diff --git a/CHANGELOG.md b/CHANGELOG.md index afe7f7fe4..48f531dff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added `hf mfu esave` - saves emulator memory to mfu dump file (@DidierA) - Added luascript `hf_mfu_ntag` - Script for configuring NTAG216 configuration pages (@flamebarke) - Changed `hf mf hardnested` - a detection for static encrypted nonces (@iceman1001) - Added requirements.txt file to tools folder. Minimum to run pm3_tests.sh (@iceman1001) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 69a360c69..f15cccbf8 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -4025,7 +4025,7 @@ int CmdHF14AMfELoad(const char *Cmd) { } if (resp.status != PM3_SUCCESS) { - PrintAndLogEx(FAILED, "Loading file from spiffs to emulatore memory failed"); + PrintAndLogEx(FAILED, "Loading file from spiffs to emulator memory failed"); return PM3_EFLASH; } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 5b0004c09..1b802b46b 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -2718,6 +2718,7 @@ static int CmdHF14AMfUeLoad(const char *Cmd) { PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfu sim -t 7`") " to simulate an Amiibo."); return res; } + // // Simulate tag // @@ -4098,41 +4099,135 @@ int CmdHF14MfuNDEFRead(const char *Cmd) { return status; } -static int CmdHF14AMfuEView(const char *Cmd) { - CLIParserContext *ctx; - CLIParserInit(&ctx, "hf mfu eview", - "It displays emulator memory", - "hf mfu eview" - ); +// utility function. Retrieves emulator memory +static int GetMfuDumpFromEMul(mfu_dump_t **buf) { - void *argtable[] = { - arg_param_begin, - arg_param_end - }; - CLIExecWithReturn(ctx, Cmd, argtable, true); - CLIParserFree(ctx); - - uint16_t blocks = MFU_MAX_BLOCKS; - uint16_t bytes = MFU_MAX_BYTES + MFU_DUMP_PREFIX_LENGTH; - - uint8_t *dump = calloc(bytes, sizeof(uint8_t)); + uint8_t *dump = malloc(sizeof(mfu_dump_t)); if (dump == NULL) { PrintAndLogEx(WARNING, "Fail, cannot allocate memory"); return PM3_EMALLOC; } PrintAndLogEx(INFO, "downloading from emulator memory"); - if (!GetFromDevice(BIG_BUF_EML, dump, bytes, 0, NULL, 0, NULL, 2500, false)) { + if (!GetFromDevice(BIG_BUF_EML, dump, sizeof(mfu_dump_t), 0, NULL, 0, NULL, 2500, false)) { PrintAndLogEx(WARNING, "Fail, transfer from device time-out"); free(dump); return PM3_ETIMEOUT; } - printMFUdumpEx((mfu_dump_t *)dump, blocks, 0); + *buf = (mfu_dump_t *)dump ; + return PM3_SUCCESS ; +} + +static int CmdHF14AMfuEView(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfu eview", + "Displays emulator memory\n" + "By default number of pages shown depends on defined tag type.\n" + "You can override this with option --end.", + "hf mfu eview\n" + "hf mfu eview --end 255 -> dumps whole memory" + ); + + void *argtable[] = { + arg_param_begin, + arg_int0("e", "end", "", "index of last block"), + arg_param_end + }; + + CLIExecWithReturn(ctx, Cmd, argtable, true); + int end = arg_get_int_def(ctx, 1, -1); + CLIParserFree(ctx); + + bool override_end = (end != -1) ; + + if (override_end && (end < 0 || end > MFU_MAX_BLOCKS)) { + PrintAndLogEx(WARNING, "Invalid value for end:%d. Must be be positive integer < %d.", end, MFU_MAX_BLOCKS); + return PM3_EINVARG ; + } + + mfu_dump_t *dump ; + int res = GetMfuDumpFromEMul(&dump) ; + if (res != PM3_SUCCESS) { + return res ; + } + + if (override_end) { + ++end ; + } else { + end = dump->pages ; + } + + printMFUdumpEx(dump, end, 0); free(dump); return PM3_SUCCESS; } +static int CmdHF14AMfuESave(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfu esave", + "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json)\n" + "By default number of pages saved depends on defined tag type.