github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix miscchecks

Browse source
This commit is contained in:
iceman1001 2024-03-19 11:18:33 +01:00
commit 2fd36379e1
1 changed files with 253 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

506
client/luascripts/hf_mf_uscuid_prog.lua
View file

@ -96,21 +96,21 @@ local function help()
end end
-- Sorry, didn't care to figure out custom bit amounts with the 14a lua lib. So here's this thing -- Sorry, didn't care to figure out custom bit amounts with the 14a lua lib. So here's this thing
local function wupc2() local function wupc2()
return { return {
[0] = 'hf 14a raw -akb 7 20', [0] = 'hf 14a raw -akb 7 20',
[1] = 'hf 14a raw -k 23', [1] = 'hf 14a raw -k 23',
} }
end end
local function wupc() local function wupc()
return{ return{
[0] = 'hf 14a raw -akb 7 40', [0] = 'hf 14a raw -akb 7 40',
[1] = 'hf 14a raw -k 43', [1] = 'hf 14a raw -k 43',
} }
end end
local function makenuid(uid) local function makenuid(uid)
core.console('ana nuid -d '..uid) core.console('ana nuid -d '..uid)
end end
local function sendCmds(cmds) local function sendCmds(cmds)
for i = 0, #cmds do for i = 0, #cmds do
@ -121,7 +121,7 @@ local function sendCmds(cmds)
end end
end end
local function wakeupmagic(writetype) local function wakeupmagic(writetype)
if writetype=="2" then sendCmds(wupc2()) elseif writetype=="4" then sendCmds(wupc()) end if writetype=="2" then sendCmds(wupc2()) elseif writetype=="4" then sendCmds(wupc()) end
end end
local function calculate_block0(useruid) local function calculate_block0(useruid)
local uidbytes = utils.ConvertHexToBytes(useruid) local uidbytes = utils.ConvertHexToBytes(useruid)
@ -139,21 +139,21 @@ local function calculate_block0(useruid)
return block0..string.format('%02X', bcc) return block0..string.format('%02X', bcc)
end end
local function cltwo_block0(uid) local function cltwo_block0(uid)
payload = uid payload = uid
payload = payload .. "884400000000000000" payload = payload .. "884400000000000000"
return payload return payload
end end
local function SectorHeader(sector) local function SectorHeader(sector)
print("["..ansicolors.yellow.."="..ansicolors.reset.."] # | sector "..ansicolors.green..string.format("%02d", sector)..ansicolors.reset.." / "..ansicolors.green..string.format("0x%02X", sector)..ansicolors.reset) print("["..ansicolors.yellow.."="..ansicolors.reset.."] # | sector "..ansicolors.green..string.format("%02d", sector)..ansicolors.reset.." / "..ansicolors.green..string.format("0x%02X", sector)..ansicolors.reset)
print("["..ansicolors.yellow.."="..ansicolors.reset.."] ----+------------------------------------------------") print("["..ansicolors.yellow.."="..ansicolors.reset.."] ----+------------------------------------------------")
end end
local function BlockParser(data, block) local function BlockParser(data, block)
if block == "0" or block == 0 then -- for block 0 if block == "0" or block == 0 then -- for block 0
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.red..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset) print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.red..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
elseif (block+1)%4 == 0 then -- for ST elseif (block+1)%4 == 0 then -- for ST
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.yellow..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..ansicolors.magenta..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..ansicolors.reset..string.sub(data,19,20).." "..ansicolors.yellow..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset) print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..ansicolors.yellow..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..ansicolors.magenta..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..ansicolors.reset..string.sub(data,19,20).." "..ansicolors.yellow..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)..ansicolors.reset)
else else
