Supercard gen1/gen2 detection in MifareCIdent

armsrc/mifarecmd.c

@@ -2481,11 +2481,13 @@ void MifareCIdent(bool is_mfc) {
     uint8_t isGen = 0;
     uint8_t rec[1] = {0x00};
     uint8_t recpar[1] = {0x00};
-    uint8_t rats[4] = { ISO14443A_CMD_RATS, 0x80, 0x31, 0x73 };
+    uint8_t rats[4] = {ISO14443A_CMD_RATS, 0x80, 0x31, 0x73};
-    uint8_t rdblf0[4] = { ISO14443A_CMD_READBLOCK, 0xF0, 0x8D, 0x5f};
+    uint8_t rdblf0[4] = {ISO14443A_CMD_READBLOCK, 0xF0, 0x8D, 0x5f};
-    uint8_t rdbl00[4] = { ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8};
+    uint8_t rdbl00[4] = {ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8};
-    uint8_t gen4gmd[4] = { MIFARE_MAGIC_GDM_AUTH_KEYA, 0x00, 0x6C, 0x92};
+    uint8_t gen4gmd[4] = {MIFARE_MAGIC_GDM_AUTH_KEYA, 0x00, 0x6C, 0x92};
-    uint8_t gen4GetConf[8] = { GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0};
+    uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0};
+    uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D};
+    uint8_t superGen2[4] = {0x30, 0x00, 0x02, 0xA8};
     uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE);
     uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE);
     uint8_t *uid = BigBuf_malloc(10);
@@ -2518,8 +2520,7 @@ void MifareCIdent(bool is_mfc) {
 
     int res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true);
     if (res == 2) {
-
+        // Check for Magic Gen4 GTU with default password:
-        // Check for Magic Gen4 GTU with default password :
         // Get config should return 30 or 32 bytes
         AddCrc14A(gen4GetConf, sizeof(gen4GetConf) - 2);
         ReaderTransmit(gen4GetConf, sizeof(gen4GetConf), NULL);
@@ -2537,7 +2538,6 @@ void MifareCIdent(bool is_mfc) {
 
     res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true);
     if (res == 2) {
-
         if (cuid == 0xAA55C396) {
             isGen = MAGIC_GEN_UNFUSED;
             goto OUT;
@@ -2546,19 +2546,29 @@ void MifareCIdent(bool is_mfc) {
         ReaderTransmit(rats, sizeof(rats), NULL);
         res = ReaderReceive(buf, par);
         if (res) {
+            // test for super card
+            ReaderTransmit(superGen1, sizeof(superGen1), NULL);
+            res = ReaderReceive(buf, par);
+            if (res == 22) {
+                isGen = MAGIC_SUPER_GEN1;
 
-            // test for some MFC gen2
+                // check for super card gen2
-            if (memcmp(buf, "\x09\x78\x00\x91\x02\xDA\xBC\x19\x10\xF0\x05", 11) == 0) {
+                // not available after RATS, reset card before executing
+                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+                SpinDelay(40);
+                iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 
-                // super card ident
+                iso14443a_select_card(uid, NULL, &cuid, true, 0, true);
-                uint8_t super[] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D};
+                ReaderTransmit(superGen2, sizeof(superGen2), NULL);
-                ReaderTransmit(super, sizeof(super), NULL);
                 res = ReaderReceive(buf, par);
-                if (res == 22) {
+                if (res == 18) {
-                    isGen = MAGIC_SUPER;
+                    isGen = MAGIC_SUPER_GEN2;
-                    goto OUT;
                 }
 
+                goto OUT;
+            }
+            // test for some MFC gen2
+            if (memcmp(buf, "\x09\x78\x00\x91\x02\xDA\xBC\x19\x10\xF0\x05", 11) == 0) {
                 isGen = MAGIC_GEN_2;
                 goto OUT;
             }

client/src/mifare/mifarehost.c

@@ -1421,8 +1421,11 @@ int detect_mf_magic(bool is_mfc) {
         case MAGIC_GEN_UNFUSED:
             PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Write Once / FUID"));
             break;
-        case MAGIC_SUPER:
+        case MAGIC_SUPER_GEN1:
-            PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("super card"));
+            PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Super card (") _CYAN_("Gen 1") _GREEN_(")"));
+            break;
+        case MAGIC_SUPER_GEN2:
+            PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("Super card (") _CYAN_("Gen 2") _GREEN_(")"));
             break;
         case MAGIC_NTAG21X:
             PrintAndLogEx(SUCCESS, "Magic capabilities : " _GREEN_("NTAG21x"));

doc/magic_cards_notes.md

@@ -677,12 +677,12 @@ CF <passwd> FE <4b new_password>                 // Change password
 ### Identify
 ^[Top](#top)
 
-Only Gen1 at the moment:
+Only Gen1/Gen2 at this moment (Gen1B is unsupported):
 
 ```
 hf 14a info
 ...
-[+] Magic capabilities : super card
+[+] Magic capabilities : Super card (Gen ?)
 ```
 
 # MIFARE Ultralight

include/protocols.h

@@ -258,11 +258,12 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define MAGIC_GEN_1B        2
 #define MAGIC_GEN_2         4
 #define MAGIC_GEN_UNFUSED   5
-#define MAGIC_SUPER         6
+#define MAGIC_SUPER_GEN1    6
-#define MAGIC_NTAG21X       7
+#define MAGIC_SUPER_GEN2    7
-#define MAGIC_GEN_3         8
+#define MAGIC_NTAG21X       8
-#define MAGIC_GEN_4GTU      9
+#define MAGIC_GEN_3         9
-#define MAGIC_GEN_4GDM      10
+#define MAGIC_GEN_4GTU      10
+#define MAGIC_GEN_4GDM      11
 
 // Commands for configuration of Gen4 GTU cards.
 // see https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md