From af9338311521c1fac596aca2e4194872b4765053 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 19 Mar 2025 08:56:00 +0100 Subject: [PATCH] fix #2790 - MFU OTP writes shouldnt allow for zeroing. Bad sanity check implemented, it should check that every bit doesnt try to zero out. Will do for now --- CHANGELOG.md | 1 + armsrc/iso14443a.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 995cfae39..76099dcf5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Change `hf mfu sim` deny OTP changes with all zeros (@iceman1001) - Added missing file in CMakeLists.txt (@iceman1001) - Major update to `lf em 4x70` internals on ARM side; Enabling improved debugging and reliability (@henrygab) - Improved `pcf7931` generic readability of the code. Unified datatypes and added documentation/explainations (@tinooo) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 9d282eee6..d8de3e553 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1730,6 +1730,18 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uin if (CheckCrc14A(receivedCmd, len)) { uint8_t block = receivedCmd[1]; + + // OTP sanity check + // Quite a bad one, one should look at all individual bits and see if anyone tries be set as zero + // we cheat and do fat 00000000 check instead + if (block == 0x03) { + if (memcmp(receivedCmd + 2, "\x00\x00\x00\x00", 4) == 0) { + // OTP can't be set back to zero + // send NACK 0x0 == invalid argument, + EmSend4bit(CARD_NACK_IV); + } + } + if (block > pages) { // send NACK 0x0 == invalid argument EmSend4bit(CARD_NACK_IV);