github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

make miscchecks

Browse source
This commit is contained in:
Philippe Teuwen 2023-01-14 22:23:40 +01:00
commit c9984985fd
11 changed files with 347 additions and 347 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Standalone/lf_em4100rsww.c
View file

@ -11,7 +11,7 @@
// then from shell: // then from shell:
// hexdump lf.bin -e '5/1 "%02X" /0 "\n"' // hexdump lf.bin -e '5/1 "%02X" /0 "\n"'
// //
// To recall only LAST stored ID from flash use lf-last instead of lf file. // To recall only LAST stored ID from flash use lf-last instead of lf file.
// //
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Modes of operation: // Modes of operation:

2
armsrc/Standalone/lf_nedap_sim.c
View file

@ -27,7 +27,7 @@
#include "BigBuf.h" #include "BigBuf.h"
#include "crc16.h" #include "crc16.h"
#define MODULE_LONG_NAME "LF Nedap simple simulator" #define MODULE_LONG_NAME "LF Nedap simple simulator"
typedef struct _NEDAP_TAG { typedef struct _NEDAP_TAG {
uint8_t subType; uint8_t subType;

18
armsrc/iso14443b.c
View file

@ -1814,17 +1814,17 @@ int iso14443b_select_xrx_card(iso14b_card_select_t *card) {
static const uint8_t x_wup2[] = { 0x5D, 0x37, 0x21, 0x71, 0x71 }; static const uint8_t x_wup2[] = { 0x5D, 0x37, 0x21, 0x71, 0x71 };
uint8_t slot_mark[1]; uint8_t slot_mark[1];
uint8_t x_atqb[24] = {0x0}; // ATQB len = 18 uint8_t x_atqb[24] = {0x0}; // ATQB len = 18
uint32_t start_time = 0; uint32_t start_time = 0;
uint32_t eof_time = 0; uint32_t eof_time = 0;
iso14b_set_timeout(24); // wait for carrier iso14b_set_timeout(24); // wait for carrier
// wup1 // wup1
CodeAndTransmit14443bAsReader(x_wup1, sizeof(x_wup1), &start_time, &eof_time, true); CodeAndTransmit14443bAsReader(x_wup1, sizeof(x_wup1), &start_time, &eof_time, true);
start_time = eof_time + US_TO_SSP(9000); // 9ms before next cmd start_time = eof_time + US_TO_SSP(9000); // 9ms before next cmd
// wup2 // wup2
CodeAndTransmit14443bAsReader(x_wup2, sizeof(x_wup2), &start_time, &eof_time, true); CodeAndTransmit14443bAsReader(x_wup2, sizeof(x_wup2), &start_time, &eof_time, true);
@ -1836,7 +1836,7 @@ int iso14443b_select_xrx_card(iso14b_card_select_t *card) {
int slot; int slot;
for (slot = 0; slot < 4; slot++) { for (slot = 0; slot < 4; slot++) {
start_time = eof_time + ETU_TO_SSP(30); //(24); // next slot after 24 ETU start_time = eof_time + ETU_TO_SSP(30); //(24); // next slot after 24 ETU
retlen = Get14443bAnswerFromTag(x_atqb, sizeof(x_atqb), iso14b_timeout, &eof_time); retlen = Get14443bAnswerFromTag(x_atqb, sizeof(x_atqb), iso14b_timeout, &eof_time);
@ -1850,14 +1850,14 @@ int iso14443b_select_xrx_card(iso14b_card_select_t *card) {
// tx unframed slot-marker // tx unframed slot-marker
if (Demod.posCount) { // no rx, but subcarrier burst detected if (Demod.posCount) { // no rx, but subcarrier burst detected
uid |= (uint64_t)slot << uid_pos; uid |= (uint64_t)slot << uid_pos;
slot_mark[0] = 0xB1 + (slot << 1); // ack slot slot_mark[0] = 0xB1 + (slot << 1); // ack slot
CodeAndTransmit14443bAsReader(slot_mark, sizeof(slot_mark), &start_time, &eof_time, false); CodeAndTransmit14443bAsReader(slot_mark, sizeof(slot_mark), &start_time, &eof_time, false);
break; break;
} else { // no subcarrier burst } else { // no subcarrier burst
slot_mark[0] = 0xA1 + (slot << 1); // nak slot slot_mark[0] = 0xA1 + (slot << 1); // nak slot
CodeAndTransmit14443bAsReader(slot_mark, sizeof(slot_mark), &start_time, &eof_time, false); CodeAndTransmit14443bAsReader(slot_mark, sizeof(slot_mark), &start_time, &eof_time, false);
} }
} }
@ -1884,7 +1884,7 @@ int iso14443b_select_xrx_card(iso14b_card_select_t *card) {
} }
// VALIDATE CRC // VALIDATE CRC
if (check_crc(CRC_14443_B, x_atqb, 18) == false) { // use fixed len because unstable EOF catch if (check_crc(CRC_14443_B, x_atqb, 18) == false) { // use fixed len because unstable EOF catch
return 3; return 3;
} }

2
client/luascripts/hf_14a_i2crevive.lua
View file

@ -62,7 +62,7 @@ function main(args)
local i local i
local cmds = {} local cmds = {}
--check for params --check for params
for o, a in getopt.getopt(args, 'h') do for o, a in getopt.getopt(args, 'h') do
if o == 'h' then return help() end if o == 'h' then return help() end
end end

4
client/luascripts/hf_mf_em_util.lua
View file

@ -63,8 +63,8 @@ local function card_format(key_a,key_b,ab,user,s70)
core.console(cmd) core.console(cmd)
print(cmd) print(cmd)
core.clearCommandBuffer() core.clearCommandBuffer()
if s70 == false and k > 15 then if s70 == false and k > 15 then
return return
end end
end end
end end

4
client/luascripts/hf_mf_uidbruteforce.lua
View file

@ -109,8 +109,8 @@ local function main(args)
command = 'hf 14a sim -t 1 -u ' .. uid_format command = 'hf 14a sim -t 1 -u ' .. uid_format
msg('Bruteforcing Mifare Classic card numbers') msg('Bruteforcing Mifare Classic card numbers')
elseif mftype == 'mfc4' then elseif mftype == 'mfc4' then
command = 'hf 14a sim -t 8 -u ' .. uid_format command = 'hf 14a sim -t 8 -u ' .. uid_format
msg('Bruteforcing Mifare Classic 4K card numbers') msg('Bruteforcing Mifare Classic 4K card numbers')
elseif mftype == 'mfu' then elseif mftype == 'mfu' then
command = 'hf 14a sim -t 2 -u ' .. uid_format command = 'hf 14a sim -t 2 -u ' .. uid_format
msg('Bruteforcing Mifare Ultralight card numbers') msg('Bruteforcing Mifare Ultralight card numbers')

488
client/luascripts/hf_mf_ultimatecard.lua
View file

@ -50,17 +50,17 @@ arguments = [[
-c read magic configuration -c read magic configuration
-u UID (8-14 hexsymbols), set UID on tag -u UID (8-14 hexsymbols), set UID on tag
-t tag type to impersonate -t tag type to impersonate
1 = Mifare Mini S20 4-byte 12 = NTAG 210 1 = Mifare Mini S20 4-byte 12 = NTAG 210
2 = Mifare Mini S20 7-byte 13 = NTAG 212 2 = Mifare Mini S20 7-byte 13 = NTAG 212
3 = Mifare 1k S50 4-byte 14 = NTAG 213 3 = Mifare 1k S50 4-byte 14 = NTAG 213
4 = Mifare 1k S50 7-byte 15 = NTAG 215 4 = Mifare 1k S50 7-byte 15 = NTAG 215
5 = Mifare 4k S70 4-byte 16 = NTAG 216 5 = Mifare 4k S70 4-byte 16 = NTAG 216
6 = Mifare 4k S70 7-byte 17 = NTAG I2C 1K 6 = Mifare 4k S70 7-byte 17 = NTAG I2C 1K
*** 7 = UL - NOT WORKING FULLY 18 = NTAG I2C 2K *** 7 = UL - NOT WORKING FULLY 18 = NTAG I2C 2K
*** 8 = UL-C - NOT WORKING FULLY 19 = NTAG I2C 1K PLUS *** 8 = UL-C - NOT WORKING FULLY 19 = NTAG I2C 1K PLUS
9 = UL EV1 48b 20 = NTAG I2C 2K PLUS 9 = UL EV1 48b 20 = NTAG I2C 2K PLUS
10 = UL EV1 128b 21 = NTAG 213F 10 = UL EV1 128b 21 = NTAG 213F
*** 11 = UL Plus - NOT WORKING YET 22 = NTAG 216F *** 11 = UL Plus - NOT WORKING YET 22 = NTAG 216F
-p NTAG password (8 hexsymbols), set NTAG password on tag. -p NTAG password (8 hexsymbols), set NTAG password on tag.
-a NTAG pack ( 4 hexsymbols), set NTAG pack on tag. -a NTAG pack ( 4 hexsymbols), set NTAG pack on tag.
@ -178,7 +178,7 @@ local function read_config()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
-- read Ultimate Magic Card CONFIG -- read Ultimate Magic Card CONFIG
if magicconfig == nil then if magicconfig == nil then
magicconfig = send("CF".._key.."C6") magicconfig = send("CF".._key.."C6")
else print('No Config') else print('No Config')
end end
-- extract data from CONFIG - based on CONFIG in https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#gen-4-gtu -- extract data from CONFIG - based on CONFIG in https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#gen-4-gtu
@ -196,92 +196,92 @@ local function read_config()
else atsstr = (string.sub(ats, 3)) else atsstr = (string.sub(ats, 3))
end end
if ulprotocol == '00' then if ulprotocol == '00' then
cardprotocol = 'MIFARE Classic Protocol' cardprotocol = 'MIFARE Classic Protocol'
ultype = 'Disabled' ultype = 'Disabled'
if uidlength == '00' then if uidlength == '00' then
uid = send("CF".._key.."CE00"):sub(1,8) uid = send("CF".._key.."CE00"):sub(1,8)
if atqaf == '00 04' and sak == '09' then cardtype = 'MIFARE Mini S20 4-byte UID' if atqaf == '00 04' and sak == '09' then cardtype = 'MIFARE Mini S20 4-byte UID'
elseif atqaf == '00 04' and sak == '08' then cardtype = 'MIFARE 1k S50 4-byte UID' elseif atqaf == '00 04' and sak == '08' then cardtype = 'MIFARE 1k S50 4-byte UID'
elseif atqaf == '00 02' and sak == '18' then cardtype = 'MIFARE 4k S70 4-byte UID' elseif atqaf == '00 02' and sak == '18' then cardtype = 'MIFARE 4k S70 4-byte UID'
end end
elseif uidlength == '01' then elseif uidlength == '01' then
uid = send("CF".._key.."CE00"):sub(1,14) uid = send("CF".._key.."CE00"):sub(1,14)
if atqaf == '00 44' and sak == '09' then cardtype = 'MIFARE Mini S20 7-byte UID' if atqaf == '00 44' and sak == '09' then cardtype = 'MIFARE Mini S20 7-byte UID'
elseif atqaf == '00 44' and sak == '08' then cardtype = 'MIFARE 1k S50 7-byte UID' elseif atqaf == '00 44' and sak == '08' then cardtype = 'MIFARE 1k S50 7-byte UID'
elseif atqaf == '00 42' and sak == '18' then cardtype = 'MIFARE 4k S70 7-byte UID' elseif atqaf == '00 42' and sak == '18' then cardtype = 'MIFARE 4k S70 7-byte UID'
end end
end end
elseif ulprotocol == '01' then elseif ulprotocol == '01' then
-- Read Ultralight config only if UL protocol is enabled -- Read Ultralight config only if UL protocol is enabled
cardprotocol = 'MIFARE Ultralight/NTAG' cardprotocol = 'MIFARE Ultralight/NTAG'
block0 = send("3000") block0 = send("3000")
uid0 = block0:sub(1,6) uid0 = block0:sub(1,6)
uid = uid0..block0:sub(9,16) uid = uid0..block0:sub(9,16)
if ulmode == '00' then ultype = 'Ultralight EV1' if ulmode == '00' then ultype = 'Ultralight EV1'
elseif ulmode == '01' then ultype = 'NTAG21x' elseif ulmode == '01' then ultype = 'NTAG21x'
elseif ulmode == '02' then ultype = 'Ultralight-C' elseif ulmode == '02' then ultype = 'Ultralight-C'
elseif ulmode == '03' then ultype = 'Ultralight' elseif ulmode == '03' then ultype = 'Ultralight'
end end
-- read VERSION -- read VERSION
cversion = send('30FA'):sub(1,16) cversion = send('30FA'):sub(1,16)
-- pwdblock must be set since the 30F1 and 30F2 special commands don't work on the ntag21x part of the UMC -- pwdblock must be set since the 30F1 and 30F2 special commands don't work on the ntag21x part of the UMC
if ulmode == '03' then versionstr = 'Ultralight' if ulmode == '03' then versionstr = 'Ultralight'
elseif ulmode == '02' then versionstr = 'Ultralight-C' elseif ulmode == '02' then versionstr = 'Ultralight-C'
elseif cversion == '0004030101000B03' then versionstr = 'UL EV1 48b' elseif cversion == '0004030101000B03' then versionstr = 'UL EV1 48b'
elseif cversion == '0004030101000E03' then versionstr = 'UL EV1 128b' elseif cversion == '0004030101000E03' then versionstr = 'UL EV1 128b'
elseif cversion == '0004040101000B03' then versionstr = 'NTAG 210' elseif cversion == '0004040101000B03' then versionstr = 'NTAG 210'
elseif cversion == '0004040101000E03' then versionstr = 'NTAG 212' elseif cversion == '0004040101000E03' then versionstr = 'NTAG 212'
elseif cversion == '0004040201000F03' then versionstr = 'NTAG 213' elseif cversion == '0004040201000F03' then versionstr = 'NTAG 213'
elseif cversion == '0004040201001103' then versionstr = 'NTAG 215' elseif cversion == '0004040201001103' then versionstr = 'NTAG 215'
elseif cversion == '0004040201001303' then versionstr = 'NTAG 216' elseif cversion == '0004040201001303' then versionstr = 'NTAG 216'
elseif cversion == '0004040502011303' then versionstr = 'NTAG I2C 1K' elseif cversion == '0004040502011303' then versionstr = 'NTAG I2C 1K'
elseif cversion == '0004040502011503' then versionstr = 'NTAG I2C 2K' elseif cversion == '0004040502011503' then versionstr = 'NTAG I2C 2K'
elseif cversion == '0004040502021303' then versionstr = 'NTAG I2C 1K PLUS' elseif cversion == '0004040502021303' then versionstr = 'NTAG I2C 1K PLUS'
elseif cversion == '0004040502021503' then versionstr = 'NTAG I2C 2K PLUS' elseif cversion == '0004040502021503' then versionstr = 'NTAG I2C 2K PLUS'
elseif cversion == '0004040401000F03' then versionstr = 'NTAG 213F' elseif cversion == '0004040401000F03' then versionstr = 'NTAG 213F'
elseif cversion == '0004040401001303' then versionstr = 'NTAG 216F' elseif cversion == '0004040401001303' then versionstr = 'NTAG 216F'
end end
-- read PWD -- read PWD
cpwd = send("30F0"):sub(1,8) cpwd = send("30F0"):sub(1,8)
pwd = send("30E5"):sub(1,8) pwd = send("30E5"):sub(1,8)
-- 04 response indicates that blocks has been locked down. -- 04 response indicates that blocks has been locked down.
if pwd == '04' then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end if pwd == '04' then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end
-- read PACK -- read PACK
cpack = send("30F1"):sub(1,4) cpack = send("30F1"):sub(1,4)
pack = send("30E6"):sub(1,4) pack = send("30E6"):sub(1,4)
-- read SIGNATURE -- read SIGNATURE
signature1 = send('30F2'):sub(1,32) signature1 = send('30F2'):sub(1,32)
signature2 = send('30F6'):sub(1,32) signature2 = send('30F6'):sub(1,32)
lib14a.disconnect() lib14a.disconnect()
end end
if _print < 1 then if _print < 1 then
print(string.rep('=', 88)) print(string.rep('=', 88))
print('\t\t\tUltimate Magic Card Configuration') print('\t\t\tUltimate Magic Card Configuration')
print(string.rep('=', 88)) print(string.rep('=', 88))
print(' - Raw Config ', string.sub(magicconfig, 1, -9)) print(' - Raw Config ', string.sub(magicconfig, 1, -9))
print(' - Card Protocol ', cardprotocol) print(' - Card Protocol ', cardprotocol)
print(' - Ultralight Mode ', ultype) print(' - Ultralight Mode ', ultype)
print(' - ULM Backdoor Key ', readpass) print(' - ULM Backdoor Key ', readpass)
print(' - GTU Mode ', gtustr) print(' - GTU Mode ', gtustr)
if ulprotocol == '01' then if ulprotocol == '01' then
print(' - Card Type ', versionstr) print(' - Card Type ', versionstr)
else else
print(' - Card Type ', cardtype) print(' - Card Type ', cardtype)
end end
print(' - UID ', uid) print(' - UID ', uid)
print(' - ATQA ', atqaf) print(' - ATQA ', atqaf)
print(' - SAK ', sak) print(' - SAK ', sak)
if ulprotocol == '01' then if ulprotocol == '01' then
print('') print('')
print(string.rep('=', 88)) print(string.rep('=', 88))
print('\t\t\tMagic UL/NTAG 21* Configuration') print('\t\t\tMagic UL/NTAG 21* Configuration')
print(string.rep('=', 88)) print(string.rep('=', 88))
print(' - ATS ', atsstr) print(' - ATS ', atsstr)
print(' - Password ', '[0xE5] '..pwd, '[0xF0] '..cpwd) print(' - Password ', '[0xE5] '..pwd, '[0xF0] '..cpwd)
print(' - Pack ', '[0xE6] '..pack, '[0xF1] '..cpack) print(' - Pack ', '[0xE6] '..pack, '[0xF1] '..cpack)
print(' - Version ', cversion) print(' - Version ', cversion)
print(' - Signature ', signature1..signature2) print(' - Signature ', signature1..signature2)
end end
end end
lib14a.disconnect() lib14a.disconnect()
return true, 'Ok' return true, 'Ok'
@ -291,41 +291,41 @@ end
local function write_uid(useruid) local function write_uid(useruid)
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
-- Writes a MFC UID with GEN4 magic commands. -- Writes a MFC UID with GEN4 magic commands.
if ulprotocol == '00' then if ulprotocol == '00' then
-- uid string checks -- uid string checks
if useruid == nil then return nil, 'empty uid string' end if useruid == nil then return nil, 'empty uid string' end
if #useruid == 0 then return nil, 'empty uid string' end if #useruid == 0 then return nil, 'empty uid string' end
if (#useruid ~= 8) and (#useruid ~= 14) then return nil, 'UID wrong length. Should be 4 or 7 hex bytes' end if (#useruid ~= 8) and (#useruid ~= 14) then return nil, 'UID wrong length. Should be 4 or 7 hex bytes' end
print('Writing new UID ', useruid) print('Writing new UID ', useruid)
local uidbytes = utils.ConvertHexToBytes(useruid) local uidbytes = utils.ConvertHexToBytes(useruid)
local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), uidbytes[4]) local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), uidbytes[4])
local block0 = string.format('%02X%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], uidbytes[4], bcc1) local block0 = string.format('%02X%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], uidbytes[4], bcc1)
local resp = send('CF'.._key..'CD00'..block0) local resp = send('CF'.._key..'CD00'..block0)
-- Writes a MFUL UID with bcc1, bcc2 using NTAG21xx commands. -- Writes a MFUL UID with bcc1, bcc2 using NTAG21xx commands.
elseif ulprotocol == '01' then elseif ulprotocol == '01' then
-- uid string checks -- uid string checks
if useruid == nil then return nil, 'empty uid string' end if useruid == nil then return nil, 'empty uid string' end
if #useruid == 0 then return nil, 'empty uid string' end if #useruid == 0 then return nil, 'empty uid string' end
if #useruid ~= 14 then return nil, 'uid wrong length. Should be 7 hex bytes' end if #useruid ~= 14 then return nil, 'uid wrong length. Should be 7 hex bytes' end
print('Writing new UID ', useruid) print('Writing new UID ', useruid)
local uidbytes = utils.ConvertHexToBytes(useruid) local uidbytes = utils.ConvertHexToBytes(useruid)
local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), 0x88) local bcc1 = bxor(bxor(bxor(uidbytes[1], uidbytes[2]), uidbytes[3]), 0x88)
local bcc2 = bxor(bxor(bxor(uidbytes[4], uidbytes[5]), uidbytes[6]), uidbytes[7]) local bcc2 = bxor(bxor(bxor(uidbytes[4], uidbytes[5]), uidbytes[6]), uidbytes[7])
local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1) local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1)
local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7]) local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7])
local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00) local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00)
local resp local resp
resp = send('A200'..block0) resp = send('A200'..block0)
resp = send('A201'..block1) resp = send('A201'..block1)
resp = send('A202'..block2) resp = send('A202'..block2)
else else
print('Incorrect ul') print('Incorrect ul')
end end
lib14a.disconnect() lib14a.disconnect()
if resp ~= nil then if resp ~= nil then
@ -339,8 +339,8 @@ end
local function write_atqasak(atqasak) local function write_atqasak(atqasak)
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
if atqasak == nil then return nil, 'Empty ATQA/SAK string' end if atqasak == nil then return nil, 'Empty ATQA/SAK string' end
if #atqasak == 0 then return nil, 'Empty ATQA/SAK string' end if #atqasak == 0 then return nil, 'Empty ATQA/SAK string' end
@ -350,25 +350,25 @@ end
local atqauserf = atqauser2..atqauser1 local atqauserf = atqauser2..atqauser1
local sakuser = atqasak:sub(5,6) local sakuser = atqasak:sub(5,6)
if sakuser == '04' then if sakuser == '04' then
print('Never set SAK bit 3 (e.g. SAK=04), it indicates an extra cascade level is required') print('Never set SAK bit 3 (e.g. SAK=04), it indicates an extra cascade level is required')
return nil return nil
elseif (sakuser == '20' or sakuser == '28') and atslen == '00' then elseif (sakuser == '20' or sakuser == '28') and atslen == '00' then
print('When SAK equals 20 or 28, ATS must be turned on') print('When SAK equals 20 or 28, ATS must be turned on')
return nil return nil
elseif atqauser2 == '40' then elseif atqauser2 == '40' then
print('ATQA of [00 40] will cause the card to not answer.') print('ATQA of [00 40] will cause the card to not answer.')
return nil return nil
else else
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
print('New ATQA: '..atqauser1..' '..atqauser2..' New SAK: '..sakuser) print('New ATQA: '..atqauser1..' '..atqauser2..' New SAK: '..sakuser)
local resp = send("CF".._key.."35"..atqauserf..sakuser) local resp = send("CF".._key.."35"..atqauserf..sakuser)
lib14a.disconnect() lib14a.disconnect()
if resp == nil then if resp == nil then
return nil, oops('Failed to write ATQA/SAK') return nil, oops('Failed to write ATQA/SAK')
else else
return true, 'Ok' return true, 'Ok'
end end
end end
end end
--- ---
@ -376,8 +376,8 @@ end
local function write_ntagpwd(ntagpwd) local function write_ntagpwd(ntagpwd)
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end
-- PWD string checks -- PWD string checks
@ -401,8 +401,8 @@ end
local function write_pack(userpack) local function write_pack(userpack)
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
if ulprotocol == 0 then return nil, 'Magic Card is not using the Ultralight Protocol' end if ulprotocol == 0 then return nil, 'Magic Card is not using the Ultralight Protocol' end
-- PACK string checks -- PACK string checks
@ -426,8 +426,8 @@ local function write_otp(block3)
if #block3 ~= 8 then return nil, 'OTP wrong length. Should be 4 hex bytes' end if #block3 ~= 8 then return nil, 'OTP wrong length. Should be 4 hex bytes' end
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end
local info = connect() local info = connect()
@ -450,8 +450,8 @@ local function write_version(data)
if #data ~= 16 then return nil, 'version wrong length. Should be 8 hex bytes' end if #data ~= 16 then return nil, 'version wrong length. Should be 8 hex bytes' end
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end if ulprotocol == '00' then return nil, 'Magic Card is not using the Ultralight Protocol' end
print('Writing new version', data) print('Writing new version', data)
@ -478,8 +478,8 @@ local function write_signature(data)
if #data ~= 64 then return nil, 'data wrong length. Should be 32 hex bytes' end if #data ~= 64 then return nil, 'data wrong length. Should be 32 hex bytes' end
-- read CONFIG -- read CONFIG
if not magicconfig then if not magicconfig then
_print = 1 _print = 1
read_config() read_config()
end end
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
@ -508,19 +508,19 @@ local function write_gtu(gtu)
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
if gtu == '00' then if gtu == '00' then
print('Enabling GTU Pre-Write') print('Enabling GTU Pre-Write')
send('CF'.._key..'32'..gtu) send('CF'.._key..'32'..gtu)
elseif gtu == '01' then elseif gtu == '01' then
print('Enabling GTU Restore Mode') print('Enabling GTU Restore Mode')
send('CF'.._key..'32'..gtu) send('CF'.._key..'32'..gtu)
elseif gtu == '02' then elseif gtu == '02' then
print('Disabled GTU') print('Disabled GTU')
send('CF'.._key..'32'..gtu) send('CF'.._key..'32'..gtu)
elseif gtu == '03' then elseif gtu == '03' then
print('Disabled GTU, high speed R/W mode for Ultralight') print('Disabled GTU, high speed R/W mode for Ultralight')
send('CF'.._key..'32'..gtu) send('CF'.._key..'32'..gtu)
else else
print('Failed to set GTU mode') print('Failed to set GTU mode')
end end
lib14a.disconnect() lib14a.disconnect()
return true, 'Ok' return true, 'Ok'
@ -536,13 +536,13 @@ local function write_ats(atsuser)
local atscardlendecimal = tonumber(atscardlen, 16) local atscardlendecimal = tonumber(atscardlen, 16)
local atsf = string.sub(atsuser, 3) local atsf = string.sub(atsuser, 3)
if (#atsf / 2) ~= atscardlendecimal then if (#atsf / 2) ~= atscardlendecimal then
oops('Given length of ATS ('..atscardlendecimal..') does not match the ATS_length ('..(#atsf / 2)..')') oops('Given length of ATS ('..atscardlendecimal..') does not match the ATS_length ('..(#atsf / 2)..')')
return true, 'Ok' return true, 'Ok'
else else
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
print('Writing '..atscardlendecimal..' ATS bytes of '..atsf) print('Writing '..atscardlendecimal..' ATS bytes of '..atsf)
send("CF".._key.."34"..atsuser) send("CF".._key.."34"..atsuser)
end end
lib14a.disconnect() lib14a.disconnect()
return true, 'Ok' return true, 'Ok'
@ -556,11 +556,11 @@ local function write_ulp(ulp)
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
if ulp == '00' then if ulp == '00' then
print('Changing card to Mifare Classic Protocol') print('Changing card to Mifare Classic Protocol')
send("CF".._key.."69"..ulp) send("CF".._key.."69"..ulp)
elseif ulp == '01' then elseif ulp == '01' then
print('Changing card to Ultralight Protocol') print('Changing card to Ultralight Protocol')
send("CF".._key.."69"..ulp) send("CF".._key.."69"..ulp)
else else
oops('Protocol needs to be either 00 or 01') oops('Protocol needs to be either 00 or 01')
end end
@ -576,17 +576,17 @@ local function write_ulm(ulm)
local info = connect() local info = connect()
if not info then return false, "Can't select card" end if not info then return false, "Can't select card" end
if ulm == '00' then if ulm == '00' then
print('Changing card UL mode to Ultralight EV1') print('Changing card UL mode to Ultralight EV1')
send("CF".._key.."6A"..ulm) send("CF".._key.."6A"..ulm)
elseif ulm == '01' then elseif ulm == '01' then
print('Changing card UL mode to NTAG') print('Changing card UL mode to NTAG')
send("CF".._key.."6A"..ulm) send("CF".._key.."6A"..ulm)
elseif ulm == '02' then elseif ulm == '02' then
print('Changing card UL mode to Ultralight-C') print('Changing card UL mode to Ultralight-C')
send("CF".._key.."6A"..ulm) send("CF".._key.."6A"..ulm)
elseif ulm == '03' then elseif ulm == '03' then
print('Changing card UL mode to Ultralight') print('Changing card UL mode to Ultralight')
send("CF".._key.."6A"..ulm) send("CF".._key.."6A"..ulm)
else else
oops('UL mode needs to be either 00, 01, 02, 03') oops('UL mode needs to be either 00, 01, 02, 03')
end end
@ -603,50 +603,50 @@ local function set_type(tagtype)
if tagtype == 1 then if tagtype == 1 then
print('Setting: Ultimate Magic card to Mifare mini S20 4-byte') print('Setting: Ultimate Magic card to Mifare mini S20 4-byte')
connect() connect()
send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000900") send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000900")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233') write_uid('04112233')
-- Setting Mifare mini S20 7-byte -- Setting Mifare mini S20 7-byte
elseif tagtype == 2 then elseif tagtype == 2 then
print('Setting: Ultimate Magic card to Mifare mini S20 7-byte') print('Setting: Ultimate Magic card to Mifare mini S20 7-byte')
connect() connect()
send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000900") send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000900")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
-- Setting Mifare 1k S50 4--byte -- Setting Mifare 1k S50 4--byte
elseif tagtype == 3 then elseif tagtype == 3 then
print('Setting: Ultimate Magic card to Mifare 1k S50 4-byte') print('Setting: Ultimate Magic card to Mifare 1k S50 4-byte')
connect() connect()
send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800") send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233') write_uid('04112233')
-- Setting Mifare 1k S50 7-byte -- Setting Mifare 1k S50 7-byte
elseif tagtype == 4 then elseif tagtype == 4 then
print('Setting: Ultimate Magic card to Mifare 1k S50 7-byte') print('Setting: Ultimate Magic card to Mifare 1k S50 7-byte')
connect() connect()
send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800") send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
-- Setting Mifare 4k S70 4-byte -- Setting Mifare 4k S70 4-byte
elseif tagtype == 5 then elseif tagtype == 5 then
print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte') print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte')
connect() connect()
send("CF".._key.."F000000000000002000978009102DABC19101011121314151602001800") send("CF".._key.."F000000000000002000978009102DABC19101011121314151602001800")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233') write_uid('04112233')
-- Setting Mifare 4k S70 7-byte -- Setting Mifare 4k S70 7-byte
elseif tagtype == 6 then elseif tagtype == 6 then
print('Setting: Ultimate Magic card to Mifare 4k S70 7-byte') print('Setting: Ultimate Magic card to Mifare 4k S70 7-byte')
connect() connect()
send("CF".._key.."F000010000000002000978009102DABC19101011121314151642001800") send("CF".._key.."F000010000000002000978009102DABC19101011121314151642001800")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
-- Setting UL -- Setting UL
elseif tagtype == 7 then elseif tagtype == 7 then
print('Setting: Ultimate Magic card to UL') print('Setting: Ultimate Magic card to UL')
connect() connect()
send("CF".._key.."F0010100000000030A0A78008102DBA0C119402AB5BA4D321A44000003") send("CF".._key.."F0010100000000030A0A78008102DBA0C119402AB5BA4D321A44000003")
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_otp('00000000') -- Setting OTP to default 00 00 00 00 write_otp('00000000') -- Setting OTP to default 00 00 00 00
write_version('0000000000000000') -- UL-C does not have a version write_version('0000000000000000') -- UL-C does not have a version
@ -654,48 +654,48 @@ local function set_type(tagtype)
elseif tagtype == 8 then elseif tagtype == 8 then
print('Setting: Ultimate Magic card to UL-C') print('Setting: Ultimate Magic card to UL-C')
connect() connect()
send("CF".._key.."F0010100000000030A0A78008102DBA0C119402AB5BA4D321A44000002") send("CF".._key.."F0010100000000030A0A78008102DBA0C119402AB5BA4D321A44000002")
print('Setting default permissions and 3des key') print('Setting default permissions and 3des key')
send('A22A30000000') -- Auth0 page 48/0x30 and above need authentication send('A22A30000000') -- Auth0 page 48/0x30 and above need authentication
send('A22B80000000') -- Auth1 read and write access restricted send('A22B80000000') -- Auth1 read and write access restricted
send('A22C42524541') -- Default 3des key send('A22C42524541') -- Default 3des key
send('A22D4B4D4549') send('A22D4B4D4549')
send('A22E46594F55') send('A22E46594F55')
send('A22F43414E21') send('A22F43414E21')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_otp('00000000') -- Setting OTP to default 00 00 00 00 write_otp('00000000') -- Setting OTP to default 00 00 00 00
write_version('0000000000000000') -- UL-C does not have a version write_version('0000000000000000') -- UL-C does not have a version
elseif tagtype == 9 then elseif tagtype == 9 then
print('Setting: Ultimate Magic card to UL-EV1 48') print('Setting: Ultimate Magic card to UL-EV1 48')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000000") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000000")
-- Setting UL-Ev1 default config bl 16,17 -- Setting UL-Ev1 default config bl 16,17
send('a2E5FFFFFFFF') -- A2F0 block does not align correctly to actual pwd block send('a2E5FFFFFFFF') -- A2F0 block does not align correctly to actual pwd block
send('a2E6FFFFFFFF') -- A2F1 block does not align correctly to actual pack block send('a2E6FFFFFFFF') -- A2F1 block does not align correctly to actual pack block
send('a210000000FF') send('a210000000FF')
send('a21100050000') send('a21100050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_otp('00000000') -- Setting OTP to default 00 00 00 00 write_otp('00000000') -- Setting OTP to default 00 00 00 00
write_version('0004030101000b03') -- UL-EV1 (48) 00 04 03 01 01 00 0b 03 write_version('0004030101000b03') -- UL-EV1 (48) 00 04 03 01 01 00 0b 03
elseif tagtype == 10 then elseif tagtype == 10 then
print('Setting: Ultimate Magic card to UL-EV1 128') print('Setting: Ultimate Magic card to UL-EV1 128')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000000") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000000")
-- Setting UL-Ev1 default config bl 37,38 -- Setting UL-Ev1 default config bl 37,38
send('a2E5FFFFFFFF') -- A2F0 block does not align correctly to actual pwd block send('a2E5FFFFFFFF') -- A2F0 block does not align correctly to actual pwd block
send('a2E6FFFFFFFF') -- A2F1 block does not align correctly to actual pack block send('a2E6FFFFFFFF') -- A2F1 block does not align correctly to actual pack block
send('a225000000FF') send('a225000000FF')
send('a22600050000') send('a22600050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_otp('00000000') -- Setting OTP to default 00 00 00 00 write_otp('00000000') -- Setting OTP to default 00 00 00 00
write_version('0004030101000e03') -- UL-EV1 (128) 00 04 03 01 01 00 0e 03 write_version('0004030101000e03') -- UL-EV1 (128) 00 04 03 01 01 00 0e 03
elseif tagtype == 12 then elseif tagtype == 12 then
print('Setting: Ultimate Magic card to NTAG 210') print('Setting: Ultimate Magic card to NTAG 210')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG210 default CC block456 -- Setting NTAG210 default CC block456
send('a203e1100600') send('a203e1100600')
send('a2040300fe00') send('a2040300fe00')
@ -703,13 +703,13 @@ local function set_type(tagtype)
-- Setting cfg1/cfg2 -- Setting cfg1/cfg2
send('a210000000FF') send('a210000000FF')
send('a21100050000') send('a21100050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040101000b03') -- NTAG210 00 04 04 01 01 00 0b 03 write_version('0004040101000b03') -- NTAG210 00 04 04 01 01 00 0b 03
elseif tagtype == 13 then elseif tagtype == 13 then
print('Setting: Ultimate Magic card to NTAG 212') print('Setting: Ultimate Magic card to NTAG 212')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG212 default CC block456 -- Setting NTAG212 default CC block456
send('a203e1101000') send('a203e1101000')
send('a2040103900a') send('a2040103900a')
@ -717,13 +717,13 @@ local function set_type(tagtype)
-- Setting cfg1/cfg2 -- Setting cfg1/cfg2
send('a225000000FF') send('a225000000FF')
send('a22600050000') send('a22600050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040101000E03') -- NTAG212 00 04 04 01 01 00 0E 03 write_version('0004040101000E03') -- NTAG212 00 04 04 01 01 00 0E 03
elseif tagtype == 14 then elseif tagtype == 14 then
print('Setting: Ultimate Magic card to NTAG 213') print('Setting: Ultimate Magic card to NTAG 213')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG213 default CC block456 -- Setting NTAG213 default CC block456
send('a203e1101200') send('a203e1101200')
send('a2040103a00c') send('a2040103a00c')
@ -731,13 +731,13 @@ local function set_type(tagtype)
-- setting cfg1/cfg2 -- setting cfg1/cfg2
send('a229000000ff') send('a229000000ff')
send('a22a00050000') send('a22a00050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040201000F03') -- NTAG213 00 04 04 02 01 00 0f 03 write_version('0004040201000F03') -- NTAG213 00 04 04 02 01 00 0f 03
elseif tagtype == 15 then elseif tagtype == 15 then
print('Setting: Ultimate Magic card to NTAG 215') print('Setting: Ultimate Magic card to NTAG 215')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG215 default CC block456 -- Setting NTAG215 default CC block456
send('a203e1103e00') send('a203e1103e00')
send('a2040300fe00') send('a2040300fe00')
@ -745,13 +745,13 @@ local function set_type(tagtype)
-- setting cfg1/cfg2 -- setting cfg1/cfg2
send('a283000000ff') send('a283000000ff')
send('a28400050000') send('a28400050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040201001103') -- NTAG215 00 04 04 02 01 00 11 03 write_version('0004040201001103') -- NTAG215 00 04 04 02 01 00 11 03
elseif tagtype == 16 then elseif tagtype == 16 then
print('Setting: Ultimate Magic card to NTAG 216') print('Setting: Ultimate Magic card to NTAG 216')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG216 default CC block456 -- Setting NTAG216 default CC block456
send('a203e1106d00') send('a203e1106d00')
send('a2040300fe00') send('a2040300fe00')
@ -759,56 +759,56 @@ local function set_type(tagtype)
-- setting cfg1/cfg2 -- setting cfg1/cfg2
send('a2e3000000ff') send('a2e3000000ff')
send('a2e400050000') send('a2e400050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040201001303') -- NTAG216 00 04 04 02 01 00 13 03 write_version('0004040201001303') -- NTAG216 00 04 04 02 01 00 13 03
elseif tagtype == 17 then elseif tagtype == 17 then
print('Setting: Ultimate Magic card to NTAG I2C 1K') print('Setting: Ultimate Magic card to NTAG I2C 1K')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG I2C 1K default CC block456 -- Setting NTAG I2C 1K default CC block456
send('a203e1106D00') send('a203e1106D00')
send('a2040300fe00') send('a2040300fe00')
send('a20500000000') send('a20500000000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040502011303') -- NTAG_I2C_1K 00 04 04 05 02 01 13 03 write_version('0004040502011303') -- NTAG_I2C_1K 00 04 04 05 02 01 13 03
elseif tagtype == 18 then elseif tagtype == 18 then
print('Setting: Ultimate Magic card to NTAG I2C 2K') print('Setting: Ultimate Magic card to NTAG I2C 2K')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG I2C 2K default CC block456 -- Setting NTAG I2C 2K default CC block456
send('a203e110EA00') send('a203e110EA00')
send('a2040300fe00') send('a2040300fe00')
send('a20500000000') send('a20500000000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040502011503') -- NTAG_I2C_2K 00 04 04 05 02 01 15 03 write_version('0004040502011503') -- NTAG_I2C_2K 00 04 04 05 02 01 15 03
elseif tagtype == 19 then elseif tagtype == 19 then
print('Setting: Ultimate Magic card to NTAG I2C plus 1K') print('Setting: Ultimate Magic card to NTAG I2C plus 1K')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG I2C 1K default CC block456 -- Setting NTAG I2C 1K default CC block456
send('a203e1106D00') send('a203e1106D00')
send('a2040300fe00') send('a2040300fe00')
send('a20500000000') send('a20500000000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040502021303') -- NTAG_I2C_1K 00 04 04 05 02 02 13 03 write_version('0004040502021303') -- NTAG_I2C_1K 00 04 04 05 02 02 13 03
elseif tagtype == 20 then elseif tagtype == 20 then
print('Setting: Ultimate Magic card to NTAG I2C plus 2K') print('Setting: Ultimate Magic card to NTAG I2C plus 2K')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG I2C 2K default CC block456 -- Setting NTAG I2C 2K default CC block456
send('a203e1106D00') send('a203e1106D00')
send('a2040300fe00') send('a2040300fe00')
send('a20500000000') send('a20500000000')
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040502021503') -- NTAG_I2C_2K 00 04 04 05 02 02 15 03 write_version('0004040502021503') -- NTAG_I2C_2K 00 04 04 05 02 02 15 03
elseif tagtype == 21 then elseif tagtype == 21 then
print('Setting: Ultimate Magic card to NTAG 213F') print('Setting: Ultimate Magic card to NTAG 213F')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG213 default CC block456 -- Setting NTAG213 default CC block456
send('a203e1101200') send('a203e1101200')
send('a2040103a00c') send('a2040103a00c')
@ -816,13 +816,13 @@ local function set_type(tagtype)
-- setting cfg1/cfg2 -- setting cfg1/cfg2
send('a229000000ff') send('a229000000ff')
send('a22a00050000') send('a22a00050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040401000F03') -- NTAG213F 00 04 04 04 01 00 0f 03 write_version('0004040401000F03') -- NTAG213F 00 04 04 04 01 00 0f 03
elseif tagtype == 22 then elseif tagtype == 22 then
print('Setting: Ultimate Magic card to NTAG 216F') print('Setting: Ultimate Magic card to NTAG 216F')
connect() connect()
send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001") send("CF".._key.."F001010000000003000978009102DABC19101011121314151644000001")
-- Setting NTAG216 default CC block456 -- Setting NTAG216 default CC block456
send('a203e1106d00') send('a203e1106d00')
send('a2040300fe00') send('a2040300fe00')
@ -830,11 +830,11 @@ local function set_type(tagtype)
-- setting cfg1/cfg2 -- setting cfg1/cfg2
send('a2e3000000ff') send('a2e3000000ff')
send('a2e400050000') send('a2e400050000')
lib14a.disconnect() lib14a.disconnect()
write_uid('04112233445566') write_uid('04112233445566')
write_version('0004040401001303') -- NTAG216F 00 04 04 04 01 00 13 03 write_version('0004040401001303') -- NTAG216F 00 04 04 04 01 00 13 03
else else
oops('No matching tag types') oops('No matching tag types')
end end
lib14a.disconnect() lib14a.disconnect()
if resp == '04' then if resp == '04' then

4
client/src/cmdhfepa.c
View file

@ -228,7 +228,7 @@ static int CmdHFEPAPACESimulate(const char *Cmd) {
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
// bool use_pc = arg_get_lit(ctx, 1); // bool use_pc = arg_get_lit(ctx, 1);
// uint8_t pwd_type = 0; // uint8_t pwd_type = 0;
int plen = 0; int plen = 0;
uint8_t pwd[6] = {0}; uint8_t pwd[6] = {0};
@ -273,7 +273,7 @@ static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"}, {"help", CmdHelp, AlwaysAvailable, "This help"},
{"cnonces", CmdHFEPACollectPACENonces, IfPm3Iso14443, "Acquire encrypted PACE nonces of specific size"}, {"cnonces", CmdHFEPACollectPACENonces, IfPm3Iso14443, "Acquire encrypted PACE nonces of specific size"},
{"replay", CmdHFEPAPACEReplay, IfPm3Iso14443, "Perform PACE protocol by replaying given APDUs"}, {"replay", CmdHFEPAPACEReplay, IfPm3Iso14443, "Perform PACE protocol by replaying given APDUs"},
{"sim", CmdHFEPAPACESimulate, IfPm3Iso14443, "Simulate PACE protocol"}, {"sim", CmdHFEPAPACESimulate, IfPm3Iso14443, "Simulate PACE protocol"},
{NULL, NULL, NULL, NULL} {NULL, NULL, NULL, NULL}
}; };

166
client/src/cmdhfxerox.c
View file

@ -15,77 +15,77 @@
#define TIMEOUT 2000 #define TIMEOUT 2000
#define c2l(c,l) (l = ((unsigned long)(*((c)++))), \ #define c2l(c,l) (l = ((unsigned long)(*((c)++))), \
l |= ((unsigned long)(*((c)++))) << 8L, \ l |= ((unsigned long)(*((c)++))) << 8L, \
l |= ((unsigned long)(*((c)++))) << 16L, \ l |= ((unsigned long)(*((c)++))) << 16L, \
l |= ((unsigned long)(*((c)++))) << 24L) l |= ((unsigned long)(*((c)++))) << 24L)
/* NOTE - c is not incremented as per c2l */ /* NOTE - c is not incremented as per c2l */
#define c2ln(c,l1,l2,n) { \ #define c2ln(c,l1,l2,n) { \
c += n; \ c += n; \
l1 = l2 = 0; \ l1 = l2 = 0; \
switch (n) { \ switch (n) { \
case 8: l2 = ((unsigned long)(*(--(c)))) << 24L; \ case 8: l2 = ((unsigned long)(*(--(c)))) << 24L; \
case 7: l2 |= ((unsigned long)(*(--(c)))) << 16L; \ case 7: l2 |= ((unsigned long)(*(--(c)))) << 16L; \
case 6: l2 |= ((unsigned long)(*(--(c)))) << 8L; \ case 6: l2 |= ((unsigned long)(*(--(c)))) << 8L; \
case 5: l2 |= ((unsigned long)(*(--(c)))); \ case 5: l2 |= ((unsigned long)(*(--(c)))); \
case 4: l1 = ((unsigned long)(*(--(c)))) << 24L; \ case 4: l1 = ((unsigned long)(*(--(c)))) << 24L; \
case 3: l1 |= ((unsigned long)(*(--(c)))) << 16L; \ case 3: l1 |= ((unsigned long)(*(--(c)))) << 16L; \
case 2: l1 |= ((unsigned long)(*(--(c)))) << 8L; \ case 2: l1 |= ((unsigned long)(*(--(c)))) << 8L; \
case 1: l1 |= ((unsigned long)(*(--(c)))); \ case 1: l1 |= ((unsigned long)(*(--(c)))); \
} \ } \
} }
#define l2c(l,c) (*((c)++) = (uint8_t)(((l)) & 0xff), \ #define l2c(l,c) (*((c)++) = (uint8_t)(((l)) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 8L) & 0xff), \ *((c)++) = (uint8_t)(((l) >> 8L) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 16L) & 0xff), \ *((c)++) = (uint8_t)(((l) >> 16L) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 24L) & 0xff)) *((c)++) = (uint8_t)(((l) >> 24L) & 0xff))
/* NOTE - c is not incremented as per l2c */ /* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n) { \ #define l2cn(l1,l2,c,n) { \
c += n; \ c += n; \
switch (n) { \ switch (n) { \
case 8: *(--(c)) = (uint8_t)(((l2) >> 24L) & 0xff); \ case 8: *(--(c)) = (uint8_t)(((l2) >> 24L) & 0xff); \
case 7: *(--(c)) = (uint8_t)(((l2) >> 16L) & 0xff); \ case 7: *(--(c)) = (uint8_t)(((l2) >> 16L) & 0xff); \
case 6: *(--(c)) = (uint8_t)(((l2) >> 8L) & 0xff); \ case 6: *(--(c)) = (uint8_t)(((l2) >> 8L) & 0xff); \
case 5: *(--(c)) = (uint8_t)(((l2)) & 0xff); \ case 5: *(--(c)) = (uint8_t)(((l2)) & 0xff); \
case 4: *(--(c)) = (uint8_t)(((l1) >> 24L) & 0xff); \ case 4: *(--(c)) = (uint8_t)(((l1) >> 24L) & 0xff); \
case 3: *(--(c)) = (uint8_t)(((l1) >> 16L) & 0xff); \ case 3: *(--(c)) = (uint8_t)(((l1) >> 16L) & 0xff); \
case 2: *(--(c)) = (uint8_t)(((l1) >> 8L) & 0xff); \ case 2: *(--(c)) = (uint8_t)(((l1) >> 8L) & 0xff); \
case 1: *(--(c)) = (uint8_t)(((l1)) & 0xff); \ case 1: *(--(c)) = (uint8_t)(((l1)) & 0xff); \
} \ } \
} }
/* NOTE - c is not incremented as per n2l */ /* NOTE - c is not incremented as per n2l */
#define n2ln(c,l1,l2,n) { \ #define n2ln(c,l1,l2,n) { \
c += n; \ c += n; \
l1 = l2 = 0; \ l1 = l2 = 0; \
switch (n) { \ switch (n) { \
case 8: l2 = ((unsigned long)(*(--(c)))); \ case 8: l2 = ((unsigned long)(*(--(c)))); \
case 7: l2 |= ((unsigned long)(*(--(c)))) << 8; \ case 7: l2 |= ((unsigned long)(*(--(c)))) << 8; \
case 6: l2 |= ((unsigned long)(*(--(c)))) << 16; \ case 6: l2 |= ((unsigned long)(*(--(c)))) << 16; \
case 5: l2 |= ((unsigned long)(*(--(c)))) << 24; \ case 5: l2 |= ((unsigned long)(*(--(c)))) << 24; \
case 4: l1 = ((unsigned long)(*(--(c)))); \ case 4: l1 = ((unsigned long)(*(--(c)))); \
case 3: l1 |= ((unsigned long)(*(--(c)))) << 8; \ case 3: l1 |= ((unsigned long)(*(--(c)))) << 8; \
case 2: l1 |= ((unsigned long)(*(--(c)))) << 16; \ case 2: l1 |= ((unsigned long)(*(--(c)))) << 16; \
case 1: l1 |= ((unsigned long)(*(--(c)))) << 24; \ case 1: l1 |= ((unsigned long)(*(--(c)))) << 24; \
} \ } \
} }
/* NOTE - c is not incremented as per l2n */ /* NOTE - c is not incremented as per l2n */
#define l2nn(l1,l2,c,n) { \ #define l2nn(l1,l2,c,n) { \
c+=n; \ c+=n; \
switch (n) { \ switch (n) { \
case 8: *(--(c)) = (uint8_t)(((l2)) & 0xff); \ case 8: *(--(c)) = (uint8_t)(((l2)) & 0xff); \
case 7: *(--(c)) = (uint8_t)(((l2) >> 8) & 0xff); \ case 7: *(--(c)) = (uint8_t)(((l2) >> 8) & 0xff); \
case 6: *(--(c)) = (uint8_t)(((l2) >> 16) & 0xff); \ case 6: *(--(c)) = (uint8_t)(((l2) >> 16) & 0xff); \
case 5: *(--(c)) = (uint8_t)(((l2) >> 24) & 0xff); \ case 5: *(--(c)) = (uint8_t)(((l2) >> 24) & 0xff); \
case 4: *(--(c)) = (uint8_t)(((l1)) & 0xff); \ case 4: *(--(c)) = (uint8_t)(((l1)) & 0xff); \
case 3: *(--(c)) = (uint8_t)(((l1) >> 8) & 0xff); \ case 3: *(--(c)) = (uint8_t)(((l1) >> 8) & 0xff); \
case 2: *(--(c)) = (uint8_t)(((l1) >> 16) & 0xff); \ case 2: *(--(c)) = (uint8_t)(((l1) >> 16) & 0xff); \
case 1: *(--(c)) = (uint8_t)(((l1) >> 24) & 0xff); \ case 1: *(--(c)) = (uint8_t)(((l1) >> 24) & 0xff); \
} \ } \
} }
#define n2l(c,l) (l = ((unsigned long)(*((c)++))) << 24L, \ #define n2l(c,l) (l = ((unsigned long)(*((c)++))) << 24L, \
l |= ((unsigned long)(*((c)++))) << 16L, \ l |= ((unsigned long)(*((c)++))) << 16L, \
@ -98,17 +98,17 @@
*((c)++) = (uint8_t)(((l)) & 0xff)) *((c)++) = (uint8_t)(((l)) & 0xff))
#define C_RC2(n) \ #define C_RC2(n) \
t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; \ t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; \
x0 = (t << 1) | (t >> 15); \ x0 = (t << 1) | (t >> 15); \
t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; \ t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; \
x1 = (t << 2) | (t >> 14); \ x1 = (t << 2) | (t >> 14); \
t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; \ t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; \
x2 = (t << 3) | (t >> 13); \ x2 = (t << 3) | (t >> 13); \
t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; \ t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; \
x3 = (t << 5) | (t >> 11); x3 = (t << 5) | (t >> 11);
#define RC2_ENCRYPT 1 #define RC2_ENCRYPT 1
#define RC2_DECRYPT 0 #define RC2_DECRYPT 0
typedef unsigned int RC2_INT; typedef unsigned int RC2_INT;
@ -533,8 +533,8 @@ static int CmdHFXeroxInfo(const char *Cmd) {
packet->flags = (ISO14B_APPEND_CRC | ISO14B_RAW); packet->flags = (ISO14B_APPEND_CRC | ISO14B_RAW);
packet->rawlen = 11; packet->rawlen = 11;
packet->raw[0] = 0x02; packet->raw[0] = 0x02;
packet->raw[1] = 0x20; // set command: read mem packet->raw[1] = 0x20; // set command: read mem
memcpy(packet->raw + 2, card.uid, 8); // store uid memcpy(packet->raw + 2, card.uid, 8); // store uid
for (int retry = 0; (retry < 5 && blocknum < sizeof(info_blocks)); retry++) { for (int retry = 0; (retry < 5 && blocknum < sizeof(info_blocks)); retry++) {
@ -623,7 +623,7 @@ static int CmdHFXeroxDump(const char *Cmd) {
} }
iso14b_card_select_t card; iso14b_card_select_t card;
int status = findXerox(&card, false); // remain RF on int status = findXerox(&card, false); // remain RF on
if (status != PM3_SUCCESS) { if (status != PM3_SUCCESS) {
free(packet); free(packet);
switch_off_field(); switch_off_field();
@ -632,20 +632,20 @@ static int CmdHFXeroxDump(const char *Cmd) {
PrintAndLogEx(INFO, "Reading memory from tag UID " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); PrintAndLogEx(INFO, "Reading memory from tag UID " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen));
int blocknum = 1; // block 0 all zeros int blocknum = 1; // block 0 all zeros
uint8_t data[256 * 4] = {0}; uint8_t data[256 * 4] = {0};
// set up the read command // set up the read command
packet->flags = (ISO14B_APPEND_CRC | ISO14B_RAW); packet->flags = (ISO14B_APPEND_CRC | ISO14B_RAW);
packet->rawlen = 11; packet->rawlen = 11;
packet->raw[0] = 0x02; packet->raw[0] = 0x02;
memcpy(packet->raw + 2, card.uid, 8); // store uid memcpy(packet->raw + 2, card.uid, 8); // store uid
PrintAndLogEx(INFO, "." NOLF); PrintAndLogEx(INFO, "." NOLF);
for (int retry = 0; (retry < 5 && blocknum < 0x100); retry++) { for (int retry = 0; (retry < 5 && blocknum < 0x100); retry++) {
packet->raw[1] = (blocknum < 12) ? 0x30 : 0x20; // set command: read ext mem or read mem packet->raw[1] = (blocknum < 12) ? 0x30 : 0x20; // set command: read ext mem or read mem
packet->raw[10] = blocknum & 0xFF; packet->raw[10] = blocknum & 0xFF;
PacketResponseNG resp; PacketResponseNG resp;
@ -657,7 +657,7 @@ static int CmdHFXeroxDump(const char *Cmd) {
resp.cmd, resp.length, resp.magic, resp.status, resp.crc, resp.oldarg[0], resp.oldarg[1], resp.oldarg[2], resp.cmd, resp.length, resp.magic, resp.status, resp.crc, resp.oldarg[0], resp.oldarg[1], resp.oldarg[2],
resp.data.asBytes[0], resp.data.asBytes[1], resp.data.asBytes[2], resp.ng ? 't' : 'f'); resp.data.asBytes[0], resp.data.asBytes[1], resp.data.asBytes[2], resp.ng ? 't' : 'f');
*/ */
if (/*resp.status != 0 ||*/ resp.length < 7) { // 14b raw command send data_len instead of status if (/*resp.status != 0 ||*/ resp.length < 7) { // 14b raw command send data_len instead of status
PrintAndLogEx(FAILED, "retrying one more time"); PrintAndLogEx(FAILED, "retrying one more time");
continue; continue;
} }
@ -722,8 +722,8 @@ static int CmdHFXeroxDump(const char *Cmd) {
memcpy(k1, k2, sizeof(k1)); memcpy(k1, k2, sizeof(k1));
k1[2] = k2[3] ^ data[0x22 * 4 + 0]; k1[2] = k2[3] ^ data[0x22 * 4 + 0];
k1[3] = k2[4] ^ data[0x22 * 4 + 1]; // first_key[7]; k1[3] = k2[4] ^ data[0x22 * 4 + 1]; // first_key[7];
k1[5] = k2[1] ^ 0x01; // 01 = crypto method? rfid[23][2] k1[5] = k2[1] ^ 0x01; // 01 = crypto method? rfid[23][2]
RC2_set_key(&exp_key, 8, k1, 64); RC2_set_key(&exp_key, 8, k1, 64);
@ -747,7 +747,7 @@ static int CmdHFXeroxDump(const char *Cmd) {
uint16_t cs, csd; uint16_t cs, csd;
// calc checksum // calc checksum
for (b = 0, cs = 0; b < sizeof(decr) - 2; b += 2) cs += decr[b] | (decr[b + 1] << 8); for (b = 0, cs = 0; b < sizeof(decr) - 2; b += 2) cs += decr[b] | (decr[b + 1] << 8);
cs = ~cs; cs = ~cs;
csd = (decr[7] << 8) | decr[6]; csd = (decr[7] << 8) | decr[6];
@ -772,7 +772,7 @@ static int CmdHFXeroxDump(const char *Cmd) {
PrintAndLogEx(INFO, "---------+--------------+----------"); PrintAndLogEx(INFO, "---------+--------------+----------");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
if (0 == filename[0]) { // generate filename from uid if (0 == filename[0]) { // generate filename from uid
/* /*
PrintAndLogEx(INFO, "Using UID as filename"); PrintAndLogEx(INFO, "Using UID as filename");

2
doc/commands.json
View file

@ -11512,6 +11512,6 @@
"metadata": { "metadata": {
"commands_extracted": 727, "commands_extracted": 727,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-01-14T21:16:27" "extracted_on": "2023-01-14T21:23:30"
} }
} }

2
include/protocols.h
View file

@ -473,7 +473,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
// 65 xx // 65 xx
#define ISO7816_MEMORY_FULL 0x6501 // Memory failure #define ISO7816_MEMORY_FULL 0x6501 // Memory failure
#define ISO7816_WRITE_MEMORY_ERR 0x6581 // Write problem / Memory failure / Unknown mode #define ISO7816_WRITE_MEMORY_ERR 0x6581 // Write problem / Memory failure / Unknown mode
// 67 xx // 67 xx
#define ISO7816_WRONG_LENGTH 0x6700 // Wrong length #define ISO7816_WRONG_LENGTH 0x6700 // Wrong length