github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 13:00:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

changed hf mf wrbl and view command to look for strict readonly ACL in the data.

Browse source
This commit is contained in:
iceman1001 2023-01-06 23:53:25 +01:00
commit 9888eef8dc
17 changed files with 313 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Changed `hf mf wrbl` - now checks for strict readonly ACL's in the data to write (@iceman1001)
- Changed `hf mf view` - verbose printing if strict readonly ACL's exists in dump file (@iceman1001)
- Add command `piv authsign` to get a buffer signed by the selected key (@jmichelp) - Add command `piv authsign` to get a buffer signed by the selected key (@jmichelp)
- Add command `piv scan` which tries to read all known containers on PIV (@jmichelp) - Add command `piv scan` which tries to read all known containers on PIV (@jmichelp)
- Add support for PIV commands, over wired and contactless interfaces (@jmichelp) - Add support for PIV commands, over wired and contactless interfaces (@jmichelp)

62
client/src/cmdhfmf.c
View file

@ -375,6 +375,31 @@ static bool mf_write_block(const uint8_t *key, uint8_t keytype, uint8_t blockno,
return (resp.oldarg[0] & 0xff); return (resp.oldarg[0] & 0xff);
} }
static void mf_analyse_acl(uint16_t n, uint8_t *d) {
for (uint16_t b = 3; b < n; b++) {
if (mfIsSectorTrailer(b) == false) {
continue;
}
uint8_t block[MFBLOCK_SIZE] = {0x00};
memcpy(block, d + (b * MFBLOCK_SIZE), MFBLOCK_SIZE);
// ensure access right isn't messed up.
if (mfValidateAccessConditions(&block[6]) == false) {
PrintAndLogEx(WARNING, "Invalid Access Conditions on sector " _YELLOW_("%u"), mfSectorNum(b));
}
// Warn if ACL is strict read-only
uint8_t bar = mfNumBlocksPerSector(mfSectorNum(b));
for (uint8_t foo = 0; foo < bar; foo++) {
if (mfReadOnlyAccessConditions(foo, &block[6])) {
PrintAndLogEx(WARNING, _YELLOW_("s%u / b%u") " - Strict ReadOnly Access Conditions detected", mfSectorNum(b), b - bar + 1 + foo);
}
}
}
}
static int CmdHF14AMfAcl(const char *Cmd) { static int CmdHF14AMfAcl(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mf acl", CLIParserInit(&ctx, "hf mf acl",
@ -539,6 +564,32 @@ static int CmdHF14AMfWrBl(const char *Cmd) {
uint8_t blockno = (uint8_t)b; uint8_t blockno = (uint8_t)b;
// Warn if ACL is strict read-only
if (mfIsSectorTrailer(blockno)) {
PrintAndLogEx(INFO, "Sector trailer (ST) write detected");
// ensure access right isn't messed up.
if (mfValidateAccessConditions(&block[6]) == false) {
PrintAndLogEx(WARNING, "Invalid Access Conditions detected, replacing by default values");
memcpy(block + 6, "\xFF\x07\x80\x69", 4);
}
bool ro_detected = false;
uint8_t bar = mfNumBlocksPerSector(mfSectorNum(blockno));
for (uint8_t foo = 0; foo < bar; foo++) {
if (mfReadOnlyAccessConditions(foo, &block[6])) {
PrintAndLogEx(WARNING, "Strict ReadOnly Access Conditions on block " _YELLOW_("%u") " detected", blockno - bar + 1 + foo);
ro_detected = true;
}
}
if (ro_detected) {
PrintAndLogEx(INFO, "Exiting, please run `" _YELLOW_("hf mf acl -d %s") "` to understand", sprint_hex_inrow(&block[6], 3));
return PM3_EINVARG;
} else {
PrintAndLogEx(SUCCESS, "ST passed checks, continuing...");
}
}
PrintAndLogEx(INFO, "Writing block no %d, key %c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key))); PrintAndLogEx(INFO, "Writing block no %d, key %c - %s", blockno, (keytype == MF_KEY_B) ? 'B' : 'A', sprint_hex_inrow(key, sizeof(key)));
PrintAndLogEx(INFO, "data: %s", sprint_hex(block, sizeof(block))); PrintAndLogEx(INFO, "data: %s", sprint_hex(block, sizeof(block)));
@ -1172,7 +1223,7 @@ static int CmdHF14AMfRestore(const char *Cmd) {
PrintAndLogEx(INFO, "Restoring " _YELLOW_("%s")" to card", datafilename); PrintAndLogEx(INFO, "Restoring " _YELLOW_("%s")" to card", datafilename);
// main loop for restoreing. // main loop for restoring.
