From 53f2058c7a986034bad1ed80001a29b889d7c645 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 27 May 2019 07:46:27 -0400 Subject: [PATCH] chf: hf mf eget\nhf mf eset\nhf mf eclr - uses NG --- armsrc/appmain.c | 29 ++++++++++++++++------ armsrc/apps.h | 7 ++++-- armsrc/mifarecmd.c | 29 ++++++++++++++++------ armsrc/mifareutil.c | 5 ++-- armsrc/mifareutil.h | 2 +- client/cmdhfmf.c | 25 ++++++++----------- client/mifare/mifarehost.c | 50 ++++++++++++++++++++++++++++++++++---- 7 files changed, 106 insertions(+), 41 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 267fbe66d..fe947ce08 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -771,7 +771,7 @@ static void PacketReceived(PacketCommandNG *packet) { } case CMD_LF_SNIFF_RAW_ADC_SAMPLES: { uint32_t bits = SniffLF(); - reply_old(CMD_ACK, bits, 0, 0, 0, 0); + reply_mix(CMD_ACK, bits, 0, 0, 0, 0); break; } case CMD_HID_DEMOD_FSK: { @@ -1091,22 +1091,37 @@ static void PacketReceived(PacketCommandNG *packet) { } PACKED; struct p* payload = (struct p*) packet->data.asBytes; Mifare1ksim(payload->flags, payload->exitAfter, payload->uid); - } break; - + } // emulator case CMD_MIFARE_SET_DBGMODE: MifareSetDbgLvl(packet->data.asBytes[0]); + reply_ng(CMD_MIFARE_SET_DBGMODE, PM3_SUCCESS, NULL, 0); break; case CMD_MIFARE_EML_MEMCLR: MifareEMemClr(); + reply_ng(CMD_MIFARE_EML_MEMCLR, PM3_SUCCESS, NULL, 0); break; - case CMD_MIFARE_EML_MEMSET: - MifareEMemSet(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes); + case CMD_MIFARE_EML_MEMSET: { + struct p { + uint8_t blockno; + uint8_t blockcnt; + uint8_t blockwidth; + uint8_t data[]; + } PACKED; + struct p* payload = (struct p*) packet->data.asBytes; + MifareEMemSet(payload->blockno, payload->blockcnt, payload->blockwidth, payload->data); break; - case CMD_MIFARE_EML_MEMGET: - MifareEMemGet(packet->oldarg[0], packet->oldarg[1]); + } + case CMD_MIFARE_EML_MEMGET: { + struct p { + uint8_t blockno; + uint8_t blockcnt; + } PACKED; + struct p* payload = (struct p*) packet->data.asBytes; + MifareEMemGet(payload->blockno, payload->blockcnt); break; + } case CMD_MIFARE_EML_CARDLOAD: MifareECardLoad(packet->oldarg[0], packet->oldarg[1]); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index 756567185..de307f6b9 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -158,13 +158,16 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t flags); void MifareChkKeys(uint8_t *datain); void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareSetDbgLvl(uint16_t arg0); + void MifareEMemClr(void); -void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); -void MifareEMemGet(uint32_t arg0, uint32_t arg1); +void MifareEMemSet(uint8_t blockno, uint8_t blockcnt, uint8_t blockwidth, uint8_t *datain); +void MifareEMemGet(uint8_t blockno, uint8_t blockcnt); int MifareECardLoad(uint32_t arg0, uint32_t arg1); + void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); // Work with "magic Chinese" card void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); void MifareCIdent(); // is "magic chinese" card? + void MifareSetMod(uint8_t *datain); void MifareUSetPwd(uint8_t arg0, uint8_t *datain); void OnSuccessMagic(); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index c1dbaced8..8670beaca 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1627,23 +1627,36 @@ void MifareSetDbgLvl(uint16_t arg0) { void MifareEMemClr(void) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - emlClearMem(); + emlClearMem(); } -void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) { +void MifareEMemSet(uint8_t blockno, uint8_t blockcnt, uint8_t blockwidth, uint8_t *datain) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - if (arg2 == 0) arg2 = 16; // backwards compat... default bytewidth - emlSetMem_xt(datain, arg0, arg1, arg2); // data, block num, blocks count, block byte width + + if (blockwidth == 0) + blockwidth = 16; // backwards compat... default bytewidth + + emlSetMem_xt(datain, blockno, blockcnt, blockwidth); // data, block num, blocks count, block byte width } -void MifareEMemGet(uint32_t arg0, uint32_t arg1) { +void MifareEMemGet(uint8_t blockno, uint8_t blockcnt) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - uint8_t buf[PM3_CMD_DATA_SIZE] = {0x00}; - emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4) + + // + size_t size = blockcnt * 16; + if ( size > PM3_CMD_DATA_SIZE) { + reply_ng(CMD_MIFARE_EML_MEMGET, PM3_EMALLOC, NULL, 0); + return; + } + + uint8_t *buf = BigBuf_malloc(size); + + emlGetMem(buf, blockno, blockcnt); // data, block num, blocks count (max 4) LED_B_ON(); - reply_old(CMD_ACK, arg0, arg1, 0, buf, PM3_CMD_DATA_SIZE); + reply_ng(CMD_MIFARE_EML_MEMGET, PM3_SUCCESS, buf, size); LED_B_OFF(); + BigBuf_free_keep_EM(); } //----------------------------------------------------------------------------- diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 306f7a14e..18c710733 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -1,4 +1,3 @@ -//----------------------------------------------------------------------------- // Merlok, May 2011, 2012 // Many authors, whom made it possible // @@ -530,9 +529,9 @@ void emlGetMem(uint8_t *data, int blockNum, int blocksCount) { memcpy(data, emCARD + blockNum * 16, blocksCount * 16); } -void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) { +void emlGetMemBt(uint8_t *data, int offset, int byteCount) { uint8_t *emCARD = BigBuf_get_EM_addr(); - memcpy(data, emCARD + bytePtr, byteCount); + memcpy(data, emCARD + offset, byteCount); } int emlCheckValBl(int blockNum) { diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index 110f41eaa..a2086c5e7 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -108,7 +108,7 @@ void emlClearMem(void); void emlSetMem(uint8_t *data, int blockNum, int blocksCount); void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth); void emlGetMem(uint8_t *data, int blockNum, int blocksCount); -void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount); +void emlGetMemBt(uint8_t *data, int offset, int byteCount); uint64_t emlGetKey(int sectorNum, int keyType); int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum); int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 6f5ce0bcc..1f3d5a66e 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2514,21 +2514,17 @@ void printKeyTable(uint8_t sectorscnt, sector_t *e_sector) { // EMULATOR COMMANDS static int CmdHF14AMfEGet(const char *Cmd) { - uint8_t blockNo = 0; - uint8_t data[16] = {0x00}; char c = tolower(param_getchar(Cmd, 0)); - if (strlen(Cmd) < 1 || c == 'h') return usage_hf14_eget(); - blockNo = param_get8(Cmd, 0); + uint8_t data[16] = {0x00}; + uint8_t blockNo = param_get8(Cmd, 0); PrintAndLogEx(NORMAL, ""); - if (!mfEmlGetMem(data, blockNo, 1)) { + if (mfEmlGetMem(data, blockNo, 1) == PM3_SUCCESS) { PrintAndLogEx(NORMAL, "data[%3d]:%s", blockNo, sprint_hex(data, sizeof(data))); - } else { - PrintAndLogEx(WARNING, "Command execute timeout"); } - return 0; + return PM3_SUCCESS; } static int CmdHF14AMfEClear(const char *Cmd) { @@ -2537,23 +2533,22 @@ static int CmdHF14AMfEClear(const char *Cmd) { clearCommandBuffer(); SendCommandNG(CMD_MIFARE_EML_MEMCLR, NULL, 0); - return 0; + return PM3_SUCCESS; } static int CmdHF14AMfESet(const char *Cmd) { char c = tolower(param_getchar(Cmd, 0)); - uint8_t memBlock[16]; - uint8_t blockNo = 0; - memset(memBlock, 0x00, sizeof(memBlock)); - if (strlen(Cmd) < 3 || c == 'h') return usage_hf14_eset(); + + uint8_t memBlock[16]; + memset(memBlock, 0x00, sizeof(memBlock)); - blockNo = param_get8(Cmd, 0); + uint8_t blockNo = param_get8(Cmd, 0); if (param_gethex(Cmd, 1, memBlock, 32)) { PrintAndLogEx(WARNING, "block data must include 32 HEX symbols"); - return 1; + return PM3_ESOFT; } // 1 - blocks count diff --git a/client/mifare/mifarehost.c b/client/mifare/mifarehost.c index 2fa5b0775..076d3f092 100644 --- a/client/mifare/mifarehost.c +++ b/client/mifare/mifarehost.c @@ -445,12 +445,33 @@ int mfReadSector(uint8_t sectorNo, uint8_t keyType, uint8_t *key, uint8_t *data) // EMULATOR int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount) { + + size_t size = blocksCount * 16; + if (size > PM3_CMD_DATA_SIZE) { + return PM3_ESOFT; + } + + struct { + uint8_t blockno; + uint8_t blockcnt; + } PACKED payload; + + payload.blockno = blockNum; + payload.blockcnt = blocksCount; + clearCommandBuffer(); - SendCommandMIX(CMD_MIFARE_EML_MEMGET, blockNum, blocksCount, 0, NULL, 0); + SendCommandNG(CMD_MIFARE_EML_MEMGET, (uint8_t*)&payload, sizeof(payload)); + PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) return PM3_ETIMEOUT; - memcpy(data, resp.data.asBytes, blocksCount * 16); - return PM3_SUCCESS; + if (WaitForResponseTimeout(CMD_MIFARE_EML_MEMGET, &resp, 1500) == 0) { + PrintAndLogEx(WARNING, "Command execute timeout"); + return PM3_ETIMEOUT; + } + + if (resp.status == PM3_SUCCESS) + memcpy(data, resp.data.asBytes, size); + + return resp.status; } int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) { @@ -458,8 +479,27 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) { } int mfEmlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int blockBtWidth) { + + struct p { + uint8_t blockno; + uint8_t blockcnt; + uint8_t blockwidth; + uint8_t data[]; + } PACKED; + + size_t size = blocksCount * blockBtWidth; + if (size > (PM3_CMD_DATA_SIZE - sizeof(struct p))) { + return PM3_ESOFT; + } + + struct p *payload = calloc(1, sizeof(struct p) + size); + payload->blockno = blockNum; + payload->blockcnt = blocksCount; + payload->blockwidth = blockBtWidth; + memcpy(payload->data, data, size); + clearCommandBuffer(); - SendCommandOLD(CMD_MIFARE_EML_MEMSET, blockNum, blocksCount, blockBtWidth, data, blocksCount * blockBtWidth); + SendCommandNG(CMD_MIFARE_EML_MEMSET, (uint8_t*)payload, sizeof(payload) + size ); return PM3_SUCCESS; }