github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

ugly hack to load the signature data if we are on a MFC Ev1 card. First we dont want to trigger the partial read unnecessary and secondly we dont save signature data in our MFC dump file. Need to adapt the JSON format for this

Browse source
This commit is contained in:
iceman1001 2023-07-27 22:23:33 +02:00
commit 58f9ba0abf
2 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

12
armsrc/iso14443a.c
View file

@ -2596,7 +2596,7 @@ int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint
p_card->ats_len = 0; p_card->ats_len = 0;
} }
if (GetATQA(resp, resp_par, polling_parameters) == false) { if (GetATQA(resp, resp_par, polling_parameters) == 0) {
return 0; return 0;
} }
@ -2621,11 +2621,11 @@ int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint
memcpy(p_card->uid, resp, 4); memcpy(p_card->uid, resp, 4);
// select again? // select again?
if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == false) { if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) {
return 0; return 0;
} }
if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == false) { if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) {
return 0; return 0;
} }
@ -2824,7 +2824,7 @@ int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) {
uint8_t sak = 0x04; // cascade uid uint8_t sak = 0x04; // cascade uid
int cascade_level = 0; int cascade_level = 0;
if (!GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS)) { if (GetATQA(resp, resp_par, &WUPA_POLLING_PARAMETERS) == 0) {
return 0; return 0;
} }
@ -2851,7 +2851,9 @@ int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) {
ReaderTransmit(sel_uid, sizeof(sel_uid), NULL); ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
// Receive the SAK // Receive the SAK
if (!ReaderReceive(resp, resp_par)) return 0; if (!ReaderReceive(resp, resp_par)) {
return 0;
}
sak = resp[0]; sak = resp[0];

24
armsrc/mifarecmd.c
View file

@ -2071,23 +2071,32 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) {
// increase time-out. Magic card etc are slow // increase time-out. Magic card etc are slow
uint32_t timeout = iso14a_get_timeout(); uint32_t timeout = iso14a_get_timeout();
// frame waiting time (FWT) in 1/fc // frame waiting time (FWT) in 1/fc
uint32_t fwt = 256 * 16 * (1 << 7); uint32_t fwt = 256 * 16 * (1 << 6);
iso14a_set_timeout(fwt / (8 * 16)); iso14a_set_timeout(fwt / (8 * 16));
for (uint8_t s = 0; s < sectorcnt; s++) { for (uint8_t s = 0; s < sectorcnt; s++) {
uint64_t ui64Key = emlGetKey(s, keytype);
if (sectorcnt == 18) { if (sectorcnt == 18) {
// MFC 1K EV1, skip sector 16 since its lockdown // MFC 1K EV1, skip sector 16 since its lockdown
if (s == 16) { if (s == 16) {
// unknown sector trailer, keep the keys, set only the AC
uint8_t st[16] = {0x00};
emlGetMem(st, FirstBlockOfSector(s) + 3, 1);
memcpy(st + 6, "\x70\xF0\xF8\x69", 4);
emlSetMem_xt(st, FirstBlockOfSector(s) + 3, 1, 16);
continue; continue;
} }
// MFC 1K EV1 sector 17 don't use key A.
if (keytype == 0) {
continue;
}
}
uint64_t ui64Key = emlGetKey(s, keytype); // ICEMAN: ugly hack, we don't want to trigger the partial load message
// MFC 1K EV1 sector 17 don't use key A.
// not mention we don't save signatures in our MFC dump files.
if (s == 17 && keytype == 0) {
ui64Key = 0x4B791BEA7BCC;
keytype = 1;
}
}
// use fast select // use fast select
if (have_uid == false) { // need a full select cycle to get the uid first if (have_uid == false) { // need a full select cycle to get the uid first
@ -2125,6 +2134,7 @@ int MifareECardLoad(uint8_t sectorcnt, uint8_t keytype) {
continue; continue;
} }
#define MAX_RETRIES 2 #define MAX_RETRIES 2
uint8_t data[16] = {0x00}; uint8_t data[16] = {0x00};