diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 249102e8..733cb1f8 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1069,23 +1069,23 @@ int CmdHF14AMfChk(const char *Cmd) FILE * f; char filename[FILE_PATH_SIZE]={0}; char buf[13]; - uint8_t *keyBlock = NULL, *p; - uint16_t stKeyBlock = 20; + uint8_t *keyBlock = NULL, *p; + uint16_t stKeyBlock = 20; int i, res; - int keycnt = 0; - char ctmp = 0x00; - int clen = 0; - uint8_t blockNo = 0; - uint8_t SectorsCnt = 0; - uint8_t keyType = 0; - uint64_t key64 = 0; + int keycnt = 0; + char ctmp = 0x00; + int clen = 0; + uint8_t blockNo = 0; + uint8_t SectorsCnt = 0; + uint8_t keyType = 0; + uint64_t key64 = 0; // timeout in units. (ms * 106)/10 or us*0.0106 - uint8_t btimeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default - bool param3InUse = false; - bool transferToEml = 0; - bool createDumpFile = 0; - bool SingleKey = false; // Flag to ID if a single or multi key check - uint8_t KeyFoundCount = 0; // Counter to display the number of keys found/transfered to emulator + uint8_t btimeout14a = MF_CHKKEYS_DEFTIMEOUT; // fast by default + bool param3InUse = false; + bool transferToEml = 0; + bool createDumpFile = 0; + bool singleBlock = false; // Flag to ID if a single or multi key check + uint8_t keyFoundCount = 0; // Counter to display the number of keys found/transfered to emulator sector_t *e_sector = NULL; @@ -1100,12 +1100,17 @@ int CmdHF14AMfChk(const char *Cmd) if (param_getchar(Cmd, 0)=='*') { SectorsCnt = ParamCardSizeSectors(param_getchar(Cmd + 1, 0)); } - else { + else { blockNo = param_get8(Cmd, 0); - // Singe Key check, so Set Sector count to cover sectors (1 to sector that contains the block) - SectorsCnt = (blockNo/4) + 1; - SingleKey = true; // Set flag for single key check - } + // Singe Key check, so Set Sector count to cover sectors (1 to sector that contains the block) + // 1 and 2 Cards : Sector = blockNo/4 + 1 + // Sectors 0 - 31 : 4 blocks per sector : Blocks 0 - 127 + // Sectors 32 - 39 : 16 blocks per sector : Blocks 128 - 255 (4K) + if (blockNo < 128) SectorsCnt = (blockNo / 4) + 1; + else SectorsCnt = 32 + ((blockNo-128)/16) + 1; + + singleBlock = true; // Set flag for single key check + } ctmp = param_getchar(Cmd, 1); clen = param_getlength(Cmd, 1); @@ -1194,7 +1199,6 @@ int CmdHF14AMfChk(const char *Cmd) PrintAndLog("File: %s: not found or locked.", filename); free(keyBlock); return 1; - } } } @@ -1222,11 +1226,11 @@ int CmdHF14AMfChk(const char *Cmd) } printf("\n"); - bool foundAKey = false; - uint32_t max_keys = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt; + bool foundAKey = false; + uint32_t max_keys = keycnt > USB_CMD_DATA_SIZE / 6 ? USB_CMD_DATA_SIZE / 6 : keycnt; - // !SingleKey, so all key check - if ((SectorsCnt) && !SingleKey) { + // !SingleKey, so all key check (if SectorsCnt > 0) + if (SectorsCnt && !singleBlock) { PrintAndLog("To cancel this operation press the button on the proxmark..."); printf("--"); for (uint32_t c = 0; c < keycnt; c += max_keys) { @@ -1246,7 +1250,7 @@ int CmdHF14AMfChk(const char *Cmd) PrintAndLog("Command execute timeout"); } } - } else { + } else if (singleBlock) { // Ensure single block mode in case SectorsCnt == 0 int keyAB = keyType; do { for (uint32_t c = 0; c < keycnt; c+=max_keys) { @@ -1255,16 +1259,17 @@ int CmdHF14AMfChk(const char *Cmd) res = mfCheckKeys(blockNo, keyAB & 0x01, true, size, &keyBlock[6 * c], &key64); if (res != 1) { - if (!res) { - - // Use the common format below + if (!res) { + // Use the common format below // PrintAndLog("Found valid key:[%d:%c]%012" PRIx64, blockNo, (keyAB & 0x01)?'B':'A', key64); foundAKey = true; - // Store the Single Key for display list - e_sector[(blockNo/4)].foundKey[(keyAB & 0x01)] = true; // flag key found - e_sector[(blockNo/4)].Key[(keyAB & 0x01)] = key64; // Save key data - } + // Store the Single Key for display list + // For a single block check, SectorsCnt = Sector that contains the block + e_sector[SectorsCnt-1].foundKey[(keyAB & 0x01)] = true; // flag key found + e_sector[SectorsCnt-1].Key[(keyAB & 0x01)] = key64; // Save key data + + } } else { PrintAndLog("Command execute timeout"); } @@ -1281,7 +1286,7 @@ int CmdHF14AMfChk(const char *Cmd) PrintAndLog("|---|----------------|---|----------------|---|"); for (i = 0; i < SectorsCnt; i++) { // If a block key check, only print a line if a key was found. - if (!SingleKey || (e_sector[i].foundKey[0]) || (e_sector[i].foundKey[1]) ){ + if (!singleBlock || (e_sector[i].foundKey[0]) || (e_sector[i].foundKey[1]) ){ PrintAndLog("|%03d| %012" PRIx64 " | %d | %012" PRIx64 " | %d |", i, e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]); } @@ -1301,18 +1306,17 @@ int CmdHF14AMfChk(const char *Cmd) for (uint16_t t = 0; t < 2; t++) { if (e_sector[sectorNo].foundKey[t]) { num_to_bytes(e_sector[sectorNo].Key[t], 6, block + t * 10); - KeyFoundCount++; // Key found count for information + keyFoundCount++; // Key found count for information } } mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1); } } - // PrintAndLog("Found keys have been transferred to the emulator memory"); - // Updated to show the actual number of keys found/transfered. - PrintAndLog("%d keys(s) found have been transferred to the emulator memory",KeyFoundCount); + // Updated to show the actual number of keys found/transfered. + PrintAndLog("%d keys(s) found have been transferred to the emulator memory",keyFoundCount); } - if (createDumpFile && !SingleKey) { + if (createDumpFile && !singleBlock) { FILE *fkeys = fopen("dumpkeys.bin","wb"); if (fkeys == NULL) { PrintAndLog("Could not create file dumpkeys.bin"); @@ -1331,7 +1335,6 @@ int CmdHF14AMfChk(const char *Cmd) PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys."); } - free(e_sector); free(keyBlock); PrintAndLog("");