From 387009ab6a11545647ac9806997db6fffe2bd372 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 8 Jun 2025 10:02:40 +0200 Subject: [PATCH] added a support function --- client/src/mifare/mifare4.c | 2 ++ client/src/mifare/mifarehost.c | 24 +++++++++++++++++++++++- client/src/mifare/mifarehost.h | 4 +++- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/client/src/mifare/mifare4.c b/client/src/mifare/mifare4.c index 85af35820..3716f7470 100644 --- a/client/src/mifare/mifare4.c +++ b/client/src/mifare/mifare4.c @@ -587,6 +587,8 @@ uint8_t mfFirstBlockOfSector(uint8_t sectorNo) { } } +// returns the sectortrailer block number in the range of all block no. +// ie: sector 1 has its sector trailer at block number 7 uint8_t mfSectorTrailerOfSector(uint8_t sectorNo) { if (sectorNo < 32) { return (sectorNo * 4) | 0x03; diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 2a2aed593..6688a7842 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -991,7 +991,7 @@ int mf_read_block(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint8_t return PM3_SUCCESS; } -int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, uint8_t *block) { +int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, const uint8_t *block) { uint8_t data[26]; memcpy(data, key, MIFARE_KEY_SIZE); @@ -1308,6 +1308,28 @@ int mf_chinese_gen_3_freeze(void) { return resp.status; } +// GDM Gen4 write block +int mf_chinese_gen_4_set_block(uint8_t blockNo, uint8_t *block, uint8_t *key) { + struct p { + uint8_t blockno; + uint8_t key[6]; + uint8_t data[MFBLOCK_SIZE]; // data to be written + } PACKED payload; + + payload.blockno = blockNo; + memcpy(payload.key, key, sizeof(payload.key)); + memcpy(payload.data, block, sizeof(payload.data)); + + clearCommandBuffer(); + SendCommandNG(CMD_HF_MIFARE_G4_GDM_WRBL, (uint8_t *)&payload, sizeof(payload)); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_MIFARE_G4_GDM_WRBL, &resp, 1500) == false) { + PrintAndLogEx(WARNING, "command execution time out"); + return PM3_ETIMEOUT; + } + return resp.status; +} + void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted) { if (len != 1) { for (int i = 0; i < len; i++) { diff --git a/client/src/mifare/mifarehost.h b/client/src/mifare/mifarehost.h index fd065bfbc..66a2ad780 100644 --- a/client/src/mifare/mifarehost.h +++ b/client/src/mifare/mifarehost.h @@ -88,7 +88,7 @@ int mf_key_brute(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint64_t int mf_read_sector(uint8_t sectorNo, uint8_t keyType, const uint8_t *key, uint8_t *data); int mf_read_block(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint8_t *data); -int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, uint8_t *block); +int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, const uint8_t *block); int mf_write_sector(uint8_t sectorNo, uint8_t keyType, const uint8_t *key, uint8_t *sector); int mf_eml_get_mem(uint8_t *data, int blockNum, int blocksCount); @@ -105,6 +105,8 @@ int mf_chinese_gen_3_uid(uint8_t *uid, uint8_t uidlen, uint8_t *oldUid); int mf_chinese_gen_3_block(uint8_t *block, int blockLen, uint8_t *newBlock); int mf_chinese_gen_3_freeze(void); +int mf_chinese_gen_4_set_block(uint8_t blockNo, uint8_t *block, uint8_t *key); + int try_decrypt_word(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); int detect_classic_prng(void);