From ecbcba18dd3db382d85f12b4f6a4c4181f695d2f Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 11 Sep 2020 18:17:58 +0200 Subject: [PATCH] identify gen3 --- armsrc/mifarecmd.c | 14 ++++++++++++++ client/src/mifare/mifarehost.c | 5 ++++- doc/magic_cards_notes.md | 8 +++++++- include/protocols.h | 1 + 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index d33feeff2..9ee47f19f 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2243,6 +2243,7 @@ void MifareCIdent(void) { uint8_t recpar[1] = {0x00}; uint8_t rats[4] = { ISO14443A_CMD_RATS, 0x80, 0x31, 0x73 }; uint8_t rdbl[4] = { ISO14443A_CMD_READBLOCK, 0xF0, 0x8D, 0x5f}; + uint8_t rdbl0[4] = { ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8}; uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE); uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE); uint8_t *uid = BigBuf_malloc(10); @@ -2334,6 +2335,19 @@ void MifareCIdent(void) { isGen = MAGIC_NTAG21X; } } + + // magic MFC Gen3 test + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(40); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); + if (res == 2) { + ReaderTransmit(rdbl0, sizeof(rdbl0), NULL); + res = ReaderReceive(buf, par); + if (res == 18) { + isGen = MAGIC_GEN_3; + } + } }; OUT: diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 7a14c3100..032c9eccf 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1174,7 +1174,10 @@ int detect_classic_magic(void) { PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Gen 1b")); break; case MAGIC_GEN_2: - PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Gen 2 / CUID")); + PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Gen 2 / CUID")); + break; + case MAGIC_GEN_3: + PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Gen 3 / APDU")); break; case MAGIC_GEN_UNFUSED: PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Write Once / FUID")); diff --git a/doc/magic_cards_notes.md b/doc/magic_cards_notes.md index 4bc67e273..71180d2fd 100644 --- a/doc/magic_cards_notes.md +++ b/doc/magic_cards_notes.md @@ -344,7 +344,11 @@ hf 14a raw -c 85000000000000000000000000000008 ### Identify -**TODO** +``` +hf 14a info +... +[+] Magic capabilities : Gen 3 / APDU +``` ### Magic commands @@ -362,6 +366,8 @@ It seems the length byte gets ignored anyway. Note: it seems some cards only accept the "change UID" command. +It accepts direct read of block0 (and only block0) without prior auth. + ### Characteristics * UID: 4b and 7b versions diff --git a/include/protocols.h b/include/protocols.h index e043b6418..7cd547fef 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -221,6 +221,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MAGIC_GEN_UNFUSED 5 #define MAGIC_SUPER 6 #define MAGIC_NTAG21X 7 +#define MAGIC_GEN_3 8 /** 06 00 = INITIATE 0E xx = SELECT ID (xx = Chip-ID)