Added work with "magic Chinese" card (card from: ouyangweidaxian@live.cn) with wipe support). Change UID and wipe only.

2025-08-20 21:33:19 -07:00 · 2012-07-05 07:31:56 +00:00 · 2012-07-05 07:31:56 +00:00 · 0675f200e6
commit 0675f200e6
parent 7fba33fcc4
8 changed files with 207 additions and 1 deletions
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@ -1218,6 +1218,51 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
 	return 0;
 }

+int CmdHF14AMfCSetUID(const char *Cmd)
+{
+	uint8_t wipeCard = 0;
+	uint8_t uid[8];
+	uint8_t oldUid[8];
+	int res;
+
+	if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
+		PrintAndLog("Usage:  hf mf csetuid <UID 8 hex symbols> <w>");
+		PrintAndLog("sample:  hf mf csetuid 01020304 w");
+		PrintAndLog("Set UID for magic Chinese card (only works with!!!)");
+		PrintAndLog("If you want wipe card then add 'w' into command line. \n");
+		return 0;
+	}	
+
+	if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
+		PrintAndLog("UID must include 8 HEX symbols");
+		return 1;
+	}
+
+	char ctmp = param_getchar(Cmd, 1);
+	if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;
+	
+	PrintAndLog("--wipe card:%02x uid:%s", wipeCard, sprint_hex(uid, 4));
+
+	res = mfCSetUID(uid, oldUid, wipeCard);
+	if (res) {
+			PrintAndLog("Can't set UID. error=%d", res);
+			return 1;
+		}
+	
+	PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));
+	return 0;
+}
+
+int CmdHF14AMfCSetBlk(const char *Cmd)
+{
+	return 0;
+}
+
+int CmdHF14AMfCLoad(const char *Cmd)
+{
+	return 0;
+}
+
 static command_t CommandTable[] =
 {
  {"help",		CmdHelp,				1, "This help"},
@ -1238,6 +1283,9 @@ static command_t CommandTable[] =
  {"esave",		CmdHF14AMfESave,		0, "Save to file emul dump"},
  {"ecfill",	CmdHF14AMfECFill,		0, "Fill simulator memory with help of keys from simulator"},
  {"ekeyprn",	CmdHF14AMfEKeyPrn,	0, "Print keys from simulator memory"},
+  {"csetuid",	CmdHF14AMfCSetUID,	0, "Set UID for magic Chinese card"},
+  {"csetblk",	CmdHF14AMfCSetBlk,	0, "(n/a)Write block into magic Chinese card"},
+  {"cload",		CmdHF14AMfCLoad,		0, "(n/a)Load dump into magic Chinese card"},
  {NULL, NULL, 0, NULL}
 };

--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@ -216,3 +216,27 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
 	return 0;
 }

+int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe) {
+	uint8_t isOK = 0;
+	uint8_t block0[16];
+	memset(block0, 0, 16);
+	memcpy(block0, uid, 4); 
+	block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
+
+  UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, 1, 0}};
+	memcpy(c.d.asBytes, block0, 16); 
+  SendCommand(&c);
+
+	UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);
+
+	if (resp != NULL) {
+		isOK  = resp->arg[0] & 0xff;
+		PrintAndLog("isOk:%02x", isOK);
+		memcpy(oldUID, resp->d.asBytes, 4); 
+		if (!isOK) return 2;
+	} else {
+		PrintAndLog("Command execute timeout");
+		return 1;
+	}
+	return 0;
+}
--- a/client/mifarehost.h
+++ b/client/mifarehost.h
@ -44,4 +44,5 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo
 int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * keyBlock, uint64_t * key);
 int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
 int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
+int mfCSetUID(uint8_t *uid, uint8_t *oldUID, int wantWipe);