From 2af4a8957be059ace3391713832f02cb00f85e56 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <phil@teuwen.org>
Date: Wed, 9 Sep 2020 10:37:47 +0200
Subject: [PATCH] Fix hf mfu setuid for cards requiring valid BCC

---
 client/src/cmdhfmfu.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c
index 58dc9a300..a9b03cb46 100644
--- a/client/src/cmdhfmfu.c
+++ b/client/src/cmdhfmfu.c
@@ -2540,6 +2540,7 @@ static int CmdHF14AMfUCSetUid(const char *Cmd) {
         return PM3_EINVARG;
     }
 
+    PrintAndLogEx(INFO, "Please ignore possible transient BCC warnings");
     // read block2.
     clearCommandBuffer();
     SendCommandMIX(CMD_HF_MIFAREU_READBL, 2, 0, 0, NULL, 0);
@@ -2552,6 +2553,21 @@ static int CmdHF14AMfUCSetUid(const char *Cmd) {
     uint8_t oldblock2[4] = {0x00};
     memcpy(resp.data.asBytes, oldblock2, 4);
 
+    // Enforce bad BCC handling temporarily as BCC will be wrong between
+    // block 1 write and block2 write
+    hf14a_config config;
+    SendCommandNG(CMD_HF_ISO14443A_GET_CONFIG, NULL, 0);
+    if (!WaitForResponseTimeout(CMD_HF_ISO14443A_GET_CONFIG, &resp, 2000)) {
+        PrintAndLogEx(WARNING, "command execution time out");
+        return PM3_ETIMEOUT;
+    }
+    memcpy(&config, resp.data.asBytes, sizeof(hf14a_config));
+    int8_t oldconfig_bcc = config.forcebcc;
+    if (oldconfig_bcc != 2) {
+        config.forcebcc = 2;
+        SendCommandNG(CMD_HF_ISO14443A_SET_CONFIG, (uint8_t *)&config, sizeof(hf14a_config));
+    }
+
     // block 0.
     uint8_t data[4];
     data[0] = uid[0];
@@ -2588,6 +2604,12 @@ static int CmdHF14AMfUCSetUid(const char *Cmd) {
         PrintAndLogEx(WARNING, "Command execute timeout");
         return PM3_ETIMEOUT;
     }
+
+    // restore BCC config
+    if (oldconfig_bcc != 2) {
+        config.forcebcc = oldconfig_bcc;
+        SendCommandNG(CMD_HF_ISO14443A_SET_CONFIG, (uint8_t *)&config, sizeof(hf14a_config));
+    }
     return PM3_SUCCESS;
 }