github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

hf mf wipe - now support enforcing sector 0 / block 0 writes

Browse source
This commit is contained in:
iceman1001 2021-05-05 19:33:15 +02:00
commit 0dd73df088
2 changed files with 39 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

47
client/src/cmdhfmf.c
View file

@ -5786,23 +5786,28 @@ static int CmdHf14AMfSuperCard(const char *Cmd) {
static int CmdHF14AMfWipe(const char *Cmd) { static int CmdHF14AMfWipe(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mf wipe", CLIParserInit(&ctx, "hf mf wipe",
"Wipe card to zeros and default keys/acc. This command taks a key file to wipe card\n" "Wipe card to zeros and default keys/acc. This command takes a key file to wipe card\n"
"New A/B keys FF FF FF FF FF FF\n" "Will use UID from card to generate keyfile name if not specified.\n"
"New acc FF 07 80\n" "New A/B keys..... FF FF FF FF FF FF\n"
"New GDB 69", "New acc rights... FF 07 80\n"
"hf mf wipe" "New GPB.......... 69",
); "hf mf wipe --> reads card uid to generate file name\n"
"hf mf wipe --gen2 --> force write to S0, B0 manufacture block\n"
"hf mf wipe -f mykey.bin --> use mykey.bin\n"
);
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_str0("f", "file", "<fn>", "key filename"), arg_str0("f", "file", "<fn>", "key filename"),
arg_lit0(NULL, "gen2", "force write to Sector 0, block 0 (GEN2)"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, true);
int keyfnlen = 0; int keyfnlen = 0;
char keyFilename[FILE_PATH_SIZE] = {0}; char keyFilename[FILE_PATH_SIZE] = {0};
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)keyFilename, FILE_PATH_SIZE, &keyfnlen); CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)keyFilename, FILE_PATH_SIZE, &keyfnlen);
bool gen2 = arg_get_lit(ctx, 2);
CLIParserFree(ctx); CLIParserFree(ctx);
char *fptr; char *fptr;
@ -5826,12 +5831,14 @@ static int CmdHF14AMfWipe(const char *Cmd) {
uint8_t keyB[MIFARE_4K_MAXSECTOR * 6]; uint8_t keyB[MIFARE_4K_MAXSECTOR * 6];
uint8_t num_sectors = 0; uint8_t num_sectors = 0;
uint8_t mf[MFBLOCK_SIZE];
switch (keyslen) { switch (keyslen) {
case (MIFARE_MINI_MAXSECTOR * 2 * 6): { case (MIFARE_MINI_MAXSECTOR * 2 * 6): {
PrintAndLogEx(INFO, "Loaded keys matching MIFARE Classic Mini 320b"); PrintAndLogEx(INFO, "Loaded keys matching MIFARE Classic Mini 320b");
memcpy(keyA, keys, (MIFARE_MINI_MAXSECTOR * 6)); memcpy(keyA, keys, (MIFARE_MINI_MAXSECTOR * 6));
memcpy(keyB, keys + (MIFARE_MINI_MAXSECTOR * 6), (MIFARE_MINI_MAXSECTOR * 6)); memcpy(keyB, keys + (MIFARE_MINI_MAXSECTOR * 6), (MIFARE_MINI_MAXSECTOR * 6));
num_sectors = NumOfSectors('0'); num_sectors = NumOfSectors('0');
memcpy(mf, "\x11\x22\x33\x44\x44\x09\x04\x00\x62\x63\x64\x65\x66\x67\x68\x69", MFBLOCK_SIZE);
break; break;
} }
case (MIFARE_1K_MAXSECTOR * 2 * 6): { case (MIFARE_1K_MAXSECTOR * 2 * 6): {
@ -5839,6 +5846,8 @@ static int CmdHF14AMfWipe(const char *Cmd) {
memcpy(keyA, keys, (MIFARE_1K_MAXSECTOR * 6)); memcpy(keyA, keys, (MIFARE_1K_MAXSECTOR * 6));
memcpy(keyB, keys + (MIFARE_1K_MAXSECTOR * 6), (MIFARE_1K_MAXSECTOR * 6)); memcpy(keyB, keys + (MIFARE_1K_MAXSECTOR * 6), (MIFARE_1K_MAXSECTOR * 6));
num_sectors = NumOfSectors('1'); num_sectors = NumOfSectors('1');
memcpy(mf, "\x11\x22\x33\x44\x44\x08\x04\x00\x62\x63\x64\x65\x66\x67\x68\x69", MFBLOCK_SIZE);
break; break;
} }
case (MIFARE_4K_MAXSECTOR * 2 * 6): { case (MIFARE_4K_MAXSECTOR * 2 * 6): {
@ -5846,6 +5855,7 @@ static int CmdHF14AMfWipe(const char *Cmd) {
memcpy(keyA, keys, (MIFARE_4K_MAXSECTOR * 6)); memcpy(keyA, keys, (MIFARE_4K_MAXSECTOR * 6));
