lizhuowu / proxmark3

Automatically exported from code.google.com/p/proxmark3
GNU General Public License v2.0
0 stars 0 forks source link

hf mf restore not working due to authentication problem #37

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. running the command hf mf restore on a card that does not have 0xFFFFFFFFFFF 
as the key

What version of the product are you using? On what operating system?
revision 569.

Please provide any additional information below.

need to change keytype to type 1 and ensure key is keyB for writing. Working 
code is as below:

int CmdHF14AMfRestore(const char *Cmd)
{

    int i,j;
    uint8_t keyType = 1;
    uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    uint8_t keyA[16][6];
    uint8_t keyB[16][6];

    FILE *fdump;
    FILE *fkeys;

    if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {
        PrintAndLog("Could not find file dumpdata.bin");
        return 1;
    }
    if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) {
        PrintAndLog("Could not find file dumpkeys.bin");
        return 1;
    }

    for (i=0 ; i<16 ; i++) {
        fread(keyA[i], 1, 6, fkeys);
    }
    for (i=0 ; i<16 ; i++) {
        fread(keyB[i], 1, 6, fkeys);
    }

    PrintAndLog("Restoring dumpdata.bin to card");

    for (i=0 ; i<16 ; i++) {
        for( j=0 ; j<4 ; j++) {
            UsbCommand c = {CMD_MIFARE_WRITEBL, {i*4 + j, keyType, 0}};
            memcpy(c.d.asBytes, keyB[i], 6);

            fread(bldata, 1, 16, fdump);

            if (j == 3) {
                bldata[0]  = (keyA[i][0]);
                bldata[1]  = (keyA[i][1]);
                bldata[2]  = (keyA[i][2]);
                bldata[3]  = (keyA[i][3]);
                bldata[4]  = (keyA[i][4]);
                bldata[5]  = (keyA[i][5]);
                bldata[10] = (keyB[i][0]);
                bldata[11] = (keyB[i][1]);
                bldata[12] = (keyB[i][2]);
                bldata[13] = (keyB[i][3]);
                bldata[14] = (keyB[i][4]);
                bldata[15] = (keyB[i][5]);
            }       

            PrintAndLog("Writing to block %2d: %s", i*4+j, sprint_hex(bldata, 16));

            /*
            PrintAndLog("Writing to block %2d: %s Confirm? [Y,N]", i*4+j, sprint_hex(bldata, 16));

            scanf("%c",&ch);
            if ((ch != 'y') && (ch != 'Y')){
                PrintAndLog("Aborting !");
                return 1;
            }
            */

            memcpy(c.d.asBytes + 10, bldata, 16);
            SendCommand(&c);
            UsbCommand *resp = WaitForResponseTimeout(CMD_ACK, 1500);

            if (resp != NULL) {
                uint8_t isOK  = resp->arg[0] & 0xff;
                PrintAndLog("isOk:%02x", isOK);
            } else {
                PrintAndLog("Command execute timeout");
            }
        }
    }

    fclose(fdump);
    fclose(fkeys);
    return 0;
}

Original issue reported on code.google.com by exi...@gmail.com on 23 Jun 2012 at 6:54