QL88 tag identification. Thanks to AnnPlusPluss and Atlab for finding the key

This commit is contained in:
iceman1001 2023-06-28 13:27:50 +02:00
parent b0c2ad8ac2
commit ed0d18f05d
4 changed files with 22 additions and 0 deletions

View file

@ -5,6 +5,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
## [unreleased][unreleased] ## [unreleased][unreleased]
## [Seven.4.16717][2023-06-25] ## [Seven.4.16717][2023-06-25]
- Change `hf 14a info` - now identifes QL88 tags (@iceman1001)
- Added support for compiling on iOS (@The-SamminAter) - Added support for compiling on iOS (@The-SamminAter)
- Fixed viewing MFC dump - border char is now white (@iceman1001) - Fixed viewing MFC dump - border char is now white (@iceman1001)
- Changed `data diff` - to print filenames in header if it fits (@iceman1001) - Changed `data diff` - to print filenames in header if it fits (@iceman1001)

View file

@ -2631,6 +2631,7 @@ void MifareCIdent(bool is_mfc) {
uint8_t gen4gmd[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92}; uint8_t gen4gmd[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92};
uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0}; uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0};
uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D}; uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D};
uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE); uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE);
uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE); uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE);
uint8_t *uid = BigBuf_malloc(10); uint8_t *uid = BigBuf_malloc(10);
@ -2787,7 +2788,24 @@ void MifareCIdent(bool is_mfc) {
isGen = MAGIC_GEN_4GDM; isGen = MAGIC_GEN_4GDM;
} }
} }
if (isGen != MAGIC_GEN_4GDM) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(40);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true);
if (res == 2) {
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
if (mifare_classic_authex(pcs, cuid, 68, MF_KEY_B, 0x707B11FC1481, AUTH_FIRST, NULL, NULL) == 0) {
isGen = MAGIC_QL88;
}
crypto1_deinit(pcs);
}
}
} }
} }
}; };

View file

@ -1431,6 +1431,8 @@ int detect_mf_magic(bool is_mfc) {
case MAGIC_NTAG21X: case MAGIC_NTAG21X:
PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("NTAG21x")); PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("NTAG21x"));
break; break;
case MAGIC_QL88:
PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("QL88"));
default: default:
break; break;
} }

View file

@ -621,6 +621,7 @@ typedef struct {
#define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613 #define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613
#define CMD_HF_MIFARE_ACQ_NONCES 0x0614 #define CMD_HF_MIFARE_ACQ_NONCES 0x0614
#define CMD_HF_MIFARE_STATIC_NESTED 0x0615 #define CMD_HF_MIFARE_STATIC_NESTED 0x0615
#define CMD_HF_MIFARE_STATIC_ENC 0x0616
#define CMD_HF_MIFARE_READBL 0x0620 #define CMD_HF_MIFARE_READBL 0x0620
#define CMD_HF_MIFAREU_READBL 0x0720 #define CMD_HF_MIFAREU_READBL 0x0720