memcpy(keyB, keys + (MIFARE_4K_MAXSECTOR * 6), (MIFARE_4K_MAXSECTOR * 6)); memcpy(keyB, keys + (MIFARE_4K_MAXSECTOR * 6), (MIFARE_4K_MAXSECTOR * 6));
num_sectors = NumOfSectors('4'); num_sectors = NumOfSectors('4');
memcpy(mf, "\x11\x22\x33\x44\x44\x18\x02\x00\x62\x63\x64\x65\x66\x67\x68\x69", MFBLOCK_SIZE);
break; break;
} }
default: { default: {
@ -5854,6 +5864,12 @@ static int CmdHF14AMfWipe(const char *Cmd) {
} }
} }
if (gen2)
PrintAndLogEx(INFO, "Forcing overwrite of sector 0 / block 0 ");
else
PrintAndLogEx(INFO, "Skipping sector 0 / block 0");
PrintAndLogEx(NORMAL, "");
uint8_t zeros[MFBLOCK_SIZE] = {0}; uint8_t zeros[MFBLOCK_SIZE] = {0};
memset(zeros, 0x00, sizeof(zeros)); memset(zeros, 0x00, sizeof(zeros));
uint8_t st[MFBLOCK_SIZE] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x07, 0x80, 0x69, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; uint8_t st[MFBLOCK_SIZE] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x07, 0x80, 0x69, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
@ -5863,6 +5879,11 @@ static int CmdHF14AMfWipe(const char *Cmd) {
for (uint8_t b = 0; b < NumBlocksPerSector(s); b++) { for (uint8_t b = 0; b < NumBlocksPerSector(s); b++) {
// Skipp write to manufacture block if not enforced
if (s == 0 && b == 0 && gen2 == false) {
continue;
}
uint8_t data[26]; uint8_t data[26];
memset(data, 0, sizeof(data)); memset(data, 0, sizeof(data));
if (mfIsSectorTrailer(b)) { if (mfIsSectorTrailer(b)) {
@ -5871,6 +5892,11 @@ static int CmdHF14AMfWipe(const char *Cmd) {
memcpy(data + 10, zeros, sizeof(zeros)); memcpy(data + 10, zeros, sizeof(zeros));
} }
// add correct manufacture block if UID Gen2
if (s == 0 && b == 0 && gen2) {
memcpy(data + 10, mf, sizeof(mf));
}
// try both A/B keys, start with B key first // try both A/B keys, start with B key first
for (int8_t kt = MF_KEY_B; kt > -1; kt--) { for (int8_t kt = MF_KEY_B; kt > -1; kt--) {
@ -5879,16 +5905,16 @@ static int CmdHF14AMfWipe(const char *Cmd) {
else else
memcpy(data, keyB + (s * 6), 6); memcpy(data, keyB + (s * 6), 6);
PrintAndLogEx(INFO, "block %3d: %s", FirstBlockOfSector(s) + b, sprint_hex(data + 10, MFBLOCK_SIZE)); PrintAndLogEx(INFO, "block %3d: %s" NOLF, FirstBlockOfSector(s) + b, sprint_hex(data + 10, MFBLOCK_SIZE));
clearCommandBuffer(); clearCommandBuffer();
SendCommandMIX(CMD_HF_MIFARE_WRITEBL, FirstBlockOfSector(s) + b, kt, 0, data, sizeof(data)); SendCommandMIX(CMD_HF_MIFARE_WRITEBL, FirstBlockOfSector(s) + b, kt, 0, data, sizeof(data));
PacketResponseNG resp; PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
uint8_t isOK = resp.oldarg[0] & 0xff; uint8_t isOK = resp.oldarg[0] & 0xff;
if (isOK == 0) { if (isOK == 0) {
PrintAndLogEx(FAILED, "isOk: %02x", isOK); PrintAndLogEx(NORMAL, "( " _RED_("fail") " )");
} else { } else {
PrintAndLogEx(NORMAL, "( " _GREEN_("ok") " )");
break; break;
} }
} else { } else {
@ -5898,6 +5924,7 @@ static int CmdHF14AMfWipe(const char *Cmd) {
} }
} }
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "Done!"); PrintAndLogEx(INFO, "Done!");
out: out:
free(keys); free(keys);

2
doc/magic_cards_notes.md
View file

@ -330,6 +330,8 @@ Android compatible
``` ```
hf mf wrbl --blk 0 -k FFFFFFFFFFFF -d 11223344440804006263646566676869 hf mf wrbl --blk 0 -k FFFFFFFFFFFF -d 11223344440804006263646566676869
hf mf wipe --gen2
``` ```
When "soft-bricked" (by writing invalid data in block0), these ones may help: When "soft-bricked" (by writing invalid data in block0), these ones may help: