github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 02:27:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix miscchecks

Browse source
This commit is contained in:
iceman1001 2024-03-19 11:18:33 +01:00
commit 2fd36379e1
1 changed files with 253 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

506
client/luascripts/hf_mf_uscuid_prog.lua
View file

@ -96,21 +96,21 @@ local function help()
end
-- Sorry, didn't care to figure out custom bit amounts with the 14a lua lib. So here's this thing
local function wupc2()
return {
[0] = 'hf 14a raw -akb 7 20',
[1] = 'hf 14a raw -k 23',
}
return {
[0] = 'hf 14a raw -akb 7 20',
[1] = 'hf 14a raw -k 23',
}
end
local function wupc()
return{
[0] = 'hf 14a raw -akb 7 40',
[1] = 'hf 14a raw -k 43',
}
return{
[0] = 'hf 14a raw -akb 7 40',
[1] = 'hf 14a raw -k 43',
}
end
local function makenuid(uid)
core.console('ana nuid -d '..uid)
core.console('ana nuid -d '..uid)
end
local function sendCmds(cmds)
for i = 0, #cmds do
@ -121,7 +121,7 @@ local function sendCmds(cmds)
end
end
local function wakeupmagic(writetype)
if writetype=="2" then sendCmds(wupc2()) elseif writetype=="4" then sendCmds(wupc()) end
if writetype=="2" then sendCmds(wupc2()) elseif writetype=="4" then sendCmds(wupc()) end
end
local function calculate_block0(useruid)
local uidbytes = utils.ConvertHexToBytes(useruid)
@ -139,21 +139,21 @@ local function calculate_block0(useruid)
return block0..string.format('%02X', bcc)
end
local function cltwo_block0(uid)
payload = uid
payload = payload .. "884400000000000000"
return payload
payload = uid
payload = payload .. "884400000000000000"
return payload
end
local function SectorHeader(sector)
print("["..ansicolors.yellow.."="..ansicolors.reset.."] # | sector "..ansicolors.green..string.format("%02d", sector)..ansicolors.reset.." / "..ansicolors.green..string.format("0x%02X", sector)..ansicolors.reset)
print("["..ansicolors.yellow.."="..ansicolors.reset.."] ----+------------------------------------------------")
print("["..ansicolors.yellow.."="..ansicolors.reset.."] # | sector "..ansicolors.green..string.format("%02d", sector)..ansicolors.reset.." / "..ansicolors.green..string.format("0x%02X", sector)..ansicolors.reset)
print("["..ansicolors.yellow.."="..ansicolors.reset.."] ----+------------------------------------------------")
end
local function BlockParser(data, block)
if block == "0" or block == 0 then -- for block 0
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.red..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
elseif (block+1)%4 == 0 then -- for ST
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.yellow..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..ansicolors.magenta..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..ansicolors.reset..string.sub(data,19,20).." "..ansicolors.yellow..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
else
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)) end
if block == "0" or block == 0 then -- for block 0
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.red..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
elseif (block+1)%4 == 0 then -- for ST
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.yellow..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..ansicolors.magenta..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..ansicolors.reset..string.sub(data,19,20).." "..ansicolors.yellow..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
else
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)) end
end
local function sendRaw(rawdata, keep)
flags = lib14a.ISO14A_COMMAND.ISO14A_RAW + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC
@ -167,7 +167,7 @@ local function sendRaw(rawdata, keep)
local result, err = command:sendMIX(ignore_response)
if result then
--local count,cmd,arg1,arg2,arg3,data = bin.unpack('LLLLH512',result)
local p = command.parse(result)
local p = command.parse(result)
arg1 = p["arg1"]
data = p["data"]
returned_bytes = string.sub(data, 1, arg1 * 2)
@ -176,26 +176,26 @@ local function sendRaw(rawdata, keep)
end
-- Functions to work with configuration data (E000, E100 cmds)
local function readconf()
configbuffer = sendRaw("E000", true)
if string.len(configbuffer) ~= 36 then
oops("Tag sent wrong length of config!")
lib14a.disconnect()
return 1 end
return utils.ConvertHexToBytes(string.sub(configbuffer,1,32))
configbuffer = sendRaw("E000", true)
if string.len(configbuffer) ~= 36 then
oops("Tag sent wrong length of config!")
lib14a.disconnect()
return 1 end
return utils.ConvertHexToBytes(string.sub(configbuffer,1,32))
end
local function writeconf(configbuffer)
configbuffer=utils.ConvertBytesToHex(configbuffer)
print(ansicolors.yellow.."[|]".. ansicolors.reset .." The new config is: "..configbuffer)
if sendRaw("E100", true) == "0A" then
if sendRaw(configbuffer, true) == "0A" then
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Config updated successfully")
else
oops("Tag did not ACK config update!")
lib14a.disconnect()
return 1 end
else oops("Tag did not ACK `E100` command!")
lib14a.disconnect()
return 1 end
configbuffer=utils.ConvertBytesToHex(configbuffer)
print(ansicolors.yellow.."[|]".. ansicolors.reset .." The new config is: "..configbuffer)
if sendRaw("E100", true) == "0A" then
if sendRaw(configbuffer, true) == "0A" then
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Config updated successfully")
else
oops("Tag did not ACK config update!")
lib14a.disconnect()
return 1 end
else oops("Tag did not ACK `E100` command!")
lib14a.disconnect()
return 1 end
end
-- End config functions
@ -232,7 +232,7 @@ function main(args)
-- Parse arguments
-- Note: wrong order of arguments makes the script just not work. Like in some cases the script dies and doesnt call anything, in others it wants data for bool arguments. DESIGN???
for o,a in getopt.getopt(args, 'g:c:b:2:7:d:a:n:r:u:t:s:R:B:S:E:hw3') do
if o == "h" then return help() end
if o == "h" then return help() end
if o == 'u' then uid = a end
if o == 's' then signature = a end
if o == 't' then writetype = a end
@ -244,15 +244,15 @@ function main(args)
if o == 'w' then wipe = true end
-- So one odd thing I noticed is the bool args like -h, -w don't work without a 2nd argument. So you now must do -h 1.. what? Why?
-- ConfigStar
if o == 'g' then if a == "1" then gen1 = true elseif a == "0" then gen1 = false end end
if o == 'c' then if a == "1" then gen1com= true elseif a == "0" then gen1com= false end end
if o == 'b' then if a == "1" then keyblock= true elseif a == "0" then keyblock= false end end
if o == '2' then if a == "1" then cuid= true elseif a == "0" then cuid= false end end
if o == '7' then if a == "1" then cl2mode= true elseif a == "0" then cl2mode= false end end
if o == 'd' then if a == "1" then shadowmode = true elseif a == "0" then shadowmode = false end end
if o == 'a' then if a == "1" then magicauth= true elseif a == "0" then magicauth= false end end
if o == 'n' then if a == "1" then statenc= true elseif a == "0" then statenc= false end end
if o == 'r' then if a == "1" then sigsec = true elseif a == "0" then sigsec= false end end
if o == 'g' then if a == "1" then gen1 = true elseif a == "0" then gen1 = false end end
if o == 'c' then if a == "1" then gen1com= true elseif a == "0" then gen1com= false end end
if o == 'b' then if a == "1" then keyblock= true elseif a == "0" then keyblock= false end end
if o == '2' then if a == "1" then cuid= true elseif a == "0" then cuid= false end end
if o == '7' then if a == "1" then cl2mode= true elseif a == "0" then cl2mode= false end end
if o == 'd' then if a == "1" then shadowmode = true elseif a == "0" then shadowmode = false end end
if o == 'a' then if a == "1" then magicauth= true elseif a == "0" then magicauth= false end end
if o == 'n' then if a == "1" then statenc= true elseif a == "0" then statenc= false end end
if o == 'r' then if a == "1" then sigsec = true elseif a == "0" then sigsec= false end end
end
if gen1 ~= nil or gen1com~= nil or keyblock~= nil or cuid~= nil or cl2mode~= nil or shadowmode~= nil or magicauth~= nil or statenc~= nil or sigsec~= nil then configwrite = true end
@ -267,220 +267,220 @@ function main(args)
-- 3. Form data to write
-- 4. Issue commands
if wipe == true then
print(ansicolors.red.."[/]"..ansicolors.reset.." Wipe issued! Nullifying other arguments!")
print(ansicolors.red.."[-]"..ansicolors.reset.." DO NOT REMOVE YOUR TAG!")
uid = nil
signature = nil
configwrite = nil
wakeupmagic(writetype)
if sendRaw("F000", true) ~= "0A" then
oops("DANGER! Tag did not ACK wipe command. The field has NOT been reset.")
print("[ ] If you think the wipe succeeded, immediately do this:")
print("hf 14a raw -kc E100; hf 14a raw -c 7AFF0000000000000000000000000008")
return 1 end
writeconf(utils.ConvertHexToBytes("7AFF0000000000000000005A00000008"))
sendRaw("F800", true) -- here you only wipe the backdoor blocks and they're not super critical so might as well not check.
sendRaw("A000", true) -- By this point I just rely on the tag.
sendRaw("DE7715B8040804000000000000000000", true)
for i =0,15 do
blk=string.format("%02x", 4*i+3):gsub("0x","")
sendRaw("A0"..blk, true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
sendRaw("A8"..blk,true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
end
sendRaw("A807", true)
sendRaw("75CCB59C9BED70F0F8694B791BEA7BCC",true)
print(ansicolors.yellow.."[-]"..ansicolors.reset.." Wipe completed successfully")
lib14a.disconnect()
print(ansicolors.red.."[/]"..ansicolors.reset.." Wipe issued! Nullifying other arguments!")
print(ansicolors.red.."[-]"..ansicolors.reset.." DO NOT REMOVE YOUR TAG!")
uid = nil
signature = nil
configwrite = nil
wakeupmagic(writetype)
if sendRaw("F000", true) ~= "0A" then
oops("DANGER! Tag did not ACK wipe command. The field has NOT been reset.")
print("[ ] If you think the wipe succeeded, immediately do this:")
print("hf 14a raw -kc E100; hf 14a raw -c 7AFF0000000000000000000000000008")
return 1 end
writeconf(utils.ConvertHexToBytes("7AFF0000000000000000005A00000008"))
sendRaw("F800", true) -- here you only wipe the backdoor blocks and they're not super critical so might as well not check.
sendRaw("A000", true) -- By this point I just rely on the tag.
sendRaw("DE7715B8040804000000000000000000", true)
for i =0,15 do
blk=string.format("%02x", 4*i+3):gsub("0x","")
sendRaw("A0"..blk, true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
sendRaw("A8"..blk,true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
end
sendRaw("A807", true)
sendRaw("75CCB59C9BED70F0F8694B791BEA7BCC",true)
print(ansicolors.yellow.."[-]"..ansicolors.reset.." Wipe completed successfully")
lib14a.disconnect()
end
-- Separator
if targetblk or targetbblk or targetsec or targetbsec then
uid = nil
signature = nil
configwrite = nil
wakeupmagic(writetype)
print("")
if targetblk or targetsec then
if targetblk then data = sendRaw("30"..string.format("%02x", targetblk), false) end
if targetblk then SectorHeader(targetblk/4) else SectorHeader(targetsec) end
if targetblk then BlockParser(data, targetblk) else for i=0,3 do BlockParser(sendRaw("30"..string.format("%02x", targetsec*4+i), true), targetsec*4+i) end end
elseif targetbblk or targetbsec then
if targetbblk then data=sendRaw("38"..string.format("%02x", targetbblk), false) end
if targetbblk then SectorHeader(targetbblk/4) else SectorHeader(targetbsec) end
if targetbblk then BlockParser(data, targetbblk) else for i=0,3 do BlockParser(sendRaw("38"..string.format("%02x", targetbsec*4+i), true), targetbsec*4+i) end end
-- Actually is there an sprintf_hex in lua?
end
lib14a.disconnect()
uid = nil
signature = nil
configwrite = nil
wakeupmagic(writetype)
print("")
if targetblk or targetsec then
if targetblk then data = sendRaw("30"..string.format("%02x", targetblk), false) end
if targetblk then SectorHeader(targetblk/4) else SectorHeader(targetsec) end
if targetblk then BlockParser(data, targetblk) else for i=0,3 do BlockParser(sendRaw("30"..string.format("%02x", targetsec*4+i), true), targetsec*4+i) end end
elseif targetbblk or targetbsec then
if targetbblk then data=sendRaw("38"..string.format("%02x", targetbblk), false) end
if targetbblk then SectorHeader(targetbblk/4) else SectorHeader(targetbsec) end
if targetbblk then BlockParser(data, targetbblk) else for i=0,3 do BlockParser(sendRaw("38"..string.format("%02x", targetbsec*4+i), true), targetbsec*4+i) end end
-- Actually is there an sprintf_hex in lua?
end
lib14a.disconnect()
end
-- Separator
if uid then
if writetype == "2" or writetype == "4" then
if string.len(uid) == 8 then
payload = calculate_block0(uid)
-- Calculate BCC
-- Append SAK
payload = payload .. "08"
-- Empty manuf bytes
payload = payload .. "04000000000000000000"
elseif string.len(uid) == 14 then
-- Same logic, but with raw anticollision data because that's what the tag accepts. :P
payload = calculate_block0("88"..string.sub(uid,1,6))
payload = payload .. "04"
payload = payload .. calculate_block0(string.sub(uid,7,14))
payload = payload .. "08"
payload = payload .. "00000000"
end
end
core.clearCommandBuffer()
-- Now, let's write! 1. We wake up the tag in magic mode.
-- 2. We will deal with the "easier" 7 byte UID stuff
if uid then
if string.len(uid) == 14 then
wakeupmagic(writetype)
if f3perso == true then print("[?] WARNING: F3 perso write is set, but 7 byte UID is passed. Ignoring -3 argument") end
local configdata = readconf()
if configdata[10] ~= 0x5A and configdata[10] ~= 0xC3 and configdata[10] ~= 0xA5 then -- Enable CL2 mode if necessary
print("[?] WARNING: Tag is not in 7 byte UID mode. Automatically updating to F0 unfused")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was not found to be equal to 0x5A, 0xC3 or 0xA5, but rather: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x5A
writeconf(configdata)
end
if sendRaw("A800", true) ~= "0A" then
oops("Tag did not ACK `A800` command!")
lib14a.disconnect()
return 1 end
print("[?] WARNING: nUID should be updated with this value:")
print(makenuid(uid))
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Use `--f3d` to update nUID for Perso F3 only.")
if sendRaw(payload, true) ~= "0A" then
oops("Tag did not ACK data to write!")
lib14a.disconnect()
return 1 end
print(ansicolors.yellow.."[-]".. ansicolors.reset .." Updating real block 0")
if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!")
lib14a.disconnect()
return 1 end
if sendRaw(cltwo_block0(uid), false) ~="0A" then oops("Tag did not ACK data to write!") end
-- Now, let's work with 4 byte UIDs.
elseif string.len(uid)==8 then
wakeupmagic(writetype)
local configdata = readconf()
if configdata[10] == 0x69 or f3perso == true then -- If we have Perso: F3, then write backdoor blk 1
if f3perso == true then print ("[?] WARNING: F3 flag enabled. Updating UID used for F3 perso") end
if sendRaw("A801", true) ~= "0A" then
oops("Tag did not ACK `A801` command!")
lib14a.disconnect()
return 1 end
else -- Otherwise write real block 0.
if configdata[10] == 0x5a or configdata[10] == 0xc3 or configdata[10] == 0xa5 then -- Disable CL2 if necessary
print("[?] WARNING: Tag is not in 4 byte UID mode. Automatically disabling")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was found to be equal to: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x00
writeconf(configdata)
end
if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!")
lib14a.disconnect()
return 1 end
end
if sendRaw(payload, false) ~= "0A" then oops("Tag did not ACK data to write!") end
end
end
if writetype == "2" or writetype == "4" then
if string.len(uid) == 8 then
payload = calculate_block0(uid)
-- Calculate BCC
-- Append SAK
payload = payload .. "08"
-- Empty manuf bytes
payload = payload .. "04000000000000000000"
elseif string.len(uid) == 14 then
-- Same logic, but with raw anticollision data because that's what the tag accepts. :P
payload = calculate_block0("88"..string.sub(uid,1,6))
payload = payload .. "04"
payload = payload .. calculate_block0(string.sub(uid,7,14))
payload = payload .. "08"
payload = payload .. "00000000"
end
end
core.clearCommandBuffer()
-- Now, let's write! 1. We wake up the tag in magic mode.