// a bit more complicated than needed // a bit more complicated than needed
// this is because of two things. // this is because of two things.
// 1. we are setting keys from a key file or using the existing ones in the dump // 1. we are setting keys from a key file or using the existing ones in the dump
@ -1182,7 +1233,6 @@ static int CmdHF14AMfRestore(const char *Cmd) {
for (uint8_t b = 0; b < mfNumBlocksPerSector(s); b++) { for (uint8_t b = 0; b < mfNumBlocksPerSector(s); b++) {
uint8_t bldata[MFBLOCK_SIZE] = {0x00}; uint8_t bldata[MFBLOCK_SIZE] = {0x00};
memcpy(bldata, dump, MFBLOCK_SIZE); memcpy(bldata, dump, MFBLOCK_SIZE);
// if sector trailer // if sector trailer
@ -1209,6 +1259,13 @@ static int CmdHF14AMfRestore(const char *Cmd) {
PrintAndLogEx(WARNING, "Invalid Access Conditions on sector %i, replacing by default values", s); PrintAndLogEx(WARNING, "Invalid Access Conditions on sector %i, replacing by default values", s);
memcpy(bldata + 6, "\xFF\x07\x80\x69", 4); memcpy(bldata + 6, "\xFF\x07\x80\x69", 4);
} }
// Warn if ACL is strict read-only
for (uint8_t foo = 0; foo < mfNumBlocksPerSector(s); foo++) {
if (mfReadOnlyAccessConditions(foo, &bldata[6])) {
PrintAndLogEx(WARNING, "Strict ReadOnly Access Conditions on block " _YELLOW_("%u") " detected", foo);
}
}
} }
if (bytes_read) { if (bytes_read) {
@ -6818,6 +6875,7 @@ static int CmdHF14AMfView(const char *Cmd) {
if (verbose) { if (verbose) {
mf_print_keys(block_cnt, dump); mf_print_keys(block_cnt, dump);
mf_analyse_acl(block_cnt, dump);
} }
int sector = DetectHID(dump, 0x4910); int sector = DetectHID(dump, 0x4910);

39
client/src/mifare/mifare4.c
View file

@ -74,22 +74,37 @@ AccessConditions_t MFAccessConditionsTrailer[] = {
}; };
bool mfValidateAccessConditions(const uint8_t *data) { bool mfValidateAccessConditions(const uint8_t *data) {
uint8_t ndata1 = (data[0]) & 0x0f; uint8_t nd1 = NIBBLE_LOW(data[0]);
uint8_t ndata2 = (data[0] >> 4) & 0x0f; uint8_t nd2 = NIBBLE_HIGH(data[0]);
uint8_t ndata3 = (data[1]) & 0x0f; uint8_t nd3 = NIBBLE_LOW(data[1]);
uint8_t data1 = (data[1] >> 4) & 0x0f; uint8_t d1 = NIBBLE_HIGH(data[1]);
uint8_t data2 = (data[2]) & 0x0f; uint8_t d2 = NIBBLE_LOW(data[2]);
uint8_t data3 = (data[2] >> 4) & 0x0f; uint8_t d3 = NIBBLE_HIGH(data[2]);
return ((ndata1 == (data1 ^ 0xF)) && (ndata2 == (data2 ^ 0xF)) && (ndata3 == (data3 ^ 0xF))); return ((nd1 == (d1 ^ 0xF)) && (nd2 == (d2 ^ 0xF)) && (nd3 == (d3 ^ 0xF)));
}
bool mfReadOnlyAccessConditions(uint8_t blockn, const uint8_t *data) {
uint8_t d1 = NIBBLE_HIGH(data[1]) >> blockn;
uint8_t d2 = NIBBLE_LOW(data[2]) >> blockn;
uint8_t d3 = NIBBLE_HIGH(data[2]) >> blockn;
uint8_t cond = (d1 & 0x01) << 2 | (d2 & 0x01) << 1 | (d3 & 0x01);
if (blockn == 3) {
if ((cond == 0x02) || (cond == 0x06) || (cond == 0x07)) return true;
} else {
if ((cond == 0x02) || (cond == 0x05)) return true;
}
return false;
} }
const char *mfGetAccessConditionsDesc(uint8_t blockn, const uint8_t *data) {
uint8_t data1 = ((data[1] >> 4) & 0x0f) >> blockn;
uint8_t data2 = ((data[2]) & 0x0f) >> blockn;
uint8_t data3 = ((data[2] >> 4) & 0x0f) >> blockn;
