Merge branch 'master' into master

Signed-off-by: Iceman <iceman@iuse.se>

.github/workflows/codeql-analysis.yml

@@ -12,6 +12,7 @@
 name: "CodeQL"
 
 on:
+  workflow_dispatch:
   push:
     branches: [ master ]
   pull_request:

.github/workflows/rebase.yml

@@ -2,6 +2,7 @@ on: pull_request_target
 name: Changelog Reminder
 jobs:
   remind:
+    if: github.repository_owner = 'RfidResearchGroup'
     name: Changelog Reminder
     runs-on: ubuntu-latest
     steps:

CHANGELOG.md

@@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips (@nvx)
+- Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) 
 - Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz)
 - Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva)
 - Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva)
@@ -27,8 +29,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - Added simulation function to `hf iclass legrec` (@antiklesys)
 - Added keys from Momentum firmware projects. (@onovy)
 - Added Dutch Statistics Agency default key (@eagle00789)
-- Changed hf mf autopwn - now allows for custom suffix (@zxkmm)
 - Fixed Wiegand decode with hex input dropping the first bit (@emilyastranova)
+- Changed `hf mf autopwn` - now allows for custom suffix (@zxkmm)
 
 ## [Orca.4.19552][2024-11-22]
 - Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968)

armsrc/mifarecmd.c

@@ -2927,6 +2927,7 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
     uint8_t rdbl00[4] = {ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8};
     uint8_t gen4gdmAuth[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92};
     uint8_t gen4gdmGetConf[4] = {MIFARE_MAGIC_GDM_READ_CFG, 0x00, 0x39, 0xF7};
+    uint8_t gen4gdmGetMagicBlock[4] = {MIFARE_MAGIC_GDM_READBLOCK, 0x00, 0xC2, 0x66};
     uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0};
     uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D};
     bool isGen2 = false;
@@ -2955,7 +2956,16 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
         ReaderTransmit(gen4gdmGetConf, sizeof(gen4gdmGetConf), NULL);
         res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par);
         if (res > 1) {
-            flag |= MAGIC_FLAG_GDM_WUP_40;
+            // could be ZUID or full USCUID, the magic blocks don't exist on ZUID so
+            // a failure here indicates a feature limited chip like ZUID
+            // check for GDM hidden block read
+            ReaderTransmit(gen4gdmGetMagicBlock, sizeof(gen4gdmGetMagicBlock), NULL);
+            res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par);
+            if (res > 1) {
+                flag |= MAGIC_FLAG_GDM_WUP_40;
+            } else {
+                flag |= MAGIC_FLAG_GDM_WUP_40_ZUID;
+            }
         }
     }
 

client/src/cmdhf14a.c

@@ -84,6 +84,7 @@ static const  iso14a_polling_frame_t ECP_FRAME = {
 };
 