-- 2. We will deal with the "easier" 7 byte UID stuff
if uid then
if string.len(uid) == 14 then
wakeupmagic(writetype)
if f3perso == true then print("[?] WARNING: F3 perso write is set, but 7 byte UID is passed. Ignoring -3 argument") end
local configdata = readconf()
if configdata[10] ~= 0x5A and configdata[10] ~= 0xC3 and configdata[10] ~= 0xA5 then -- Enable CL2 mode if necessary
print("[?] WARNING: Tag is not in 7 byte UID mode. Automatically updating to F0 unfused")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was not found to be equal to 0x5A, 0xC3 or 0xA5, but rather: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x5A
writeconf(configdata)
end
if sendRaw("A800", true) ~= "0A" then
oops("Tag did not ACK `A800` command!")
lib14a.disconnect()
return 1 end
print("[?] WARNING: nUID should be updated with this value:")
print(makenuid(uid))
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Use `--f3d` to update nUID for Perso F3 only.")
if sendRaw(payload, true) ~= "0A" then
oops("Tag did not ACK data to write!")
lib14a.disconnect()
return 1 end
print(ansicolors.yellow.."[-]".. ansicolors.reset .." Updating real block 0")
if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!")
lib14a.disconnect()
return 1 end
if sendRaw(cltwo_block0(uid), false) ~="0A" then oops("Tag did not ACK data to write!") end
-- Now, let's work with 4 byte UIDs.
elseif string.len(uid)==8 then
wakeupmagic(writetype)
local configdata = readconf()
if configdata[10] == 0x69 or f3perso == true then -- If we have Perso: F3, then write backdoor blk 1
if f3perso == true then print ("[?] WARNING: F3 flag enabled. Updating UID used for F3 perso") end
if sendRaw("A801", true) ~= "0A" then
oops("Tag did not ACK `A801` command!")
lib14a.disconnect()
return 1 end
else -- Otherwise write real block 0.
if configdata[10] == 0x5a or configdata[10] == 0xc3 or configdata[10] == 0xa5 then -- Disable CL2 if necessary
print("[?] WARNING: Tag is not in 4 byte UID mode. Automatically disabling")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was found to be equal to: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x00
writeconf(configdata)
end
if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!")
lib14a.disconnect()
return 1 end
end
if sendRaw(payload, false) ~= "0A" then oops("Tag did not ACK data to write!") end
end
end
end
-- Separator
if signature then
wakeupmagic(writetype)
local configdata = readconf()
if configdata[14] ~= 0x5A then
print("[?] WARNING: Signature sector is not enabled. Automatically enabling")
configdata[14] = 0x5A
writeconf(configdata)
end
if sendRaw("A805", true) ~= "0A" then
oops("Tag did not ACK `A805` command!")
lib14a.disconnect()
return 1 end
if sendRaw(string.sub(signature,1,32), true) ~= "0A" then
oops("Tag did not ACK data 1 to write!")
lib14a.disconnect()
return 1 end
if sendRaw("A806", true) ~= "0A" then
oops("Tag did not ACK `A806` command!")
lib14a.disconnect()
return 1 end
if sendRaw(string.sub(signature,33,64), false) ~= "0A" then
oops("Tag did not ACK data 2 to write!")
lib14a.disconnect()
return 1 end
wakeupmagic(writetype)
local configdata = readconf()
if configdata[14] ~= 0x5A then
print("[?] WARNING: Signature sector is not enabled. Automatically enabling")
configdata[14] = 0x5A
writeconf(configdata)
end
if sendRaw("A805", true) ~= "0A" then
oops("Tag did not ACK `A805` command!")
lib14a.disconnect()
return 1 end
if sendRaw(string.sub(signature,1,32), true) ~= "0A" then
oops("Tag did not ACK data 1 to write!")
lib14a.disconnect()
return 1 end
if sendRaw("A806", true) ~= "0A" then
oops("Tag did not ACK `A806` command!")