uint8_t cond = (data1 & 0x01) << 2 | (data2 & 0x01) << 1 | (data3 & 0x01); const char *mfGetAccessConditionsDesc(uint8_t blockn, const uint8_t *data) {
uint8_t d1 = NIBBLE_HIGH(data[1]) >> blockn;
uint8_t d2 = NIBBLE_LOW(data[2]) >> blockn;
uint8_t d3 = NIBBLE_HIGH(data[2]) >> blockn;
uint8_t cond = (d1 & 0x01) << 2 | (d2 & 0x01) << 1 | (d3 & 0x01);
if (blockn == 3) { if (blockn == 3) {
for (int i = 0; i < ARRAYLEN(MFAccessConditionsTrailer); i++) for (int i = 0; i < ARRAYLEN(MFAccessConditionsTrailer); i++)

1
client/src/mifare/mifare4.h
View file

@ -71,6 +71,7 @@ int MFPGetSignature(bool activateField, bool leaveSignalON, uint8_t *dataout, in
int MFPGetVersion(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); int MFPGetVersion(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
bool mfValidateAccessConditions(const uint8_t *data); bool mfValidateAccessConditions(const uint8_t *data);
bool mfReadOnlyAccessConditions(uint8_t blockn, const uint8_t *data);
const char *mfGetAccessConditionsDesc(uint8_t blockn, const uint8_t *data); const char *mfGetAccessConditionsDesc(uint8_t blockn, const uint8_t *data);
uint8_t mfNumBlocksPerSector(uint8_t sectorNo); uint8_t mfNumBlocksPerSector(uint8_t sectorNo);

6
client/src/pm3line_vocabulory.h
View file

@ -349,6 +349,7 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf mf gen3freeze" }, { 0, "hf mf gen3freeze" },
{ 0, "hf mf ggetblk" }, { 0, "hf mf ggetblk" },
{ 0, "hf mf gload" }, { 0, "hf mf gload" },
{ 0, "hf mf gsave" },
{ 0, "hf mf gsetblk" }, { 0, "hf mf gsetblk" },
{ 0, "hf mf gview" }, { 0, "hf mf gview" },
{ 0, "hf mf ndefformat" }, { 0, "hf mf ndefformat" },
@ -736,6 +737,11 @@ const static vocabulory_t vocabulory[] = {
{ 0, "nfc barcode read" }, { 0, "nfc barcode read" },
{ 0, "nfc barcode sim" }, { 0, "nfc barcode sim" },
{ 1, "nfc barcode help" }, { 1, "nfc barcode help" },
{ 1, "piv help" },
{ 0, "piv select" },
{ 0, "piv getdata" },
{ 0, "piv scan" },
{ 1, "piv list" },
{ 1, "smart help" }, { 1, "smart help" },
{ 1, "smart list" }, { 1, "smart list" },
{ 0, "smart info" }, { 0, "smart info" },

217
doc/commands.json
View file

@ -1030,7 +1030,7 @@
}, },
"help": { "help": {
"command": "help", "command": "help",
"description": "help Use `<command> help` for details of a command prefs { Edit client/device preferences... } -------- ----------------------- Technology ----------------------- analyse { Analyse utils... } data { Plot window / data buffer manipulation... } emv { EMV ISO-14443 / ISO-7816... } hf { High frequency commands... } hw { Hardware commands... } lf { Low frequency commands... } nfc { NFC commands... } reveng { CRC calculations from RevEng software... } smart { Smart card ISO-7816 commands... } script { Scripting commands... } trace { Trace manipulation... } wiegand { Wiegand format manipulation... } -------- ----------------------- General ----------------------- clear Clear screen hints Turn hints on / off msleep Add a pause in milliseconds rem Add a text line in log file quit exit Exit program", "description": "help Use `<command> help` for details of