinese card from the file `filename.eml`");\r
PrintAndLog("or from emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf cload <file name w/o `.eml`>");\r
return 0;\r
} \r
\r
+ char ctmp = param_getchar(Cmd, 0);\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
PrintAndLog("Cant get block: %d", blockNum);\r
return 2;\r
}\r
- if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Magic Halt and switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Magic Halt and switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Cant set magic card block: %d", blockNum);\r
return 3;\r
}\r
return 0;\r
} else {\r
len = strlen(Cmd);\r
- if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
\r
memcpy(filename, Cmd, len);\r
fnameptr += len;\r
for (i = 0; i < 32; i += 2)\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
\r
- if (blockNum == 0) flags = MAGIC_INIT + MAGIC_WUPC; // switch on field and send magic sequence\r
+ if (blockNum == 0) flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; // switch on field and send magic sequence\r
if (blockNum == 1) flags = 0; // just write\r
- if (blockNum == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF; // Done. Switch off field.\r
+ if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; // Done. Switch off field.\r
\r
- if (mfCSetBlock(blockNum, buf8, NULL, flags)) {\r
+ if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {\r
PrintAndLog("Can't set magic card block: %d", blockNum);\r
return 3;\r
}\r
}\r
\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
- uint8_t data[16];\r
+ uint8_t memBlock[16];\r
uint8_t blockNo = 0;\r
int res;\r
- memset(data, 0x00, sizeof(data));\r
- char ctmp = param_getchar(Cmd, 0);\r
+ memset(memBlock, 0x00, sizeof(memBlock));\r
\r
- if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetblk <block number>");\r
PrintAndLog("sample: hf mf cgetblk 1");\r
PrintAndLog("Get block data from magic Chinese card (only works with such cards)\n");\r
\r
PrintAndLog("--block number:%2d ", blockNo);\r
\r
- res = mfCGetBlock(blockNo, data, MAGIC_SINGLE);\r
+ res = mfCGetBlock(blockNo, memBlock, CSETBLOCK_SINGLE_OPER);\r
if (res) {\r
PrintAndLog("Can't read block. error=%d", res);\r
return 1;\r
}\r
\r
- PrintAndLog("block data:%s", sprint_hex(data, sizeof(data)));\r
+ PrintAndLog("block data:%s", sprint_hex(memBlock, 16));\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCGetSc(const char *Cmd) {\r
- uint8_t data[16];\r
+ uint8_t memBlock[16] = {0x00};\r
uint8_t sectorNo = 0;\r
int i, res, flags;\r
- memset(data, 0x00, sizeof(data));\r
- char ctmp = param_getchar(Cmd, 0);\r
\r
- if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') {\r
+ if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("Usage: hf mf cgetsc <sector number>");\r
PrintAndLog("sample: hf mf cgetsc 0");\r
PrintAndLog("Get sector data from magic Chinese card (only works with such cards)\n");\r
return 0;\r
- }\r
+ } \r
\r
sectorNo = param_get8(Cmd, 0);\r
if (sectorNo > 15) {\r
}\r
\r
PrintAndLog("--sector number:%d ", sectorNo);\r
- PrintAndLog("block | data");\r
\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 3) flags = MAGIC_HALT + MAGIC_OFF;\r
+ if (i == 3) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
\r
- res = mfCGetBlock(sectorNo * 4 + i, data, flags);\r
+ res = mfCGetBlock(sectorNo * 4 + i, memBlock, flags);\r
if (res) {\r
PrintAndLog("Can't read block. %d error=%d", sectorNo * 4 + i, res);\r
return 1;\r
}\r
- PrintAndLog(" %3d | %s", sectorNo * 4 + i, sprint_hex(data, sizeof(data)));\r
+ \r
+ PrintAndLog("block %3d data:%s", sectorNo * 4 + i, sprint_hex(memBlock, 16));\r
}\r
return 0;\r
}\r
\r
+\r
int CmdHF14AMfCSave(const char *Cmd) {\r
\r
FILE * f;\r
- char filename[FILE_PATH_SIZE];\r
+ char filename[FILE_PATH_SIZE] = {0x00};\r
char * fnameptr = filename;\r
uint8_t fillFromEmulator = 0;\r
- uint8_t buf[64];\r
+ uint8_t buf[64] = {0x00};\r
int i, j, len, flags;\r
+ \r
+ // memset(filename, 0, sizeof(filename));\r
+ // memset(buf, 0, sizeof(buf));\r
\r
- memset(filename, 0, sizeof(filename));\r
- memset(buf, 0, sizeof(buf));\r
- char ctmp = param_getchar(Cmd, 0);\r
-\r
- if ( ctmp == 'h' || ctmp == 'H' ) {\r
+ if (param_getchar(Cmd, 0) == 'h') {\r
PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");\r
PrintAndLog("or into emulator memory (option `e`)");\r
PrintAndLog("Usage: hf mf esave [file name w/o `.eml`][e]");\r
PrintAndLog(" hf mf esave filename");\r
PrintAndLog(" hf mf esave e \n");\r
return 0;\r
- }\r
+ } \r
+\r
+ char ctmp = param_getchar(Cmd, 0);\r
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;\r
\r
if (fillFromEmulator) {\r
// put into emulator\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
-\r
+ if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
+ \r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
break;\r
}\r
-\r
+ \r
if (mfEmlSetMem(buf, i, 1)) {\r
PrintAndLog("Cant set emul block: %d", i);\r
return 3;\r
return 0;\r
} else {\r
len = strlen(Cmd);\r
- if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5;\r
-\r
- // get filename based on UID\r
+ if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4;\r
+ \r
if (len < 1) {\r
-\r
- if (mfCGetBlock(0, buf, MAGIC_SINGLE)) {\r
+ // get filename\r
+ if (mfCGetBlock(0, buf, CSETBLOCK_SINGLE_OPER)) {\r
PrintAndLog("Cant get block: %d", 0);\r
len = sprintf(fnameptr, "dump");\r
fnameptr += len;\r
- } else {\r
+ }\r
+ else {\r
for (j = 0; j < 7; j++, fnameptr += 2)\r
sprintf(fnameptr, "%02x", buf[j]); \r
}\r
fnameptr += len;\r
}\r
\r
- // add .eml extension\r
sprintf(fnameptr, ".eml"); \r
-\r
+ \r
// open file\r
f = fopen(filename, "w+");\r
\r
}\r
\r
// put hex\r
- flags = MAGIC_INIT + MAGIC_WUPC;\r
+ flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;\r
for (i = 0; i < 16 * 4; i++) {\r
if (i == 1) flags = 0;\r
- if (i == 16 * 4 - 1) flags = MAGIC_HALT + MAGIC_OFF;\r
+ if (i == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;\r
\r
if (mfCGetBlock(i, buf, flags)) {\r
PrintAndLog("Cant get block: %d", i);\r
fprintf(f, "%02x", buf[j]); \r
fprintf(f,"\n");\r
}\r
- fflush(f);\r
fclose(f);\r
+ \r
PrintAndLog("Saved to file: %s", filename);\r
+ \r
return 0;\r
}\r
}\r
\r
+\r
int CmdHF14AMfSniff(const char *Cmd){\r
\r
bool wantLogToFile = 0;\r
uint16_t traceLen = resp.arg[1];\r
len = resp.arg[2];\r
\r
- if (res == 0) {\r
- free(buf);\r
- return 0; // we are done\r
- }\r
+ if (res == 0) return 0; // we are done\r
\r
if (res == 1) { // there is (more) data to be transferred\r
if (pckNum == 0) { // first packet, (re)allocate necessary buffer\r
bufsize = traceLen;\r
memset(buf, 0x00, traceLen);\r
}\r
- if (bufPtr == NULL) {\r
- PrintAndLog("Cannot allocate memory for trace");\r
- free(buf);\r
- return 2;\r
- }\r
memcpy(bufPtr, resp.d.asBytes, len);\r
bufPtr += len;\r
pckNum++;\r
}\r
\r
//needs nt, ar, at, Data to decrypt\r
-int CmdHf14MfDecryptBytes(const char *Cmd){\r
+int CmdDecryptTraceCmds(const char *Cmd){\r
uint8_t data[50];\r
int len = 0;\r
param_gethex_ex(Cmd,3,data,&len);\r
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},\r
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},\r
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},\r
- {"decrypt", CmdHf14MfDecryptBytes,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
+ {"decrypt", CmdDecryptTraceCmds,1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},\r
{NULL, NULL, 0, NULL}\r
};\r
\r
projects / proxmark3-svn / commitdiff