RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-26 00:55:19 +08:00
Code Issues Projects Releases Packages Wiki Activity

Explain "Unknown Command" behaviour

Browse source 
Edited the Magic Gen 4 section

Signed-off-by: KurisuWaifu <96349419+KurisuWaifu@users.noreply.github.com>
This commit is contained in:
KurisuWaifu 2023-03-25 23:25:57 +01:00 committed by GitHub
parent 581b48f3f9
commit 5bf5d9a282
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
doc/magic_cards_notes.md
View file

@ -1164,7 +1164,7 @@ CF <passwd> C6 // Dump configuration
CF <passwd> CC // Factory test, returns 6666
CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block
CF <passwd> CE <1b block number> // Backdoor read 16b block
CF <passwd> CF <1b param> // Unknown
CF <passwd> CF <1b param> // (De)Activate direct write to block 0
CF <passwd> F0 <30b configuration data> // Configure all params in one cmd
CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently
CF <passwd> FE <4b new_password> // change password
@ -1457,19 +1457,27 @@ Example: write block0 with factory data, default pwd
hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000
```
### Unknown command
### (De)Activate direct write to block 0
^[Top](#top) ^^[Gen4](#g4top)
This command modifies one byte in configuration dump, but purpose one is unknown.
This command enables/disables direct writes to block 0.
```
hf 14a raw -s -c -t 1000 CF<passwd>CF<1b param>
```
* `<param>`
* `??`: ???
* `00`: Activate direct write to block 0 (Same behaviour of Gen2 cards. Some readers may identify the card as magic)
* `01`: Deactivate direct write to block 0 (Same behaviour of vanilla cards)
* `02`: Default value. (Same behaviour as `00` (?))
Example:
hf 14a raw -s -c -t 1000 CF00000000CF02
Example: enable direct writes to block 0, default pwd
```
hf 14a raw -s -c -t 1000 CF00000000CF00
```
Example: disable direct writes to block 0, default pwd
```
hf 14a raw -s -c -t 1000 CF00000000CF01
```
### Change backdoor password
^[Top](#top) ^^[Gen4](#g4top)
@ -1620,4 +1628,3 @@ hf mfu wrbl -b 250 -d 00040402 --force
hf mfu wrbl -b 251 -d 01001303 --force
hf mfu info
```