From 9ea6665a244b7ec5e2ab2ad2a110d20dc0ca48fe Mon Sep 17 00:00:00 2001 From: cyberpunk-re Date: Mon, 7 Dec 2020 12:55:11 +0000 Subject: [PATCH] Fix issue #844 --- CHANGELOG.md | 4 +- client/luascripts/hf_mf_unbrick_baduid.lua | 125 +++++++++++++++++++++ client/src/cmdlft55xx.c | 5 +- 3 files changed, 131 insertions(+), 3 deletions(-) create mode 100644 client/luascripts/hf_mf_unbrick_baduid.lua diff --git a/CHANGELOG.md b/CHANGELOG.md index de0373163..39c602ad9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,9 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] - - Fix `hf 15 sim` - Added basic response to GET_SYSTEM_INFO and READBLOCK requests in order to fix iso15693 tag sim + - Fix issue #844 - `lf t55xx config` => recompute block0 (@cyberpunk-re) + - Add script hf_mf_unbrick_baduid.lua to revive mifare cards with bad BCC (@cyberpunk-re) + - Fix `hf 15 sim` - Added basic response to GET_SYSTEM_INFO and READBLOCK requests in order to fix iso15693 tag sim (@cyberpunk-re) - Added `mf mfu sim t 7 n ` - MFU emulation now supports automatic exit after blocks read. (@cyberpunk-re) - Added T55xx Guide to assist in learning how to use the T55xx chip (@mwalker33) - Fix 'hf iclass wrbl' - dealing with tags in unsecured vs secured pagemode now is correct (@iceman1001) diff --git a/client/luascripts/hf_mf_unbrick_baduid.lua b/client/luascripts/hf_mf_unbrick_baduid.lua new file mode 100644 index 000000000..b96b8828e --- /dev/null +++ b/client/luascripts/hf_mf_unbrick_baduid.lua @@ -0,0 +1,125 @@ +local getopt = require('getopt') +local ansicolors = require('ansicolors') + +copyright = '' +author = 'cyberpunk-re' +version = 'v1.0.0' +desc = [[ +This script brings back to life a mifare UID modifiable card which has bad data written to block 0 or block 1, typically having a bad BCC (Block Check Character). It should workd on Mifare classic 1k/4k and Mifare Ultralight UID Modifiable and Direct write tags. +]] +example = [[ + -- target a Ultralight based card + 1. script run hf_mf_unbrick_baduid -u + +]] +usage = [[ +script run hf_mf_unbrick_baduid [-h] [-u] +]] +arguments = [[ + -h this help + -u unbrick UID Modifiable/Direct Write Ultralight tag with 7 bytes UID. +]] + +-- Helper functions borrowed from Iceman script hf_mf_magicrevive.lua + +--- +-- A debug printout-function +local function dbg(args) + if not DEBUG then return end + if type(args) == 'table' then + local i = 1 + while result[i] do + dbg(result[i]) + i = i+1 + end + else + print('###', args) + end +end +--- +-- This is only meant to be used when errors occur +local function oops(err) + print('ERROR:', err) + core.clearCommandBuffer() + return nil, err +end +--- +-- Usage help +local function help() + print(copyright) + print(author) + print(version) + print(desc) + print(ansicolors.cyan..'Usage'..ansicolors.reset) + print(usage) + print(ansicolors.cyan..'Arguments'..ansicolors.reset) + print(arguments) + print(ansicolors.cyan..'Example usage'..ansicolors.reset) + print(example) +end + +local function cmdUltralight() + return { + [0] = 'hf 14a config b 2', + [1] = 'hf 14a raw -k -a 43', + [2] = 'hf 14a raw -c -a A2005380712A', + [3] = 'hf 14a raw -k -a -b 7 40', + [4] = 'hf 14a raw -k -a 43', + [5] = 'hf 14a raw -c -a A2010200D980', + [6] = 'hf 14a raw -k -a -b 7 40', + [7] = 'hf 14a raw -k -a 43', + [8] = 'hf 14a raw -c -a A2025B480000', + [9] = 'hf 14a config b 0', + } +end +local function cmdClassic() + return { + [0] = 'hf 14a raw -k -a -b 7 40', + [1] = 'hf 14a raw -k -a 43', + [2] = 'hf 14a raw -c -k -a A000', + [3] = 'hf 14a raw -c -k -a 01020304049802000000000000001001', + [4] = 'hf 14a raw -c -a 5000', + } +end +local function cmdRestoreST() + local arr = {} + for i = 0, 15 do + local blk = 3 + (4*i) + arr[i] = 'hf mf csetbl '..blk..' FFFFFFFFFFFFFF078000FFFFFFFFFFFF' + end + return arr +end +local function sendCmds( cmds ) + for i = 0, #cmds do + if cmds[i] then + print ( cmds[i] ) + core.console( cmds[i] ) + core.clearCommandBuffer() + end + end +end +--- +-- The main entry point +function main(args) + + local i + local cmds = {} + local isUltralight = false + + -- Read the parameters + for o, a in getopt.getopt(args, 'hu') do + if o == 'h' then return help() end + if o == 'u' then isUltralight = true end + end + + core.clearCommandBuffer() + + if isUltralight then + sendCmds ( cmdUltralight() ) + else + sendCmds( cmdClassic() ) + sendCmds( cmdRestoreST() ) + end +end + +main(args) diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 80c8eda4f..df00da6b1 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -739,6 +739,7 @@ static int CmdT55xxSetConfig(const char *Cmd) { for (; i < 9; i++) { if (rates[i] == bitRate) { config.bitrate = i; + config.block0 = ((config.block0 & ~(0x1c0000)) | (i << 18)); break; } } @@ -789,6 +790,7 @@ static int CmdT55xxSetConfig(const char *Cmd) { PrintAndLogEx(WARNING, "Unknown modulation '%s'", modulation); errors = true; } + config.block0 = ((config.block0 & ~(0x1f0000)) | (config.modulation << 12)); break; case 'i': if ((param_getchar(Cmd, cmdp + 1) == '0') || (param_getchar(Cmd, cmdp + 1) == '1')) { @@ -822,6 +824,7 @@ static int CmdT55xxSetConfig(const char *Cmd) { config.ST = true; cmdp += 1; } + config.block0 = ((config.block0 & ~(0x8)) | (config.ST << 3)); break; case 'r': errors = param_getdec(Cmd, cmdp + 1, &downlink_mode); @@ -843,8 +846,6 @@ static int CmdT55xxSetConfig(const char *Cmd) { if (gotconf) { SetConfigWithBlock0Ex(block0, config.offset, config.Q5); - } else { - config.block0 = 0; } return printConfiguration(config);