a command prefs { Edit client/device preferences... } -------- ----------------------- Technology ----------------------- analyse { Analyse utils... } data { Plot window / data buffer manipulation... } emv { EMV ISO-14443 / ISO-7816... } hf { High frequency commands... } hw { Hardware commands... } lf { Low frequency commands... } nfc { NFC commands... } piv { PIV commands... } reveng { CRC calculations from RevEng software... } smart { Smart card ISO-7816 commands... } script { Scripting commands... } trace { Trace manipulation... } wiegand { Wiegand format manipulation... } -------- ----------------------- General ----------------------- clear Clear screen hints Turn hints on / off msleep Add a pause in milliseconds rem Add a text line in log file quit exit Exit program",
"notes": [], "notes": [],
"offline": true, "offline": true,
"options": [], "options": [],
@ -2916,9 +2916,10 @@
"-f, --file <fn> Dictionary file with default iclass keys", "-f, --file <fn> Dictionary file with default iclass keys",
"--credit key is assumed to be the credit key", "--credit key is assumed to be the credit key",
"--elite elite computations applied to key", "--elite elite computations applied to key",
"--raw no computations applied to key (raw)" "--raw no computations applied to key (raw)",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass chk [-h] -f <fn> [--credit] [--elite] [--raw]" "usage": "hf iclass chk [-h] -f <fn> [--credit] [--elite] [--raw] [--shallow]"
}, },
"hf iclass configcard": { "hf iclass configcard": {
"command": "hf iclass configcard", "command": "hf iclass configcard",
@ -2970,9 +2971,10 @@
"--raw raw, the key is interpreted as raw block 3/4", "--raw raw, the key is interpreted as raw block 3/4",
"--nr replay of NR/MAC", "--nr replay of NR/MAC",
"-z, --dense dense dump output style", "-z, --dense dense dump output style",
"--force force unsecure card read" "--force force unsecure card read",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass dump [-hz] [-f <fn>] [-k <hex>] [--ki <dec>] [--credit <hex>] [--ci <dec>] [--elite] [--raw] [--nr] [--force]" "usage": "hf iclass dump [-hz] [-f <fn>] [-k <hex>] [--ki <dec>] [--credit <hex>] [--ci <dec>] [--elite] [--raw] [--nr] [--force] [--shallow]"
}, },
"hf iclass eload": { "hf iclass eload": {
"command": "hf iclass eload", "command": "hf iclass eload",
@ -3008,9 +3010,10 @@
"--enckey <hex> 3DES transport key, 16 hex bytes", "--enckey <hex> 3DES transport key, 16 hex bytes",
"--fc <dec> facility code", "--fc <dec> facility code",
"--cn <dec> card number", "--cn <dec> card number",
"-w, --wiegand <format> see `wiegand list` for available formats" "-w, --wiegand <format> see `wiegand list` for available formats",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass encode [-h] [--bin <bin>] --ki <dec> [--credit] [--elite] [--raw] [--enckey <hex>] [--fc <dec>] [--cn <dec>] [-w <format>]" "usage": "hf iclass encode [-h] [--bin <bin>] --ki <dec> [--credit] [--elite] [--raw] [--enckey <hex>] [--fc <dec>] [--cn <dec>] [-w <format>] [--shallow]"
}, },
"hf iclass encrypt": { "hf iclass encrypt": {
