trying to extract ndef data from dumps by looking at MAD

2025-01-10 10:11:58 +08:00 · 2023-05-05 22:26:44 +02:00 · 2023-05-05 22:26:44 +02:00 · 27576be5c2
commit 27576be5c2
parent cb0a447600
5 changed files with 77 additions and 22 deletions
--- a/client/src/cmdhfmf.c
+++ b/client/src/cmdhfmf.c
@ -18,7 +18,6 @@

 #include "cmdhfmf.h"
 #include <ctype.h>
-
 #include "cmdparser.h"             // command_t
 #include "commonutil.h"            // ARRAYLEN
 #include "comms.h"                 // clearCommandBuffer
@ -38,23 +37,6 @@
 #include "wiegand_formats.h"
 #include "wiegand_formatutils.h"

-#define MIFARE_4K_MAXBLOCK      256
-#define MIFARE_2K_MAXBLOCK      128
-#define MIFARE_1K_MAXBLOCK      64
-#define MIFARE_MINI_MAXBLOCK    20
-
-#define MIFARE_4K_MAXSECTOR     40
-#define MIFARE_2K_MAXSECTOR     32
-#define MIFARE_1K_MAXSECTOR     16
-#define MIFARE_MINI_MAXSECTOR   5
-
-#define MIFARE_4K_MAX_BYTES     4096
-#define MIFARE_2K_MAX_BYTES     2048
-#define MIFARE_1K_MAX_BYTES     1024
-#define MIFARE_MINI_MAX_BYTES   320
-
-#define MIFARE_KEY_SIZE         6
-
 static int CmdHelp(const char *Cmd);

 /*
--- a/client/src/cmdnfc.c
+++ b/client/src/cmdnfc.c
@ -118,8 +118,15 @@ static int CmdNfcDecode(const char *Cmd) {
            PrintAndLogEx(SUCCESS, "MFC dump file detected. Converting...");
            uint8_t ndef[4096] = {0};
            uint16_t ndeflen = 0;
-            uint8_t skip = (4 * MFBLOCK_SIZE);
-            convert_mfc_2_arr(dump + skip, bytes_read - skip, ndef, &ndeflen);
+            // uint8_t skip = (4 * MFBLOCK_SIZE);
+            // convert_mfc_2_arr(dump + skip, bytes_read - skip, ndef, &ndeflen);
+
+            if (convert_mad_to_arr(dump, bytes_read, ndef, &ndeflen) != PM3_SUCCESS) {
+                PrintAndLogEx(FAILED, "Failed converting, aborting...");
+                free(dump);
+                return PM3_ESOFT;
+            }
+
            memcpy(dump, ndef, ndeflen);
            bytes_read = ndeflen;
        }
--- a/client/src/mifare/mad.c
+++ b/client/src/mifare/mad.c
@ -421,3 +421,51 @@ int DetectHID(uint8_t *d, uint16_t manufacture) {

    return -1;
 }
+
+int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen) {
+
+    if (in == NULL || out == NULL || ilen == 0 ) {
+        return PM3_EINVARG;        
+    }
+
+    // MAD detection
+    if (HasMADKey(in) == false) {
+        PrintAndLogEx(FAILED, "No MAD key was detected in the dump file");
+        return PM3_ESOFT;
+    }
+
+    uint8_t sector0[MFBLOCK_SIZE * 4] = {0};
+    uint8_t sector10[MFBLOCK_SIZE * 4] = {0};
+
+    memcpy(sector0, in, sizeof(sector0));
+    if (ilen == MIFARE_4K_MAX_BYTES) {
+        memcpy(sector10, in + (MF_MAD2_SECTOR * 4 * MFBLOCK_SIZE), sizeof(sector10));
+    }
+
+    uint16_t mad[7 + 8 + 8 + 8 + 8] = {0};
+    size_t madlen = 0;
+    if (MADDecode(sector0, sector10, mad, &madlen, false)) {
+        PrintAndLogEx(ERR, "can't decode MAD");
+        return PM3_ESOFT;
+    }
+
+    uint16_t ndef_aid = 0xE103;
+    for (int i = 0; i < madlen; i++) {
+        if (ndef_aid == mad[i]) {
+            uint8_t tmp[MFBLOCK_SIZE * 4] = {0};
+            memset(tmp, 0x00, sizeof(tmp));
+
+            // sector i dump (skip first sector +1)
+            memcpy(tmp, in + (i + 1) * sizeof(tmp), sizeof(tmp));
+
+            // debug print
+            // print_hex_noascii_break(tmp, sizeof(tmp) - MFBLOCK_SIZE, MFBLOCK_SIZE);
+
+            // copy to out (skip ST)
+            memcpy(out, tmp, sizeof(tmp) - MFBLOCK_SIZE);
+            out += sizeof(tmp) - MFBLOCK_SIZE;
+            *olen += sizeof(tmp) -MFBLOCK_SIZE;
+        }
+    }
+    return PM3_SUCCESS;
+}
--- a/client/src/mifare/mad.h
+++ b/client/src/mifare/mad.h
@ -30,4 +30,5 @@ int MADCardHolderInfoDecode(uint8_t *data, size_t datalen, bool verbose);
 void MADPrintHeader(void);
 bool HasMADKey(uint8_t *d);
 int DetectHID(uint8_t *d, uint16_t manufacture);
+int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen);
 #endif // _MAD_H_
--- a/client/src/mifare/mifaredefault.h
+++ b/client/src/mifare/mifaredefault.h
@ -21,8 +21,25 @@

 #include "common.h"

-#define MFKEY_SIZE 6
-#define MFBLOCK_SIZE 16
+#define MFKEY_SIZE              6
+#define MFBLOCK_SIZE            16
+
+#define MIFARE_4K_MAXBLOCK      256
+#define MIFARE_2K_MAXBLOCK      128
+#define MIFARE_1K_MAXBLOCK      64
+#define MIFARE_MINI_MAXBLOCK    20
+
+#define MIFARE_4K_MAXSECTOR     40
+#define MIFARE_2K_MAXSECTOR     32
+#define MIFARE_1K_MAXSECTOR     16
+#define MIFARE_MINI_MAXSECTOR   5
+
+#define MIFARE_4K_MAX_BYTES     4096
+#define MIFARE_2K_MAX_BYTES     2048
+#define MIFARE_1K_MAX_BYTES     1024
+#define MIFARE_MINI_MAX_BYTES   320
+
+#define MIFARE_KEY_SIZE         6

 static const uint64_t g_mifare_default_keys[] = {
    0xffffffffffff, // Default key (first key used by program if no user defined key)