From d209443322a410eadd9746ac74c6a8b4899788a9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 28 Oct 2016 20:43:07 +0200 Subject: [PATCH] CHG: 'HF MF C*' (chinese backdoor commands) According to douniwan5788 some magic/clone tags answers to the halt cmd and some not. I think I captured his ideas. ref: https://github.com/douniwan5788/proxmark3/commit/13b71e58fddf20c5d42b8f0af1d72c795139b86f --- armsrc/mifarecmd.c | 9 ++++----- armsrc/mifareutil.c | 5 ++++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 49730af9..46478735 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1217,10 +1217,9 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card"); errormsg = MAGIC_UID; - // break; } - - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); + break; } // wipe tag, fill it with zeros @@ -1239,7 +1238,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ break; } - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); } // write block @@ -1276,7 +1275,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ } if (workFlags & MAGIC_OFF) - if ( mifare_classic_halt_ex(NULL) ) break; + mifare_classic_halt_ex(NULL); isOK = true; break; diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 3d6dce41..9c6adcce 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -474,7 +474,10 @@ int mifare_classic_halt_ex(struct Crypto1State *pcs) { uint8_t receivedAnswer[4] = {0x00, 0x00, 0x00, 0x00}; len = mifare_sendcmd_short(pcs, (pcs == NULL) ? CRYPT_NONE : CRYPT_ALL, 0x50, 0x00, receivedAnswer, NULL, NULL); if (len != 0) { - if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len); + if (MF_DBGLEVEL >= MF_DBG_ERROR) + Dbprintf("halt error. response len: %x data:%02X %02X %02X %02X", len, receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3]); + if (len == 1 && receivedAnswer[0] == 0x04) + return 4; return 1; } return 0; -- 2.39.5