diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 85d24bba9..4582e423a 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -8229,6 +8229,54 @@ static int CmdHF14AGen4Save(const char *Cmd) { return PM3_SUCCESS; } +// change Gent4 GTU card access password +static int CmdHF14AGen4ChangePwd(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mf gchpwd", + "Save `magic gen4 gtu` card memory to file (bin/json)", + "hf mf gchpwd --pwd 00000000 --newpwd 01020304" + ); + void *argtable[] = { + arg_param_begin, + arg_str0("p", "pwd", "", "password 4 bytes"), + arg_str0("n", "newpwd", "", "new password 4 bytes"), + arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int pwd_len = 0; + uint8_t pwd[4] = {0}; + CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len); + + int new_pwd_len = 0; + uint8_t new_pwd[4] = {0}; + CLIGetHexWithReturn(ctx, 2, new_pwd, &new_pwd_len); + + bool verbose = arg_get_lit(ctx, 3); + + if (pwd_len != 4) { + PrintAndLogEx(FAILED, "Old password must be 4 bytes long, got " _YELLOW_("%u"), pwd_len); + return PM3_EINVARG; + } + + if (new_pwd_len != 4) { + PrintAndLogEx(FAILED, "New password must be 4 bytes long, got " _YELLOW_("%u"), new_pwd_len); + return PM3_EINVARG; + } + + int res = mfG4ChangePassword(pwd, new_pwd, verbose); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERROR, "Change password error"); + return res; + } + + PrintAndLogEx(SUCCESS, "Change password done successfully."); + + return PM3_SUCCESS; +} + static int CmdHF14AGen4_GDM_Cfg(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mf gdmcfg", @@ -8876,6 +8924,7 @@ static command_t CommandTable[] = { {"gsave", CmdHF14AGen4Save, IfPm3Iso14443a, "Save dump from card into file or emulator"}, {"gsetblk", CmdHF14AGen4SetBlk, IfPm3Iso14443a, "Write block to card"}, {"gview", CmdHF14AGen4View, IfPm3Iso14443a, "View card"}, + {"gchpwd", CmdHF14AGen4ChangePwd, IfPm3Iso14443a, "Change card access password. Warning!"}, {"-----------", CmdHelp, IfPm3Iso14443a, "-------------------- " _CYAN_("magic gen4 GDM") " --------------------------"}, {"gdmcfg", CmdHF14AGen4_GDM_Cfg, IfPm3Iso14443a, "Read config block from card"}, {"gdmsetcfg", CmdHF14AGen4_GDM_SetCfg, IfPm3Iso14443a, "Write config block to card"}, diff --git a/client/src/mifare/gen4.c b/client/src/mifare/gen4.c index 7dfff509f..5846c2a40 100644 --- a/client/src/mifare/gen4.c +++ b/client/src/mifare/gen4.c @@ -145,6 +145,18 @@ int mfG4GetFactoryTest(uint8_t *pwd, uint8_t *data, size_t *datalen, bool verbos return PM3_SUCCESS; } +int mfG4ChangePassword(uint8_t *pwd, uint8_t *newpwd, bool verbose) { + uint8_t resp[40] = {0}; + size_t resplen = 0; + + int res = mfG4ExCommand(GEN4_CMD_CHANGE_PASSWORD, pwd, newpwd, 4, resp, &resplen, verbose); + if (res != PM3_SUCCESS) { + return res; + } + + return PM3_SUCCESS; +} + int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags) { struct p { uint8_t blockno; diff --git a/client/src/mifare/gen4.h b/client/src/mifare/gen4.h index 3cdc7daf1..b4e22fb98 100644 --- a/client/src/mifare/gen4.h +++ b/client/src/mifare/gen4.h @@ -42,4 +42,6 @@ int mfG4GetFactoryTest(uint8_t *pwd, uint8_t *data, size_t *datalen, bool verbos int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags); int mfG4SetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags); +int mfG4ChangePassword(uint8_t *pwd, uint8_t *newpwd, bool verbose); + #endif