From 628766391ec7a1fa9cf0cfdb511f345f850e42c8 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Fri, 17 Dec 2021 21:29:09 +0100
Subject: [PATCH] add mfValidateAccessConditions to warn when dealing with
 invalid MFC ACL

---
 client/src/cmdhfmf.c        |  8 +++++++-
 client/src/mifare/mifare4.c | 11 +++++++++++
 client/src/mifare/mifare4.h |  1 +
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c
index 725354ee3..63e5665f7 100644
--- a/client/src/cmdhfmf.c
+++ b/client/src/cmdhfmf.c
@@ -166,6 +166,10 @@ static void decode_print_st(uint16_t blockno, uint8_t *data) {
         PrintAndLogEx(INFO, "  # | Access rights");
         PrintAndLogEx(INFO, "----+-----------------------------------------------------------------");
 
+        if (! mfValidateAccessConditions(&data[6])) {
+            PrintAndLogEx(WARNING, _RED_("Invalid Access Conditions"));
+        }
+
         int bln = mfFirstBlockOfSector(mfSectorNum(blockno));
         int blinc = (mfNumBlocksPerSector(mfSectorNum(blockno)) > 4) ? 5 : 1;
         for (int i = 0; i < 4; i++) {
@@ -289,7 +293,9 @@ static int CmdHF14AMfAcl(const char *Cmd) {
     if (memcmp(acl, "\xFF\x07\x80", 3) == 0) {
         PrintAndLogEx(INFO, "ACL... " _GREEN_("%s") " (transport configuration)", sprint_hex(acl, sizeof(acl)));
     }
-
+    if (! mfValidateAccessConditions(acl)) {
+        PrintAndLogEx(ERR, _RED_("Invalid Access Conditions, NEVER write these on a card!"));
+    }
     PrintAndLogEx(NORMAL, "");
     PrintAndLogEx(INFO, "  # | Access rights");
     PrintAndLogEx(INFO, "----+-----------------------------------------------------------------");
diff --git a/client/src/mifare/mifare4.c b/client/src/mifare/mifare4.c
index 266cfbbf2..42dff092c 100644
--- a/client/src/mifare/mifare4.c
+++ b/client/src/mifare/mifare4.c
@@ -66,6 +66,17 @@ AccessConditions_t MFAccessConditionsTrailer[] = {
     {0x07, "read ACCESS by AB", ""}
 };
 
+bool mfValidateAccessConditions(uint8_t *data) {
+    uint8_t ndata1 = (data[0]) & 0x0f;
+    uint8_t ndata2 = (data[0] >> 4) & 0x0f;
+    uint8_t ndata3 = (data[1]) & 0x0f;
+    uint8_t data1  = (data[1] >> 4) & 0x0f;
+    uint8_t data2  = (data[2]) & 0x0f;
+    uint8_t data3  = (data[2] >> 4) & 0x0f;
+
+    return ((ndata1 == (data1 ^ 0xF)) && (ndata2 == (data2 ^ 0xF)) && (ndata3 == (data3 ^ 0xF)));
+}
+
 const char *mfGetAccessConditionsDesc(uint8_t blockn, uint8_t *data) {
     uint8_t data1 = ((data[1] >> 4) & 0x0f) >> blockn;
     uint8_t data2 = ((data[2]) & 0x0f) >> blockn;
diff --git a/client/src/mifare/mifare4.h b/client/src/mifare/mifare4.h
index 2774eea88..132cf6ee5 100644
--- a/client/src/mifare/mifare4.h
+++ b/client/src/mifare/mifare4.h
@@ -63,6 +63,7 @@ int mfpReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data
 int MFPGetSignature(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
 int MFPGetVersion(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
 
+bool mfValidateAccessConditions(uint8_t *data);
 const char *mfGetAccessConditionsDesc(uint8_t blockn, uint8_t *data);
 
 uint8_t mfNumBlocksPerSector(uint8_t sectorNo);