print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)) end print("["..ansicolors.yellow.."="..ansicolors.reset.."] "..string.format("%02d", block).." | "..string.sub(data,1,2).." "..string.sub(data,3,4).." "..string.sub(data,5,6).." "..string.sub(data,7,8).." "..string.sub(data,9,10).." "..string.sub(data,11,12).." "..string.sub(data,13,14).." "..string.sub(data,15,16).." "..string.sub(data,17,18).." "..string.sub(data,19,20).." "..string.sub(data,21,22).." "..string.sub(data,23,24).." "..string.sub(data,25,26).." "..string.sub(data,27,28).." "..string.sub(data,29,30).." "..string.sub(data,31,32)) end
end end
local function sendRaw(rawdata, keep) local function sendRaw(rawdata, keep)
flags = lib14a.ISO14A_COMMAND.ISO14A_RAW + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC flags = lib14a.ISO14A_COMMAND.ISO14A_RAW + lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC
@ -167,7 +167,7 @@ local function sendRaw(rawdata, keep)
local result, err = command:sendMIX(ignore_response) local result, err = command:sendMIX(ignore_response)
if result then if result then
--local count,cmd,arg1,arg2,arg3,data = bin.unpack('LLLLH512',result) --local count,cmd,arg1,arg2,arg3,data = bin.unpack('LLLLH512',result)
local p = command.parse(result) local p = command.parse(result)
arg1 = p["arg1"] arg1 = p["arg1"]
data = p["data"] data = p["data"]
returned_bytes = string.sub(data, 1, arg1 * 2) returned_bytes = string.sub(data, 1, arg1 * 2)
@ -176,26 +176,26 @@ local function sendRaw(rawdata, keep)
end end
-- Functions to work with configuration data (E000, E100 cmds) -- Functions to work with configuration data (E000, E100 cmds)
local function readconf() local function readconf()
configbuffer = sendRaw("E000", true) configbuffer = sendRaw("E000", true)
if string.len(configbuffer) ~= 36 then if string.len(configbuffer) ~= 36 then
oops("Tag sent wrong length of config!") oops("Tag sent wrong length of config!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
return utils.ConvertHexToBytes(string.sub(configbuffer,1,32)) return utils.ConvertHexToBytes(string.sub(configbuffer,1,32))
end end
local function writeconf(configbuffer) local function writeconf(configbuffer)
configbuffer=utils.ConvertBytesToHex(configbuffer) configbuffer=utils.ConvertBytesToHex(configbuffer)
print(ansicolors.yellow.."[|]".. ansicolors.reset .." The new config is: "..configbuffer) print(ansicolors.yellow.."[|]".. ansicolors.reset .." The new config is: "..configbuffer)
if sendRaw("E100", true) == "0A" then if sendRaw("E100", true) == "0A" then
if sendRaw(configbuffer, true) == "0A" then if sendRaw(configbuffer, true) == "0A" then
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Config updated successfully") print(ansicolors.yellow.."[/]".. ansicolors.reset .." Config updated successfully")
else else
oops("Tag did not ACK config update!") oops("Tag did not ACK config update!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
else oops("Tag did not ACK `E100` command!") else oops("Tag did not ACK `E100` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
end end
-- End config functions -- End config functions
@ -232,7 +232,7 @@ function main(args)
-- Parse arguments -- Parse arguments
-- Note: wrong order of arguments makes the script just not work. Like in some cases the script dies and doesnt call anything, in others it wants data for bool arguments. DESIGN??? -- Note: wrong order of arguments makes the script just not work. Like in some cases the script dies and doesnt call anything, in others it wants data for bool arguments. DESIGN???
for o,a in getopt.getopt(args, 'g:c:b:2:7:d:a:n:r:u:t:s:R:B:S:E:hw3') do for o,a in getopt.getopt(args, 'g:c:b:2:7:d:a:n:r:u:t:s:R:B:S:E:hw3') do
if o == "h" then return help() end if o == "h" then return help() end
if o == 'u' then uid = a end if o == 'u' then uid = a end
if o == 's' then signature = a end if o == 's' then signature = a end
if o == 't' then writetype = a end if o == 't' then writetype = a end
@ -244,15 +244,15 @@ function main(args)
if o == 'w' then wipe = true end if o == 'w' then wipe = true end
-- So one odd thing I noticed is the bool args like -h, -w don't work without a 2nd argument. So you now must do -h 1.. what? Why? -- So one odd thing I noticed is the bool args like -h, -w don't work without a 2nd argument. So you now must do -h 1.. what? Why?
-- ConfigStar -- ConfigStar
if o == 'g' then if a == "1" then gen1 = true elseif a == "0" then gen1 = false end end if o == 'g' then if a == "1" then gen1 = true elseif a == "0" then gen1 = false end end
if o == 'c' then if a == "1" then gen1com= true elseif a == "0" then gen1com= false end end if o == 'c' then if a == "1" then gen1com= true elseif a == "0" then gen1com= false end end
if o == 'b' then if a == "1" then keyblock= true elseif a == "0" then keyblock= false end end if o == 'b' then if a == "1" then keyblock= true elseif a == "0" then keyblock= false end end
if o == '2' then if a == "1" then cuid= true elseif a == "0" then cuid= false end end if o == '2' then if a == "1" then cuid= true elseif a == "0" then cuid= false end end
if o == '7' then if a == "1" then cl2mode= true elseif a == "0" then cl2mode= false end end if o == '7' then if a == "1" then cl2mode= true elseif a == "0" then cl2mode= false end end
if o == 'd' then if a == "1" then shadowmode = true elseif a == "0" then shadowmode = false end end if o == 'd' then if a == "1" then shadowmode = true elseif a == "0" then shadowmode = false end end
if o == 'a' then if a == "1" then magicauth= true elseif a == "0" then magicauth= false end end if o == 'a' then if a == "1" then magicauth= true elseif a == "0" then magicauth= false end end
if o == 'n' then if a == "1" then statenc= true elseif a == "0" then statenc= false end end if o == 'n' then if a == "1" then statenc= true elseif a == "0" then statenc= false end end
if o == 'r' then if a == "1" then sigsec = true elseif a == "0" then sigsec= false end end if o == 'r' then if a == "1" then sigsec = true elseif a == "0" then sigsec= false end end
end end
if gen1 ~= nil or gen1com~= nil or keyblock~= nil or cuid~= nil or cl2mode~= nil or shadowmode~= nil or magicauth~= nil or statenc~= nil or sigsec~= nil then configwrite = true end if gen1 ~= nil or gen1com~= nil or keyblock~= nil or cuid~= nil or cl2mode~= nil or shadowmode~= nil or magicauth~= nil or statenc~= nil or sigsec~= nil then configwrite = true end
@ -267,220 +267,220 @@ function main(args)
-- 3. Form data to write -- 3. Form data to write
-- 4. Issue commands -- 4. Issue commands
if wipe == true then if wipe == true then
print(ansicolors.red.."[/]"..ansicolors.reset.." Wipe issued! Nullifying other arguments!") print(ansicolors.red.."[/]"..ansicolors.reset.." Wipe issued! Nullifying other arguments!")
print(ansicolors.red.."[-]"..ansicolors.reset.." DO NOT REMOVE YOUR TAG!") print(ansicolors.red.."[-]"..ansicolors.reset.." DO NOT REMOVE YOUR TAG!")
uid = nil uid = nil
signature = nil signature = nil
configwrite = nil configwrite = nil
wakeupmagic(writetype) wakeupmagic(writetype)
if sendRaw("F000", true) ~= "0A" then if sendRaw("F000", true) ~= "0A" then
oops("DANGER! Tag did not ACK wipe command. The field has NOT been reset.") oops("DANGER! Tag did not ACK wipe command. The field has NOT been reset.")
print("[ ] If you think the wipe succeeded, immediately do this:") print("[ ] If you think the wipe succeeded, immediately do this:")
print("hf 14a raw -kc E100; hf 14a raw -c 7AFF0000000000000000000000000008") print("hf 14a raw -kc E100; hf 14a raw -c 7AFF0000000000000000000000000008")
return 1 end return 1 end
writeconf(utils.ConvertHexToBytes("7AFF0000000000000000005A00000008")) writeconf(utils.ConvertHexToBytes("7AFF0000000000000000005A00000008"))
sendRaw("F800", true) -- here you only wipe the backdoor blocks and they're not super critical so might as well not check. sendRaw("F800", true) -- here you only wipe the backdoor blocks and they're not super critical so might as well not check.
sendRaw("A000", true) -- By this point I just rely on the tag. sendRaw("A000", true) -- By this point I just rely on the tag.
sendRaw("DE7715B8040804000000000000000000", true) sendRaw("DE7715B8040804000000000000000000", true)
for i =0,15 do for i =0,15 do
blk=string.format("%02x", 4*i+3):gsub("0x","") blk=string.format("%02x", 4*i+3):gsub("0x","")
sendRaw("A0"..blk, true) sendRaw("A0"..blk, true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true) sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
sendRaw("A8"..blk,true) sendRaw("A8"..blk,true)
sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true) sendRaw("FFFFFFFFFFFFFF078069FFFFFFFFFFFF",true)
end end
sendRaw("A807", true) sendRaw("A807", true)
sendRaw("75CCB59C9BED70F0F8694B791BEA7BCC",true) sendRaw("75CCB59C9BED70F0F8694B791BEA7BCC",true)
print(ansicolors.yellow.."[-]"..ansicolors.reset.." Wipe completed successfully") print(ansicolors.yellow.."[-]"..ansicolors.reset.." Wipe completed successfully")
lib14a.disconnect() lib14a.disconnect()
end end
-- Separator -- Separator
if targetblk or targetbblk or targetsec or targetbsec then if targetblk or targetbblk or targetsec or targetbsec then
uid = nil uid = nil
signature = nil signature = nil
configwrite = nil configwrite = nil
wakeupmagic(writetype) wakeupmagic(writetype)
print("") print("")
if targetblk or targetsec then if targetblk or targetsec then
if targetblk then data = sendRaw("30"..string.format("%02x", targetblk), false) end if targetblk then data = sendRaw("30"..string.format("%02x", targetblk), false) end
if targetblk then SectorHeader(targetblk/4) else SectorHeader(targetsec) end if targetblk then SectorHeader(targetblk/4) else SectorHeader(targetsec) end
if targetblk then BlockParser(data, targetblk) else for i=0,3 do BlockParser(sendRaw("30"..string.format("%02x", targetsec*4+i), true), targetsec*4+i) end end if targetblk then BlockParser(data, targetblk) else for i=0,3 do BlockParser(sendRaw("30"..string.format("%02x", targetsec*4+i), true), targetsec*4+i) end end
elseif targetbblk or targetbsec then elseif targetbblk or targetbsec then
if targetbblk then data=sendRaw("38"..string.format("%02x", targetbblk), false) end if targetbblk then data=sendRaw("38"..string.format("%02x", targetbblk), false) end
if targetbblk then SectorHeader(targetbblk/4) else SectorHeader(targetbsec) end if targetbblk then SectorHeader(targetbblk/4) else SectorHeader(targetbsec) end
if targetbblk then BlockParser(data, targetbblk) else for i=0,3 do BlockParser(sendRaw("38"..string.format("%02x", targetbsec*4+i), true), targetbsec*4+i) end end if targetbblk then BlockParser(data, targetbblk) else for i=0,3 do BlockParser(sendRaw("38"..string.format("%02x", targetbsec*4+i), true), targetbsec*4+i) end end
-- Actually is there an sprintf_hex in lua? -- Actually is there an sprintf_hex in lua?
end end
lib14a.disconnect() lib14a.disconnect()
end end
-- Separator -- Separator
if uid then if uid then
if writetype == "2" or writetype == "4" then if writetype == "2" or writetype == "4" then
if string.len(uid) == 8 then if string.len(uid) == 8 then
payload = calculate_block0(uid) payload = calculate_block0(uid)
-- Calculate BCC -- Calculate BCC
-- Append SAK -- Append SAK
payload = payload .. "08" payload = payload .. "08"
-- Empty manuf bytes -- Empty manuf bytes
payload = payload .. "04000000000000000000" payload = payload .. "04000000000000000000"
elseif string.len(uid) == 14 then elseif string.len(uid) == 14 then
-- Same logic, but with raw anticollision data because that's what the tag accepts. :P -- Same logic, but with raw anticollision data because that's what the tag accepts. :P
payload = calculate_block0("88"..string.sub(uid,1,6)) payload = calculate_block0("88"..string.sub(uid,1,6))
payload = payload .. "04" payload = payload .. "04"
payload = payload .. calculate_block0(string.sub(uid,7,14)) payload = payload .. calculate_block0(string.sub(uid,7,14))
payload = payload .. "08" payload = payload .. "08"
payload = payload .. "00000000" payload = payload .. "00000000"
end end
end end
core.clearCommandBuffer() core.clearCommandBuffer()
-- Now, let's write! 1. We wake up the tag in magic mode. -- Now, let's write! 1. We wake up the tag in magic mode.
-- 2. We will deal with the "easier" 7 byte UID stuff -- 2. We will deal with the "easier" 7 byte UID stuff
if uid then if uid then
if string.len(uid) == 14 then if string.len(uid) == 14 then
wakeupmagic(writetype) wakeupmagic(writetype)
if f3perso == true then print("[?] WARNING: F3 perso write is set, but 7 byte UID is passed. Ignoring -3 argument") end if f3perso == true then print("[?] WARNING: F3 perso write is set, but 7 byte UID is passed. Ignoring -3 argument") end
local configdata = readconf() local configdata = readconf()
if configdata[10] ~= 0x5A and configdata[10] ~= 0xC3 and configdata[10] ~= 0xA5 then -- Enable CL2 mode if necessary if configdata[10] ~= 0x5A and configdata[10] ~= 0xC3 and configdata[10] ~= 0xA5 then -- Enable CL2 mode if necessary
print("[?] WARNING: Tag is not in 7 byte UID mode. Automatically updating to F0 unfused") print("[?] WARNING: Tag is not in 7 byte UID mode. Automatically updating to F0 unfused")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was not found to be equal to 0x5A, 0xC3 or 0xA5, but rather: ".. string.format("%02x", configdata[10])) print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was not found to be equal to 0x5A, 0xC3 or 0xA5, but rather: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata)) print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x5A configdata[10]=0x5A
writeconf(configdata) writeconf(configdata)
end end
if sendRaw("A800", true) ~= "0A" then if sendRaw("A800", true) ~= "0A" then
oops("Tag did not ACK `A800` command!") oops("Tag did not ACK `A800` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
print("[?] WARNING: nUID should be updated with this value:") print("[?] WARNING: nUID should be updated with this value:")
print(makenuid(uid)) print(makenuid(uid))
print(ansicolors.yellow.."[/]".. ansicolors.reset .." Use `--f3d` to update nUID for Perso F3 only.") print(ansicolors.yellow.."[/]".. ansicolors.reset .." Use `--f3d` to update nUID for Perso F3 only.")
if sendRaw(payload, true) ~= "0A" then if sendRaw(payload, true) ~= "0A" then
oops("Tag did not ACK data to write!") oops("Tag did not ACK data to write!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
print(ansicolors.yellow.."[-]".. ansicolors.reset .." Updating real block 0") print(ansicolors.yellow.."[-]".. ansicolors.reset .." Updating real block 0")
if sendRaw("A000", true) ~= "0A" then if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!") oops("Tag did not ACK `A000` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
if sendRaw(cltwo_block0(uid), false) ~="0A" then oops("Tag did not ACK data to write!") end if sendRaw(cltwo_block0(uid), false) ~="0A" then oops("Tag did not ACK data to write!") end
-- Now, let's work with 4 byte UIDs. -- Now, let's work with 4 byte UIDs.
