Proxmark/proxmark3
1
1
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2024-09-21 15:26:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

magic Chinese card fully supported. Added commands:csetuid-set card uid and wipe it, csetblk-set 16 byte block, cload-load dump from emulator memory or emulator file

Browse source
This commit is contained in:
Merlokbr@gmail.com 2012-07-05 10:59:15 +00:00
parent f5c5499ab8
commit 208a0166b9
4 changed files with 149 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
armsrc/mifarecmd.c
View file

@ -735,7 +735,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
// params // params
uint8_t needWipe = arg0; uint8_t needWipe = arg0;
uint8_t needGetUID = arg1; // bit 0 - need get UID
// bit 1 - need wupC
// bit 2 - need HALT after sequence
// bit 3 - need init FPGA and field before sequence
// bit 4 - need reset FPGA and LED
uint8_t workFlags = arg1;
uint8_t blockNo = arg2; uint8_t blockNo = arg2;
// card commands // card commands
@ -752,24 +757,26 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
memset(uid, 0x00, 8); memset(uid, 0x00, 8);
uint8_t* receivedAnswer = mifare_get_bigbufptr(); uint8_t* receivedAnswer = mifare_get_bigbufptr();
// clear trace if (workFlags & 0x08) {
iso14a_clear_tracelen(); // clear trace
iso14a_set_tracing(TRUE); iso14a_clear_tracelen();
iso14a_set_tracing(TRUE);
iso14443a_setup(); iso14443a_setup();
LED_A_ON(); LED_A_ON();
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
SpinDelay(300); SpinDelay(300);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(100); SpinDelay(100);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
}
while (true) { while (true) {
// get UID from chip // get UID from chip
if (needGetUID) { if (workFlags & 0x01) {
if(!iso14443a_select_card(uid, NULL, &cuid)) { if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break; break;
@ -802,17 +809,19 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
}; };
// write UID block // write UID block
ReaderTransmitShort(wupC1); if (workFlags & 0x02) {
if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { ReaderTransmitShort(wupC1);
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error"); if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {
break; if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
}; break;
};
ReaderTransmit(wupC2, sizeof(wupC2)); ReaderTransmit(wupC2, sizeof(wupC2));
if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) { if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error"); if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
break; break;
}; };
}
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) { if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error"); if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
@ -828,10 +837,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
break; break;
}; };
if(mifare_classic_halt(NULL, cuid)) { if (workFlags & 0x04) {
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); if (mifare_classic_halt(NULL, cuid)) {
break; if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
}; break;
};
}
isOK = 1; isOK = 1;
break; break;
@ -848,7 +859,9 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
LED_B_OFF(); LED_B_OFF();
// Thats it... if (workFlags & 0x10) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // Thats it...
LEDsoff(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
} }

96
client/cmdhfmf.c
View file

@ -1282,7 +1282,7 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
PrintAndLog("--block number:%02x data:%s", blockNo, sprint_hex(memBlock, 16)); PrintAndLog("--block number:%02x data:%s", blockNo, sprint_hex(memBlock, 16));
res = mfCSetBlock(blockNo, memBlock, uid, 0); res = mfCSetBlock(blockNo, memBlock, uid, 0, CSETBLOCK_SINGLE_OPER);
if (res) { if (res) {
PrintAndLog("Can't write block. error=%d", res); PrintAndLog("Can't write block. error=%d", res);
return 1; return 1;
@ -1294,7 +1294,97 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
int CmdHF14AMfCLoad(const char *Cmd) int CmdHF14AMfCLoad(const char *Cmd)
{ {
return 0; FILE * f;
char filename[20];
char * fnameptr = filename;
char buf[64];
uint8_t buf8[64];
uint8_t fillFromEmulator = 0;
int i, len, blockNum, flags;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
PrintAndLog("It loads magic Chinese card (only works with!!!) from the file `filename.eml`");
PrintAndLog("or from emulator memory (option `e`)");
PrintAndLog("Usage: hf mf cload <file name w/o `.eml`>");
PrintAndLog(" or: hf mf cload e ");
PrintAndLog(" sample: hf mf cload filename");
return 0;
}
char ctmp = param_getchar(Cmd, 0);
if (ctmp == 'e' || ctmp == 'E') fillFromEmulator = 1;
if (fillFromEmulator) {
flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;
for (blockNum = 0; blockNum < 16 * 4; blockNum += 1) {
if (mfEmlGetMem(buf8, blockNum, 1)) {
PrintAndLog("Cant get block: %d", blockNum);
return 2;
}
if (blockNum == 2) flags = 0;
if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;
if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {
PrintAndLog("Cant set magic card block: %d", blockNum);
return 3;
}
}
return 0;
} else {
len = strlen(Cmd);
if (len > 14) len = 14;
memcpy(filename, Cmd, len);
fnameptr += len;
sprintf(fnameptr, ".eml");
// open file
f = fopen(filename, "r");
if (f == NULL) {
PrintAndLog("File not found or locked.");
return 1;
}
blockNum = 0;
flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;
while(!feof(f)){
memset(buf, 0, sizeof(buf));
fgets(buf, sizeof(buf), f);
if (strlen(buf) < 32){
if(strlen(buf) && feof(f))
break;
PrintAndLog("File content error. Block data must include 32 HEX symbols");
return 2;
}
for (i = 0; i < 32; i += 2)
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
if (blockNum == 2) flags = 0;
if (blockNum == 16 * 4 - 1) flags = CSETBLOCK_HALT + CSETBLOCK_RESET_FIELD;
if (mfCSetBlock(blockNum, buf8, NULL, 0, flags)) {
PrintAndLog("Cant set magic card block: %d", blockNum);
return 3;
}
blockNum++;
if (blockNum >= 16 * 4) break; // magic card type - mifare 1K
}
fclose(f);
if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){
PrintAndLog("File content error. There must be 64 blocks");
return 4;
}
PrintAndLog("Loaded from file: %s", filename);
return 0;
}
} }
static command_t CommandTable[] = static command_t CommandTable[] =
@ -1319,7 +1409,7 @@ static command_t CommandTable[] =
{"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"}, {"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},
{"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"}, {"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},
{"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"}, {"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"},
{"cload", CmdHF14AMfCLoad, 0, "(n/a)Load dump into magic Chinese card"}, {"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},
{NULL, NULL, 0, NULL} {NULL, NULL, 0, NULL}
}; };

9
client/mifarehost.c
View file

@ -222,13 +222,13 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) {
memcpy(block0, uid, 4); memcpy(block0, uid, 4);
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
return mfCSetBlock(0, block0, oldUID, wantWipe); return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
} }
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe) { int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe, uint8_t params) {
uint8_t isOK = 0; uint8_t isOK = 0;
UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, 1, blockNo}}; UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
memcpy(c.d.asBytes, data, 16); memcpy(c.d.asBytes, data, 16);
SendCommand(&c); SendCommand(&c);
@ -236,8 +236,7 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe) {
if (resp != NULL) { if (resp != NULL) {
isOK = resp->arg[0] & 0xff; isOK = resp->arg[0] & 0xff;
PrintAndLog("isOk:%02x", isOK); if (uid != NULL) memcpy(uid, resp->d.asBytes, 4);
memcpy(uid, resp->d.asBytes, 4);
if (!isOK) return 2; if (!isOK) return 2;
} else { } else {
PrintAndLog("Command execute timeout"); PrintAndLog("Command execute timeout");

10
client/mifarehost.h
View file

@ -23,6 +23,14 @@
#define MEM_CHUNK 1000000 #define MEM_CHUNK 1000000
#define NESTED_SECTOR_RETRY 10 #define NESTED_SECTOR_RETRY 10
// mfCSetBlock work flags
#define CSETBLOCK_UID 0x01
#define CSETBLOCK_WUPC 0x02
#define CSETBLOCK_HALT 0x04
#define CSETBLOCK_INIT_FIELD 0x08
#define CSETBLOCK_RESET_FIELD 0x10
#define CSETBLOCK_SINGLE_OPER 0x1F
typedef struct fnVector { uint8_t blockNo, keyType; uint32_t uid, nt, ks1; } fnVector; typedef struct fnVector { uint8_t blockNo, keyType; uint32_t uid, nt, ks1; } fnVector;
typedef struct { typedef struct {
@ -45,5 +53,5 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount); int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount); int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe); int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe);
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe); int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, int wantWipe, uint8_t params);