From 660622568630439d0f576577912eddf4c2d5dbd3 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:48:18 +0200 Subject: [PATCH 1/4] add change password command --- client/src/cmdhfmf.c | 49 ++++++++++++++++++++++++++++++++++++++++ client/src/mifare/gen4.c | 12 ++++++++++ client/src/mifare/gen4.h | 2 ++ 3 files changed, 63 insertions(+) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 85d24bba9..4582e423a 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -8229,6 +8229,54 @@ static int CmdHF14AGen4Save(const char *Cmd) { return PM3_SUCCESS; } +// change Gent4 GTU card access password +static int CmdHF14AGen4ChangePwd(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mf gchpwd", + "Save `magic gen4 gtu` card memory to file (bin/json)", + "hf mf gchpwd --pwd 00000000 --newpwd 01020304" + ); + void *argtable[] = { + arg_param_begin, + arg_str0("p", "pwd", "", "password 4 bytes"), + arg_str0("n", "newpwd", "", "new password 4 bytes"), + arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int pwd_len = 0; + uint8_t pwd[4] = {0}; + CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len); + + int new_pwd_len = 0; + uint8_t new_pwd[4] = {0}; + CLIGetHexWithReturn(ctx, 2, new_pwd, &new_pwd_len); + + bool verbose = arg_get_lit(ctx, 3); + + if (pwd_len != 4) { + PrintAndLogEx(FAILED, "Old password must be 4 bytes long, got " _YELLOW_("%u"), pwd_len); + return PM3_EINVARG; + } + + if (new_pwd_len != 4) { + PrintAndLogEx(FAILED, "New password must be 4 bytes long, got " _YELLOW_("%u"), new_pwd_len); + return PM3_EINVARG; + } + + int res = mfG4ChangePassword(pwd, new_pwd, verbose); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERROR, "Change password error"); + return res; + } + + PrintAndLogEx(SUCCESS, "Change password done successfully."); + + return PM3_SUCCESS; +} + static int CmdHF14AGen4_GDM_Cfg(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mf gdmcfg", @@ -8876,6 +8924,7 @@ static command_t CommandTable[] = { {"gsave", CmdHF14AGen4Save, IfPm3Iso14443a, "Save dump from card into file or emulator"}, {"gsetblk", CmdHF14AGen4SetBlk, IfPm3Iso14443a, "Write block to card"}, {"gview", CmdHF14AGen4View, IfPm3Iso14443a, "View card"}, + {"gchpwd", CmdHF14AGen4ChangePwd, IfPm3Iso14443a, "Change card access password. Warning!"}, {"-----------", CmdHelp, IfPm3Iso14443a, "-------------------- " _CYAN_("magic gen4 GDM") " --------------------------"}, {"gdmcfg", CmdHF14AGen4_GDM_Cfg, IfPm3Iso14443a, "Read config block from card"}, {"gdmsetcfg", CmdHF14AGen4_GDM_SetCfg, IfPm3Iso14443a, "Write config block to card"}, diff --git a/client/src/mifare/gen4.c b/client/src/mifare/gen4.c index 7dfff509f..5846c2a40 100644 --- a/client/src/mifare/gen4.c +++ b/client/src/mifare/gen4.c @@ -145,6 +145,18 @@ int mfG4GetFactoryTest(uint8_t *pwd, uint8_t *data, size_t *datalen, bool verbos return PM3_SUCCESS; } +int mfG4ChangePassword(uint8_t *pwd, uint8_t *newpwd, bool verbose) { + uint8_t resp[40] = {0}; + size_t resplen = 0; + + int res = mfG4ExCommand(GEN4_CMD_CHANGE_PASSWORD, pwd, newpwd, 4, resp, &resplen, verbose); + if (res != PM3_SUCCESS) { + return res; + } + + return PM3_SUCCESS; +} + int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags) { struct p { uint8_t blockno; diff --git a/client/src/mifare/gen4.h b/client/src/mifare/gen4.h index 3cdc7daf1..b4e22fb98 100644 --- a/client/src/mifare/gen4.h +++ b/client/src/mifare/gen4.h @@ -42,4 +42,6 @@ int mfG4GetFactoryTest(uint8_t *pwd, uint8_t *data, size_t *datalen, bool verbos int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags); int mfG4SetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data, uint8_t workFlags); +int mfG4ChangePassword(uint8_t *pwd, uint8_t *newpwd, bool verbose); + #endif From c1bc926e24789ea18c58e0439aa1f7cb758af51c Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:49:26 +0200 Subject: [PATCH 2/4] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 401621458..6b46e72c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added `hf mf gchpwd` command for change Gen4 GTU card access password (@merlokk) - Added `--ms` option in `hw status` to specify the timeout of connection speed test (@wh201906) - Added `hf mf ginfo` command for get info about Gen4 GTU configuration (@merlokk) - Added support for loading Flipper PICOPASS dump files (@iceman1001) From 70e39ec0c450b1cb81ed03341b4e055dc7d030c6 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:52:54 +0200 Subject: [PATCH 3/4] check return code --- client/src/mifare/gen4.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/client/src/mifare/gen4.c b/client/src/mifare/gen4.c index 5846c2a40..b01085671 100644 --- a/client/src/mifare/gen4.c +++ b/client/src/mifare/gen4.c @@ -154,6 +154,9 @@ int mfG4ChangePassword(uint8_t *pwd, uint8_t *newpwd, bool verbose) { return res; } + if (resplen != 2 || resp[0] != 0x90 || resp[1] != 0x00) + return PM3_EAPDU_FAIL; + return PM3_SUCCESS; } From f2110c11ae4d27d7a5817f8381d2d0e11cfb6e02 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:56:51 +0200 Subject: [PATCH 4/4] fix text --- client/src/cmdhfmf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 4582e423a..141c49c43 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -8234,7 +8234,7 @@ static int CmdHF14AGen4ChangePwd(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mf gchpwd", - "Save `magic gen4 gtu` card memory to file (bin/json)", + "Change access password for Gen4 GTU card. WARNING! If you dont KNOW the password - you CAN'T access it!!!", "hf mf gchpwd --pwd 00000000 --newpwd 01020304" ); void *argtable[] = {