elseif string.len(uid)==8 then elseif string.len(uid)==8 then
wakeupmagic(writetype) wakeupmagic(writetype)
local configdata = readconf() local configdata = readconf()
if configdata[10] == 0x69 or f3perso == true then -- If we have Perso: F3, then write backdoor blk 1 if configdata[10] == 0x69 or f3perso == true then -- If we have Perso: F3, then write backdoor blk 1
if f3perso == true then print ("[?] WARNING: F3 flag enabled. Updating UID used for F3 perso") end if f3perso == true then print ("[?] WARNING: F3 flag enabled. Updating UID used for F3 perso") end
if sendRaw("A801", true) ~= "0A" then if sendRaw("A801", true) ~= "0A" then
oops("Tag did not ACK `A801` command!") oops("Tag did not ACK `A801` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
else -- Otherwise write real block 0. else -- Otherwise write real block 0.
if configdata[10] == 0x5a or configdata[10] == 0xc3 or configdata[10] == 0xa5 then -- Disable CL2 if necessary if configdata[10] == 0x5a or configdata[10] == 0xc3 or configdata[10] == 0xa5 then -- Disable CL2 if necessary
print("[?] WARNING: Tag is not in 4 byte UID mode. Automatically disabling") print("[?] WARNING: Tag is not in 4 byte UID mode. Automatically disabling")
print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was found to be equal to: ".. string.format("%02x", configdata[10])) print(ansicolors.yellow.."[-]".. ansicolors.reset .." This is because the configuration byte responsible for CL2 was found to be equal to: ".. string.format("%02x", configdata[10]))
print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata)) print(ansicolors.yellow.."[\\]".. ansicolors.reset .." The old config is: ".. utils.ConvertBytesToHex(configdata))
configdata[10]=0x00 configdata[10]=0x00
writeconf(configdata) writeconf(configdata)
end end
if sendRaw("A000", true) ~= "0A" then if sendRaw("A000", true) ~= "0A" then
oops("Tag did not ACK `A000` command!") oops("Tag did not ACK `A000` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
end end
if sendRaw(payload, false) ~= "0A" then oops("Tag did not ACK data to write!") end if sendRaw(payload, false) ~= "0A" then oops("Tag did not ACK data to write!") end
end end
end end
end end
-- Separator -- Separator
if signature then if signature then
wakeupmagic(writetype) wakeupmagic(writetype)
local configdata = readconf() local configdata = readconf()
if configdata[14] ~= 0x5A then if configdata[14] ~= 0x5A then
print("[?] WARNING: Signature sector is not enabled. Automatically enabling") print("[?] WARNING: Signature sector is not enabled. Automatically enabling")
configdata[14] = 0x5A configdata[14] = 0x5A
writeconf(configdata) writeconf(configdata)
end end
if sendRaw("A805", true) ~= "0A" then if sendRaw("A805", true) ~= "0A" then
oops("Tag did not ACK `A805` command!") oops("Tag did not ACK `A805` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
if sendRaw(string.sub(signature,1,32), true) ~= "0A" then if sendRaw(string.sub(signature,1,32), true) ~= "0A" then
oops("Tag did not ACK data 1 to write!") oops("Tag did not ACK data 1 to write!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
if sendRaw("A806", true) ~= "0A" then if sendRaw("A806", true) ~= "0A" then
oops("Tag did not ACK `A806` command!") oops("Tag did not ACK `A806` command!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
if sendRaw(string.sub(signature,33,64), false) ~= "0A" then if sendRaw(string.sub(signature,33,64), false) ~= "0A" then
oops("Tag did not ACK data 2 to write!") oops("Tag did not ACK data 2 to write!")
