Add Mifare Classic EV1 set load modulation command

armsrc/appmain.c

@@ -1196,6 +1196,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			SniffMifare(c->arg[0]);
 			break;
 
+		case CMD_MIFARE_SETMOD:
+			MifareSetMod(c->arg[0], c->d.asBytes);
+			break;
+
 		//mifare desfire
 		case CMD_MIFARE_DESFIRE_READBL:	break;
 		case CMD_MIFARE_DESFIRE_WRITEBL: break;

armsrc/apps.h

@@ -148,6 +148,7 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain);  // Work with "magic Chinese" card
 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain);
 void MifareCIdent();  // is "magic chinese" card?
+void MifareSetMod(uint8_t mod, uint8_t *key);
 void MifareUSetPwd(uint8_t arg0, uint8_t *datain);
 void OnSuccessMagic();
 void OnErrorMagic(uint8_t reason);

armsrc/mifarecmd.c

@@ -1429,6 +1429,64 @@ void OnErrorMagic(uint8_t reason){
 	cmd_send(CMD_ACK,0,reason,0,0,0);
 	OnSuccessMagic();
 }
+
+void MifareSetMod(uint8_t mod, uint8_t *key) {
+	uint64_t ui64Key = bytes_to_num(key, 6);
+
+	// variables
+	uint8_t isOK = 0;
+	uint8_t uid[10] = {0};
+	uint32_t cuid = 0;
+	struct Crypto1State mpcs = {0, 0};
+	struct Crypto1State *pcs = &mpcs;
+	int respLen = 0;
+	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0};
+	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0};
+
+	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+
+	clear_trace();
+	set_tracing(true);
+
+	LED_A_ON();
+	LED_B_OFF();
+	LED_C_OFF();
+
+	while (true) {
+		if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
+			if (MF_DBGLEVEL >= 1)	Dbprintf("Can't select card");
+			break;
+		}
+
+		if(mifare_classic_auth(pcs, cuid, 0, 0, ui64Key, AUTH_FIRST)) {
+			if (MF_DBGLEVEL >= 1)	Dbprintf("Auth error");
+			break;
+		}
+
+		if (((respLen = mifare_sendcmd_short(pcs, 1, 0x43, mod, receivedAnswer, receivedAnswerPar, NULL)) != 1) || (receivedAnswer[0] != 0x0a)) {
+			if (MF_DBGLEVEL >= 1)	Dbprintf("SetMod error; response[0]: %hhX, len: %d", receivedAnswer[0], respLen);
+			break;
+		}
+
+		if(mifare_classic_halt(pcs, cuid)) {
+			if (MF_DBGLEVEL >= 1)	Dbprintf("Halt error");
+			break;
+		}
+
+		isOK = 1;
+		break;
+	}
+
+	crypto1_destroy(pcs);
+
+	LED_B_ON();
+	cmd_send(CMD_ACK, isOK, 0, 0, 0, 0);
+	LED_B_OFF();
+
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+	LEDsoff();
+}
+
 //
 // DESFIRE
 //

client/cmdhfmf.c

@@ -2451,6 +2451,43 @@ int CmdHf14MfDecryptBytes(const char *Cmd){
 	return tryDecryptWord( nt, ar_enc, at_enc, data, len);
 }
 
+int CmdHf14AMfSetMod(const char *Cmd) {
+	uint8_t key[6] = {0, 0, 0, 0, 0, 0};
+	uint8_t mod = 2;
+
+	char ctmp = param_getchar(Cmd, 0);
+	if (ctmp == '0') {
+		mod = 0;
+	} else if (ctmp == '1') {
+		mod = 1;
+	}
+	int gethexfail = param_gethex(Cmd, 1, key, 12);
+	if (mod == 2 || gethexfail) {
+		PrintAndLog("Sets the load modulation strength of a MIFARE Classic EV1 card.");
+		PrintAndLog("Usage: hf mf setmod <0/1> <block 0 key A>");
+		PrintAndLog("       0 = normal modulation");
+		PrintAndLog("       1 = strong modulation (default)");
+		return 1;
+	}
+
+	UsbCommand c = {CMD_MIFARE_SETMOD, {mod, 0, 0}};
+	memcpy(c.d.asBytes, key, 6);
+	clearCommandBuffer();
+	SendCommand(&c);
+
+	UsbCommand resp;
+	if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+		uint8_t ok = resp.arg[0] & 0xff;
+		PrintAndLog("isOk:%02x", ok);
+		if (!ok) {
+			PrintAndLog("Failed.");
+		}
+	} else {
+		PrintAndLog("Command execute timeout");
+	}
+	return 0;
+}
+
 static command_t CommandTable[] = {
 	{"help",		CmdHelp,				1, "This help"},
 	{"dbg",			CmdHF14AMfDbg,			0, "Set default debug mode"},
@@ -2480,6 +2517,7 @@ static command_t CommandTable[] = {
 	{"cload",		CmdHF14AMfCLoad,		0, "Load dump into magic Chinese card"},
 	{"csave",		CmdHF14AMfCSave,		0, "Save dump from magic Chinese card into file or emulator"},
 	{"decrypt",		CmdHf14MfDecryptBytes,  1, "[nt] [ar_enc] [at_enc] [data] - to decrypt snoop or trace"},
+	{"setmod",		CmdHf14AMfSetMod, 		0, "Set MIFARE Classic EV1 load modulation strength"},
 	{NULL, NULL, 0, NULL}
 };
 

client/cmdhfmf.h

@@ -58,6 +58,7 @@ int CmdHF14AMfCGetSc(const char* cmd);
 int CmdHF14AMfCLoad(const char* cmd);
 int CmdHF14AMfCSave(const char* cmd);
 int CmdHf14MfDecryptBytes(const char *Cmd);
+int CmdHf14AMfSetMod(const char *Cmd);
 
 void showSectorTable(void);
 void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose);

client/hid-flasher/usb_cmd.h

@@ -186,6 +186,7 @@ typedef struct {
 #define CMD_MIFAREU_WRITEBL_COMPAT					                      0x0723
 
 #define CMD_MIFARE_CHKKEYS                                                0x0623
+#define CMD_MIFARE_SETMOD                                                 0x0624
 
 #define CMD_MIFARE_SNIFFER                                                0x0630
 //ultralightC

client/lualibs/commands.lua

@@ -159,6 +159,7 @@ local _commands = {
 	CMD_MIFAREU_WRITEBL_COMPAT =                                         0x0723,
 	
 	CMD_MIFARE_CHKKEYS =                                                 0x0623,
+	CMD_MIFARE_SETMOD =                                                  0x0624,
 
 	CMD_MIFARE_SNIFFER =                                                 0x0630,
 

include/usb_cmd.h

@@ -200,6 +200,7 @@ typedef struct{
 #define CMD_MIFAREU_WRITEBL_COMPAT					                      0x0723
 
 #define CMD_MIFARE_CHKKEYS                                                0x0623
+#define CMD_MIFARE_SETMOD                                                 0x0624
 
 #define CMD_MIFARE_SNIFFER                                                0x0630
 //ultralightC