github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

hf mf gview now support user supplied password

Browse source
This commit is contained in:
iceman1001 2021-12-31 09:24:10 +01:00
commit 9c2b5118df
7 changed files with 36 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

5
armsrc/appmain.c
View file

@ -1574,12 +1574,13 @@ static void PacketReceived(PacketCommandNG *packet) {
MifareGen3Freez(); MifareGen3Freez();
break; break;
} }
case CMD_HF_MIFARE_G3_RDBL: { case CMD_HF_MIFARE_G4_RDBL: {
struct p { struct p {
uint8_t blockno; uint8_t blockno;
uint8_t pwd[4];
} PACKED; } PACKED;
struct p *payload = (struct p *) packet->data.asBytes; struct p *payload = (struct p *) packet->data.asBytes;
MifareG3ReadBlk(payload->blockno); MifareG4ReadBlk(payload->blockno, payload->pwd);
break; break;
} }
case CMD_HF_MIFARE_PERSONALIZE_UID: { case CMD_HF_MIFARE_PERSONALIZE_UID: {

7
armsrc/mifarecmd.c
View file

@ -2594,7 +2594,7 @@ OUT:
BigBuf_free(); BigBuf_free();
} }
void MifareG3ReadBlk(uint8_t blockno) { void MifareG4ReadBlk(uint8_t blockno, uint8_t *pwd) {
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace(); clear_trace();
set_tracing(true); set_tracing(true);
@ -2613,6 +2613,9 @@ void MifareG3ReadBlk(uint8_t blockno) {
iso14a_set_timeout(13560000 / 1000 / (8 * 16) * 1000); // 2 seconds timeout iso14a_set_timeout(13560000 / 1000 / (8 * 16) * 1000); // 2 seconds timeout
uint8_t cmd[] = { 0xCF, 0x00, 0x00, 0x00, 0x00, 0xCE, blockno, 0x00, 0x00}; uint8_t cmd[] = { 0xCF, 0x00, 0x00, 0x00, 0x00, 0xCE, blockno, 0x00, 0x00};
memcpy(cmd + 1, pwd, 4);
AddCrc14A(cmd, sizeof(cmd) - 2); AddCrc14A(cmd, sizeof(cmd) - 2);
ReaderTransmit(cmd, sizeof(cmd), NULL); ReaderTransmit(cmd, sizeof(cmd), NULL);
@ -2624,7 +2627,7 @@ void MifareG3ReadBlk(uint8_t blockno) {
LED_B_OFF(); LED_B_OFF();
OUT: OUT:
reply_ng(CMD_HF_MIFARE_G3_RDBL, retval, buf, 18); reply_ng(CMD_HF_MIFARE_G4_RDBL, retval, buf, 18);
// turns off // turns off
OnSuccessMagic(); OnSuccessMagic();
BigBuf_free(); BigBuf_free();

4
armsrc/mifarecmd.h
View file

@ -49,8 +49,8 @@ void MifareGen3UID(uint8_t uidlen, uint8_t *uid); // Gen 3 magic card set UID wi
void MifareGen3Blk(uint8_t block_len, uint8_t *block); // Gen 3 magic card overwrite manufacturer block void MifareGen3Blk(uint8_t block_len, uint8_t *block); // Gen 3 magic card overwrite manufacturer block
void MifareGen3Freez(void); // Gen 3 magic card lock further UID changes void MifareGen3Freez(void); // Gen 3 magic card lock further UID changes
// MFC GEN3 GTU // MFC GEN4 GTU
void MifareG3ReadBlk(uint8_t blockno); void MifareG4ReadBlk(uint8_t blockno, uint8_t *pwd);
void MifareSetMod(uint8_t *datain); void MifareSetMod(uint8_t *datain);
void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint64_t key); void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint64_t key);

20
client/src/cmdhfmf.c
View file

@ -6133,7 +6133,7 @@ static int CmdHF14AMfView(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int CmdHF14AGen3View(const char *Cmd) { static int CmdHF14AGen4View(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "hf mf gview", CLIParserInit(&ctx, "hf mf gview",
@ -6147,6 +6147,7 @@ static int CmdHF14AGen3View(const char *Cmd) {
arg_lit0(NULL, "1k", "MIFARE Classic 1k / S50 (def)"), arg_lit0(NULL, "1k", "MIFARE Classic 1k / S50 (def)"),
arg_lit0(NULL, "2k", "MIFARE Classic/Plus 2k"), arg_lit0(NULL, "2k", "MIFARE Classic/Plus 2k"),
arg_lit0(NULL, "4k", "MIFARE Classic 4k / S70"), arg_lit0(NULL, "4k", "MIFARE Classic 4k / S70"),
arg_strx0("p", "pwd", "<hex>", "password 4bytes"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -6154,9 +6155,18 @@ static int CmdHF14AGen3View(const char *Cmd) {
bool m1 = arg_get_lit(ctx, 2); bool m1 = arg_get_lit(ctx, 2);
bool m2 = arg_get_lit(ctx, 3); bool m2 = arg_get_lit(ctx, 3);
bool m4 = arg_get_lit(ctx, 4); bool m4 = arg_get_lit(ctx, 4);
int pwd_len = 0;
uint8_t pwd[4] = {0};
CLIGetHexWithReturn(ctx, 5, pwd, &pwd_len);
CLIParserFree(ctx); CLIParserFree(ctx);
// validations // validations
if (pwd_len != 4 && pwd_len != 0) {
PrintAndLogEx(FAILED, "Must specify 4 bytes, got " _YELLOW_("%u"), pwd_len);
return PM3_EINVARG;
}
if ((m0 + m1 + m2 + m4) > 1) { if ((m0 + m1 + m2 + m4) > 1) {
PrintAndLogEx(WARNING, "Only specify one MIFARE Type"); PrintAndLogEx(WARNING, "Only specify one MIFARE Type");
return PM3_EINVARG; return PM3_EINVARG;
@ -6183,7 +6193,7 @@ static int CmdHF14AGen3View(const char *Cmd) {
PrintAndLogEx(WARNING, "Please specify a MIFARE Type"); PrintAndLogEx(WARNING, "Please specify a MIFARE Type");
return PM3_EINVARG; return PM3_EINVARG;
} }
PrintAndLogEx(SUCCESS, "View magic gen3 GTU MIFARE Classic " _GREEN_("%s"), s); PrintAndLogEx(SUCCESS, "View magic gen4 GTU MIFARE Classic " _GREEN_("%s"), s);
PrintAndLogEx(INFO, "." NOLF); PrintAndLogEx(INFO, "." NOLF);
// Select card to get UID/UIDLEN information // Select card to get UID/UIDLEN information
@ -6221,7 +6231,7 @@ static int CmdHF14AGen3View(const char *Cmd) {
for (uint16_t i = 0; i < block_cnt; i++) { for (uint16_t i = 0; i < block_cnt; i++) {
if (mfG3GetBlock(i, dump + (i * MFBLOCK_SIZE)) != PM3_SUCCESS) { if (mfG4GetBlock(pwd, i, dump + (i * MFBLOCK_SIZE)) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "Can't get magic card block: %u", i); PrintAndLogEx(WARNING, "Can't get magic card block: %u", i);
PrintAndLogEx(HINT, "Verify your card size, and try again or try another tag position"); PrintAndLogEx(HINT, "Verify your card size, and try again or try another tag position");
free(dump); free(dump);
@ -6290,8 +6300,8 @@ static command_t CommandTable[] = {
{"gen3uid", CmdHf14AGen3UID, IfPm3Iso14443a, "Set UID without changing manufacturer block"}, {"gen3uid", CmdHf14AGen3UID, IfPm3Iso14443a, "Set UID without changing manufacturer block"},
{"gen3blk", CmdHf14AGen3Block, IfPm3Iso14443a, "Overwrite manufacturer block"}, {"gen3blk", CmdHf14AGen3Block, IfPm3Iso14443a, "Overwrite manufacturer block"},
{"gen3freeze", CmdHf14AGen3Freeze, IfPm3Iso14443a, "Perma lock UID changes. irreversible"}, {"gen3freeze", CmdHf14AGen3Freeze, IfPm3Iso14443a, "Perma lock UID changes. irreversible"},
{"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("magic gen3 GTU") " -----------------------"}, {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("magic gen4 GTU") " -----------------------"},
{"gview", CmdHF14AGen3View, IfPm3Iso14443a, "View card"}, {"gview", CmdHF14AGen4View, IfPm3Iso14443a, "View card"},
// {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("i") " -----------------------"}, // {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("i") " -----------------------"},
// {"ice", CmdHF14AMfice, IfPm3Iso14443a, "collect MIFARE Classic nonces to file"}, // {"ice", CmdHF14AMfice, IfPm3Iso14443a, "collect MIFARE Classic nonces to file"},
{NULL, NULL, NULL, NULL} {NULL, NULL, NULL, NULL}

11
client/src/mifare/mifarehost.c
View file

@ -1069,18 +1069,21 @@ int mfGen3Freeze(void) {
} }
} }
int mfG3GetBlock(uint8_t blockno, uint8_t *data) { int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data) {
struct p { struct p {
uint8_t blockno; uint8_t blockno;
uint8_t pwd[4];
} PACKED payload; } PACKED payload;
payload.blockno = blockno; payload.blockno = blockno;
memcpy(payload.pwd, pwd, sizeof(payload.pwd));
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_MIFARE_G3_RDBL, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_HF_MIFARE_G4_RDBL, (uint8_t *)&payload, sizeof(payload));
PacketResponseNG resp; PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_HF_MIFARE_G3_RDBL, &resp, 1500)) { if (WaitForResponseTimeout(CMD_HF_MIFARE_G4_RDBL, &resp, 1500)) {
if (resp.status != PM3_SUCCESS) if (resp.status != PM3_SUCCESS) {
return PM3_EUNDEF; return PM3_EUNDEF;
}
memcpy(data, resp.data.asBytes, 16); memcpy(data, resp.data.asBytes, 16);
} else { } else {
PrintAndLogEx(WARNING, "command execute timeout"); PrintAndLogEx(WARNING, "command execute timeout");

2
client/src/mifare/mifarehost.h
View file

@ -85,7 +85,7 @@ int mfGen3UID(uint8_t *uid, uint8_t uidlen, uint8_t *oldUid);
int mfGen3Block(uint8_t *block, int blockLen, uint8_t *newBlock); int mfGen3Block(uint8_t *block, int blockLen, uint8_t *newBlock);
int mfGen3Freeze(void); int mfGen3Freeze(void);
int mfG3GetBlock(uint8_t blockno, uint8_t *data); int mfG4GetBlock(uint8_t *pwd, uint8_t blockno, uint8_t *data);
int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len); int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);

4
include/pm3_cmd.h
View file

@ -746,8 +746,8 @@ typedef struct {
#define CMD_HF_MIFARE_GEN3BLK 0x0851 #define CMD_HF_MIFARE_GEN3BLK 0x0851
#define CMD_HF_MIFARE_GEN3FREEZ 0x0852 #define CMD_HF_MIFARE_GEN3FREEZ 0x0852
// Gen 3 GTU magic cards // Gen 4 GTU magic cards
#define CMD_HF_MIFARE_G3_RDBL 0x0860 #define CMD_HF_MIFARE_G4_RDBL 0x0860
#define CMD_UNKNOWN 0xFFFF #define CMD_UNKNOWN 0xFFFF