diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e14bbd15..d1e5235dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Changed `hf mfu info` - now correctly identifies NTAG I2C tags (@icemann1001) - Changed `hf 14b dump/view` - now supports `z` flag for dense output (@iceman1001) - Changed `hf xerox dump/view` - now supports `z` flag for dense output (@iceman1001) - Changed `hf mfu dump/view/eview` - now supports `-z` flag for dense output (@iceman1001) diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index b81a00957..d2dcbe637 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -542,9 +542,11 @@ static int ndef_get_maxsize(const uint8_t *data) { } static int ndef_print_CC(uint8_t *data) { + // no NDEF message - if (data[0] != 0xE1) + if (data[0] != 0xE1 && data[0] != 0xF1) { return PM3_ESOFT; + } //NFC Forum Type 1,2,3,4 // @@ -623,12 +625,41 @@ static int ndef_print_CC(uint8_t *data) { uint8_t mbread = (data[3] & 0x01); PrintAndLogEx(SUCCESS, " %02X: Additional feature information", data[3]); - PrintAndLogEx(SUCCESS, " %s", sprint_bin(&data[3], 1)); - PrintAndLogEx(SUCCESS, " xxx..... - %02X: RFU ( %s )", msb3, (msb3 == 0) ? _GREEN_("ok") : _RED_("fail")); - PrintAndLogEx(SUCCESS, " ...x.... - %02X: %s special frame", sf, (sf) ? "support" : "don\'t support"); - PrintAndLogEx(SUCCESS, " ....x... - %02X: %s lock block", lb, (lb) ? "support" : "don\'t support"); - PrintAndLogEx(SUCCESS, " .....xx. - %02X: RFU ( %s )", mlrule, (mlrule == 0) ? _GREEN_("ok") : _RED_("fail")); - PrintAndLogEx(SUCCESS, " .......x - %02X: IC %s multiple block reads", mbread, (mbread) ? "support" : "don\'t support"); + + uint8_t bits[8 + 1] = {0}; + num_to_bytebits(data[3], 8, bits); + const char *bs = sprint_bytebits_bin(bits, 8); + + PrintAndLogEx(SUCCESS, " %s", bs); + if (msb3 == 0) { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 0, 3, "RFU")); + } else { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_RED, bs, 8, 0, 3, "RFU")); + } + + if (sf) { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 3, 1, "Support special frame")); + } else { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 3, 1, "Don\'t support special frame")); + } + + if (lb) { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 4, 1, "Support lock block")); + } else { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 4, 1, "Don\'t support lock block")); + } + + if (mlrule == 0) { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 5, 2, "RFU")); + } else { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_RED, bs, 8, 5, 2, "RFU")); + } + + if (mbread) { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 7, 1, "IC support multiple block reads")); + } else { + PrintAndLogEx(SUCCESS, " %s", sprint_breakdown_bin(C_NONE, bs, 8, 7, 1, "IC don\'t support multiple block reads")); + } return PM3_SUCCESS; } @@ -1428,6 +1459,12 @@ static mfu_identify_t mfu_ident_table[] = { ul_ev1_pwdgenB, ul_ev1_packgenB, "hf mfu dump -k %08x" }, + { + "Amiibo - Power Up band", "0004040502021303", + 8, 10, "44000FE0F110FFEEA500", + ul_ev1_pwdgenB, ul_ev1_packgenB, + "hf mfu dump -k %08x" + }, /* { "Xiaomi AIR Purifier", "0004040201000F03", @@ -1509,6 +1546,7 @@ static int mfu_fingerprint(uint64_t tagtype, bool hasAuthKey, uint8_t *authkey, uint8_t *data = NULL; int res = PM3_SUCCESS; + PrintAndLogEx(INFO, ""); PrintAndLogEx(INFO, "------------------------ " _CYAN_("Fingerprint") " -----------------------"); uint8_t maxbytes = mfu_max_len(); if (maxbytes == 0) { @@ -1517,7 +1555,7 @@ static int mfu_fingerprint(uint64_t tagtype, bool hasAuthKey, uint8_t *authkey, goto out; } - maxbytes = ((maxbytes / 4) + 1) * 4; + maxbytes = ((maxbytes / MFU_BLOCK_SIZE) + 1) * MFU_BLOCK_SIZE; data = calloc(maxbytes, sizeof(uint8_t)); if (data == NULL) { PrintAndLogEx(ERR, "failed to allocate memory"); @@ -1525,7 +1563,7 @@ static int mfu_fingerprint(uint64_t tagtype, bool hasAuthKey, uint8_t *authkey, goto out; } - uint8_t pages = (maxbytes / 4); + uint8_t pages = (maxbytes / MFU_BLOCK_SIZE); PrintAndLogEx(INFO, "Reading tag memory..."); uint8_t keytype = 0; @@ -1539,7 +1577,7 @@ static int mfu_fingerprint(uint64_t tagtype, bool hasAuthKey, uint8_t *authkey, SendCommandMIX(CMD_HF_MIFAREU_READCARD, 0, pages, keytype, authkey, ak_len); PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 2500) == false) { PrintAndLogEx(WARNING, "Command execute time-out"); res = PM3_ETIMEOUT; goto out; @@ -1559,12 +1597,13 @@ static int mfu_fingerprint(uint64_t tagtype, bool hasAuthKey, uint8_t *authkey, buffer_size = maxbytes; } - if (!GetFromDevice(BIG_BUF, data, buffer_size, startindex, NULL, 0, NULL, 2500, false)) { + if (GetFromDevice(BIG_BUF, data, buffer_size, startindex, NULL, 0, NULL, 2500, false) == false) { PrintAndLogEx(WARNING, "command execution time out"); res = PM3_ETIMEOUT; goto out; } + uint8_t version[8] = {0}; uint8_t uid[7] = {0}; if (mfu_get_version_uid(version, uid) == PM3_SUCCESS) { @@ -1843,7 +1882,7 @@ static int CmdHF14AMfUInfo(const char *Cmd) { } bool locked = false; - // read pages 0,1,2,3 (should read 4pages) + // read pages 0,1,2,3 (should read 4 pages) status = ul_read(0, data, sizeof(data)); if (status == -1) { DropField(); @@ -1940,7 +1979,7 @@ static int CmdHF14AMfUInfo(const char *Cmd) { DropField(); return PM3_ESOFT; } - if (status == 32) { + if (status == 32 || status == 34) { ulev1_print_signature(tagtype, card.uid, ulev1_signature, 32); } else if (status == 48) { ulev1_print_signature(tagtype, card.uid, ulev1_signature, 48); @@ -2009,7 +2048,10 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenA(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found default password " _GREEN_("%s") " pack %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + has_auth_key = true; + ak_len = 4; + memcpy(authenticationkey, key, 4); + PrintAndLogEx(SUCCESS, "Found password... " _GREEN_("%s") " pack... " _GREEN_("%02X%02X"), sprint_hex_inrow(key, 4), pack[0], pack[1]); goto out; } @@ -2021,7 +2063,10 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenB(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found default password " _GREEN_("%s") " pack %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + has_auth_key = true; + ak_len = 4; + memcpy(authenticationkey, key, 4); + PrintAndLogEx(SUCCESS, "Found password... " _GREEN_("%s") " pack... " _GREEN_("%02X%02X"), sprint_hex_inrow(key, 4), pack[0], pack[1]); goto out; } @@ -2033,7 +2078,10 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenC(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found default password " _GREEN_("%s") " pack %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + has_auth_key = true; + ak_len = 4; + memcpy(authenticationkey, key, 4); + PrintAndLogEx(SUCCESS, "Found password... " _GREEN_("%s") " pack... " _GREEN_("%02X%02X"), sprint_hex_inrow(key, 4), pack[0], pack[1]); goto out; } @@ -2045,7 +2093,10 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenD(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found default password" _GREEN_("%s") " pack %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + has_auth_key = true; + ak_len = 4; + memcpy(authenticationkey, key, 4); + PrintAndLogEx(SUCCESS, "Found password... " _GREEN_("%s") " pack... " _GREEN_("%02X%02X"), sprint_hex_inrow(key, 4), pack[0], pack[1]); goto out; } @@ -2057,7 +2108,10 @@ static int CmdHF14AMfUInfo(const char *Cmd) { key = default_pwd_pack[i]; len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found default password " _GREEN_("%s") " pack %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + has_auth_key = true; + ak_len = 4; + memcpy(authenticationkey, key, 4); + PrintAndLogEx(SUCCESS, "Found password... " _GREEN_("%s") " pack... " _GREEN_("%02X%02X"), sprint_hex_inrow(key, 4), pack[0], pack[1]); break; } else { if (ul_auth_select(&card, tagtype, has_auth_key, authkeyptr, pack, sizeof(pack)) == PM3_ESOFT) { @@ -2070,13 +2124,18 @@ static int CmdHF14AMfUInfo(const char *Cmd) { PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu pwdgen -r`") " to get see known pwd gen algo suggestions"); } } else { - PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu pwdgen -r`") " to get see known pwd gen algo suggestions"); + + if (locked) { + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu pwdgen -r`") " to get see known pwd gen algo suggestions"); + } } } - mfu_fingerprint(tagtype, has_auth_key, authkeyptr, ak_len); - out: + if (has_auth_key) { + mfu_fingerprint(tagtype, has_auth_key, authkeyptr, ak_len); + } + DropField(); if (locked) { PrintAndLogEx(INFO, "\nTag appears to be locked, try using a key to get more info"); diff --git a/client/src/fileutils.c b/client/src/fileutils.c index 3e2a2b143..358c208da 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -1902,8 +1902,6 @@ int loadFileJSONex(const char *preferredName, void *data, size_t maxdatalen, siz } out: - - if (callback != NULL) { (*callback)(root); } @@ -2205,6 +2203,12 @@ mfu_df_e detect_mfu_dump_format(uint8_t **dump, bool verbose) { retval = MFU_DF_NEWBIN; } + // Memory layout is different for NTAG I2C 1K/2K plus + // Sak 00, atqa 44 00 + if (0 == new->data[7] && 0x44 == new->data[8] && 0x00 == new->data[9] ) { + retval = MFU_DF_NEWBIN; + } + // detect old if (retval == MFU_DF_UNKNOWN) { old_mfu_dump_t *old = (old_mfu_dump_t *)*dump; diff --git a/client/src/util.c b/client/src/util.c index 2cf077fa7..9bf0bce9a 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -564,7 +564,7 @@ char *sprint_breakdown_bin(color_t color, const char *bs, int width, int padn, i return NULL; } - const char *prepad = " "; + const char *prepad = "................................"; const char *postmarker = " ................................"; static char buf[32 + 120] = {0}; memset(buf, 0, sizeof(buf));