mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-03-06 13:03:19 +08:00
Add settable ATQA and SAK to hf mf csetuid command.
This commit is contained in:
Jesse Hallio
parent
0d0d049967
commit
3bba7deac0
3 changed files with 65 additions and 29 deletions
|
|
@ -1433,27 +1433,60 @@ int CmdHF14AMfCSetUID(const char *Cmd)
|
|||
uint8_t wipeCard = 0;
|
||||
uint8_t uid[8] = {0x00};
|
||||
uint8_t oldUid[8] = {0x00};
|
||||
uint8_t atqa[2] = {0x00};
|
||||
uint8_t sak[1] = {0x00};
|
||||
uint8_t atqaPresent = 1;
|
||||
int res;
|
||||
char ctmp;
|
||||
int argi=0;
|
||||
|
||||
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
|
||||
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> <w>");
|
||||
PrintAndLog("sample: hf mf csetuid 01020304 w");
|
||||
PrintAndLog("Set UID for magic Chinese card (only works with!!!)");
|
||||
PrintAndLog("If you want wipe card then add 'w' into command line. \n");
|
||||
if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {
|
||||
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");
|
||||
PrintAndLog("sample: hf mf csetuid 01020304");
|
||||
PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w");
|
||||
PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
|
||||
PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
|
||||
if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {
|
||||
PrintAndLog("UID must include 8 HEX symbols");
|
||||
return 1;
|
||||
}
|
||||
argi++;
|
||||
|
||||
ctmp = param_getchar(Cmd, argi);
|
||||
if (ctmp == 'w' || ctmp == 'W') {
|
||||
wipeCard = 1;
|
||||
atqaPresent = 0;
|
||||
}
|
||||
|
||||
if (atqaPresent) {
|
||||
if (param_getchar(Cmd, argi)) {
|
||||
if (param_gethex(Cmd, argi, atqa, 4)) {
|
||||
PrintAndLog("ATQA must include 4 HEX symbols");
|
||||
return 1;
|
||||
}
|
||||
argi++;
|
||||
if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {
|
||||
PrintAndLog("SAK must include 2 HEX symbols");
|
||||
return 1;
|
||||
}
|
||||
argi++;
|
||||
} else
|
||||
atqaPresent = 0;
|
||||
}
|
||||
|
||||
if(!wipeCard) {
|
||||
ctmp = param_getchar(Cmd, argi);
|
||||
if (ctmp == 'w' || ctmp == 'W') {
|
||||
wipeCard = 1;
|
||||
}
|
||||
}
|
||||
|
||||
char ctmp = param_getchar(Cmd, 1);
|
||||
if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;
|
||||
|
||||
PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));
|
||||
|
||||
res = mfCSetUID(uid, oldUid, wipeCard);
|
||||
res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);
|
||||
if (res) {
|
||||
PrintAndLog("Can't set UID. error=%d", res);
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -231,28 +231,31 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
|
|||
|
||||
// "MAGIC" CARD
|
||||
|
||||
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
|
||||
|
||||
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {
|
||||
uint8_t oldblock0[16] = {0x00};
|
||||
uint8_t block0[16] = {0x00};
|
||||
memcpy(block0, uid, 4);
|
||||
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
|
||||
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
|
||||
//block0[5] = 0x08;
|
||||
//block0[6] = 0x04;
|
||||
//block0[7] = 0x00;
|
||||
|
||||
block0[5] = 0x01; //sak
|
||||
block0[6] = 0x01;
|
||||
block0[7] = 0x0f;
|
||||
|
||||
|
||||
int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
|
||||
if ( old == 0) {
|
||||
memcpy(block0+8, oldblock0+8, 8);
|
||||
PrintAndLog("block 0: %s", sprint_hex(block0,16));
|
||||
if (old == 0) {
|
||||
memcpy(block0, oldblock0, 16);
|
||||
PrintAndLog("old block 0: %s", sprint_hex(block0,16));
|
||||
} else {
|
||||
PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");
|
||||
PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
|
||||
}
|
||||
|
||||
// fill in the new values
|
||||
// UID
|
||||
memcpy(block0, uid, 4);
|
||||
// Mifare UID BCC
|
||||
block0[4] = block0[0]^block0[1]^block0[2]^block0[3];
|
||||
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
|
||||
if (sak!=NULL)
|
||||
block0[5]=sak[0];
|
||||
if (atqa!=NULL) {
|
||||
block0[6]=atqa[1];
|
||||
block0[7]=atqa[0];
|
||||
}
|
||||
PrintAndLog("new block 0: %s", sprint_hex(block0,16));
|
||||
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key
|
|||
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
|
||||
int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
|
||||
|
||||
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe);
|
||||
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);
|
||||
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);
|
||||
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue