RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-04 12:06:20 +08:00
Code Issues Projects Releases Packages Wiki Activity

darkside: fix backdoor support

Browse source
This commit is contained in:
Philippe Teuwen 2024-11-17 00:23:06 +01:00
parent 6c8a4972b1
commit c9e751d27d
1 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
client/src/cmdhfmf.c
View file

@ -883,23 +883,28 @@ static int CmdHF14AMfDarkside(const char *Cmd) {
arg_param_begin, arg_param_begin,
arg_int0(NULL, "blk", "<dec> ", "Target block"), arg_int0(NULL, "blk", "<dec> ", "Target block"),
arg_lit0("b", NULL, "Target key B instead of default key A"), arg_lit0("b", NULL, "Target key B instead of default key A"),
arg_int0("c", NULL, "<dec>", "Target Auth 6x"), arg_int0("c", NULL, "<dec>", "Target key type is key A + offset"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
uint8_t blockno = arg_get_u32_def(ctx, 1, 0) & 0xFF; uint8_t blockno = arg_get_u32_def(ctx, 1, 0) & 0xFF;
uint8_t key_type = MIFARE_AUTH_KEYA; uint8_t key_type = MF_KEY_A;
if (arg_get_lit(ctx, 2)) { if (arg_get_lit(ctx, 2)) {
PrintAndLogEx(INFO, "Targeting key B"); PrintAndLogEx(INFO, "Targeting key B");
key_type = MIFARE_AUTH_KEYB; key_type = MF_KEY_B;
} }
uint8_t ctype = arg_get_u32_def(ctx, 3, 0) & 0xFF; uint8_t prev_keytype = key_type;
if ((ctype & 0x60) == 0x60) { key_type = arg_get_int_def(ctx, 3, key_type);
key_type = ctype; if (arg_get_lit(ctx, 2) && (key_type != prev_keytype)) {
CLIParserFree(ctx);
PrintAndLogEx(WARNING, "Choose one single target key type");
return PM3_EINVARG;
} }
// mf_dark_side expects the full command byte 0x6x
key_type += MIFARE_AUTH_KEYA;
CLIParserFree(ctx); CLIParserFree(ctx);
@ -1002,7 +1007,12 @@ static int CmdHF14AMfWrBl(const char *Cmd) {
return PM3_EINVARG; return PM3_EINVARG;
} }
PrintAndLogEx(INFO, "Writing block no %d, key %c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key))); if (keytype < 2) {
PrintAndLogEx(INFO, "Writing block no %d, key type:%c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key)));
} else {
PrintAndLogEx(INFO, "Writing block no %d, key type:%02x - %s", blockno, MIFARE_AUTH_KEYA + keytype, sprint_hex_inrow(key, sizeof(key)));
}
PrintAndLogEx(INFO, "data: %s", sprint_hex(block, sizeof(block))); PrintAndLogEx(INFO, "data: %s", sprint_hex(block, sizeof(block)));
uint8_t data[26]; uint8_t data[26];
@ -9303,7 +9313,11 @@ static int CmdHF14AMfValue(const char *Cmd) {
} else { } else {
cmddata[10] = 0; cmddata[10] = 0;
PrintAndLogEx(INFO, "Writing block no %u, key %c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key))); if (keytype < 2) {
PrintAndLogEx(INFO, "Writing block no %u, key type:%c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key)));
} else {
PrintAndLogEx(INFO, "Writing block no %u, key type:%02x - %s", blockno, MIFARE_AUTH_KEYA + keytype, sprint_hex_inrow(key, sizeof(key)));
}
} }
memcpy(cmddata + 11, block, sizeof(block)); memcpy(cmddata + 11, block, sizeof(block));