From 967dbce1f2c3ccddd4faf18e1872f3216f303051 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 3 Apr 2018 11:24:58 +0200 Subject: [PATCH] chg: 'script run ul_uid' - tried to add suppor to for brickable magic tags which must be written in one session. --- client/scripts/ul_uid.lua | 113 +++++++++++++++++++++++++++----------- 1 file changed, 81 insertions(+), 32 deletions(-) diff --git a/client/scripts/ul_uid.lua b/client/scripts/ul_uid.lua index 83bf92c7c..6acb08694 100644 --- a/client/scripts/ul_uid.lua +++ b/client/scripts/ul_uid.lua @@ -1,21 +1,36 @@ local getopt = require('getopt') local utils = require('utils') -local bxor = bit32.bxor - -example = "script run ul_uid" +copyright = '' author = "Iceman" -desc = -[[ -This is a script that tries to set UID on a mifare Ultralight magic card which answers to chinese backdoor commands +version = 'v1.0.0' +desc = [[ +This script tries to set UID on a mifare Ultralight magic card which either + - answers to chinese backdoor commands + - brickable magic tag (must write in one session) +]] +example = [[ + -- backdoor magic tag + script run ul_uid -u 11223344556677 + + -- brickable magic tag + script run ul_uid -b -u 11223344556677 +]] +usage = [[ +script run ul_uid -h -b -u Arguments: - -h this help - -u UID (14 hexsymbols) + -h : this help + -u : UID (14 hexsymbols) + -b : write to brickable magic tag ]] + +local DEBUG = true +local bxor = bit32.bxor --- -- A debug printout-function -function dbg(args) +local function dbg(args) + if not DEBUG then return end if type(args) == "table" then local i = 1 while args[i] do @@ -28,17 +43,58 @@ function dbg(args) end --- -- This is only meant to be used when errors occur -function oops(err) +local function oops(err) print("ERROR: ",err) + return nil, err end --- -- Usage help -function help() +local function help() + print(copyright) + print(author) + print(version) print(desc) - print("Example usage") + print('Example usage') print(example) end +-- +--- Set UID on magic command enabled +function magicUID(b0, b1, b2) + print('Using backdoor Magic tag function') + + -- write block 0 + core.console("hf 14a raw -p -a -b 7 40") + core.console("hf 14a raw -p -a 43") + core.console("hf 14a raw -c -a A200"..b0) + + -- write block 1 + core.console("hf 14a raw -p -a -b 7 40") + core.console("hf 14a raw -p -a 43") + core.console("hf 14a raw -c -a A201"..b1) + + -- write block 2 + core.console("hf 14a raw -p -a -b 7 40") + core.console("hf 14a raw -p -a 43") + core.console("hf 14a raw -c -a A202"..b2) +end +-- +--- Set UID on magic but brickable +function brickableUID(b0, b1, b2) + + print('Using BRICKABLE Magic tag function') + + core.console("hf 14a raw -p -s -3") + + -- write block 0 + core.console("hf 14a raw -p -c A200"..b0) + + -- write block 1 + core.console("hf 14a raw -p -c A201"..b1) + + -- write block 2 + core.console("hf 14a raw -p -c A202"..b2) +end --- -- The main entry point function main(args) @@ -48,13 +104,15 @@ function main(args) print() local uid = '04112233445566' + local tagtype = 1 -- Read the parameters - for o, a in getopt.getopt(args, 'hu:') do + for o, a in getopt.getopt(args, 'hu:b') do if o == "h" then return help() end if o == "u" then uid = a end - end - + if o == "b" then tagtype = 2 end + end + -- uid string checks if uid == nil then return oops('empty uid string') end if #uid == 0 then return oops('empty uid string') end @@ -72,23 +130,14 @@ function main(args) print('new UID | '..uid) core.clearCommandBuffer() - - -- write block 0 - core.console("hf 14a raw -p -a -b 7 40") - core.console("hf 14a raw -p -a 43") - core.console("hf 14a raw -c -a A200"..block0) - - -- write block 1 - core.console("hf 14a raw -p -a -b 7 40") - core.console("hf 14a raw -p -a 43") - core.console("hf 14a raw -c -a A201"..block1) - - -- write block 2 - core.console("hf 14a raw -p -a -b 7 40") - core.console("hf 14a raw -p -a 43") - core.console("hf 14a raw -c -a A202"..block2) - - --halt + + if tagtype == 2 then + brickableUID(block0, block1, block2) + else + magicUID(block0, block1, block2) + end + + --halt core.console("hf 14a raw -c -a 5000") end