This commit is contained in:
iceman1001 2023-06-02 10:45:04 +02:00
parent 1107c214c5
commit 97eb0238b1
17 changed files with 191 additions and 160 deletions

View file

@ -1189,9 +1189,9 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
// Configure the ATQA and SAK accordingly
rATQA[0] &= 0xBF;
if(tagType == 11){
if (tagType == 11) {
rSAKc1[0] = sak & 0xFC & 0X70;
}else{
} else {
rSAKc1[0] = sak & 0xFB;
}

View file

@ -349,13 +349,13 @@ static int mf_save_keys_from_arr(uint16_t n, uint8_t *d) {
uint8_t sector = 0;
for (uint16_t i = 0; i < n; i++) {
if (mfIsSectorTrailer(i)) {
// key A offset in ST block
memcpy(keys + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE);
// key A offset in ST block
memcpy(keys + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE);
// key B offset in ST block
memcpy(keys + (MIFARE_KEY_SIZE * sectors) + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE) + 10, MIFARE_KEY_SIZE);
// key B offset in ST block
memcpy(keys + (MIFARE_KEY_SIZE * sectors) + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE) + 10, MIFARE_KEY_SIZE);
sector++;
sector++;
}
}
@ -484,7 +484,7 @@ static int mf_analyse_st_block(uint8_t blockno, uint8_t *block, bool force) {
* @param numSectors: size of the card
* @param keyFileName: filename containing keys or NULL.
*/
static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t numSectors, char *keyfn){
static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t numSectors, char *keyfn) {
// Select card to get UID/UIDLEN/ATQA/SAK information
clearCommandBuffer();
@ -517,7 +517,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n
size_t alen = 0, blen = 0;
uint8_t *keyA, *keyB;
if (loadFileBinaryKey(keyfn, "", (void**)&keyA, (void**)&keyB, &alen, &blen) != PM3_SUCCESS) {
if (loadFileBinaryKey(keyfn, "", (void **)&keyA, (void **)&keyB, &alen, &blen) != PM3_SUCCESS) {
if (keyA) {
free(keyA);
}
@ -617,7 +617,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n
SendCommandNG(CMD_HF_MIFARE_READBL, (uint8_t *)&payload, sizeof(mf_readblock_t));
received = WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500);
} else {
// key A would work
// key A would work
payload.blockno = mfFirstBlockOfSector(sectorNo) + blockNo;
payload.keytype = current_key;
memcpy(payload.key, (current_key == MF_KEY_A) ? keyA + (sectorNo * MIFARE_KEY_SIZE) : keyB + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
@ -651,7 +651,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n
if (mfIsSectorTrailer(blockNo)) {
// sector trailer. Fill in the keys.
memcpy(data , keyA + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
memcpy(data, keyA + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
memcpy(data + 10, keyB + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
}
@ -1259,7 +1259,7 @@ static int CmdHF14AMfRestore(const char *Cmd) {
//
size_t alen = 0, blen = 0;
uint8_t *keyA, *keyB;
if (loadFileBinaryKey(keyfilename, "", (void**)&keyA, (void**)&keyB, &alen, &blen) != PM3_SUCCESS) {
if (loadFileBinaryKey(keyfilename, "", (void **)&keyA, (void **)&keyB, &alen, &blen) != PM3_SUCCESS) {
if (keyA) {
free(keyA);
}
@ -1354,7 +1354,7 @@ static int CmdHF14AMfRestore(const char *Cmd) {
if (kt == MF_KEY_A)
memcpy(wdata, keyA + (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
else
memcpy(wdata, keyB+ (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
memcpy(wdata, keyB + (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
} else {
// use default key to authenticate for the write command
memcpy(wdata, default_key, MIFARE_KEY_SIZE);
@ -2518,16 +2518,16 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
sectorno = i;
keytype = j;
PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ] (used for nested / hardnested attack)",
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(key, sizeof(key))
);
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(key, sizeof(key))
);
} else {
PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ]",
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(key, sizeof(key))
);
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(key, sizeof(key))
);
}
++num_found_keys;
}
@ -2645,16 +2645,16 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
sectorno = i;
keytype = j;
PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ] (used for nested / hardnested attack)",
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(tmp_key, sizeof(tmp_key))
);
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(tmp_key, sizeof(tmp_key))
);
} else {
PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ]",
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(tmp_key, sizeof(tmp_key))
