From 9a156326894933ac788551eca50713866df8b4d7 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 9 Jun 2020 20:53:33 +0200 Subject: [PATCH] MAD swap again --- client/src/cmdhfmf.c | 12 ++++++------ client/src/cmdhfmfp.c | 12 ++++++------ client/src/mifare/mad.c | 28 +++++++++++++++++----------- client/src/mifare/mad.h | 6 +++--- 4 files changed, 32 insertions(+), 26 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 98d8ea42a..bd8d158b1 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -4499,7 +4499,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { arg_str0("aA", "aid", "print all sectors with specified aid", NULL), arg_str0("kK", "key", "key for printing sectors", NULL), arg_lit0("bB", "keyb", "use key B for access printing sectors (by default: key A)"), - arg_lit0("", "be", "(optional, try BigEndian"), + arg_lit0("", "be", "(optional, BigEndian)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -4511,7 +4511,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { int keylen; CLIGetHexWithReturn(ctx, 3, key, &keylen); bool keyB = arg_get_lit(4); -// bool use_be = arg_get_lit(5); + bool swapmad = arg_get_lit(5); CLIParserFree(ctx); @@ -4538,7 +4538,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { } bool haveMAD2 = false; - MAD1DecodeAndPrint(sector0, verbose, &haveMAD2); + MAD1DecodeAndPrint(sector0, swapmad, verbose, &haveMAD2); if (haveMAD2) { if (mfReadSector(MF_MAD2_SECTOR, MF_KEY_A, (uint8_t *)g_mifare_mad_key, sector10)) { @@ -4546,7 +4546,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { return PM3_ESOFT; } - MAD2DecodeAndPrint(sector10, verbose); + MAD2DecodeAndPrint(sector10, swapmad, verbose); } if (aidlen == 2) { @@ -4555,7 +4555,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { uint16_t mad[7 + 8 + 8 + 8 + 8] = {0}; size_t madlen = 0; - if (MADDecode(sector0, sector10, mad, &madlen)) { + if (MADDecode(sector0, sector10, mad, &madlen, swapmad)) { PrintAndLogEx(ERR, "can't decode MAD"); return PM3_ESOFT; } @@ -4650,7 +4650,7 @@ static int CmdHFMFNDEF(const char *Cmd) { uint16_t mad[7 + 8 + 8 + 8 + 8] = {0}; size_t madlen = 0; - res = MADDecode(sector0, (haveMAD2 ? sector10 : NULL), mad, &madlen); + res = MADDecode(sector0, (haveMAD2 ? sector10 : NULL), mad, &madlen, false); if (res != PM3_SUCCESS) { PrintAndLogEx(ERR, "can't decode MAD"); return res; diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index 51b7a1555..5332c0f1a 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -1297,7 +1297,7 @@ static int CmdHFMFPMAD(const char *Cmd) { arg_str0("aA", "aid", "print all sectors with aid", NULL), arg_str0("kK", "key", "key for printing sectors", NULL), arg_lit0("bB", "keyb", "use key B for access printing sectors (by default: key A)"), - arg_lit0("", "be", "(optional, try BigEndian"), + arg_lit0("", "be", "(optional, BigEndian)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -1310,7 +1310,7 @@ static int CmdHFMFPMAD(const char *Cmd) { int keylen; CLIGetHexWithReturn(ctx, 3, key, &keylen); bool keyB = arg_get_lit(4); -// bool use_be = arg_get_lit(5); + bool swapmad = arg_get_lit(5); CLIParserFree(ctx); @@ -1338,7 +1338,7 @@ static int CmdHFMFPMAD(const char *Cmd) { } bool haveMAD2 = false; - MAD1DecodeAndPrint(sector0, verbose, &haveMAD2); + MAD1DecodeAndPrint(sector0, swapmad, verbose, &haveMAD2); if (haveMAD2) { if (mfpReadSector(MF_MAD2_SECTOR, MF_KEY_A, (uint8_t *)g_mifarep_mad_key, sector10, verbose)) { @@ -1347,7 +1347,7 @@ static int CmdHFMFPMAD(const char *Cmd) { return 2; } - MAD2DecodeAndPrint(sector10, verbose); + MAD2DecodeAndPrint(sector10, swapmad, verbose); } if (aidlen == 2) { @@ -1356,7 +1356,7 @@ static int CmdHFMFPMAD(const char *Cmd) { uint16_t mad[7 + 8 + 8 + 8 + 8] = {0}; size_t madlen = 0; - if (MADDecode(sector0, sector10, mad, &madlen)) { + if (MADDecode(sector0, sector10, mad, &madlen, swapmad)) { PrintAndLogEx(ERR, "can't decode MAD"); return 10; } @@ -1451,7 +1451,7 @@ static int CmdHFMFPNDEF(const char *Cmd) { uint16_t mad[7 + 8 + 8 + 8 + 8] = {0}; size_t madlen = 0; - res = MADDecode(sector0, (haveMAD2 ? sector10 : NULL), mad, &madlen); + res = MADDecode(sector0, (haveMAD2 ? sector10 : NULL), mad, &madlen, false); if (res != PM3_SUCCESS) { PrintAndLogEx(ERR, "can't decode MAD"); return res; diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index cc8037f6a..f85dd9cbe 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -76,7 +76,7 @@ static const char *mad_json_get_str(json_t *data, const char *name) { static int print_aid_description(json_t *root, uint16_t aid, char *fmt, bool verbose) { char lmad[7] = {0}; - sprintf(lmad, "0x%04x", BSWAP_16(aid)); // must be lowercase + sprintf(lmad, "0x%04x", aid); // must be lowercase json_t *elm = NULL; @@ -139,11 +139,17 @@ static int madCRCCheck(uint8_t *sector, bool verbose, int MADver) { return PM3_SUCCESS; } -static uint16_t madGetAID(uint8_t *sector, int MADver, int sectorNo) { +static uint16_t madGetAID(uint8_t *sector, bool swapmad, int MADver, int sectorNo) { + uint16_t mad; if (MADver == 1) - return (sector[16 + 2 + (sectorNo - 1) * 2 + 1] << 8) + (sector[16 + 2 + (sectorNo - 1) * 2]); + mad = (sector[16 + 2 + (sectorNo - 1) * 2 + 1] << 8) + (sector[16 + 2 + (sectorNo - 1) * 2]); else - return (sector[2 + (sectorNo - 1) * 2 + 1] << 8) + (sector[2 + (sectorNo - 1) * 2]); + mad = (sector[2 + (sectorNo - 1) * 2 + 1] << 8) + (sector[2 + (sectorNo - 1) * 2]); + if (swapmad) { + return BSWAP_16(mad); + } else { + return mad; + } } int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2) { @@ -199,7 +205,7 @@ int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2) return res; } -int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen) { +int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen, bool swapmad) { *madlen = 0; bool haveMAD2 = false; int res = MADCheck(sector0, sector10, false, &haveMAD2); @@ -209,7 +215,7 @@ int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen } for (int i = 1; i < 16; i++) { - mad[*madlen] = madGetAID(sector0, 1, i); + mad[*madlen] = madGetAID(sector0, swapmad, 1, i); (*madlen)++; } @@ -219,7 +225,7 @@ int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen (*madlen)++; for (int i = 1; i < 24; i++) { - mad[*madlen] = madGetAID(sector10, 2, i); + mad[*madlen] = madGetAID(sector10, swapmad, 2, i); (*madlen)++; } } @@ -235,7 +241,7 @@ static const char *aid_admin[] = { "not applicable" }; -int MAD1DecodeAndPrint(uint8_t *sector, bool verbose, bool *haveMAD2) { +int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMAD2) { open_mad_file(&mad_known_aids, verbose); // check MAD1 only @@ -255,7 +261,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool verbose, bool *haveMAD2) { PrintAndLogEx(INFO, " 00 MAD 1"); uint32_t prev_aid = 0xFFFFFFFF; for (int i = 1; i < 16; i++) { - uint16_t aid = madGetAID(sector, 1, i); + uint16_t aid = madGetAID(sector, swapmad, 1, i); if (aid < 6) { PrintAndLogEx(INFO, " %02d [%04X] (%s)", i, aid, aid_admin[aid]); } else if (prev_aid == aid) { @@ -271,7 +277,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool verbose, bool *haveMAD2) { return PM3_SUCCESS; } -int MAD2DecodeAndPrint(uint8_t *sector, bool verbose) { +int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { open_mad_file(&mad_known_aids, verbose); PrintAndLogEx(INFO, " 16 MAD 2"); @@ -292,7 +298,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool verbose) { } uint32_t prev_aid = 0xFFFFFFFF; for (int i = 1; i < 8 + 8 + 7 + 1; i++) { - uint16_t aid = madGetAID(sector, 2, i); + uint16_t aid = madGetAID(sector, swapmad, 2, i); if (aid < 6) { PrintAndLogEx(INFO, " %02d [%04X] (%s)", i + 16, aid, aid_admin[aid]); } else if (prev_aid == aid) { diff --git a/client/src/mifare/mad.h b/client/src/mifare/mad.h index e6e960005..e5f23ea0f 100644 --- a/client/src/mifare/mad.h +++ b/client/src/mifare/mad.h @@ -14,9 +14,9 @@ #include "common.h" int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2); -int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen); -int MAD1DecodeAndPrint(uint8_t *sector, bool verbose, bool *haveMAD2); -int MAD2DecodeAndPrint(uint8_t *sector, bool verbose); +int MADDecode(uint8_t *sector0, uint8_t *sector10, uint16_t *mad, size_t *madlen, bool swapmad); +int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMAD2); +int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose); #endif // _MAD_H_