 
+// based on ISO/IEC JTC1/SC17 STANDING DOCUMENT 5 (Updated 20 September 2024) Register of IC manufacturers
 static const manufactureName_t manufactureMapping[] = {
     // ID,  "Vendor Country"
     { 0x01, "Motorola UK" },
@@ -103,12 +104,12 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x0F, "Hynix / Hyundai, Korea" },
     { 0x10, "LG-Semiconductors Co. Ltd Korea" },
     { 0x11, "Emosyn-EM Microelectronics USA" },
-    { 0x12, "INSIDE Technology France" },
+    { 0x12, "Wisekey Semiconductors (previously INSIDE Technology) France" },
     { 0x13, "ORGA Kartensysteme GmbH Germany" },
     { 0x14, "SHARP Corporation Japan" },
     { 0x15, "ATMEL France" },
     { 0x16, "EM Microelectronic-Marin SA Switzerland" },
-    { 0x17, "KSW Microtec GmbH Germany" },
+    { 0x17, "SMARTRAC TECHNOLOGY GmbH Germany" },
     { 0x18, "ZMD AG Germany" },
     { 0x19, "XICOR, Inc. USA" },
     { 0x1A, "Sony Corporation Japan" },
@@ -124,7 +125,7 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x24, "Masktech Germany Gmbh Germany" },
     { 0x25, "Innovision Research and Technology Plc UK" },
     { 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" },
-    { 0x27, "Cypak AB Sweden" },
+    { 0x27, "Yubico AB Sweden" },
     { 0x28, "Ricoh Japan" },
     { 0x29, "ASK France" },
     { 0x2A, "Unicore Microsystems, LLC Russian Federation" },
@@ -140,7 +141,7 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x34, "Mikron JSC Russia" },
     { 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" },
     { 0x36, "IDS Microchip AG Switzerland" },
-    { 0x37, "Thinfilm - Kovio USA" },
+    { 0x37, "Kovio USA" },
     { 0x38, "HMT Microelectronic Ltd Switzerland" },
     { 0x39, "Silicon Craft Technology Thailand" },
     { 0x3A, "Advanced Film Device Inc. Japan" },
@@ -149,12 +150,12 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x3D, "HID Global USA" },
     { 0x3E, "Productivity Engineering Gmbh Germany" },
     { 0x3F, "Austriamicrosystems AG (reserved) Austria" },
-    { 0x40, "Gemalto SA France" },
+    { 0x40, "Thales DIS (previously Gemalto SA) France" },
     { 0x41, "Renesas Electronics Corporation Japan" },
     { 0x42, "3Alogics Inc Korea" },
     { 0x43, "Top TroniQ Asia Limited Hong Kong" },
     { 0x44, "Gentag Inc. USA" },
-    { 0x45, "Invengo Information Technology Co.Ltd China" },
+    { 0x45, "Invengo Information Technology Co. Ltd China" },
     { 0x46, "Guangzhou Sysur Microelectronics, Inc China" },
     { 0x47, "CEITEC S.A. Brazil" },
     { 0x48, "Shanghai Quanray Electronics Co. Ltd. China" },
@@ -165,7 +166,7 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x4D, "Balluff GmbH Germany" },
     { 0x4E, "Oberthur Technologies France" },
     { 0x4F, "Silterra Malaysia Sdn. Bhd. Malaysia" },
-    { 0x50, "DELTA Danish Electronics, Light & Acoustics Denmark" },
+    { 0x50, "Presto Engineering Denmark" },
     { 0x51, "Giesecke & Devrient GmbH Germany" },
     { 0x52, "Shenzhen China Vision Microelectronics Co., Ltd. China" },
     { 0x53, "Shanghai Feiju Microelectronics Co. Ltd. China" },
@@ -185,18 +186,57 @@ static const manufactureName_t manufactureMapping[] = {
     { 0x61, "Wearlinks Technology Inc. China" },
     { 0x62, "Userstar Information Systems Co., Ltd Taiwan" },
     { 0x63, "Pragmatic Printing Ltd. UK" },
-    { 0x64, "Associacao do Laboratorio de Sistemas Integraveis Tecnologico - LSI-TEC Brazil" },
+    { 0x64, "Associação do Laboratório de Sistemas Integráveis Tecnológico - LSI-TEC Brazil" },
     { 0x65, "Tendyron Corporation China" },
     { 0x66, "MUTO Smart Co., Ltd. Korea" },
     { 0x67, "ON Semiconductor USA" },
-    { 0x68, "TUBITAK BILGEM Turkey" },
+    { 0x68, "TÜBITAK BILGEM Turkey" }, // Don't use "İ", Proxspace doesn't like it
     { 0x69, "Huada Semiconductor Co., Ltd China" },
     { 0x6A, "SEVENEY France" },
-    { 0x6B, "ISSM France" },
+    { 0x6B, "THALES DIS Design Services SAS (previously ISSM) France" },
     { 0x6C, "Wisesec Ltd Israel" },
+    { 0x6D, "LTD \"NM-Teh\" Russia" },
+    { 0x70, "ifm electronic gmbh Germany" },
+    { 0x71, "Sichuan Kiloway Technologies Co., Ltd. China" },
+    { 0x72, "Ford Motor Company US" },
+    { 0x73, "Beijing Tsingteng MicroSystem Co.,Ltd China" },
+    { 0x74, "Huada EverCore Co., Ltd China" },
+    { 0x75, "Smartchip Microelectronics Corporation Taiwan" },
+    { 0x76, "Tongxin Microelectronics Co., Ltd. China" },
+    { 0x77, "Ningbo IOT Microelectronics Co Ltd China" },
+    { 0x78, "AU Optronics Taiwan" },
+    { 0x79, "CUBIC USA" },
+    { 0x7A, "Abbott Diabetes Care USA" },
+    { 0x7B, "Shenzen Nation RFID Technology Co Ltd China" },
     { 0x7C, "DB HiTek Co Ltd Korea" },
     { 0x7D, "SATO Vicinity Australia" },
     { 0x7E, "Holtek Taiwan" },
+    // Previously, following entries were listed in the doc as 0x7f, 0x80 etc.
+    // Now, they are listed as 'FF 00', 'FF 01',...
+    { 0x7F, "Shenzhen Goodix Technology Co., Ltd. China" },
+    { 0x80, "Panthronics AG Austria" },
+    { 0x81, "Beijing Huada Infosec Technology Co., Ltd China" },
+    { 0x82, "Shanghai Oriental Magnetic Card Engineering Co Ltd. China" },
+    { 0x83, "8ApeX Inc USA" },
+    { 0x84, "Abbott Ireland" },
+    { 0x85, "Proqure Inc USA" },
+    { 0x86, "Schreiner Group GmbH & Co. KG Germany" },
+    { 0x87, "Beijing SmartChip Microelectronics Technology Company Limited China" },
+    { 0x88, "Datang Microelectronics Technology Co., Ltd. China" },
+    { 0x89, "Wise Security Technology (Guangzhou) Co., Ltd. China" },
+    { 0x8A, "CEC Huada Electronic Design Co., Ltd. China" },
+    { 0x8B, "Shanghai Techsun RFID Technology Co., Ltd. China" },
+    { 0x8C, "North China Institute of Computing Technology China" },
+    { 0x8D, "Shanghai Huahong Integrated Circuit Co., Ltd. China" },
+    { 0x8E, "Shanghai MintSilicon Microelectronics Inc., Ltd. China" },
+    { 0x8F, "Xinsheng Technology Co., Ltd. China" },
+    { 0x90, "IDEX Biometrics ASA Norway" },
+    { 0x91, "Novo Nordisk A/S Denmark" },
+    { 0x92, "Shandong Huayi Micro-Electronics Technology Co., Ltd. China" },
+    { 0x93, "Abbott Heart Failure USA" },
+    { 0x94, "P&M Information Technology (Shenzhen) Co., Ltd. China" },
+    { 0x95, "MARS TECHNOLOGY PTE. LTD. Singapore" },
+    { 0x96, "Trovan Limited Isle of Man" },
     { 0x00, "no tag-info available" } // must be the last entry
 };
 
@@ -2721,7 +2761,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
             PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf c*") "` magic commands");
 
             // if GEN4 GDM in Gen1a more,  hint about it
-            if ((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) {
+            if (((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) || ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID)) {
                 PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf gdm* --gen1a") "` magic commands");
             }
         }

client/src/cmdhfmf.c

@@ -7942,11 +7942,11 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) {
 
     uint8_t atslen = d[7];
     if (atslen == 0) {
-        PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _YELLOW_("zero"));
+        PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _YELLOW_("zero"));
     } else if (atslen <= 16) {
-        PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _GREEN_("ok"));
+        PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _GREEN_("ok"));
     } else {
-        PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _RED_("fail"));
+        PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _RED_("fail"));
         atslen = 0;
     }
 
@@ -7955,7 +7955,7 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) {
     // ATS seems to have 16 bytes reserved
     PrintAndLogEx(INFO, _CYAN_("Config 2 - ATS"));
     PrintAndLogEx(INFO, "%s", sprint_hex_inrow(d + 8, 16));
-    if (atslen <= 16) {
+    if ((atslen > 0) && (atslen <= 16)) {
         PrintAndLogEx(INFO, "%s.............. ATS ( %d bytes )", sprint_hex_inrow(&d[8], d[7]), d[7]);
         PrintAndLogEx(INFO, "..................%s Reserved for ATS", sprint_hex_inrow(d + 8 + d[7], 16 - d[7]));
     } else {
@@ -8044,21 +8044,32 @@ static int CmdHF14AGen4Info(const char *cmd) {
     size_t resplen = 0;
     int res = 0;
 
-    if (dlen != 32) {
-        res = mfG4GetConfig(pwd, resp, &resplen, verbose);
-        if (res != PM3_SUCCESS || resplen == 0) {
-            if (res == PM3_ETIMEOUT)
-                PrintAndLogEx(ERR, "No card in the field or card command timeout.");
-            else
-                PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen);
+    if (dlen == 0) {
+        if (IfPm3Iso14443a()) {
+            res = mfG4GetConfig(pwd, resp, &resplen, verbose);
+            if (res != PM3_SUCCESS || resplen == 0) {
+                if (res == PM3_ETIMEOUT)
+                    PrintAndLogEx(ERR, "No card in the field or card command timeout.");
+                else
+                    PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen);
+                return PM3_ESOFT;
+            }
+        } else {
+            PrintAndLogEx(ERR, "Offline mode, please provide data");
             return PM3_ESOFT;
         }
+    } else if (dlen != 32) {
+        PrintAndLogEx(FAILED, "Data must be 32 bytes length, got " _YELLOW_("%u"), dlen);
+        return PM3_EINVARG;
     } else {
         memcpy(resp, data, dlen);
         resplen = 32;
     }
 
     parse_gtu_cfg(resp, resplen);
+    if (! IfPm3Iso14443a()) {
+        return PM3_SUCCESS;
+    }
 
     uint8_t uid_len = resp[1];
 
@@ -10139,7 +10150,7 @@ static command_t CommandTable[] = {
     {"gen3blk",     CmdHf14AGen3Block,      IfPm3Iso14443a,  "Overwrite manufacturer block"},
     {"gen3freeze",  CmdHf14AGen3Freeze,     IfPm3Iso14443a,  "Perma lock UID changes. irreversible"},
     {"-----------", CmdHelp,                IfPm3Iso14443a,  "-------------------- " _CYAN_("magic gen4 GTU") " --------------------------"},
-    {"ginfo",       CmdHF14AGen4Info,       IfPm3Iso14443a,  "Info about configuration of the card"},
+    {"ginfo",       CmdHF14AGen4Info,       AlwaysAvailable,  "Info about configuration of the card"},
     {"ggetblk",     CmdHF14AGen4GetBlk,     IfPm3Iso14443a,  "Read block from card"},
     {"gload",       CmdHF14AGen4Load,       IfPm3Iso14443a,  "Load dump to card"},
     {"gsave",       CmdHF14AGen4Save,       IfPm3Iso14443a,  "Save dump from card into file or emulator"},

client/src/cmdlfhitag.c

@@ -488,8 +488,23 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys,  uint8_t keyl
 
     uint8_t *pkeys = keys;
 
+    uint32_t toti = key_count;
+    uint32_t cnt = 0;
+
     while (key_count--) {
 
+        cnt++;
+
+        if (kbd_enter_pressed()) {
+            SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
+            PrintAndLogEx(INFO, "User aborted");
+            break;
+        }
+
+        PrintAndLogEx(INPLACE, "Checking Keys %u / %u", cnt, toti);
+
+        msleep(30);
+
         if (keylen == 4) {
             packet.cmd = HT2F_PASSWORD;
             memcpy(packet.pwd, pkeys, keylen);
@@ -503,7 +518,7 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys,  uint8_t keyl
         clearCommandBuffer();
         SendCommandNG(CMD_LF_HITAG_READER, (uint8_t *)&packet, sizeof(packet));
         PacketResponseNG resp;
-        if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 2000) == false) {
+        if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 4000) == false) {
             PrintAndLogEx(WARNING, "timeout while waiting for reply.");
             SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
             return PM3_ETIMEOUT;

client/src/mifare/mifarehost.c

@@ -1144,7 +1144,7 @@ int mf_chinese_set_uid(uint8_t *uid, uint8_t uidlen, const uint8_t *atqa, const
 
     res = mf_chinese_set_block(0, block0, NULL, params);
     if (res == PM3_SUCCESS) {
-        params = MAGIC_SINGLE | MAGIC_WUPC;
+        params = MAGIC_SINGLE | (gdm ? MAGIC_GDM_ALT_WUPC : MAGIC_WUPC);
         memset(block0, 0, sizeof(block0));
         res = mf_chinese_get_block(0, block0, params);
         if (res == 0) {
@@ -1614,6 +1614,10 @@ uint16_t detect_mf_magic(bool is_mfc, uint8_t key_type, uint64_t key) {
         PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( Gen1 Magic Wakeup )");
     }
 
+    if ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID) {
+        PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( ZUID Gen1 Magic Wakeup )");
+    }
+
     if ((isMagic & MAGIC_FLAG_GEN_UNFUSED) == MAGIC_FLAG_GEN_UNFUSED) {
         PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Write Once / FUID"));
     }

include/protocols.h

@@ -263,20 +263,21 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define MAGIC_SINGLE                (MAGIC_HALT | MAGIC_INIT | MAGIC_OFF) //0x1E
 
 // by CMD_HF_MIFARE_CIDENT / Flags
-#define MAGIC_FLAG_NONE          0x0000
-#define MAGIC_FLAG_GEN_1A        0x0001
-#define MAGIC_FLAG_GEN_1B        0x0002
-#define MAGIC_FLAG_GEN_2         0x0004
-#define MAGIC_FLAG_GEN_UNFUSED   0x0008
-#define MAGIC_FLAG_SUPER_GEN1    0x0010
-#define MAGIC_FLAG_SUPER_GEN2    0x0020
-#define MAGIC_FLAG_NTAG21X       0x0040
-#define MAGIC_FLAG_GEN_3         0x0080
-#define MAGIC_FLAG_GEN_4GTU      0x0100
-#define MAGIC_FLAG_GDM_AUTH      0x0200
-#define MAGIC_FLAG_QL88          0x0400
-#define MAGIC_FLAG_GDM_WUP_20    0x0800
-#define MAGIC_FLAG_GDM_WUP_40    0x1000
+#define MAGIC_FLAG_NONE            0x0000
+#define MAGIC_FLAG_GEN_1A          0x0001
+#define MAGIC_FLAG_GEN_1B          0x0002
+#define MAGIC_FLAG_GEN_2           0x0004
+#define MAGIC_FLAG_GEN_UNFUSED     0x0008
+#define MAGIC_FLAG_SUPER_GEN1      0x0010
+#define MAGIC_FLAG_SUPER_GEN2      0x0020
+#define MAGIC_FLAG_NTAG21X         0x0040
+#define MAGIC_FLAG_GEN_3           0x0080
+#define MAGIC_FLAG_GEN_4GTU        0x0100
+#define MAGIC_FLAG_GDM_AUTH        0x0200
+#define MAGIC_FLAG_QL88            0x0400
+#define MAGIC_FLAG_GDM_WUP_20      0x0800
+#define MAGIC_FLAG_GDM_WUP_40      0x1000
+#define MAGIC_FLAG_GDM_WUP_40_ZUID 0x2000
 
 
 // Commands for configuration of Gen4 GTU cards.