);
i,
(j == MF_KEY_B) ? 'B' : 'A',
sprint_hex_inrow(tmp_key, sizeof(tmp_key))
);
}
}
}
@ -3949,11 +3949,11 @@ void printKeyTableEx(size_t sectorscnt, sector_t *e_sector, uint8_t start_sector
}
PrintAndLogEx(SUCCESS, " " _YELLOW_("%03d") " | %03d | %s | %s | %s | %s"
, s
, mfSectorTrailerOfSector(s)
, strA, resA
, strB, resB
);
, s
, mfSectorTrailerOfSector(s)
, strA, resA
, strB, resB
);
}
PrintAndLogEx(SUCCESS, "-----+-----+--------------+---+--------------+----");
@ -5901,7 +5901,7 @@ int CmdHFMFNDEFRead(const char *Cmd) {
CLIParserFree(ctx);
uint16_t ndef_aid = NDEF_MFC_AID;
if (aidlen == 2){
if (aidlen == 2) {
ndef_aid = (aid[0] << 8) + aid[1];
}
@ -6123,7 +6123,7 @@ int CmdHFMFNDEFFormat(const char *Cmd) {
//
size_t alen = 0, blen = 0;
uint8_t *tmpA, *tmpB;
if (loadFileBinaryKey(keyFilename, "", (void**)&tmpA, (void**)&tmpB, &alen, &blen) != PM3_SUCCESS) {
if (loadFileBinaryKey(keyFilename, "", (void **)&tmpA, (void **)&tmpB, &alen, &blen) != PM3_SUCCESS) {
if (tmpA) {
free(tmpA);
}
@ -6132,9 +6132,9 @@ int CmdHFMFNDEFFormat(const char *Cmd) {
PrintAndLogEx(INFO, "Using `" _YELLOW_("%s") "`", keyFilename);
for (int i=0; i < numSectors; i++) {
memcpy(keyA[i], tmpA + (i *MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
memcpy(keyB[i], tmpB + (i *MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
for (int i = 0; i < numSectors; i++) {
memcpy(keyA[i], tmpA + (i * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
memcpy(keyB[i], tmpB + (i * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE);
}
free(tmpA);
free(tmpB);
@ -6680,7 +6680,7 @@ static int CmdHf14AMfSuperCard(const char *Cmd) {
return PM3_EINVARG;
}
#define SUPER_MAX_TRACES 7
#define SUPER_MAX_TRACES 7
uint8_t trace = 0;
uint8_t traces[SUPER_MAX_TRACES][16];
@ -7964,24 +7964,24 @@ static int CmdHF14AMfValue(const char *Cmd) {
"hf mf value --blk 16 -k FFFFFFFFFFFF -b --get\n"
"hf mf value --blk 16 -k FFFFFFFFFFFF --res --transfer 30 --tk FFFFFFFFFFFF --> transfer block 16 value to block 30 (even if block can't be incremented by ACL)\n"
"hf mf value --get -d 87D612007829EDFF87D6120011EE11EE\n"
);
);
void *argtable[] = {
arg_param_begin,
arg_str0("k", "key", "<hex>", "key, 6 hex bytes"),
arg_lit0("a", NULL, "input key type is key A (def)"),
arg_lit0("b", NULL, "input key type is key B"),
arg_u64_0(NULL, "inc", "<dec>", "Increment value by X (0 - 2147483647)"),
arg_u64_0(NULL, "dec", "<dec>", "Decrement value by X (0 - 2147483647)"),
arg_u64_0(NULL, "set", "<dec>", "Set value to X (-2147483647 - 2147483647)"),
arg_u64_0(NULL, "transfer", "<dec>", "Transfer value to other block (after inc/dec/restore)"),
arg_str0(NULL, "tkey", "<hex>", "transfer key, 6 hex bytes (if transfer is preformed to other sector)"),
arg_lit0(NULL, "ta", "transfer key type is key A (def)"),
arg_lit0(NULL, "tb", "transfer key type is key B"),
arg_lit0(NULL, "get", "Get value from block"),
arg_lit0(NULL, "res", "Restore (copy value to card buffer, should be used with --transfer)"),
arg_int0(NULL, "blk", "<dec>", "block number"),
arg_str0("d", "data", "<hex>", "block data to extract values from (16 hex bytes)"),
arg_param_end
arg_param_begin,
arg_str0("k", "key", "<hex>", "key, 6 hex bytes"),
arg_lit0("a", NULL, "input key type is key A (def)"),
arg_lit0("b", NULL, "input key type is key B"),
arg_u64_0(NULL, "inc", "<dec>", "Increment value by X (0 - 2147483647)"),
arg_u64_0(NULL, "dec", "<dec>", "Decrement value by X (0 - 2147483647)"),
arg_u64_0(NULL, "set", "<dec>", "Set value to X (-2147483647 - 2147483647)"),
arg_u64_0(NULL, "transfer", "<dec>", "Transfer value to other block (after inc/dec/restore)"),
arg_str0(NULL, "tkey", "<hex>", "transfer key, 6 hex bytes (if transfer is preformed to other sector)"),
arg_lit0(NULL, "ta", "transfer key type is key A (def)"),
arg_lit0(NULL, "tb", "transfer key type is key B"),
arg_lit0(NULL, "get", "Get value from block"),
arg_lit0(NULL, "res", "Restore (copy value to card buffer, should be used with --transfer)"),
arg_int0(NULL, "blk", "<dec>", "block number"),
arg_str0("d", "data", "<hex>", "block data to extract values from (16 hex bytes)"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -8110,9 +8110,9 @@ static int CmdHF14AMfValue(const char *Cmd) {
// don't want to write value data and break something
if ((blockno == 0) ||
(mfIsSectorTrailer(blockno)) ||
(trnval == 0) ||
(trnval != -1 && mfIsSectorTrailer(trnval))) {
(mfIsSectorTrailer(blockno)) ||
(trnval == 0) ||
(trnval != -1 && mfIsSectorTrailer(trnval))) {
PrintAndLogEx(WARNING, "invalid block number, should be a data block");
return PM3_EINVARG;
}