lib14a.disconnect() lib14a.disconnect()
return 1 end return 1 end
end end
if configwrite then if configwrite then
print(ansicolors.yellow.."[|]"..ansicolors.reset.." Welcome to ConfigStar!") print(ansicolors.yellow.."[|]"..ansicolors.reset.." Welcome to ConfigStar!")
wakeupmagic(writetype) wakeupmagic(writetype)
config=readconf() config=readconf()
if (gen1 == false and magicauth == false) or ((config[1]==0x85 and config[2] == 0x00) and magicauth==false) or ((config[12]==0x00) and gen1 == false) then if (gen1 == false and magicauth == false) or ((config[1]==0x85 and config[2] == 0x00) and magicauth==false) or ((config[12]==0x00) and gen1 == false) then
oops("What you are about to do is potentially dangerous. \n If you really want to continue (potentially leaving your tag in an unusable state), enter this line as given, without quotation marks:\n \"Yes, do as I say!\"") oops("What you are about to do is potentially dangerous. \n If you really want to continue (potentially leaving your tag in an unusable state), enter this line as given, without quotation marks:\n \"Yes, do as I say!\"")
local ans=io.read() local ans=io.read()
if ans ~="Yes, do as I say!" then if ans ~="Yes, do as I say!" then
lib14a.disconnect() lib14a.disconnect()
return 1 return 1
else print(ansicolors.red.."[/]"..ansicolors.reset.." Brace yourself.") end else print(ansicolors.red.."[/]"..ansicolors.reset.." Brace yourself.") end
end end
-- Baby oh baby -- Baby oh baby
-- Prepare for disappointment -- Prepare for disappointment
if gen1 == true then if gen1 == true then
config[1] = 0x7A config[1] = 0x7A
config[2] = 0xFF config[2] = 0xFF
elseif gen1 == false then elseif gen1 == false then
config[1] = 0x85 config[1] = 0x85
config[2] = 0x00 config[2] = 0x00
end end
if gen1com == true then if gen1com == true then
config[3] = 0x85 config[3] = 0x85
elseif gen1com == false then elseif gen1com == false then
config[3] = 0x00 config[3] = 0x00
end end
if keyblock == true then if keyblock == true then
config[7] = 0x5A config[7] = 0x5A
elseif keyblock == false then elseif keyblock == false then
config[7] = 0x00 config[7] = 0x00
end end
if cuid == true then if cuid == true then
config[8] = 0x5A config[8] = 0x5A
elseif cuid == false then elseif cuid == false then
config[8] = 0x00 config[8] = 0x00
end end
if cl2mode == true then if cl2mode == true then
config[10] = 0x5A config[10] = 0x5A
elseif cl2mode == false then elseif cl2mode == false then
config[10] = 0x00 config[10] = 0x00
end end
if shadowmode == true then if shadowmode == true then
config[11] = 0x5A config[11] = 0x5A
elseif shadowmode == false then elseif shadowmode == false then
config[11] = 0x00 config[11] = 0x00
end end
if magicauth == true then if magicauth == true then
config[12] = 0x5A config[12] = 0x5A
elseif magicauth == false then elseif magicauth == false then
config[12] = 0x00 config[12] = 0x00
end end
if statenc == true then if statenc == true then
config[13] = 0x5A config[13] = 0x5A
elseif statenc == false then elseif statenc == false then
config[13] = 0x00 config[13] = 0x00
end end
if sigsec == true then if sigsec == true then
config[14] = 0x5A config[14] = 0x5A
elseif sigsec == false then elseif sigsec == false then
config[14] = 0x00 config[14] = 0x00
end end
writeconf(config) writeconf(config)
print(ansicolors.yellow.."[\\]"..ansicolors.reset.." Completed!") print(ansicolors.yellow.."[\\]"..ansicolors.reset.." Completed!")
lib14a.disconnect() lib14a.disconnect()
end end
end end
main(args) main(args)