Пример #1
0
static  bool
read_card (void)
{
  uint32_t page;
  bool    bFailure = false;
  uint32_t uiReadedPages = 0;

  printf ("Reading %d pages |", uiBlocks + 1);

  for (page = 0; page <= uiBlocks; page += 4) {
    // Try to read out the data block
    if (nfc_initiator_mifare_cmd (pnd, MC_READ, page, &mp)) {
      memcpy (mtDump.amb[page / 4].mbd.abtData, mp.mpd.abtData, 16);
    } else {
      bFailure = true;
      break;
    }

    print_success_or_failure (bFailure, &uiReadedPages);
    print_success_or_failure (bFailure, &uiReadedPages);
    print_success_or_failure (bFailure, &uiReadedPages);
    print_success_or_failure (bFailure, &uiReadedPages);
  }
  printf ("|\n");
  printf ("Done, %d of %d pages readed.\n", uiReadedPages, uiBlocks + 1);
  fflush (stdout);

  return (!bFailure);
}
Пример #2
0
static  bool
write_card (void)
{
  uint32_t uiBlock = 0;
  bool    bFailure = false;
  uint32_t uiWritenPages = 0;
  uint32_t uiSkippedPages;

  char    buffer[BUFSIZ];
  bool    write_otp;
  bool    write_lock;

  printf ("Write OTP bytes ? [yN] ");
  fgets (buffer, BUFSIZ, stdin);
  write_otp = ((buffer[0] == 'y') || (buffer[0] == 'Y'));
  printf ("Write Lock bytes ? [yN] ");
  fgets (buffer, BUFSIZ, stdin);
  write_lock = ((buffer[0] == 'y') || (buffer[0] == 'Y'));

  printf ("Writing %d pages |", uiBlocks + 1);
  /* We need to skip 2 first pages. */
  printf ("ss");
  uiSkippedPages = 2;

  for (int page = 0x2; page <= 0xF; page++) {
    if ((page==0x2) && (!write_lock)) {
      printf ("s");
      uiSkippedPages++;
      continue;
    }
    if ((page==0x3) && (!write_otp)) {
      printf ("s");
      uiSkippedPages++;
      continue;
    }
    // Show if the readout went well
    if (bFailure) {
      // When a failure occured we need to redo the anti-collision
      if (!nfc_initiator_select_passive_target (pnd, nmMifare, NULL, 0, &nt)) {
        ERR ("tag was removed");
        return false;
      }
      bFailure = false;
    }
    // For the Mifare Ultralight, this write command can be used
    // in compatibility mode, which only actually writes the first 
    // page (4 bytes). The Ultralight-specific Write command only
    // writes one page at a time.
    uiBlock = page / 4;
    memcpy (mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) * 4), 16);
    if (!nfc_initiator_mifare_cmd (pnd, MC_WRITE, page, &mp))
      bFailure = true;

    print_success_or_failure (bFailure, &uiWritenPages);
  }
  printf ("|\n");
  printf ("Done, %d of %d pages written (%d pages skipped).\n", uiWritenPages, uiBlocks + 1, uiSkippedPages);

  return true;
}
Пример #3
0
bool write_card(ReaderTag rt,mifareul_tag * tag){
    
  uint32_t uiBlock = 0;
  bool    bFailure = false;
  uint32_t uiWritenPages = 0;
  uint32_t uiSkippedPages;

  char    buffer[BUFSIZ];
  bool    write_otp=0;
  bool    write_lock=0;

 
 
  uiSkippedPages = 2;

  for (int page = 0x2; page <= 30; page++) {
    if ((page == 0x2) && (!write_lock)) {
      printf("s");
      uiSkippedPages++;
      continue;
    }
    if ((page == 0x3) && (!write_otp)) {
      printf("s");
      uiSkippedPages++;
      continue;
    }
    // Show if the readout went well
    if (bFailure) {
      // When a failure occured we need to redo the anti-collision
      if (nfc_initiator_select_passive_target(rt.device, nmMifare, NULL, 0, &rt.nt) <= 0) {
        ERR("tag was removed");
        return false;
      }
      bFailure = false;
    }
    // For the Mifare Ultralight, this write command can be used
    // in compatibility mode, which only actually writes the first
    // page (4 bytes). The Ultralight-specific Write command only
    // writes one page at a time.
    uiBlock = page / 4;
    memcpy(mp.mpd.abtData, tag->amb[uiBlock].mbd.abtData + ((page % 4) * 4), 16);
    if (!nfc_initiator_mifare_cmd(rt.device, MC_WRITE, page, &mp))
      bFailure = true;

    print_success_or_failure(bFailure, &uiWritenPages);
  }
  printf("|\n");
  printf("Done, %d of 16 pages written (%d pages skipped).\n", uiWritenPages, uiSkippedPages);

  return true;
}
Пример #4
0
bool read_card_ultralight(void)
{
    uint32_t page;
    bool    bFailure = false;
    uint32_t uiReadedPages = 0;
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"Reading %d pages |", uiBlocks_ultralight + 1);
    #endif
    for (page = 0; page <= uiBlocks_ultralight; page += 4)
    {
        //! Try to read out the data block
        if (nfc_initiator_mifare_cmd(pnd, MC_READ, page, &mp))
        {
            memcpy(mtDump.amb[page / 4].mbd.abtData, mp.mpd.abtData, 16);
        }
        else
        {
            bFailure = true;
            break;
        }
        print_success_or_failure(bFailure, &uiReadedPages);
        print_success_or_failure(bFailure, &uiReadedPages);
        print_success_or_failure(bFailure, &uiReadedPages);
        print_success_or_failure(bFailure, &uiReadedPages);
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"|\n");
    fprintf(stderr,"Done : %d of %d pages readed.\n", uiReadedPages, uiBlocks_ultralight + 1);
    #endif
    fflush(stdout);
    if (bFailure)
    {
        sprintf(message_erreur,"Impossible d'accéder aux données de la carte !");
    }
    return (!bFailure);
}
Пример #5
0
static  bool
read_card(void)
{
  uint32_t page;
  bool    bFailure = false;
  uint32_t uiFailedPages = 0;

  printf("Reading %d pages |", uiBlocks);

  for (page = 0; page < uiBlocks; page += 4) {
    // Try to read out the data block
    if (nfc_initiator_mifare_cmd(pnd, MC_READ, page, &mp)) {
      memcpy(mtDump.amb[page / 4].mbd.abtData, mp.mpd.abtData, uiBlocks - page < 4 ? (uiBlocks - page) * 4 : 16);
    } else {
      bFailure = true;
    }
    for (uint8_t i = 0; i < (uiBlocks - page < 4 ? uiBlocks - page : 4); i++) {
      print_success_or_failure(bFailure, &uiReadPages, &uiFailedPages);
    }
  }
  printf("|\n");
  printf("Done, %d of %d pages read (%d pages failed).\n", uiReadPages, uiBlocks, uiFailedPages);
  fflush(stdout);

  // copy EV1 secrets to dump data
  switch (iEV1Type) {
    case EV1_UL11:
      memcpy(mtDump.amb[4].mbc11.pwd, iPWD, 4);
      memcpy(mtDump.amb[4].mbc11.pack, iPACK, 2);
      break;
    case EV1_UL21:
      memcpy(mtDump.amb[9].mbc21a.pwd, iPWD, 4);
      memcpy(mtDump.amb[9].mbc21b.pack, iPACK, 2);
      break;
    case EV1_NONE:
    default:
      break;
  }

  return (!bFailure);
}
Пример #6
0
bool write_card_ultralight(int argc, const char *argv[])
{
    uint32_t uiBlock = 0;
    bool    bFailure = false;
    uint32_t uiWritenPages = 0;
    uint32_t uiSkippedPages = 0;
    
    bool    write_otp;
    bool    write_lock;
    bool    write_uid;
    
    if (argc>3) // Mode EXPERT !
    {
        write_otp = ((argv[3][0] == 'y') || (argv[3][0] == 'Y'));
        write_lock = ((argv[4][0] == 'y') || (argv[4][0] == 'Y'));
        write_uid = ((argv[5][0] == 'y') || (argv[5][0] == 'Y'));
    }
    else
    {
        write_otp = true;
        write_lock = true;
        write_uid = false;
    }
    
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"Writing %d pages |", uiBlocks_ultralight + 1);
    #endif
    /* We may need to skip 2 first pages. */
    if (!write_uid)
    {
        fprintf(stderr,"ss");
        uiSkippedPages = 2;
    }
    int page;
    for (page = uiSkippedPages; page <= 0xF; page++)
    {
        if ((page == 0x2) && (!write_lock))
        {
            #ifdef DEBUG_PRINTF
            fprintf(stderr,"s");
            #endif
            uiSkippedPages++;
            continue;
        }
        if ((page == 0x3) && (!write_otp))
        {
            #ifdef DEBUG_PRINTF
            fprintf(stderr,"s");
            #endif
            uiSkippedPages++;
            continue;
        }
        //! Show if the readout went well
        if (bFailure)
        {
            //! When a failure occured we need to redo the anti-collision
            if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0)
            {
                sprintf(message_erreur,"Tag was removed !");
                return false;
            }
            bFailure = false;
        }
        //! For the Mifare Ultralight, this write command can be used
        //! in compatibility mode, which only actually writes the first
        //! page (4 bytes). The Ultralight-specific Write command only
        //! writes one page at a time.
        uiBlock = page / 4;
        memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) * 4), 16);
        if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, page, &mp))
            bFailure = true;
        print_success_or_failure(bFailure, &uiWritenPages);
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"|\n");
    fprintf(stderr,"Done, %d of %d pages written (%d pages skipped).\n", uiWritenPages, uiBlocks_ultralight + 1, uiSkippedPages);
    #endif
    return true;
}
Пример #7
0
bool write_card(int write_block_zero)
{
    uint32_t uiBlock;
    bool    bFailure = false;
    uint32_t uiWriteBlocks = 0;
    if (write_block_zero)
    {
        if (!unlock_card())
        {
            return false;
        }
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"Writing %d blocks |", uiBlocks + 1);
    #endif
    //! Write the card from begin to end;
    for (uiBlock = 0; uiBlock <= uiBlocks; uiBlock++)
    {
        //! Authenticate everytime we reach the first sector of a new block
        if (is_first_block(uiBlock))
        {
            if (bFailure)
            {
                //! When a failure occured we need to redo the anti-collision
                if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0)
                {
                    #ifdef DEBUG_PRINTF
                    fprintf(stderr,"!\nError: tag was removed\n");
                    #endif
                    sprintf(message_erreur,"Error: tag was removed !");
                    return false;
                }
                bFailure = false;
            }
            fflush(stdout);
            //! Try to authenticate for the current sector
            if (!write_block_zero && !authenticate(uiBlock))
            {
                #ifdef DEBUG_PRINTF
                fprintf(stderr,"!\nError: authentication failed for block %02x\n", uiBlock);
                #endif
                sprintf(message_erreur,"Error: authentication failed for block %02x !", uiBlock);
                return false;
            }
        }
        if (is_trailer_block(uiBlock))
        {
            //! Copy the keys over from our key dump and store the retrieved access bits
            memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbt.abtKeyA, 6);
            memcpy(mp.mpd.abtData + 6, mtDump.amb[uiBlock].mbt.abtAccessBits, 4);
            memcpy(mp.mpd.abtData + 10, mtDump.amb[uiBlock].mbt.abtKeyB, 6);
            //! Try to write the trailer
            if (nfc_initiator_mifare_cmd(pnd, MC_WRITE, uiBlock, &mp) == false)
            {
                #ifdef DEBUG_PRINTF
                fprintf(stderr,"failed to write trailer block %d \n", uiBlock);
                #endif
                bFailure = true;
            }
        }
        else
        {
            //! The first block 0x00 is read only, skip this
            if (uiBlock == 0 && ! write_block_zero && ! magic2)
                continue;
    
            //! Make sure a earlier write did not fail
            if (!bFailure)
            {
                //! Try to write the data block
                memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData, 16);
                //! do not write a block 0 with incorrect BCC - card will be made invalid!
                if (uiBlock == 0)
                {
                    if ((mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3] ^ mp.mpd.abtData[4]) != 0x00 && !magic2)
                    {
                        #ifdef DEBUG_PRINTF
                        fprintf(stderr,"!\nError: incorrect BCC in MFD file!\n");
                        fprintf(stderr,"Expecting BCC=%02X\n", mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3]);
                        #endif
                        sprintf(message_erreur,"Error: incorrect BCC in MFD file! ");
                        return false;
                    }
                }
                if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, uiBlock, &mp))
                {
                    bFailure = true;
                }
            }
        }
        //! Show if the write went well for each block
        print_success_or_failure(bFailure, &uiWriteBlocks);
        if ((! bTolerateFailures) && bFailure)
        {
            return false;
        }
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"|\n");
    fprintf(stderr,"Done, %d of %d blocks written.\n", uiWriteBlocks, uiBlocks + 1);
    #endif
    fflush(stdout);
    return true;
}
Пример #8
0
bool read_card(int read_unlocked)
{
    int32_t iBlock;
    bool    bFailure = false;
    uint32_t uiReadBlocks = 0;
    if (read_unlocked)
    {
        if (!unlock_card())
        {
            return false;
        }
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"Reading out %d blocks |\n", uiBlocks + 1);
    #endif
    //! Read the card from end to begin
    for (iBlock = uiBlocks; iBlock >= 0; iBlock--)
    {
        //! Authenticate everytime we reach a trailer block
        if (is_trailer_block(iBlock))
        {
            if (bFailure)
            {
                //! When a failure occured we need to redo the anti-collision
                if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0)
                {
                    #ifdef DEBUG_PRINTF
                    fprintf(stderr,"!\nError: tag was removed\n");
                    #endif
                    sprintf(message_erreur,"Error: tag was removed !");
                    return false;
                }
                bFailure = false;
            }
            fflush(stdout);
            //! Try to authenticate for the current sector
            if (!read_unlocked && !authenticate(iBlock))
            {
                #ifdef DEBUG_PRINTF
                fprintf(stderr,"!\nError: authentication failed for block 0x%02x\n", iBlock);
                #endif
                sprintf(message_erreur,"Error: authentication failed for block 0x%02x !", iBlock);
                return false;
            }
            //! Try to read out the trailer
            if (nfc_initiator_mifare_cmd(pnd, MC_READ, iBlock, &mp))
            {
                if (read_unlocked)
                {
                    memcpy(mtDump.amb[iBlock].mbd.abtData, mp.mpd.abtData, 16);
                }
                else
                {
                    //! Copy the keys over from our key dump and store the retrieved access bits
                    memcpy(mtDump.amb[iBlock].mbt.abtKeyA, mtKeys.amb[iBlock].mbt.abtKeyA, 6);
                    memcpy(mtDump.amb[iBlock].mbt.abtAccessBits, mp.mpd.abtData + 6, 4);
                    memcpy(mtDump.amb[iBlock].mbt.abtKeyB, mtKeys.amb[iBlock].mbt.abtKeyB, 6);
                }
            }
            else
            {
                #ifdef DEBUG_PRINTF
                fprintf(stderr,"!\nfailed to read trailer block 0x%02x\n", iBlock);
                #endif
                bFailure = true;
            }
        }
        else
        {
            //! Make sure a earlier readout did not fail
            if (!bFailure)
            {
                //! Try to read out the data block
                if (nfc_initiator_mifare_cmd(pnd, MC_READ, iBlock, &mp))
                {
                    memcpy(mtDump.amb[iBlock].mbd.abtData, mp.mpd.abtData, 16);
                }
                else
                {
                    #ifdef DEBUG_PRINTF
                    fprintf(stderr,"!\nError: unable to read block 0x%02x\n", iBlock);
                    #endif
                    bFailure = true;
                }
            }
        }
        //! Show if the readout went well for each block
        print_success_or_failure(bFailure, &uiReadBlocks);
        if ((! bTolerateFailures) && bFailure)
        {
            return false;
        }
    }
    #ifdef DEBUG_PRINTF
    fprintf(stderr,"|\n");
    fprintf(stderr,"Done : %d of %d blocks read.\n", uiReadBlocks, uiBlocks + 1);
    #endif
    fflush(stdout);
    return true;
}
Пример #9
0
static  bool
write_card(bool write_otp, bool write_lock, bool write_uid)
{
  uint32_t uiBlock = 0;
  bool    bFailure = false;
  uint32_t uiWritenPages = 0;
  uint32_t uiSkippedPages = 0;

  char    buffer[BUFSIZ];

  if (!write_otp) {
    printf("Write OTP bytes ? [yN] ");
    if (!fgets(buffer, BUFSIZ, stdin)) {
      ERR("Unable to read standard input.");
    }
    write_otp = ((buffer[0] == 'y') || (buffer[0] == 'Y'));
  }

  if (!write_lock) {
    printf("Write Lock bytes ? [yN] ");
    if (!fgets(buffer, BUFSIZ, stdin)) {
      ERR("Unable to read standard input.");
    }
    write_lock = ((buffer[0] == 'y') || (buffer[0] == 'Y'));
  }

  if (!write_uid) {
    printf("Write UID bytes (only for special writeable UID cards) ? [yN] ");
    if (!fgets(buffer, BUFSIZ, stdin)) {
      ERR("Unable to read standard input.");
    }
    write_uid = ((buffer[0] == 'y') || (buffer[0] == 'Y'));
  }

  printf("Writing %d pages |", uiBlocks + 1);
  /* We may need to skip 2 first pages. */
  if (!write_uid) {
    printf("ss");
    uiSkippedPages = 2;
  } else {
    if (!check_magic()) {
      printf("\nUnable to unlock card - are you sure the card is magic?\n");
      bFailure = false;
      return false;
    }
  }

  for (uint32_t page = uiSkippedPages; page <= ((uiBlocks / 4) * 4); page++) {
    if ((page == 0x2) && (!write_lock)) {
      printf("s");
      uiSkippedPages++;
      continue;
    }
    if ((page == 0x3) && (!write_otp)) {
      printf("s");
      uiSkippedPages++;
      continue;
    }
    // Show if the readout went well
    if (bFailure) {
      // When a failure occured we need to redo the anti-collision
      if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0) {
        ERR("tag was removed");
        return false;
      }
      bFailure = false;
    }
    // For the Mifare Ultralight, this write command can be used
    // in compatibility mode, which only actually writes the first
    // page (4 bytes). The Ultralight-specific Write command only
    // writes one page at a time.
    uiBlock = page / 4;
    memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData + ((page % 4) * 4), 4);
    memset(mp.mpd.abtData + 4, 0, 12);
    if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, page, &mp))
      bFailure = true;

    print_success_or_failure(bFailure, &uiWritenPages);
  }
  printf("|\n");
  printf("Done, %d of %d pages written (%d pages skipped).\n", uiWritenPages, uiBlocks + 1, uiSkippedPages);

  return true;
}