View file

@ -338,7 +338,7 @@ static void printHitag2PaxtonDowngrade(const uint8_t *data) {
bytes = (bytes * 0x100) + data[i];
}
for (int j = 0; j< 8; j++) {
for (int j = 0; j < 8; j++) {
num = bytes & mask;
skip -= 5;
mask = mask >> 5;

View file

@ -316,9 +316,9 @@ int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, s
int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t datalen, bool verbose, void (*callback)(json_t *), savePaths_t e_save_path) {
if (ftype != jsfCustom) {
if (data == NULL || datalen == 0) {
return PM3_EINVARG;
}
if (data == NULL || datalen == 0) {
return PM3_EINVARG;
}
}
char *fileName = newfilenamemcopyEx(preferredName, ".json", e_save_path);
@ -2032,8 +2032,8 @@ int searchFile(char **foundpath, const char *pm3dir, const char *searchname, con
PrintAndLogEx(FAILED, "Error - can't find `" _YELLOW_("%s") "`", filename);
}
}
free(filename);
return res;
free(filename);
return res;
}
int pm3_load_dump(const char *fn, void **pdump, size_t *dumplen, size_t maxdumplen) {

View file

@ -424,7 +424,7 @@ int DetectHID(uint8_t *d, uint16_t manufacture) {
int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen) {
if (in == NULL || out == NULL || ilen == 0 ) {
if (in == NULL || out == NULL || ilen == 0) {
return PM3_EINVARG;
}
@ -464,7 +464,7 @@ int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen)
// copy to out (skip ST)
memcpy(out, tmp, sizeof(tmp) - MFBLOCK_SIZE);
out += sizeof(tmp) - MFBLOCK_SIZE;
*olen += sizeof(tmp) -MFBLOCK_SIZE;
*olen += sizeof(tmp) - MFBLOCK_SIZE;
}
}
return PM3_SUCCESS;

View file

@ -917,10 +917,10 @@ static int ndefDecodeExternal_record(NDEFHeader_t *ndef) {
}
PrintAndLogEx(INFO
, " URN... " _GREEN_("urn:nfc:ext:%.*s")
, (int)ndef->TypeLen
, ndef->Type
);
, " URN... " _GREEN_("urn:nfc:ext:%.*s")
, (int)ndef->TypeLen
, ndef->Type
);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "Payload [%zu]...", ndef->PayloadLen);

View file

@ -360,7 +360,8 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf mf gsave" },
{ 0, "hf mf gsetblk" },
{ 0, "hf mf gview" },
{ 0, "hf mf gdmconfig" },
{ 0, "hf mf gdmcfg" },
{ 0, "hf mf gdmsetcfg" },
{ 0, "hf mf gdmsetblk" },
{ 0, "hf mf ndefformat" },
{ 0, "hf mf ndefread" },

