From 58f9ba0abfa742fdfa5695ed6bb65dd62a6b3a91 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 27 Jul 2023 22:23:33 +0200 Subject: [PATCH] ugly hack to load the signature data if we are on a MFC Ev1 card. First we dont want to trigger the partial read unnecessary and secondly we dont save signature data in our MFC dump file. Need to adapt the JSON format for this --- armsrc/iso14443a.c | 12 +++++++----- armsrc/mifarecmd.c | 20 +++++++++++++++----- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index cb5f89118..07faa5b02 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -2596,7 +2596,7 @@ int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint p_card->ats_len = 0; } - if (GetATQA(resp, resp_par, polling_parameters) == false) { + if (GetATQA(resp, resp_par, polling_parameters) == 0) { return 0; } @@ -2621,11 +2621,11 @@ int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint memcpy(p_card->uid, resp, 4); // select again? - if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == false) { + if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) { return 0; } - if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == false) { + if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) { return 0; } @@ -2824,7 +2824,7 @@ int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) { uint8_t sak = 0x04; // cascade uid int cascade_level = 0; - if (!GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS)) { + if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) { return 0; } @@ -2851,7 +2851,9 @@ int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) { ReaderTransmit(sel_uid, sizeof(sel_uid), NULL); // Receive the SAK - if (!ReaderReceive(resp, resp_par)) return 0; + if (!ReaderReceive(resp, resp_par)) { + return 0; + } sak = resp[0]; diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 3f0e6f187..32e90d56a 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2071,24 +2071,33 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) { // increase time-out. Magic card etc are slow uint32_t timeout = iso14a_get_timeout(); // frame waiting time (FWT) in 1/fc - uint32_t fwt = 256 * 16 * (1 << 7); + uint32_t fwt = 256 * 16 * (1 << 6); iso14a_set_timeout(fwt / (8 * 16)); for (uint8_t s = 0; s < sectorcnt; s++) { + uint64_t ui64Key = emlGetKey(s, keytype); + if (sectorcnt == 18) { // MFC 1K EV1, skip sector 16 since its lockdown if (s == 16) { + // unknown sector trailer, keep the keys, set only the AC + uint8_t st[16] = {0x00}; + emlGetMem(st, FirstBlockOfSector(s) + 3, 1); + memcpy(st + 6, "\x70\xF0\xF8\x69", 4); + emlSetMem_xt(st, FirstBlockOfSector(s) + 3, 1, 16); continue; } + + // ICEMAN: ugly hack, we don't want to trigger the partial load message // MFC 1K EV1 sector 17 don't use key A. - if (keytype == 0) { - continue; + // not mention we don't save signatures in our MFC dump files. + if (s == 17 && keytype == 0) { + ui64Key = 0x4B791BEA7BCC; + keytype = 1; } } - uint64_t ui64Key = emlGetKey(s, keytype); - // use fast select if (have_uid == false) { // need a full select cycle to get the uid first iso14a_card_select_t card_info; @@ -2125,6 +2134,7 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) { continue; } + #define MAX_RETRIES 2 uint8_t data[16] = {0x00};