CHG: 'HF MF C*' (chinese backdoor commands) According to douniwan5788 some magic/clone tags answers to the halt cmd and some not. I think I captured his ideas.

ref: 13b71e58fd
2024-12-30 20:23:46 +08:00 · 2016-10-28 20:43:07 +02:00 · 2016-10-28 20:43:07 +02:00 · d209443322
commit d209443322
parent c3c12b5571
2 changed files with 8 additions and 6 deletions
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -1217,10 +1217,9 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
 			if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
 				if (MF_DBGLEVEL >= MF_DBG_ERROR)	Dbprintf("Can't select card");
 				errormsg = MAGIC_UID;
-				// break;
 			}
-			
-			if ( mifare_classic_halt_ex(NULL) ) break;
+			mifare_classic_halt_ex(NULL);
+			break;
 		}
 	
 		// wipe tag, fill it with zeros
@ -1239,7 +1238,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
 				break;
 			}

-			if ( mifare_classic_halt_ex(NULL) ) break;
+			mifare_classic_halt_ex(NULL);
 		}	

 		// write block
@ -1276,7 +1275,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
 		}	
 	
 		if (workFlags & MAGIC_OFF) 
-			if ( mifare_classic_halt_ex(NULL) ) break;
+			mifare_classic_halt_ex(NULL);
 		
 		isOK = true;
 		break;
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@ -474,7 +474,10 @@ int mifare_classic_halt_ex(struct Crypto1State *pcs) {
 	uint8_t receivedAnswer[4] = {0x00, 0x00, 0x00, 0x00};
 	len = mifare_sendcmd_short(pcs, (pcs == NULL) ? CRYPT_NONE : CRYPT_ALL, 0x50, 0x00, receivedAnswer, NULL, NULL);
 	if (len != 0) {
-		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len);  
+		if (MF_DBGLEVEL >= MF_DBG_ERROR) 
+			Dbprintf("halt error. response len: %x data:%02X %02X %02X %02X", len, receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3]);  
+		if (len == 1 && receivedAnswer[0] == 0x04)
+			return 4;
 		return 1;
 	}
 	return 0;