View file

@ -1354,9 +1354,10 @@
"offline": false,
"options": [
"-h, --help This help",
"-f, --file <fn> (optional) filename, if no <name> UID will be used as filename"
"-f, --file <fn> (optional) filename, if no <name> UID will be used as filename",
"--ns no save to file"
],
"usage": "hf 14b dump [-h] [-f <fn>]"
"usage": "hf 14b dump [-h] [-f <fn>] [--ns]"
},
"hf 14b help": {
"command": "hf 14b help",
@ -4218,9 +4219,10 @@
"--mini MIFARE Classic Mini / S20",
"--1k MIFARE Classic 1k / S50 (def)",
"--2k MIFARE Classic/Plus 2k",
"--4k MIFARE Classic 4k / S70"
"--4k MIFARE Classic 4k / S70",
"--ns no save to file"
],
"usage": "hf mf dump [-h] [-f <fn>] [-k <fn>] [--mini] [--1k] [--2k] [--4k]"
"usage": "hf mf dump [-h] [-f <fn>] [-k <fn>] [--mini] [--1k] [--2k] [--4k] [--ns]"
},
"hf mf ecfill": {
"command": "hf mf ecfill",
@ -4368,9 +4370,10 @@
"--1k MIFARE Classic 1k / S50 (def)",
"--2k MIFARE Classic/Plus 2k",
"--4k MIFARE Classic 4k / S70",
"-v, --verbose verbose output"
"-v, --verbose verbose output",
"--sk Save extracted keys to file"
],
"usage": "hf mf eview [-hv] [--mini] [--1k] [--2k] [--4k]"
"usage": "hf mf eview [-hv] [--mini] [--1k] [--2k] [--4k] [--sk]"
},
"hf mf fchk": {
"command": "hf mf fchk",
@ -4400,18 +4403,18 @@
],
"usage": "hf mf fchk [-h] [-k <hex>]... [--mini] [--1k] [--2k] [--4k] [--emu] [--dump] [--mem] [-f <fn>]"
},
"hf mf gdmconfig": {
"command": "hf mf gdmconfig",
"hf mf gdmcfg": {
"command": "hf mf gdmcfg",
"description": "Get configuration data from magic gen4 GDM card.",
"notes": [
"hf mf gdmconfig"
"hf mf gdmcfg"
],
"offline": false,
"options": [
"-h, --help This help",
"-k, --key <hex> key 6 bytes"
],
"usage": "hf mf gdmconfig [-h] [-k <hex>]"
"usage": "hf mf gdmcfg [-h] [-k <hex>]"
},
"hf mf gdmsetblk": {
"command": "hf mf gdmsetblk",
@ -4431,6 +4434,19 @@
],
"usage": "hf mf gdmsetblk [-hab] --blk <dec> [-d <hex>] [-k <hex>] [--force]"
},
"hf mf gdmsetcfg": {
"command": "hf mf gdmsetcfg",
"description": "Set configuration data on a magic gen4 GDM card",
"notes": [
"hf mf gdmsetcfg -d 850000000000000000005A5A00000008"
],
"offline": false,
"options": [
"-h, --help This help",
"-d, --data <hex> bytes to write, 16 hex bytes"
],
"usage": "hf mf gdmsetcfg [-h] -d <hex>"
},
"hf mf gen3blk": {
"command": "hf mf gen3blk",
"description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only",
@ -4902,6 +4918,7 @@
"hf mf value --blk 16 -k FFFFFFFFFFFF --inc 10",
"hf mf value --blk 16 -k FFFFFFFFFFFF -b --dec 10",
"hf mf value --blk 16 -k FFFFFFFFFFFF -b --get",
"hf mf value --blk 16 -k FFFFFFFFFFFF --res --transfer 30 --tk FFFFFFFFFFFF -> transfer block 16 value to block 30 (even if block can't be incremented by ACL)",
"hf mf value --get -d 87D612007829EDFF87D6120011EE11EE"
],
"offline": true,
@ -4910,14 +4927,19 @@
"-k, --key <hex> key, 6 hex bytes",
"-a input key type is key A (def)",
"-b input key type is key B",
"--inc <dec> Incremenet value by X (0 - 2147483647)",
"--dec <dec> Dcrement value by X (0 - 2147483647)",
"--inc <dec> Increment value by X (0 - 2147483647)",
"--dec <dec> Decrement value by X (0 - 2147483647)",
"--set <dec> Set value to X (-2147483647 - 2147483647)",
"--transfer <dec> Transfer value to other block (after inc/dec/restore)",
"--tkey <hex> transfer key, 6 hex bytes (if transfer is preformed to other sector)",
"--ta transfer key type is key A (def)",
"--tb transfer key type is key B",
"--get Get value from block",
"--res Restore (copy value to card buffer, should be used with --transfer)",
"--blk <dec> block number",
"-d, --data <hex> block data to extract values from (16 hex bytes)"
],
"usage": "hf mf value [-hab] [-k <hex>] [--inc <dec>] [--dec <dec>] [--set <dec>] [--get] [--blk <dec>] [-d <hex>]"
"usage": "hf mf value [-hab] [-k <hex>] [--inc <dec>] [--dec <dec>] [--set <dec>] [--transfer <dec>] [--tkey <hex>] [--ta] [--tb] [--get] [--res] [--blk <dec>] [-d <hex>]"
},
"hf mf view": {
"command": "hf mf view",
@ -4929,9 +4951,10 @@
"options": [
"-h, --help This help",
"-f, --file <fn> filename of dump",
"-v, --verbose verbose output"
"-v, --verbose verbose output",
"--sk Save extracted keys to file"
],
"usage": "hf mf view [-hv] -f <fn>"
"usage": "hf mf view [-hv] -f <fn> [--sk]"
},
"hf mf wipe": {
"command": "hf mf wipe",
@ -6146,7 +6169,7 @@
},
"hf mfp commitp": {
"command": "hf mfp commitp",
"description": "Executes Commit Perso command. Can be used in SL0 mode only.",
"description": "Executes Commit Perso command. Can be used in SL0 mode only. OBS! This command will not be executed if CardConfigKey, CardMasterKey and L3SwitchKey AES keys are not written.",
"notes": [
"hf mfp commitp"
],
@ -6246,9 +6269,9 @@
"-b, --keyb Use key B (def: keyA)",
"-p, --plain Plain communication mode between reader and card",
"--blk <0..255> Block number",
"--key <hex> Key, 16 hex bytes"
"-k, --key <hex> Key, 16 hex bytes"
],
"usage": "hf mfp rdbl [-hvbp] [-n <dec>] --blk <0..255> [--key <hex>]"
"usage": "hf mfp rdbl [-hvbp] [-n <dec>] --blk <0..255> [-k <hex>]"
},
"hf mfp rdsc": {
"command": "hf mfp rdsc",
@ -6335,9 +6358,10 @@
"-k, --key <hex> Key for authentication (UL-C 16 bytes, EV1/NTAG 4 bytes)",
"-l Swap entered key's endianness",
"-p, --page <dec> Manually set start page number to start from",
"-q, --qty <dec> Manually set number of pages to dump"
"-q, --qty <dec> Manually set number of pages to dump",
"--ns no save to file"
],
"usage": "hf mfu dump [-hl] [-f <fn>] [-k <hex>] [-p <dec>] [-q <dec>]"
"usage": "hf mfu dump [-hl] [-f <fn>] [-k <hex>] [-p <dec>] [-q <dec>] [--ns]"
},
"hf mfu eload": {
"command": "hf mfu eload",
@ -6565,7 +6589,7 @@
},
"hf mfu tamper": {
"command": "hf mfu tamper",
"description": "Set the congiguration of the NTAG 213TT tamper feature Supports: NTAG 213TT",
"description": "Set the configuration of the NTAG 213TT tamper feature Supports: NTAG 213TT",
"notes": [
"hf mfu tamper -e -> enable tamper feature",
"hf mfu tamper -d -> disable tamper feature",
@ -8039,15 +8063,19 @@
"command": "lf em 4x50 brute",
"description": "Tries to bruteforce the password of a EM4x50 card. Function can be stopped by pressing pm3 button.",
"notes": [
"lf em 4x50 brute --first 12330000 --last 12340000 -> tries pwds from 0x12330000 to 0x1234000000"
"lf em 4x50 brute --mode range --begin 12330000 --end 12340000 -> tries pwds from 0x12330000 to 0x12340000",
"lf em 4x50 brute --mode charset --digits --uppercase -> tries all combinations of ASCII codes for digits and uppercase letters"
],
"offline": false,
"options": [
"-h, --help This help",
"--first <hex> first password (start), 4 bytes, lsb",
"--last <hex> last password (stop), 4 bytes, lsb"
"--mode <str> Bruteforce mode (range|charset)",
"--begin <hex> Range mode - start of the key range",
"--end <hex> Range mode - end of the key range",
"--digits Charset mode - include ASCII codes for digits",
"--uppercase Charset mode - include ASCII codes for uppercase letters"
],
"usage": "lf em 4x50 brute [-h] --first <hex> --last <hex>"
"usage": "lf em 4x50 brute [-h] --mode <str> [--begin <hex>] [--end <hex>] [--digits] [--uppercase]"
},
"lf em 4x50 chk": {
"command": "lf em 4x50 chk",
@ -10199,12 +10227,13 @@
"-f, --file <fn> filename (default is generated on blk 0)",
"-o, --override override, force pwd read despite danger to card",
"-p, --pwd <hex> password (4 hex bytes)",
"--ns no save",
"--r0 downlink - fixed bit length",
"--r1 downlink - long leading reference",
"--r2 downlink - leading zero",
"--r3 downlink - 1 of 4 coding reference"
],
"usage": "lf t55xx dump [-ho] [-f <fn>] [-p <hex>] [--r0] [--r1] [--r2] [--r3]"
"usage": "lf t55xx dump [-ho] [-f <fn>] [-p <hex>] [--ns] [--r0] [--r1] [--r2] [--r3]"
},
"lf t55xx help": {
"command": "lf t55xx help",
@ -10867,7 +10896,7 @@
"options": [
"-h, --help This help",
"-f, --file <fn> SPIFFS file to view",
"-c, --cols <dec> column breaks (def 32)"
"-c, --cols <dec> column breaks (def 16)"
],
"usage": "mem spiffs view [-h] -f <fn> [-c <dec>]"
},
@ -11592,7 +11621,7 @@
},
"script help": {
"command": "script help",
"description": "This is a feature to run Lua/Cmd/Python scripts. You can place scripts within the luascripts/cmdscripts/pyscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes",
"description": "This is a feature to run Lua/Cmd scripts. You can place scripts within the luascripts/cmdscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes",
"notes": [],
"offline": true,
"options": [],
@ -11987,8 +12016,8 @@
}
},
"metadata": {
"commands_extracted": 754,
"commands_extracted": 755,
"extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-03-26T15:04:49"
"extracted_on": "2023-06-02T08:44:26"
}
}

View file

@ -523,7 +523,8 @@ Check column "offline" for their availability.
|`hf mf gsave `|N |`Save dump from card into file or emulator`
|`hf mf gsetblk `|N |`Write block to card`
|`hf mf gview `|N |`View card`
|`hf mf gdmconfig `|N |`Read config block from card`
|`hf mf gdmcfg `|N |`Read config block from card`
|`hf mf gdmsetcfg `|N |`Write config block to card`
|`hf mf gdmsetblk `|N |`Write block to card`
|`hf mf ndefformat `|N |`Format MIFARE Classic Tag as NFC Tag`
|`hf mf ndefread `|N |`Read and print NDEF records from card`
@ -568,7 +569,7 @@ Check column "offline" for their availability.
|`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag`
|`hf mfu view `|Y |`Display content from tag dump file`
|`hf mfu wrbl `|N |`Write block`
|`hf mfu tamper `|N |`Cofigure the tamper feature on an NTAG 213TT`
|`hf mfu tamper `|N |`Configure the tamper feature on an NTAG 213TT`
|`hf mfu eload `|N |`Load Ultralight dump file into emulator memory`
|`hf mfu esave `|N |`Save Ultralight dump file from emulator memory`
|`hf mfu eview `|N |`View emulator memory`
@ -874,7 +875,7 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf em 4x50 help `|Y |`This help`
|`lf em 4x50 brute `|N |`Simple bruteforce attack to find password`
|`lf em 4x50 brute `|N |`Bruteforce attack to find password`
|`lf em 4x50 chk `|N |`Check passwords from dictionary`
|`lf em 4x50 dump `|N |`Dump EM4x50 tag`
|`lf em 4x50 info `|N |`Tag information`