\n" + "You can override this with option --end.", + "hf mfu esave\n" + "hf mfu esave --end 255 -> saves whole memory\n" + "hf mfu esave -f hf-mfu-04010203040506-dump.json" + ); + + void *argtable[] = { + arg_param_begin, + arg_int0("e", "end", "", "index of last block"), + arg_str0("f", "file", "", "filename of dump"), + arg_param_end + }; + + CLIExecWithReturn(ctx, Cmd, argtable, true); + int end = arg_get_int_def(ctx, 1, -1); + + char filename[FILE_PATH_SIZE]; + int fnlen = 0 ; + CLIParamStrToBuf(arg_get_str(ctx, 2), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + CLIParserFree(ctx); + + bool override_end = (end != -1) ; + + if (override_end && (end < 0 || end > MFU_MAX_BLOCKS)) { + PrintAndLogEx(WARNING, "Invalid value for end:%d. Must be be positive integer <= %d.", end, MFU_MAX_BLOCKS); + return PM3_EINVARG ; + } + + // get dump from memory + mfu_dump_t *dump ; + int res = GetMfuDumpFromEMul(&dump) ; + if (res != PM3_SUCCESS) { + return res ; + } + + // initialize filename + if (fnlen < 1) { + PrintAndLogEx(INFO, "Using UID as filename"); + uint8_t uid[7] = {0}; + memcpy(uid, (uint8_t *) & (dump->data), 3); + memcpy(uid + 3, (uint8_t *) & (dump->data) + 4, 4); + strcat(filename, "hf-mfu-"); + FillFileNameByUID(filename, uid, "-dump", sizeof(uid)); + } + + if (override_end) { + end ++ ; + } else { + end = dump->pages ; + } + + // save dump. Last block contains PACK + RFU + uint16_t datalen = (end + 1) * MFU_BLOCK_SIZE + MFU_DUMP_PREFIX_LENGTH; + res = pm3_save_dump(filename, (uint8_t *)dump, datalen, jsfMfuMemory, MFU_BLOCK_SIZE); + + free(dump); + return res; +} + static int CmdHF14AMfuView(const char *Cmd) { CLIParserContext *ctx; @@ -4247,7 +4342,8 @@ static command_t CommandTable[] = { {"view", CmdHF14AMfuView, AlwaysAvailable, "Display content from tag dump file"}, {"wrbl", CmdHF14AMfUWrBl, IfPm3Iso14443a, "Write block"}, {"---------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("simulation") " -----------------------"}, - {"eload", CmdHF14AMfUeLoad, IfPm3Iso14443a, "Load Ultralight .eml dump file into emulator memory"}, + {"eload", CmdHF14AMfUeLoad, IfPm3Iso14443a, "Load Ultralight dump file into emulator memory"}, + {"esave", CmdHF14AMfuESave, IfPm3Iso14443a, "Save Ultralight dump file from emulator memory"}, {"eview", CmdHF14AMfuEView, IfPm3Iso14443a, "View emulator memory"}, {"sim", CmdHF14AMfUSim, IfPm3Iso14443a, "Simulate MIFARE Ultralight from emulator memory"}, {"---------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("magic") " ----------------------------"}, diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index 6d348e667..f37a2f859 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -379,6 +379,7 @@ const static vocabulory_t vocabulory[] = { { 1, "hf mfu view" }, { 0, "hf mfu wrbl" }, { 0, "hf mfu eload" }, + { 0, "hf mfu esave" }, { 0, "hf mfu eview" }, { 0, "hf mfu sim" }, { 0, "hf mfu setpwd" }, diff --git a/doc/commands.json b/doc/commands.json index c9ce72f8c..7e1a692f3 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -868,22 +868,22 @@ "command": "emv list", "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "emv list -f -> show frame delay times", + "emv list --frame -> show frame delay times", "emv list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "emv list [-h1fcrux] [--dict ]" + "usage": "emv list [-h1crux] [--frame] [-f ]" }, "emv pse": { "command": "emv pse", @@ -1145,22 +1145,22 @@ "command": "hf 14a list", "description": "Alias of `trace list -t 14a` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf 14a list -f -> show frame delay times", + "hf 14a list --frame -> show frame delay times", "hf 14a list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf 14a list [-h1fcrux] [--dict ]" + "usage": "hf 14a list [-h1crux] [--frame] [-f ]" }, "hf 14a ndefformat": { "command": "hf 14a ndefformat", @@ -1259,7 +1259,7 @@ }, "hf 14a sim": { "command": "hf 14a sim", - "description": "Simulate ISO/IEC 14443 type A tag with 4,7 or 10 byte UID", + "description": "Simulate ISO/IEC 14443 type A tag with 4,7 or 10 byte UID Use type 7 for Mifare Ultralight EV1, Amiibo (NTAG215 pack 0x8080)", "notes": [ "hf 14a sim -t 1 --uid 11223344 -> MIFARE Classic 1k", "hf 14a sim -t 2 -> MIFARE Ultralight", @@ -1267,7 +1267,7 @@ "hf 14a sim -t 4 -> ISO/IEC 14443-4", "hf 14a sim -t 5 -> MIFARE Tnp3xxx", "hf 14a sim -t 6 -> MIFARE Mini", - "hf 14a sim -t 7 -> Amiibo (NTAG 215), pack 0x8080", + "hf 14a sim -t 7 -> MFU EV1 / NTAG 215 Amiibo", "hf 14a sim -t 8 -> MIFARE Classic 4k", "hf 14a sim -t 9 -> FM11RF005SH Shanghai Metro", "hf 14a sim -t 10 -> ST25TA IKEA Rothult" @@ -1363,22 +1363,22 @@ "command": "hf 14b list", "description": "Alias of `trace list -t 14b` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf 14b list -f -> show frame delay times", + "hf 14b list --frame -> show frame delay times", "hf 14b list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf 14b list [-h1fcrux] [--dict ]" + "usage": "hf 14b list [-h1crux] [--frame] [-f ]" }, "hf 14b ndefread": { "command": "hf 14b ndefread", @@ -1637,22 +1637,22 @@ "command": "hf 15 list", "description": "Alias of `trace list -t 15` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf 15 list -f -> show frame delay times", + "hf 15 list --frame -> show frame delay times", "hf 15 list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf 15 list [-h1fcrux] [--dict ]" + "usage": "hf 15 list [-h1crux] [--frame] [-f ]" }, "hf 15 raw": { "command": "hf 15 raw", @@ -2232,22 +2232,22 @@ "command": "hf emrtd list", "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf emrtd list -f -> show frame delay times", + "hf emrtd list --frame -> show frame delay times", "hf emrtd list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf emrtd list [-h1fcrux] [--dict ]" + "usage": "hf emrtd list [-h1crux] [--frame] [-f ]" }, "hf epa cnonces": { "command": "hf epa cnonces", @@ -2367,22 +2367,22 @@ "command": "hf felica list", "description": "Alias of `trace list -t felica` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf felica list -f -> show frame delay times", + "hf felica list --frame -> show frame delay times", "hf felica list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf felica list [-h1fcrux] [--dict ]" + "usage": "hf felica list [-h1crux] [--frame] [-f ]" }, "hf felica litedump": { "command": "hf felica litedump", @@ -2635,22 +2635,22 @@ "command": "hf fido list", "description": "Alias of `trace list -t 14a` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf fido list -f -> show frame delay times", + "hf fido list --frame -> show frame delay times", "hf fido list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf fido list [-h1fcrux] [--dict ]" + "usage": "hf fido list [-h1crux] [--frame] [-f ]" }, "hf fido make": { "command": "hf fido make", @@ -2969,9 +2969,10 @@ "--elite elite computations applied to key", "--raw raw, the key is interpreted as raw block 3/4", "--nr replay of NR/MAC", - "-z, --dense dense dump output style" + "-z, --dense dense dump output style", + "--force force unsecure card read" ], - "usage": "hf iclass dump [-hz] [-f ] [-k ] [--ki ] [--credit ] [--ci ] [--elite] [--raw] [--nr]" + "usage": "hf iclass dump [-hz] [-f ] [-k ] [--ki ] [--credit ] [--ci ] [--elite] [--raw] [--nr] [--force]" }, "hf iclass eload": { "command": "hf iclass eload", @@ -2990,7 +2991,7 @@ }, "hf iclass encode": { "command": "hf iclass