github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #1079 from cyberpunk-re/MFU_SIM_maxReads

Browse source 
MFU emulation now supports automatic exit after <num> blocks read.
This commit is contained in:
Iceman 2020-11-30 23:14:00 +01:00 committed by GitHub
commit 1cfc69bd0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 35 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Added `mf mfu sim t 7 n <numreads>` - MFU emulation now supports automatic exit after <num> blocks read. (@cyberpunk-re)
- Added T55xx Guide to assist in learning how to use the T55xx chip (@mwalker33) - Added T55xx Guide to assist in learning how to use the T55xx chip (@mwalker33)
- Fix 'hf iclass wrbl' - dealing with tags in unsecured vs secured pagemode now is correct (@iceman1001) - Fix 'hf iclass wrbl' - dealing with tags in unsecured vs secured pagemode now is correct (@iceman1001)
- Change many commands to cliparser (@iceman1001, @tcprst, @mwalker33,...) - Change many commands to cliparser (@iceman1001, @tcprst, @mwalker33,...)

2
armsrc/Standalone/hf_aveful.c
View file

@ -243,7 +243,7 @@ void RunMod(void) {
uint8_t flags = FLAG_7B_UID_IN_DATA; uint8_t flags = FLAG_7B_UID_IN_DATA;
Dbprintf("Starting simulation, press pm3-button to stop and go back to search state."); Dbprintf("Starting simulation, press pm3-button to stop and go back to search state.");
SimulateIso14443aTag(7, flags, card.uid); SimulateIso14443aTag(7, flags, card.uid, 0);
// Go back to search state if user presses pm3-button // Go back to search state if user presses pm3-button
state = STATE_SEARCH; state = STATE_SEARCH;

12
armsrc/Standalone/hf_young.c
View file

@ -244,22 +244,22 @@ void RunMod(void) {
if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0) { if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 1k"); DbpString("Mifare Classic 1k");
SimulateIso14443aTag(1, flags, data); SimulateIso14443aTag(1, flags, data, 0);
} else if (uids[selected].sak == 0x18 && uids[selected].atqa[0] == 0x02 && uids[selected].atqa[1] == 0) { } else if (uids[selected].sak == 0x18 && uids[selected].atqa[0] == 0x02 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (4b uid)"); DbpString("Mifare Classic 4k (4b uid)");
SimulateIso14443aTag(8, flags, data); SimulateIso14443aTag(8, flags, data, 0);
} else if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) { } else if (uids[selected].sak == 0x08 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Classic 4k (7b uid)"); DbpString("Mifare Classic 4k (7b uid)");
SimulateIso14443aTag(8, flags, data); SimulateIso14443aTag(8, flags, data, 0);
} else if (uids[selected].sak == 0x00 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) { } else if (uids[selected].sak == 0x00 && uids[selected].atqa[0] == 0x44 && uids[selected].atqa[1] == 0) {
DbpString("Mifare Ultralight"); DbpString("Mifare Ultralight");
SimulateIso14443aTag(2, flags, data); SimulateIso14443aTag(2, flags, data, 0);
} else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0x03) { } else if (uids[selected].sak == 0x20 && uids[selected].atqa[0] == 0x04 && uids[selected].atqa[1] == 0x03) {
DbpString("Mifare DESFire"); DbpString("Mifare DESFire");
SimulateIso14443aTag(3, flags, data); SimulateIso14443aTag(3, flags, data, 0);
} else { } else {
Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation"); Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
SimulateIso14443aTag(1, flags, data); SimulateIso14443aTag(1, flags, data, 0);
} }
} else if (button_pressed == BUTTON_SINGLE_CLICK) { } else if (button_pressed == BUTTON_SINGLE_CLICK) {

3
armsrc/appmain.c
View file

@ -1274,9 +1274,10 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t tagtype; uint8_t tagtype;
uint8_t flags; uint8_t flags;
uint8_t uid[10]; uint8_t uid[10];
uint8_t exitAfter;
} PACKED; } PACKED;
struct p *payload = (struct p *) packet->data.asBytes; struct p *payload = (struct p *) packet->data.asBytes;
SimulateIso14443aTag(payload->tagtype, payload->flags, payload->uid); // ## Simulate iso14443a tag - pass tag type & UID SimulateIso14443aTag(payload->tagtype, payload->flags, payload->uid, payload->exitAfter); // ## Simulate iso14443a tag - pass tag type & UID
break; break;
} }
case CMD_HF_ISO14443A_ANTIFUZZ: { case CMD_HF_ISO14443A_ANTIFUZZ: {

14
armsrc/iso14443a.c
View file

@ -1252,7 +1252,7 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i
// response to send, and send it. // response to send, and send it.
// 'hf 14a sim' // 'hf 14a sim'
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data, uint8_t exitAfterNReads) {
#define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack() #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
@ -1328,6 +1328,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) {
int happened = 0; int happened = 0;
int happened2 = 0; int happened2 = 0;
int cmdsRecvd = 0; int cmdsRecvd = 0;
uint32_t numReads = 0; //Counts numer of times reader reads a block
// compatible write block number // compatible write block number
uint8_t wrblock = 0; uint8_t wrblock = 0;
@ -1339,7 +1340,10 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) {
LED_A_ON(); LED_A_ON();
// main loop // main loop
for (;;) { //for (;;) {
bool finished = false;
bool button_pushed = BUTTON_PRESS();
while (!button_pushed && !finished) {
WDT_HIT(); WDT_HIT();
tag_response_info_t *p_response = NULL; tag_response_info_t *p_response = NULL;
@ -1468,6 +1472,12 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) {
emlGetMemBt(emdata, start, 16); emlGetMemBt(emdata, start, 16);
AddCrc14A(emdata, 16); AddCrc14A(emdata, 16);
EmSendCmd(emdata, sizeof(emdata)); EmSendCmd(emdata, sizeof(emdata));
numReads++; // Increment number of times reader requested a block
if (exitAfterNReads > 0 && numReads == exitAfterNReads) {
Dbprintf("[MFUEMUL_WORK] %d reads done, exiting", numReads);
finished = true;
}
} }
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL; p_response = NULL;

