Skip to content

Commit

Permalink
Merge pull request #2664 from piotrva/hf-mf-ultimatecard-script-max-r…
Browse files Browse the repository at this point in the history
…w-blocks

Add option to set and get maximum read/write block number using hf_mf_ultimatecard script
  • Loading branch information
iceman1001 authored Nov 28, 2024
2 parents 099602f + 80f4049 commit b758181
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 13 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

## [unreleased][unreleased]
- Add option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva)
- Added JEDEC information for SPI flash W25Q64JV (@ANTodorov)
- Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys)
- Added simulation function to `hf iclass legrec` (@antiklesys)
Expand Down
55 changes: 42 additions & 13 deletions client/luascripts/hf_mf_ultimatecard.lua
Original file line number Diff line number Diff line change
Expand Up @@ -51,17 +51,17 @@ arguments = [[
-u UID (8-20 hexsymbols), set UID on tag
-t tag type to impersonate
1 = Mifare Mini S20 4-byte
2 = Mifare Mini S20 7-byte 15 = NTAG 210
3 = Mifare Mini S20 10-byte 16 = NTAG 212
4 = Mifare 1k S50 4-byte 17 = NTAG 213
5 = Mifare 1k S50 7-byte 18 = NTAG 215
6 = Mifare 1k S50 10-byte 19 = NTAG 216
7 = Mifare 4k S70 4-byte 20 = NTAG I2C 1K
8 = Mifare 4k S70 7-byte 21 = NTAG I2C 2K
9 = Mifare 4k S70 10-byte 22 = NTAG I2C 1K PLUS
*** 10 = UL - NOT WORKING FULLY 23 = NTAG I2C 2K PLUS
*** 11 = UL-C - NOT WORKING FULLY 24 = NTAG 213F
12 = UL EV1 48b 25 = NTAG 216F
2 = Mifare Mini S20 7-byte | 15 = NTAG 210
3 = Mifare Mini S20 10-byte | 16 = NTAG 212
4 = Mifare 1k S50 4-byte | 17 = NTAG 213
5 = Mifare 1k S50 7-byte | 18 = NTAG 215
6 = Mifare 1k S50 10-byte | 19 = NTAG 216
7 = Mifare 4k S70 4-byte | 20 = NTAG I2C 1K
8 = Mifare 4k S70 7-byte | 21 = NTAG I2C 2K
9 = Mifare 4k S70 10-byte | 22 = NTAG I2C 1K PLUS
*** 10 = UL - NOT WORKING FULLY | 23 = NTAG I2C 2K PLUS
*** 11 = UL-C - NOT WORKING FULLY | 24 = NTAG 213F
12 = UL EV1 48b | 25 = NTAG 216F
13 = UL EV1 128b
*** 14 = UL Plus - NOT WORKING YET
Expand All @@ -75,7 +75,11 @@ arguments = [[
-z ATS (<1b length><0-16 ATS> hexsymbols), Configure ATS. Length set to 00 will disable ATS.
-w Wipe tag. 0 for Mifare or 1 for UL. Fills tag with zeros and put default values for type selected.
-m Ultralight mode (00 UL EV1, 01 NTAG, 02 UL-C, 03 UL) Set type of UL.
-n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode
-n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode]]
-- Need to split because reached maximum string length processed by lua
arguments2 = [[
-b Set maximum read/write blocks (2 hexsymbols)
NOTE: Ultralight EV1 and NTAG Version info and Signature are stored respectively in blocks 250-251 and 242-249
-k Ultimate Magic Card Key (IF DIFFERENT THAN DEFAULT 00000000)
]]
---
Expand Down Expand Up @@ -110,6 +114,7 @@ local function help()
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(arguments2)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
Expand Down Expand Up @@ -186,6 +191,7 @@ local function read_config()
end
-- extract data from CONFIG - based on CONFIG in https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#gen-4-gtu
ulprotocol, uidlength, readpass, gtumode, ats, atqa1, atqa2, sak, ulmode = magicconfig:sub(1,2), magicconfig:sub(3,4), magicconfig:sub(5,12), magicconfig:sub(13,14), magicconfig:sub(15,48), magicconfig:sub(51,52), magicconfig:sub(49,50), magicconfig:sub(53,54), magicconfig:sub(55,56)
maxRWblk = magicconfig:sub(57, 58)
atqaf = atqa1..' '..atqa2
cardtype, cardprotocol, gtustr, atsstr = 'unknown', 'unknown', 'unknown', 'unknown'
if magicconfig == nil then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end
Expand Down Expand Up @@ -291,6 +297,7 @@ local function read_config()
print(' - Version ', cversion)
print(' - Signature ', signature1..signature2)
end
print(' - Max R/W Block ', maxRWblk)
end
lib14a.disconnect()
return true, 'Ok'
Expand Down Expand Up @@ -1010,13 +1017,33 @@ local function wipe(wtype)
end
end
---
-- Write maximum read/write block number,
local function write_maxRWblk(data)
-- input number check
if data == nil then return nil, 'empty block number' end
if #data == 0 then return nil, 'empty block number' end
if #data ~= 2 then return nil, 'block number wrong length. Should be 1 hex byte' end

print('Set max R/W block', data)
local info = connect()
if not info then return false, "Can't select card" end
local resp
-- set maximum read/write block
resp = send("CF".._key.."6B"..data)
lib14a.disconnect()
if resp ~= '9000FD07' then return nil, 'Failed to write maximum read/write block'
else
return true, 'Ok'
end
end
---
-- The main entry point
function main(args)
print()
local err, msg
if #args == 0 then return help() end
-- Read the parameters
for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:') do
for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:b:') do
-- help
if o == "h" then return help() end
-- set Ultimate Magic Card Key for read write
Expand Down Expand Up @@ -1049,6 +1076,8 @@ function main(args)
if o == "m" then err, msg = write_ulm(a) end
-- write UL protocol
if o == "n" then err, msg = write_ulp(a) end
-- write max r/w block
if o == "b" then err, msg = write_maxRWblk(a) end
if err == nil then return oops(msg) end
end
end
Expand Down

0 comments on commit b758181

Please sign in to comment.