encode", - "description": "Encode binary wiegand to block 7 Use either --bin or --wiegand/--fc/--cn", + "description": "Encode binary wiegand to block 7,8,9 Use either --bin or --wiegand/--fc/--cn", "notes": [ "hf iclass encode --bin 10001111100000001010100011 --ki 0 -> FC 31 CN 337", "hf iclass encode --fc 31 --cn 337 --ki 0 -> FC 31 CN 337", @@ -3084,22 +3085,22 @@ "command": "hf iclass list", "description": "Alias of `trace list -t iclass` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf iclass list -f -> show frame delay times", + "hf iclass list --frame -> show frame delay times", "hf iclass list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf iclass list [-h1fcrux] [--dict ]" + "usage": "hf iclass list [-h1crux] [--frame] [-f ]" }, "hf iclass loclass": { "command": "hf iclass loclass", @@ -3573,22 +3574,22 @@ "command": "hf legic list", "description": "Alias of `trace list -t legic` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf legic list -f -> show frame delay times", + "hf legic list --frame -> show frame delay times", "hf legic list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf legic list [-h1fcrux] [--dict ]" + "usage": "hf legic list [-h1crux] [--frame] [-f ]" }, "hf legic rdbl": { "command": "hf legic rdbl", @@ -3695,22 +3696,22 @@ "command": "hf list", "description": "Alias of `trace list -t raw` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf list -f -> show frame delay times", + "hf list --frame -> show frame delay times", "hf list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf list [-h1fcrux] [--dict ]" + "usage": "hf list [-h1crux] [--frame] [-f ]" }, "hf lto dump": { "command": "hf lto dump", @@ -3749,22 +3750,22 @@ "command": "hf lto list", "description": "Alias of `trace list -t lto` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf lto list -f -> show frame delay times", + "hf lto list --frame -> show frame delay times", "hf lto list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf lto list [-h1fcrux] [--dict ]" + "usage": "hf lto list [-h1crux] [--frame] [-f ]" }, "hf lto rdbl": { "command": "hf lto rdbl", @@ -4344,7 +4345,7 @@ "--start index of block to start writing (default 0)", "--end index of block to end writing (default last block)" ], - "usage": "hf mf gload [-hv] [--mini] [--1k] [--2k] [--4k] [-p ] [-f ] [--emu] --start --end " + "usage": "hf mf gload [-hv] [--mini] [--1k] [--2k] [--4k] [-p ] [-f ] [--emu] [--start ] [--end ]" }, "hf mf gsetblk": { "command": "hf mf gsetblk", @@ -4382,8 +4383,9 @@ }, "hf mf hardnested": { "command": "hf mf hardnested", - "description": "Nested attack for hardened MIFARE Classic cards. `--i` set type of SIMD instructions. Without this flag programs autodetect it. or hf mf hardnested -r --tk [known target key] Add the known target key to check if it is present in the remaining key space hf mf hardnested --blk 0 -a -k A0A1A2A3A4A5 --tblk 4 --ta --tk FFFFFFFFFFFF", + "description": "Nested attack for hardened MIFARE Classic cards. if card is EV1, command can detect and use known key see example below `--i` set type of SIMD instructions. Without this flag programs autodetect it. or hf mf hardnested -r --tk [known target key] Add the known target key to check if it is present in the remaining key space hf mf hardnested --blk 0 -a -k A0A1A2A3A4A5 --tblk 4 --ta --tk FFFFFFFFFFFF", "notes": [ + "hf mf hardnested --tblk 4 --ta -> works for MFC EV1", "hf mf hardnested --blk 0 -a -k FFFFFFFFFFFF --tblk 4 --ta", "hf mf hardnested --blk 0 -a -k FFFFFFFFFFFF --tblk 4 --ta -w", "hf mf hardnested --blk 0 -a -k FFFFFFFFFFFF --tblk 4 --ta -f nonces.bin -w -s", @@ -4430,22 +4432,22 @@ "command": "hf mf list", "description": "Alias of `trace list -t mf` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf mf list -f -> show frame delay times", + "hf mf list --frame -> show frame delay times", "hf mf list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf mf list [-h1fcrux] [--dict ]" + "usage": "hf mf list [-h1crux] [--frame] [-f ]" }, "hf mf mad": { "command": "hf mf mad", @@ -5609,22 +5611,22 @@ "command": "hf mfdes list", "description": "Alias of `trace list -t des` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf mfdes list -f -> show frame delay times", + "hf mfdes list --frame -> show frame delay times", "hf mfdes list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf mfdes list [-h1fcrux] [--dict ]" + "usage": "hf mfdes list [-h1crux] [--frame] [-f ]" }, "hf mfdes lsapp": { "command": "hf mfdes lsapp", @@ -6171,17 +6173,35 @@ ], "usage": "hf mfu eload [-h] -f [-q ]" }, - "hf mfu eview": { - "command": "hf mfu eview", - "description": "It displays emulator memory", + "hf mfu esave": { + "command": "hf mfu esave", + "description": "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json) By default number of pages saved depends on defined tag type. You can overrife this with option --end.", "notes": [ - "hf mfu eview" + "hf mfu esave", + "hf mfu esave --end 255 -> saves whole memory", + "hf mfu esave -f hf-mfu-04010203040506-dump.json" ], "offline": false, "options": [ - "-h, --help This help" + "-h, --help This help", + "-e, --end index of last block", + "-f, --file filename of dump" ], - "usage": "hf mfu eview [-h]" + "usage": "hf mfu esave [-h] [-e ] [-f ]" + }, + "hf mfu eview": { + "command": "hf mfu eview", + "description": "Displays emulator memory By default number of pages shown depends on defined tag type. You can overrife this with option --end.", + "notes": [ + "hf mfu eview", + "hf mfu eview --end 255 -> dumps whole memory" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-e, --end index of last block" + ], + "usage": "hf mfu eview [-h] [-e ]" }, "hf mfu help": { "command": "hf mfu help", @@ -6349,8 +6369,8 @@ "description": "Simulate MIFARE Ultralight family type based upon ISO/IEC 14443 type A tag with 4,7 or 10 byte UID from emulator memory. See `hf mfu eload` first. The UID from emulator memory will be used if not specified. See `hf 14a sim -h` to see available types. You want 2 or 7 usually.", "notes": [ "hf mfu sim -t 2 --uid 11223344556677 -> MIFARE Ultralight", - "hf mfu sim -t 7 --uid 11223344556677 -n 5 -> Amiibo (NTAG 215), pack 0x8080", - "hf mfu sim -t 7 -> Amiibo (NTAG 215), pack 0x8080" + "hf mfu sim -t 7 --uid 11223344556677 -n 5 -> MFU EV1 / NTAG 215 Amiibo", + "hf mfu sim -t 7 -> MFU EV1 / NTAG 215 Amiibo" ], "offline": false, "options": [ @@ -6491,22 +6511,22 @@ "command": "hf seos list", "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf seos list -f -> show frame delay times", + "hf seos list --frame -> show frame delay times", "hf seos list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf seos list [-h1fcrux] [--dict ]" + "usage": "hf seos list [-h1crux] [--frame] [-f ]" }, "hf sniff": { "command": "hf sniff", @@ -6549,22 +6569,22 @@ "command": "hf st25ta list", "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf st25ta list -f -> show frame delay times", + "hf st25ta list --frame -> show frame delay times", "hf st25ta list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf st25ta list [-h1fcrux] [--dict ]" + "usage": "hf st25ta list [-h1crux] [--frame] [-f ]" }, "hf st25ta ndefread": { "command": "hf st25ta ndefread", @@ -6699,22 +6719,22 @@ "command": "hf thinfilm list", "description": "Alias of `trace list -t thinfilm` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf thinfilm list -f -> show frame delay times", + "hf thinfilm list --frame -> show frame delay times", "hf thinfilm list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf thinfilm list [-h1fcrux] [--dict ]" + "usage": "hf thinfilm list [-h1crux] [--frame] [-f ]" }, "hf thinfilm sim": { "command": "hf thinfilm sim", @@ -6770,22 +6790,22 @@ "command": "hf topaz list", "description": "Alias of `trace list -t topaz` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "hf topaz list -f -> show frame delay times", + "hf topaz list --frame -> show frame delay times", "hf topaz list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "hf topaz list [-h1fcrux] [--dict ]" + "usage": "hf topaz list [-h1crux] [--frame] [-f ]" }, "hf topaz raw": { "command": "hf topaz raw", @@ -8513,22 +8533,22 @@ "command": "lf hitag list", "description": "Alias of `trace list -t hitag2` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "lf hitag list -f -> show frame delay times", + "lf hitag list --frame -> show frame delay times", "lf hitag list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "lf hitag list [-h1fcrux] [--dict ]" + "usage": "lf hitag list [-h1crux] [--frame] [-f ]" }, "lf hitag reader": { "command": "lf hitag reader", @@ -11258,22 +11278,22 @@ "command": "smart list", "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", "notes": [ - "smart list -f -> show frame delay times", + "smart list --frame -> show frame delay times", "smart list -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "smart list [-h1fcrux] [--dict ]" + "usage": "smart list [-h1crux] [--frame] [-f ]" }, "smart raw": { "command": "smart raw", @@ -11380,24 +11400,24 @@ "trace list -t thinfilm -> interpret as Thinfilm", "trace list -t topaz -> interpret as Topaz", "", - "trace list -t mf --dict -> use dictionary keys file", - "trace list -t 14a -f -> show frame delay times", + "trace list -t mf -f mfc_default_keys.dic -> use default dictionary file", + "trace list -t 14a --frame -> show frame delay times", "trace list -t 14a -1 -> use trace buffer" ], "offline": true, "options": [ "-h, --help This help", "-1, --buffer use data from trace buffer", - "-f show frame delay times", + "--frame show frame delay times", "-c mark CRC bytes", "-r show relative times (gap and duration)", "-u display times in microseconds instead of clock cycles", "-x show hexdump to convert to pcap(ng)", "or to import into Wireshark using encapsulation type \"ISO 14443\"", "-t, --type protocol to annotate the trace", - "--dict use dictionary keys file" + "-f, --file filename of dictionary" ], - "usage": "trace list [-h1fcrux] [-t ] [--dict ]" + "usage": "trace list [-h1crux] [--frame] [-t ] [-f ]" }, "trace load": { "command": "trace load", @@ -11595,8 +11615,8 @@ } }, "metadata": { - "commands_extracted": 731, + "commands_extracted": 732, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2022-11-05T18:17:23" + "extracted_on": "2022-11-20T20:19:15" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 498d62b62..32d42e0a2 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -557,7 +557,8 @@ Check column "offline" for their availability. |`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag` |`hf mfu view `|Y |`Display content from tag dump file` |`hf mfu wrbl `|N |`Write block` -|`hf mfu eload `|N |`Load Ultralight .eml dump file into emulator memory` +|`hf mfu eload `|N |`Load Ultralight dump file into emulator memory` +|`hf mfu esave `|N |`Save Ultralight dump file from emulator memory` |`hf mfu eview `|N |`View emulator memory` |`hf mfu sim `|N |`Simulate MIFARE Ultralight from emulator memory` |`hf mfu setpwd `|N |`Set 3DES key - Ultralight-C`