2
armsrc/iso14443a.h
View file

@ -129,7 +129,7 @@ RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time); RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
void RAMFUNC SniffIso14443a(uint8_t param); void RAMFUNC SniffIso14443a(uint8_t param);
void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data); void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data, uint8_t numReads);
bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_info_t **responses, uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages); bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_info_t **responses, uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages);
bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len); bool GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len);
void iso14443a_antifuzz(uint32_t flags); void iso14443a_antifuzz(uint32_t flags);

10
client/src/cmdhf14a.c
View file

@ -211,7 +211,7 @@ static int usage_hf_14a_config(void) {
static int usage_hf_14a_sim(void) { static int usage_hf_14a_sim(void) {
PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n"); PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n");
PrintAndLogEx(NORMAL, "Usage: hf 14a sim [h] t <type> u <uid> [x] [e] [v]"); PrintAndLogEx(NORMAL, "Usage: hf 14a sim [h] t <type> u <uid> [n <numreads>] [x] [e] [v]");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h : This help"); PrintAndLogEx(NORMAL, " h : This help");
PrintAndLogEx(NORMAL, " t : 1 = MIFARE Classic 1k"); PrintAndLogEx(NORMAL, " t : 1 = MIFARE Classic 1k");
@ -225,6 +225,7 @@ static int usage_hf_14a_sim(void) {
PrintAndLogEx(NORMAL, " 9 = FM11RF005SH Shanghai Metro"); PrintAndLogEx(NORMAL, " 9 = FM11RF005SH Shanghai Metro");
PrintAndLogEx(NORMAL, " 10 = JCOP 31/41 Rothult"); PrintAndLogEx(NORMAL, " 10 = JCOP 31/41 Rothult");
PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID"); PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID");
PrintAndLogEx(NORMAL, " n : (Optional) Exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
PrintAndLogEx(NORMAL, " x : (Optional) Performs the 'reader attack', nr/ar attack against a reader"); PrintAndLogEx(NORMAL, " x : (Optional) Performs the 'reader attack', nr/ar attack against a reader");
PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys"); PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys");
PrintAndLogEx(NORMAL, " v : (Optional) Verbose"); PrintAndLogEx(NORMAL, " v : (Optional) Verbose");
@ -657,6 +658,7 @@ int CmdHF14ASim(const char *Cmd) {
bool errors = false; bool errors = false;
sector_t *k_sector = NULL; sector_t *k_sector = NULL;
uint8_t k_sectorsCount = 40; uint8_t k_sectorsCount = 40;
uint8_t exitAfterNReads = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -693,6 +695,10 @@ int CmdHF14ASim(const char *Cmd) {
} }
cmdp += 2; cmdp += 2;
break; break;
case 'n':
exitAfterNReads = param_get8(Cmd, cmdp + 1);
cmdp += 2;
break;
case 'v': case 'v':
verbose = true; verbose = true;
cmdp++; cmdp++;
@ -722,10 +728,12 @@ int CmdHF14ASim(const char *Cmd) {
uint8_t tagtype; uint8_t tagtype;
uint8_t flags; uint8_t flags;
uint8_t uid[10]; uint8_t uid[10];
uint8_t exitAfter;
} PACKED payload; } PACKED payload;
payload.tagtype = tagtype; payload.tagtype = tagtype;
payload.flags = flags; payload.flags = flags;
payload.exitAfter = exitAfterNReads;
memcpy(payload.uid, uid, uidlen); memcpy(payload.uid, uid, uidlen);
clearCommandBuffer(); clearCommandBuffer();

4
client/src/cmdhfmfu.c
View file

@ -155,15 +155,17 @@ static int usage_hf_mfu_eload(void) {
static int usage_hf_mfu_sim(void) { static int usage_hf_mfu_sim(void) {
PrintAndLogEx(NORMAL, "\nEmulating Ultralight tag from emulator memory\n"); PrintAndLogEx(NORMAL, "\nEmulating Ultralight tag from emulator memory\n");
PrintAndLogEx(NORMAL, "\nBe sure to load the emulator memory first!\n"); PrintAndLogEx(NORMAL, "\nBe sure to load the emulator memory first!\n");
PrintAndLogEx(NORMAL, "Usage: hf mfu sim t 7 u <uid>"); PrintAndLogEx(NORMAL, "Usage: hf mfu sim t 7 u <uid> [n <num>]");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h : this help"); PrintAndLogEx(NORMAL, " h : this help");
PrintAndLogEx(NORMAL, " t 7 : 7 = NTAG or Ultralight sim (required)"); PrintAndLogEx(NORMAL, " t 7 : 7 = NTAG or Ultralight sim (required)");
PrintAndLogEx(NORMAL, " n <num> : exit simulation after <num> blocks have been read by reader. 0 = infinite (optional)");
PrintAndLogEx(NORMAL, " u <uid> : 4 or 7 byte UID (optional)"); PrintAndLogEx(NORMAL, " u <uid> : 4 or 7 byte UID (optional)");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7")); PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7 u 1122344556677")); PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7 u 1122344556677"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7 u 1122344556677 n 5"));
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }