From 192ccf7c3631df0b2e785f8e7066f32ce3a5000c Mon Sep 17 00:00:00 2001 From: team-orangeBlue <63470411+team-orangeBlue@users.noreply.github.com> Date: Sun, 3 Dec 2023 11:22:47 +0300 Subject: [PATCH] New mifare plus data 2 new commands Some argument names updated Signed-off-by: team-orangeBlue <63470411+team-orangeBlue@users.noreply.github.com> --- doc/commands.json | 76 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 65 insertions(+), 11 deletions(-) diff --git a/doc/commands.json b/doc/commands.json index 99785b3cd..89f0ac7fd 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -6247,6 +6247,32 @@ ], "usage": "hf mfp auth [-hv] --ki --key " }, + "hf mfp chconf": { + "command": "hf mfp chconf", + "description": "Change the configuration on a Mifare Plus tag. DANGER!", + "notes": [ + "This requires Card Master Key (9000) or Card Configuration Key (9001).", + "Configuration block info can be found below.", + "* Block B000 (00; CMK): Max amount of commands without MAC (byte 0), as well as plain mode access (unknown).", + "* Block B001 (01; CCK): Installation identifier for Virtual Card. Please consult NXP for data.", + "* Block B002 (02; CCK): ATS data.", + "* Block B003 (03; CCK): Use Random ID in SL3, decide whether proximity check is mandatory.", + " * DO NOT WRITE THIS BLOCK UNDER ANY CIRCUMSTANCES! Risk of bricking.", + "More configuration tips to follow. Check JMY600 Series IC Card Module.", + "hf mfp chconf -c 00 -d 10ffffffffffffffffffffffffffffff --key A0A1A2A3A4A5A6A7A0A1A2A3A4A5A6A7 -> Allow 16 commands without MAC in a single transaction." + ], + "offline": false, + "options": [ + "-h, --help This help", + "-v, --verbose Verbose mode", + "--nmr Do not expect MAC in response", + "-c, --conf Config block number, 0-3", + "-k, --key Card key, 16 hex bytes", + "--cck Auth as Card Configuration key instead of Card Master Key", + "-d, --data New configuration data, 16 hex bytes" + ], + "usage": "hf mfp chconf [-hv] [--nmr] -c [-k ] [--cck] -d " + }, "hf mfp chk": { "command": "hf mfp chk", "description": "Checks keys on MIFARE Plus card", @@ -6274,6 +6300,26 @@ ], "usage": "hf mfp chk [-habv] [-s <0..255>] [-e <0..255>] [-k ] [-d ] [--pattern1b] [--pattern2b] [--startp2b ] [--dump]" }, + "hf mfp chkey": { + "command": "hf mfp chkey", + "description": "Change the keys on a Mifare Plus tag", + "notes": [ + "This requires the key that can update the key that you are trying to update.", + "hf mfp chkey --ki 401f -d FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --key A0A1A2A3A4A5A6A7A0A1A2A3A4A5A6A7 -> Change key B for Sector 15 from MAD to default", + "hf mfp chkey --ki 9000 -d 32F9351A1C02B35FF97E0CA943F814F6 --key FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> Change card master key to custom from default" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-v, --verbose Verbose mode", + "--nmr Do not expect MAC in response", + "--ki Key Index, 2 hex bytes", + "-k, --key Current sector key, 16 hex bytes", + "-b, --typeb Sector key is key B", + "-d, --data New key, 16 hex bytes" + ], + "usage": "hf mfp chkey [-hvb] [--nmr] --ki [-k ] -d " + }, "hf mfp commitp": { "command": "hf mfp commitp", "description": "Executes Commit Perso command. Can be used in SL0 mode only. OBS! This command will not be executed if CardConfigKey, CardMasterKey and L3SwitchKey AES keys are not written.", @@ -6436,11 +6482,13 @@ "-v, --verbose Verbose mode", "-n, --count Blocks count (def: 1)", "-b, --keyb Use key B (def: keyA)", - "-p, --plain Plain communication mode between reader and card", + "-p, --plain Do not use encrypted transmission between reader and card", + "--nmc Do not append MAC to command", + "--nmr Do not expect MAC in reply", "--blk <0..255> Block number", "-k, --key Key, 16 hex bytes" ], - "usage": "hf mfp rdbl [-hvbp] [-n ] --blk <0..255> [-k ]" + "usage": "hf mfp rdbl [-hvbp] [-n ] [--nmc] [--nmr] --blk <0..255> [-k ]" }, "hf mfp rdsc": { "command": "hf mfp rdsc", @@ -6454,11 +6502,13 @@ "-h, --help This help", "-v, --verbose Verbose mode", "-b, --keyb Use key B (def: keyA)", - "-p, --plain Plain communication mode between reader and card", + "-p, --plain Do not use encrypted transmission between reader and card", + "--nmc Do not append MAC to command", + "--nmr Do not expect MAC in reply", "-s, --sn <0..255> Sector number", "-k, --key Key, 16 hex bytes" ], - "usage": "hf mfp rdsc [-hvbp] -s <0..255> [-k ]" + "usage": "hf mfp rdsc [-hvbp] [--nmc] [--nmr] -s <0..255> [-k ]" }, "hf mfp wrbl": { "command": "hf mfp wrbl", @@ -6473,26 +6523,30 @@ "-v, --verbose Verbose mode", "-b, --keyb Use key B (def: keyA)", "--blk <0..255> Block number", + "-p, --plain Do not use encrypted transmission", + "--nmr Do not expect MAC in response", "-d, --data Data, 16 hex bytes", "-k, --key Key, 16 hex bytes" ], - "usage": "hf mfp wrbl [-hvb] --blk <0..255> -d [-k ]" + "usage": "hf mfp wrbl [-hvbp] --blk <0..255> [--nmr] -d [-k ]" }, "hf mfp wrp": { "command": "hf mfp wrp", "description": "Executes Write Perso command. Can be used in SL0 mode only.", "notes": [ - "hf mfp wrp --ki 4000 --key 000102030405060708090a0b0c0d0e0f -> write key (00..0f) to key number 4000", - "hf mfp wrp --ki 4000 -> write default key(0xff..0xff) to key number 4000" + "hf mfp wrp --adr 4000 --data 000102030405060708090a0b0c0d0e0f -> write key (00..0f) to key number 4000", + "hf mfp wrp --adr 4000 -> write default key(0xff..0xff) to key number 4000", + "hf mfp wrp -a b000 -d 20FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> allow 32 commands without MAC in configuration block (B000)", + "hf mfp wrp -a 0003 -d 1234561234567F078869B0B1B2B3B4B5 -> write crypto1 keys A: 123456123456 and B: B0B1B2B3B4B5 to block 3" ], "offline": false, "options": [ "-h, --help This help", "-v, --verbose Verbose output", - "--ki Key number, 2 hex bytes", - "--key Key, 16 hex bytes" + "-a, --adr Address, 2 hex bytes", + "-d, --data Data, 16 hex bytes" ], - "usage": "hf mfp wrp [-hv] --ki [--key ]" + "usage": "hf mfp wrp [-hv] -a [-d ]" }, "hf mfu cauth": { "command": "hf mfu cauth", @@ -12068,4 +12122,4 @@ "extracted_by": "PM3Help2JSON v1.00", "extracted_on": "2023-12-01T14:06:40" } -} \ No newline at end of file +}