From 208a0166b948d88b276a67dd334f3b1ecca62420 Mon Sep 17 00:00:00 2001 From: "Merlokbr@gmail.com" Date: Thu, 5 Jul 2012 10:59:15 +0000 Subject: [PATCH] magic Chinese card fully supported. Added commands:csetuid-set card uid and wipe it, csetblk-set 16 byte block, cload-load dump from emulator memory or emulator file --- armsrc/mifarecmd.c | 73 ++++++++++++++++++++-------------- client/cmdhfmf.c | 96 +++++++++++++++++++++++++++++++++++++++++++-- client/mifarehost.c | 9 ++--- client/mifarehost.h | 10 ++++- 4 files changed, 149 insertions(+), 39 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 84820730..4f4ce64d 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -735,7 +735,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // params uint8_t needWipe = arg0; - uint8_t needGetUID = arg1; + // bit 0 - need get UID + // bit 1 - need wupC + // bit 2 - need HALT after sequence + // bit 3 - need init FPGA and field before sequence + // bit 4 - need reset FPGA and LED + uint8_t workFlags = arg1; uint8_t blockNo = arg2; // card commands @@ -752,24 +757,26 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai memset(uid, 0x00, 8); uint8_t* receivedAnswer = mifare_get_bigbufptr(); - // clear trace - iso14a_clear_tracelen(); - iso14a_set_tracing(TRUE); + if (workFlags & 0x08) { + // clear trace + iso14a_clear_tracelen(); + iso14a_set_tracing(TRUE); - iso14443a_setup(); + iso14443a_setup(); - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); - SpinDelay(300); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(100); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + SpinDelay(300); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(100); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + } while (true) { // get UID from chip - if (needGetUID) { + if (workFlags & 0x01) { if(!iso14443a_select_card(uid, NULL, &cuid)) { if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); break; @@ -802,17 +809,19 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai }; // write UID block - ReaderTransmitShort(wupC1); - if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); - break; - }; + if (workFlags & 0x02) { + ReaderTransmitShort(wupC1); + if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); + break; + }; - ReaderTransmit(wupC2, sizeof(wupC2)); - if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { - if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); - break; - }; + ReaderTransmit(wupC2, sizeof(wupC2)); + if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { + if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); + break; + }; + } if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) { if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); @@ -828,10 +837,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai break; }; - if(mifare_classic_halt(NULL, cuid)) { - if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); - break; - }; + if (workFlags & 0x04) { + if (mifare_classic_halt(NULL, cuid)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + break; + }; + } isOK = 1; break; @@ -848,7 +859,9 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); LED_B_OFF(); - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + if (workFlags & 0x10) { + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); + } } diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 8c91e84c..eafb2919 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1282,7 +1282,7 @@ int CmdHF14AMfCSetBlk(const char *Cmd) PrintAndLog("--block number:%02x data:%s", blockNo, sprint_hex(memBlock, 16)); - res = mfCSetBlock(blockNo, memBlock, uid, 0); + res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER); if (res) { PrintAndLog("Can't write block. error=%d", res); return 1; @@ -1294,7 +1294,97 @@ int CmdHF14AMfCSetBlk(const char *Cmd) int CmdHF14AMfCLoad(const char *Cmd) { - return 0; + FILE * f; + char filename[20]; + char * fnameptr = filename; + char buf[64]; + uint8_t buf8[64]; + uint8_t fillFromEmulator = 0; + int i, len, blockNum, flags; + + memset(filename, 0, sizeof(filename)); + memset(buf, 0, sizeof(buf)); + + if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { + PrintAndLog("It loads magic Chinese card (only works with!!!) from the file `filename.eml`"); + PrintAndLog("or from emulator memory (option `e`)"); + PrintAndLog("Usage: hf mf cload "); + PrintAndLog(" or: hf mf cload e "); + PrintAndLog(" sample: hf mf cload filename"); + return 0; + } + + char ctmp = param_getchar(Cmd, 0); + if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1; + + if (fillFromEmulator) { + flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; + for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) { + if (mfEmlGetMem(buf8, blockNum, 1)) { + PrintAndLog("Cant get block: %d", blockNum); + return 2; + } + + if (blockNum == 2) flags = 0; + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + + if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { + PrintAndLog("Cant set magic card block: %d", blockNum); + return 3; + } + } + return 0; + } else { + len = strlen(Cmd); + if (len > 14) len = 14; + + memcpy(filename, Cmd, len); + fnameptr += len; + + sprintf(fnameptr, ".eml"); + + // open file + f = fopen(filename, "r"); + if (f == NULL) { + PrintAndLog("File not found or locked."); + return 1; + } + + blockNum = 0; + flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC; + while(!feof(f)){ + memset(buf, 0, sizeof(buf)); + fgets(buf, sizeof(buf), f); + + if (strlen(buf) < 32){ + if(strlen(buf) && feof(f)) + break; + PrintAndLog("File content error. Block data must include 32 HEX symbols"); + return 2; + } + for (i = 0; i < 32; i += 2) + sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]); + + if (blockNum == 2) flags = 0; + if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD; + + if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) { + PrintAndLog("Cant set magic card block: %d", blockNum); + return 3; + } + blockNum++; + + if (blockNum >= 16 * 4) break; // magic card type - mifare 1K + } + fclose(f); + + if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){ + PrintAndLog("File content error. There must be 64 blocks"); + return 4; + } + PrintAndLog("Loaded from file: %s", filename); + return 0; + } } static command_t CommandTable[] = @@ -1319,7 +1409,7 @@ static command_t CommandTable[] = {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"}, {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"}, {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"}, - {"cload", CmdHF14AMfCLoad, 0, "(n/a)Load dump into magic Chinese card"}, + {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"}, {NULL, NULL, 0, NULL} }; diff --git a/client/mifarehost.c b/client/mifarehost.c index 2ce0b5e2..399f494a 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -222,13 +222,13 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) { memcpy(block0, uid, 4); block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC - return mfCSetBlock(0, block0, oldUID, wantWipe); + return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER); } -int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe) { +int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe, uint8_t params) { uint8_t isOK = 0; - UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, 1, blockNo}}; + UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}}; memcpy(c.d.asBytes, data, 16); SendCommand(&c); @@ -236,8 +236,7 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe) { if (resp != NULL) { isOK = resp->arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - memcpy(uid, resp->d.asBytes, 4); + if (uid != NULL) memcpy(uid, resp->d.asBytes, 4); if (!isOK) return 2; } else { PrintAndLog("Command execute timeout"); diff --git a/client/mifarehost.h b/client/mifarehost.h index 4a107fd0..1d6e0bec 100644 --- a/client/mifarehost.h +++ b/client/mifarehost.h @@ -23,6 +23,14 @@ #define MEM_CHUNK 1000000 #define NESTED_SECTOR_RETRY 10 +// mfCSetBlock work flags +#define CSETBLOCK_UID 0x01 +#define CSETBLOCK_WUPC 0x02 +#define CSETBLOCK_HALT 0x04 +#define CSETBLOCK_INIT_FIELD 0x08 +#define CSETBLOCK_RESET_FIELD 0x10 +#define CSETBLOCK_SINGLE_OPER 0x1F + typedef struct fnVector { uint8_t blockNo, keyType; uint32_t uid, nt, ks1; } fnVector; typedef struct { @@ -45,5 +53,5 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount); int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount); int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe); -int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe); +int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe, uint8_t params); -- 2.39.5