lib14a.disconnect()
return 1 end
if sendRaw(string.sub(signature,33,64), false) ~= "0A" then
oops("Tag did not ACK data 2 to write!")
lib14a.disconnect()
return 1 end
end
if configwrite then
print(ansicolors.yellow.."[|]"..ansicolors.reset.." Welcome to ConfigStar!")
wakeupmagic(writetype)
config=readconf()
if (gen1 == false and magicauth == false) or ((config[1]==0x85 and config[2] == 0x00) and magicauth==false) or ((config[12]==0x00) and gen1 == false) then
oops("What you are about to do is potentially dangerous. \n If you really want to continue (potentially leaving your tag in an unusable state), enter this line as given, without quotation marks:\n \"Yes, do as I say!\"")
local ans=io.read()
if ans ~="Yes, do as I say!" then
lib14a.disconnect()
return 1
else print(ansicolors.red.."[/]"..ansicolors.reset.." Brace yourself.") end
end
-- Baby oh baby
-- Prepare for disappointment
if gen1 == true then
config[1] = 0x7A
config[2] = 0xFF
elseif gen1 == false then
config[1] = 0x85
config[2] = 0x00
end
if gen1com == true then
config[3] = 0x85
elseif gen1com == false then
config[3] = 0x00
end
if keyblock == true then
config[7] = 0x5A
elseif keyblock == false then
config[7] = 0x00
end
if cuid == true then
config[8] = 0x5A
elseif cuid == false then
config[8] = 0x00
end
if cl2mode == true then
config[10] = 0x5A
elseif cl2mode == false then
config[10] = 0x00
end
if shadowmode == true then
config[11] = 0x5A
elseif shadowmode == false then
config[11] = 0x00
end
if magicauth == true then
config[12] = 0x5A
elseif magicauth == false then
config[12] = 0x00
end
if statenc == true then
config[13] = 0x5A
elseif statenc == false then
config[13] = 0x00
end
if sigsec == true then
config[14] = 0x5A
elseif sigsec == false then
config[14] = 0x00
end
writeconf(config)
print(ansicolors.yellow.."[\\]"..ansicolors.reset.." Completed!")
lib14a.disconnect()
print(ansicolors.yellow.."[|]"..ansicolors.reset.." Welcome to ConfigStar!")
wakeupmagic(writetype)
config=readconf()
if (gen1 == false and magicauth == false) or ((config[1]==0x85 and config[2] == 0x00) and magicauth==false) or ((config[12]==0x00) and gen1 == false) then
oops("What you are about to do is potentially dangerous. \n If you really want to continue (potentially leaving your tag in an unusable state), enter this line as given, without quotation marks:\n \"Yes, do as I say!\"")
local ans=io.read()
if ans ~="Yes, do as I say!" then
lib14a.disconnect()
return 1
else print(ansicolors.red.."[/]"..ansicolors.reset.." Brace yourself.") end
end
-- Baby oh baby
-- Prepare for disappointment
if gen1 == true then
config[1] = 0x7A
config[2] = 0xFF
elseif gen1 == false then
config[1] = 0x85
config[2] = 0x00
end
if gen1com == true then
config[3] = 0x85
elseif gen1com == false then
config[3] = 0x00
end
if keyblock == true then
config[7] = 0x5A
elseif keyblock == false then
config[7] = 0x00
end
if cuid == true then
config[8] = 0x5A
elseif cuid == false then
config[8] = 0x00
end
if cl2mode == true then
config[10] = 0x5A
elseif cl2mode == false then
config[10] = 0x00
end
if shadowmode == true then
config[11] = 0x5A
elseif shadowmode == false then
config[11] = 0x00
end
if magicauth == true then
config[12] = 0x5A
elseif magicauth == false then
config[12] = 0x00
end
if statenc == true then
config[13] = 0x5A
elseif statenc == false then
config[13] = 0x00
end
if sigsec == true then
config[14] = 0x5A
elseif sigsec == false then
config[14] = 0x00
end
writeconf(config)
print(ansicolors.yellow.."[\\]"..ansicolors.reset.." Completed!")
lib14a.disconnect()
end
end
main(args)