mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-09 09:39:16 +08:00
SUGGESTED FIX:
Issue: https://github.com/Proxmark/proxmark3/issues/35 Forum: http://www.proxmark.org/forum/viewtopic.php?pid=7883#p7883 Where "hf mf csetuid" empties the rest of the block0 bytes. This fix loads the old block0 and replaces the uid+sak+ataq bytes only.
This commit is contained in:
parent
fe5b3a4424
commit
80b1b53fa3
1 changed files with 32 additions and 10 deletions
|
@ -232,14 +232,27 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
|
||||||
// "MAGIC" CARD
|
// "MAGIC" CARD
|
||||||
|
|
||||||
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
|
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
|
||||||
|
|
||||||
|
uint8_t oldblock0[16] = {0x00};
|
||||||
uint8_t block0[16] = {0x00};
|
uint8_t block0[16] = {0x00};
|
||||||
memcpy(block0, uid, 4);
|
memcpy(block0, uid, 4);
|
||||||
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
|
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
|
||||||
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
|
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
|
||||||
block0[5] = 0x08;
|
//block0[5] = 0x08;
|
||||||
block0[6] = 0x04;
|
//block0[6] = 0x04;
|
||||||
block0[7] = 0x00;
|
//block0[7] = 0x00;
|
||||||
|
|
||||||
|
block0[5] = 0x01; //sak
|
||||||
|
block0[6] = 0x01;
|
||||||
|
block0[7] = 0x0f;
|
||||||
|
|
||||||
|
int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
|
||||||
|
if ( old == 0) {
|
||||||
|
memcpy(block0+8, oldblock0+8, 8);
|
||||||
|
PrintAndLog("block 0: %s", sprint_hex(block0,16));
|
||||||
|
} else {
|
||||||
|
PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");
|
||||||
|
}
|
||||||
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
|
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -253,8 +266,10 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
|
||||||
UsbCommand resp;
|
UsbCommand resp;
|
||||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
||||||
isOK = resp.arg[0] & 0xff;
|
isOK = resp.arg[0] & 0xff;
|
||||||
if (uid != NULL) memcpy(uid, resp.d.asBytes, 4);
|
if (uid != NULL)
|
||||||
if (!isOK) return 2;
|
memcpy(uid, resp.d.asBytes, 4);
|
||||||
|
if (!isOK)
|
||||||
|
return 2;
|
||||||
} else {
|
} else {
|
||||||
PrintAndLog("Command execute timeout");
|
PrintAndLog("Command execute timeout");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -323,13 +338,16 @@ int isBlockTrailer(int blockN) {
|
||||||
|
|
||||||
int loadTraceCard(uint8_t *tuid) {
|
int loadTraceCard(uint8_t *tuid) {
|
||||||
FILE * f;
|
FILE * f;
|
||||||
char buf[64];
|
char buf[64] = {0x00};
|
||||||
uint8_t buf8[64];
|
uint8_t buf8[64] = {0x00};
|
||||||
int i, blockNum;
|
int i, blockNum;
|
||||||
|
|
||||||
if (!isTraceCardEmpty()) saveTraceCard();
|
if (!isTraceCardEmpty())
|
||||||
|
saveTraceCard();
|
||||||
|
|
||||||
memset(traceCard, 0x00, 4096);
|
memset(traceCard, 0x00, 4096);
|
||||||
memcpy(traceCard, tuid + 3, 4);
|
memcpy(traceCard, tuid + 3, 4);
|
||||||
|
|
||||||
FillFileNameByUID(traceFileName, tuid, ".eml", 7);
|
FillFileNameByUID(traceFileName, tuid, ".eml", 7);
|
||||||
|
|
||||||
f = fopen(traceFileName, "r");
|
f = fopen(traceFileName, "r");
|
||||||
|
@ -380,10 +398,14 @@ int saveTraceCard(void) {
|
||||||
|
|
||||||
int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {
|
int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFile) {
|
||||||
|
|
||||||
if (traceCrypto1) crypto1_destroy(traceCrypto1);
|
if (traceCrypto1)
|
||||||
|
crypto1_destroy(traceCrypto1);
|
||||||
|
|
||||||
traceCrypto1 = NULL;
|
traceCrypto1 = NULL;
|
||||||
|
|
||||||
if (wantSaveToEmlFile) loadTraceCard(tuid);
|
if (wantSaveToEmlFile)
|
||||||
|
loadTraceCard(tuid);
|
||||||
|
|
||||||
traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];
|
traceCard[4] = traceCard[0] ^ traceCard[1] ^ traceCard[2] ^ traceCard[3];
|
||||||
traceCard[5] = sak;
|
traceCard[5] = sak;
|
||||||
memcpy(&traceCard[6], atqa, 2);
|
memcpy(&traceCard[6], atqa, 2);
|
||||||
|
|
Loading…
Reference in a new issue