added a support function

2025-08-14 18:48:13 -07:00 · 2025-06-08 10:02:40 +02:00 · 2025-06-08 10:02:40 +02:00 · 387009ab6a
commit 387009ab6a
parent 2d610b8dc0
3 changed files with 28 additions and 2 deletions
--- a/client/src/mifare/mifare4.c
+++ b/client/src/mifare/mifare4.c
@ -587,6 +587,8 @@ uint8_t mfFirstBlockOfSector(uint8_t sectorNo) {
    }
 }

+// returns the sectortrailer block number in the range of all block no.
+// ie:  sector 1 has its sector trailer at block number 7
 uint8_t mfSectorTrailerOfSector(uint8_t sectorNo) {
    if (sectorNo < 32) {
        return (sectorNo * 4) | 0x03;
--- a/client/src/mifare/mifarehost.c
+++ b/client/src/mifare/mifarehost.c
@ -991,7 +991,7 @@ int mf_read_block(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint8_t
    return PM3_SUCCESS;
 }

-int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, uint8_t *block) {
+int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, const uint8_t *block) {

    uint8_t data[26];
    memcpy(data, key, MIFARE_KEY_SIZE);
@ -1308,6 +1308,28 @@ int mf_chinese_gen_3_freeze(void) {
    return resp.status;
 }

+// GDM Gen4 write block
+int mf_chinese_gen_4_set_block(uint8_t blockNo, uint8_t *block, uint8_t *key) {
+    struct p {
+        uint8_t blockno;
+        uint8_t key[6];
+        uint8_t data[MFBLOCK_SIZE]; // data to be written
+    } PACKED payload;
+
+    payload.blockno = blockNo;
+    memcpy(payload.key, key, sizeof(payload.key));
+    memcpy(payload.data, block, sizeof(payload.data));
+
+    clearCommandBuffer();
+    SendCommandNG(CMD_HF_MIFARE_G4_GDM_WRBL, (uint8_t *)&payload, sizeof(payload));
+    PacketResponseNG resp;
+    if (WaitForResponseTimeout(CMD_HF_MIFARE_G4_GDM_WRBL, &resp, 1500) == false) {
+        PrintAndLogEx(WARNING, "command execution time out");
+        return PM3_ETIMEOUT;
+    }
+    return resp.status;
+}
+
 void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted) {
    if (len != 1) {
        for (int i = 0; i < len; i++) {
--- a/client/src/mifare/mifarehost.h
+++ b/client/src/mifare/mifarehost.h
@ -88,7 +88,7 @@ int mf_key_brute(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint64_t
 int mf_read_sector(uint8_t sectorNo, uint8_t keyType, const uint8_t *key, uint8_t *data);
 int mf_read_block(uint8_t blockNo, uint8_t keyType, const uint8_t *key, uint8_t *data);

-int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, uint8_t *block);
+int mf_write_block(uint8_t blockno, uint8_t keyType, const uint8_t *key, const uint8_t *block);
 int mf_write_sector(uint8_t sectorNo, uint8_t keyType, const uint8_t *key, uint8_t *sector);

 int mf_eml_get_mem(uint8_t *data, int blockNum, int blocksCount);
@ -105,6 +105,8 @@ int mf_chinese_gen_3_uid(uint8_t *uid, uint8_t uidlen, uint8_t *oldUid);
 int mf_chinese_gen_3_block(uint8_t *block, int blockLen, uint8_t *newBlock);
 int mf_chinese_gen_3_freeze(void);

+int mf_chinese_gen_4_set_block(uint8_t blockNo, uint8_t *block, uint8_t *key);
+
 int try_decrypt_word(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);

 int detect_classic_prng(void);