"command": "hf iclass encrypt", "command": "hf iclass encrypt",
@ -3077,9 +3080,10 @@
], ],
"offline": true, "offline": true,
"options": [ "options": [
"-h, --help This help" "-h, --help This help",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass info [-h]" "usage": "hf iclass info [-h] [--shallow]"
}, },
"hf iclass list": { "hf iclass list": {
"command": "hf iclass list", "command": "hf iclass list",
@ -3191,9 +3195,10 @@
"--elite elite computations applied to key", "--elite elite computations applied to key",
"--raw no computations applied to key", "--raw no computations applied to key",
"--nr replay of NR/MAC", "--nr replay of NR/MAC",
"-v, --verbose verbose output" "-v, --verbose verbose output",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass rdbl [-hv] [-k <hex>] [--ki <dec>] -b <dec> [--credit] [--elite] [--raw] [--nr]" "usage": "hf iclass rdbl [-hv] [-k <hex>] [--ki <dec>] -b <dec> [--credit] [--elite] [--raw] [--nr] [--shallow]"
}, },
"hf iclass reader": { "hf iclass reader": {
"command": "hf iclass reader", "command": "hf iclass reader",
@ -3204,9 +3209,10 @@
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help", "-h, --help This help",
"-@ optional - continuous reader mode" "-@ optional - continuous reader mode",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass reader [-h@]" "usage": "hf iclass reader [-h@] [--shallow]"
}, },
"hf iclass restore": { "hf iclass restore": {
"command": "hf iclass restore", "command": "hf iclass restore",
@ -3227,9 +3233,10 @@
"--credit key is assumed to be the credit key", "--credit key is assumed to be the credit key",
"--elite elite computations applied to key", "--elite elite computations applied to key",
"--raw no computations applied to key", "--raw no computations applied to key",
"-v, --verbose verbose output" "-v, --verbose verbose output",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass restore [-hv] -f <fn> [-k <hex>] [--ki <dec>] --first <dec> --last <dec> [--credit] [--elite] [--raw]" "usage": "hf iclass restore [-hv] -f <fn> [-k <hex>] [--ki <dec>] --first <dec> --last <dec> [--credit] [--elite] [--raw] [--shallow]"
}, },
"hf iclass sim": { "hf iclass sim": {
"command": "hf iclass sim", "command": "hf iclass sim",
@ -3301,9 +3308,10 @@
"--elite elite computations applied to key", "--elite elite computations applied to key",
"--raw no computations applied to key", "--raw no computations applied to key",
"--nr replay of NR/MAC", "--nr replay of NR/MAC",
"-v, --verbose verbose output" "-v, --verbose verbose output",
"--shallow use shallow (ASK) reader modulation instead of OOK"
], ],
"usage": "hf iclass wrbl [-hv] [-k <hex>] [--ki <dec>] -b <dec> -d <hex> [-m <hex>] [--credit] [--elite] [--raw] [--nr]" "usage": "hf iclass wrbl [-hv] [-k <hex>] [--ki <dec>] -b <dec> -d <hex> [-m <hex>] [--credit] [--elite] [--raw] [--nr] [--shallow]"
}, },
"hf jooki clone": { "hf jooki clone": {
"command": "hf jooki clone", "command": "hf jooki clone",
@ -3391,6 +3399,20 @@
], ],
"usage": "hf jooki sim [-h] [-b <base64>]" "usage": "hf jooki sim [-h] [-b <base64>]"
}, },
"hf ksx6924 balance": {
"command": "hf ksx6924 balance",
"description": "Gets the current purse balance",
"notes": [
"hf ksx6924 balance"
],
"offline": false,
"options": [
"-h, --help This help",
"-k, --keep keep field ON for next command",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 balance [-hka]"
},
"hf ksx6924 help": { "hf ksx6924 help": {
"command": "hf ksx6924 help", "command": "hf ksx6924 help",
"description": "help This help", "description": "help This help",
@ -3399,19 +3421,6 @@
"options": [], "options": [],
"usage": "" "usage": ""
}, },
"hf ksx6924 select": {
"command": "hf ksx6924 select",
"description": "Selects KS X 6924 application, and leaves field up",
"notes": [
"hf ksx6924 select"
],
"offline": false,
"options": [
"-h, --help This help",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 select [-ha]"
},
"hf ksx6924 info": { "hf ksx6924 info": {
"command": "hf ksx6924 info", "command": "hf ksx6924 info",
"description": "Get info about a KS X 6924 transit card. This application is used by T-Money (South Korea) and Snapper+ (Wellington, New Zealand).", "description": "Get info about a KS X 6924 transit card. This application is used by T-Money (South Korea) and Snapper+ (Wellington, New Zealand).",
@ -3426,23 +3435,9 @@
], ],
"usage": "hf ksx6924 info [-hka]" "usage": "hf ksx6924 info [-hka]"
}, },
"hf ksx6924 balance": {
"command": "hf ksx6924 balance",
"description": "Gets the current purse balance",
"notes": [
"hf ksx6924 balance"
],
"offline": false,
"options": [
"-h, --help This help",
"-k, --keep keep field ON for next command",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 balance [-hka]"
},
"hf ksx6924 init": { "hf ksx6924 init": {
"command": "hf ksx6924 init", "command": "hf ksx6924 init",
"description": "Perform transaction initialization (mpda)", "description": "Perform transaction initialization with Mpda (Money of Purchase Transaction)",
"notes": [ "notes": [
"hf ksx6924 init 000003e8 -> Mpda" "hf ksx6924 init 000003e8 -> Mpda"
], ],
@ -3468,7 +3463,19 @@
], ],
"usage": "hf ksx6924 prec [-hka] <record 1byte HEX>" "usage": "hf ksx6924 prec [-hka] <record 1byte HEX>"
}, },
"hf ksx6924 select": {
"command": "hf ksx6924 select",
"description": "Selects KS X 6924 application, and leaves field up",
"notes": [
"hf ksx6924 select"
],
"offline": false,
"options": [
"-h, --help This help",
"-a, --apdu Show APDU requests and responses"
],
"usage": "hf ksx6924 select [-ha]"
},
"hf legic crc": { "hf legic crc": {
"command": "hf legic crc", "command": "hf legic crc",
"description": "Calculates the legic crc8/crc16 on the given data", "description": "Calculates the legic crc8/crc16 on the given data",
@ -3971,7 +3978,7 @@
"--1k MIFARE Classic 1k / S50 (def)", "--1k MIFARE Classic 1k / S50 (def)",
"--2k MIFARE Classic/Plus 2k", "--2k MIFARE Classic/Plus 2k",
"--4k MIFARE Classic 4k / S70", "--4k MIFARE Classic 4k / S70",
"--emu from emulator memory" "--emu to emulator memory"
], ],
"usage": "hf mf csave [-h] [-f <fn>] [--mini] [--1k] [--2k] [--4k] [--emu]" "usage": "hf mf csave [-h] [-f <fn>] [--mini] [--1k] [--2k] [--4k] [--emu]"
}, },
@ -4348,6 +4355,27 @@
], ],
"usage": "hf mf gload [-hv] [--mini] [--1k] [--2k] [--4k] [-p <hex>] [-f <fn>] [--emu] [--start <dec>] [--end <dec>]" "usage": "hf mf gload [-hv] [--mini] [--1k] [--2k] [--4k] [-p <hex>] [-f <fn>] [--emu] [--start <dec>] [--end <dec>]"
}, },
"hf mf gsave": {
"command": "hf mf gsave",
"description": "Save `magic gen4 gtu` card memory into three files (BIN/EML/JSON)or into emulator memory",
"notes": [
"hf mf gsave",
"hf mf gsave --4k",
"hf mf gsave -p DEADBEEF -f hf-mf-01020304.json"
],
"offline": false,
"options": [
"-h, --help This help",
"--mini MIFARE Classic Mini / S20",
"--1k MIFARE Classic 1k / S50 (def)",
"--2k MIFARE Classic/Plus 2k",
"--4k MIFARE Classic 4k / S70",
"-p, --pwd <hex> password 4bytes",
"-f, --file <fn> filename of dump",
"--emu to emulator memory"
],
"usage": "hf mf gsave [-h] [--mini] [--1k] [--2k] [--4k] [-p <hex>] [-f <fn>] [--emu]"
},
"hf mf gsetblk": { "hf mf gsetblk": {
"command": "hf mf gsetblk", "command": "hf mf gsetblk",
"description": "Set block data on a magic gen4 GTU card", "description": "Set block data on a magic gen4 GTU card",
@ -6176,7 +6204,7 @@
}, },
"hf mfu esave": { "hf mfu esave": {
"command": "hf mfu esave", "command": "hf mfu esave",
"description": "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json) By default number of pages saved depends on defined tag type. You can overrife this with option --end.", "description": "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json) By default number of pages saved depends on defined tag type. You can override this with option --end.",
"notes": [ "notes": [
"hf mfu esave", "hf mfu esave",
"hf mfu esave --end 255 -> saves whole memory", "hf mfu esave --end 255 -> saves whole memory",
@ -6192,7 +6220,7 @@
}, },
"hf mfu eview": { "hf mfu eview": {
"command": "hf mfu eview", "command": "hf mfu eview",
"description": "Displays emulator memory By default number of pages shown depends on defined tag type. You can overrife this with option --end.", "description": "Displays emulator memory By default number of pages shown depends on defined tag type. You can override this with option --end.",
"notes": [ "notes": [
"hf mfu eview", "hf mfu eview",
"hf mfu eview --end 255 -> dumps whole memory" "hf mfu eview --end 255 -> dumps whole memory"
@ -10924,6 +10952,93 @@
], ],
"usage": "hf 14b ndefread [-hv] [-f <fn>]" "usage": "hf 14b ndefread [-hv] [-f <fn>]"
}, },
"piv getdata": {
"command": "piv getdata",
"description": "Get a data container of a given tag",
"notes": [
"piv getdata -s 5fc102 -> select card, select applet, get card holder unique identifer",
"piv getdata -st 5fc102 -> select card, select applet, get card holder unique identifer, show result in TLV"
],
"offline": false,
"options": [
"-h, --help This help",
"-s, -S, --select Activate field and select applet",
"-k, -K, --keep Keep field for next command",
"-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"--aid <hex> Applet ID to select. By default A0000003080000100 will be used",
"<hex> Tag ID to read, between 1 and 3 bytes."
],
"usage": "piv getdata [-hskatw] [--aid <hex>] <hex>"
},
"piv help": {
"command": "piv help",
"description": "help This help list List ISO7816 history",
"notes": [],
"offline": true,
"options": [],
"usage": ""
},
"piv list": {
"command": "piv list",
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
"notes": [
"piv list --frame -> show frame delay times",
"piv list -1 -> use trace buffer"
],
"offline": true,
"options": [
"-h, --help This help",
"-1, --buffer use data from trace buffer",
"--frame show frame delay times",
"-c mark CRC bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
"-f, --file <fn> filename of dictionary"
],
"usage": "piv list [-h1crux] [--frame] [-f <fn>]"
},
"piv scan": {
"command": "piv scan",
"description": "Scan a PIV card for known containers",
"notes": [
"piv scan -s -> select card, select applet and run scan",
"piv scan -st --aid a00000030800001000 -> select card, select applet a00000030800001000, show result of the scan in TLV"
],
"offline": false,
"options": [
"-h, --help This help",
"-s, -S, --select Activate field and select applet",
"-k, -K, --keep Keep field for next command",
"-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"--aid <hex> Applet ID to select. By default A0000003080000100 will be used"
],
"usage": "piv scan [-hskatw] [--aid <hex>]"
},
"piv select": {
"command": "piv select",
"description": "Executes select applet command",
"notes": [
"piv select -s -> select card, select applet",
"piv select -st --aid a00000030800001000 -> select card, select applet a00000030800001000, show result in TLV"
],
"offline": false,
"options": [
"-h, --help This help",
"-s, -S, --select Activate field and select applet",
"-k, -K, --keep Keep field for next command",
"-a, -A, --apdu Show APDU requests and responses",
"-t, -T, --tlv TLV decode results",
"-w, -W, --wired Send data via contact (iso7816) interface. (def: Contactless interface)",
"--aid <hex> Applet ID to select. By default A0000003080000100 will be used"
],
"usage": "piv select [-hskatw] [--aid <hex>]"
},
"prefs get barmode": { "prefs get barmode": {
"command": "prefs get barmode", "command": "prefs get barmode",
"description": "Get preference of HF/LF tune command styled output in the client", "description": "Get preference of HF/LF tune command styled output in the client",
@ -11616,8 +11731,8 @@
} }
}, },
"metadata": { "metadata": {
"commands_extracted": 732, "commands_extracted": 738,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2022-11-20T20:19:15" "extracted_on": "2023-01-06T21:37:50"
} }
} }

16
doc/commands.md
View file

@ -370,7 +370,7 @@ Check column "offline" for their availability.
|`hf ksx6924 select `|N |`Select application, and leave field up` |`hf ksx6924 select `|N |`Select application, and leave field up`
|`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card` |`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card`
|`hf ksx6924 balance `|N |`Get current purse balance` |`hf ksx6924 balance `|N |`Get current purse balance`
|`hf ksx6924 init `|N |`Perform transaction initialization with Mpda (Money of Purchase Transaction)` |`hf ksx6924 init `|N |`Perform transaction initialization with Mpda`
|`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)` |`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)`
@ -512,6 +512,7 @@ Check column "offline" for their availability.
|`hf mf gen3freeze `|N |`Perma lock UID changes. irreversible` |`hf mf gen3freeze `|N |`Perma lock UID changes. irreversible`
|`hf mf ggetblk `|N |`Read block from card` |`hf mf ggetblk `|N |`Read block from card`
|`hf mf gload `|N |`Load dump to card` |`hf mf gload `|N |`Load dump to card`
|`hf mf gsave `|N |`Save dump from card into file or emulator`
|`hf mf gsetblk `|N |`Write block to card` |`hf mf gsetblk `|N |`Write block to card`
|`hf mf gview `|N |`View card` |`hf mf gview `|N |`View card`
|`hf mf ndefformat `|N |`Format MIFARE Classic Tag as NFC Tag` |`hf mf ndefformat `|N |`Format MIFARE Classic Tag as NFC Tag`
@ -1333,6 +1334,19 @@ Check column "offline" for their availability.
|`nfc barcode help `|Y |`This help` |`nfc barcode help `|Y |`This help`
### piv
{ PIV commands... }
|command |offline |description
|------- |------- |-----------
|`piv help `|Y |`This help`
|`piv select `|N |`Select the PIV applet`
|`piv getdata `|N |`Gets a container on a PIV card`
|`piv scan `|N |`Scan PIV card for known containers`
|`piv list `|Y |`List ISO7816 history`
### reveng ### reveng
{ CRC calculations from RevEng software... } { CRC calculations from RevEng software... }