From 7373c383888e34c524ad9809b11d1603e5d685e8 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Wed, 2 Jul 2025 22:04:42 +0200
Subject: [PATCH] hf 15 dump had an logic bug when reading the sysinfo
 response.  It is always fixed size but the logic for handling the Information
 byte flags made it skip bytes when it wasnt 0x0F

---
 CHANGELOG.md         |  1 +
 client/src/cmdhf15.c | 67 ++++++++++++++++++++++++++++++--------------
 2 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73ddb1c6b..6c4b03df4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Fixed `hf 15 dump` - now reads sysinfo response correct (@iceman1001)
 - Changed `make clean` - it now removes all __pycache__ folders (@iceman1001)
 - Fixed `hf 15 readmulti` - fix block calculations (@iceman1001)
 - Changed `mem load` - now handles UL-C and UL-AES dictionary files (@iceman1001)
diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c
index 1dbd32b97..d27c8d049 100644
--- a/client/src/cmdhf15.c
+++ b/client/src/cmdhf15.c
@@ -1240,8 +1240,11 @@ static int CmdHF15ELoad(const char *Cmd) {
             ((tag->pagesCount * tag->bytesPerPage) > ISO15693_TAG_MAX_SIZE) ||
             (tag->pagesCount == 0) ||
             (tag->bytesPerPage == 0)) {
+
         PrintAndLogEx(FAILED, "Tag size error: pagesCount=%d, bytesPerPage=%d",
-                      tag->pagesCount, tag->bytesPerPage);
+                      tag->pagesCount,
+                      tag->bytesPerPage
+                     );
         free(tag);
         return PM3_EINVARG;
     }
@@ -1904,35 +1907,49 @@ static int CmdHF15Dump(const char *Cmd) {
     uint8_t dCpt = 10;
 
     int res = iso15_error_handling_card_response(d, resp.length);
-    if (res != PM3_SUCCESS) {
+    if (res == PM3_ECRC) {
         free(tag);
         free(packet);
         return res;
     }
 
-    memcpy(tag->uid, &d[2], 8);
+    if (res == PM3_SUCCESS) {
+        memcpy(tag->uid, d + 2, 8);
 
-    if (d[1] & 0x01) {
-        tag->dsfid = d[dCpt++];
-    }
+        if (d[1] & 0x01) {
+            tag->dsfid = d[dCpt];
+        }
+        dCpt++;
 
-    if (d[1] & 0x02) {
-        tag->afi = d[dCpt++];
-    }
+        if (d[1] & 0x02) {
+            tag->afi = d[dCpt];
+        }
+        dCpt++;
+
+        if (d[1] & 0x04) {
+            tag->pagesCount = d[dCpt] + 1;
+            tag->bytesPerPage = d[dCpt + 1] + 1;
+        } else {
+            // Set tag memory layout values (if can't be read in SYSINFO)
+            tag->bytesPerPage = blocksize;
+            tag->pagesCount = 128;
+        }
+        dCpt += 2;
+
+        if (d[1] & 0x08) {
+            tag->ic = d[dCpt];
+        }
+        dCpt++;
 
-    if (d[1] & 0x04) {
-        tag->pagesCount = d[dCpt++] + 1;
-        tag->bytesPerPage = d[dCpt++] + 1;
     } else {
+        tag->uid[0] = 0xE0;
+        tag->dsfid = 0;
+        tag->afi = 0;
         // Set tag memory layout values (if can't be read in SYSINFO)
         tag->bytesPerPage = blocksize;
         tag->pagesCount = 128;
     }
 
-    if (d[1] & 0x08) {
-        tag->ic = d[dCpt++];
-    }
-
     // add length for blockno (1)
     packet->rawlen++;
     packet->raw[0] |= ISO15_REQ_OPTION; // Add option to dump lock status
@@ -2244,7 +2261,9 @@ static int CmdHF15Readmulti(const char *Cmd) {
 
     // 0 means 1 page,
     // 1 means 2 pages, ...
-    if (blockcnt > 0) blockcnt--;
+    if (blockcnt > 0) {
+        blockcnt--;
+    }
 
     packet->raw[packet->rawlen++] = blockno;
     packet->raw[packet->rawlen++] = blockcnt;
@@ -2702,8 +2721,11 @@ static int CmdHF15Restore(const char *Cmd) {
             ((tag->pagesCount * tag->bytesPerPage) > ISO15693_TAG_MAX_SIZE) ||
             (tag->pagesCount == 0) ||
             (tag->bytesPerPage == 0)) {
+
         PrintAndLogEx(FAILED, "Tag size error: pagesCount=%d, bytesPerPage=%d",
-                      tag->pagesCount, tag->bytesPerPage);
+                      tag->pagesCount,
+                      tag->bytesPerPage
+                     );
         free(tag);
         return PM3_EINVARG;
     }
@@ -2734,8 +2756,8 @@ static int CmdHF15Restore(const char *Cmd) {
 
         for (tried = 0; tried < retries; tried++) {
 
-            retval = hf_15_write_blk(&pm3flags, flags, uid, fast
-                                     , i, data, tag->bytesPerPage);
+            retval = hf_15_write_blk(&pm3flags, flags, uid, fast, i, data, tag->bytesPerPage);
+
             if (retval == PM3_SUCCESS) {
                 PrintAndLogEx(INPLACE, "blk %3d", i);
 
@@ -3467,8 +3489,11 @@ static int CmdHF15View(const char *Cmd) {
             ((tag->pagesCount * tag->bytesPerPage) > ISO15693_TAG_MAX_SIZE) ||
             (tag->pagesCount == 0) ||
             (tag->bytesPerPage == 0)) {
+
         PrintAndLogEx(FAILED, "Tag size error: pagesCount=%d, bytesPerPage=%d",
-                      tag->pagesCount, tag->bytesPerPage);
+                      tag->pagesCount,
+                      tag->bytesPerPage
+                     );
         free(tag);
         return PM3_EINVARG;
     }