client/luascripts/hf_mfu_setuid.lua

   1 local getopt = require('getopt')
   2 local utils =  require('utils')
   3 local ansicolors = require('ansicolors')
   4
   5 copyright = ''
   6 author = "Iceman"
   7 version = 'v1.0.3'
   8 desc = [[
   9 This script tries to set UID on a mifare Ultralight magic card which either
  10  - answers to chinese backdoor commands
  11  - brickable magic tag  (must write in one session)
  12
  13  It defaults to GEN1A type of uid changeable card.
  14 ]]
  15 example = [[
  16      -- backdoor magic tag (gen1a)
  17      script run hf_mfu_setuid -u 11223344556677
  18
  19      -- backdoor magic tag (gen1b)
  20      script run hf_mfu_setuid -b -u 11223344556677
  21
  22      -- brickable magic tag (gen2)
  23      script run hf_mfu_setuid -2 -u 11223344556677
  24 ]]
  25 usage = [[
  26 script run hf_mfu_setuid [-h] [-b] [-2] [-u <uid>]
  27 ]]
  28 arguments = [[
  29     -h             : this help
  30     -u <UID>       : UID (14 hexsymbols)
  31     -b             : write to magic tag GEN1B
  32     -2             : write to brickable magic tag GEN2
  33 ]]
  34
  35 local DEBUG = true
  36 local bxor = bit32.bxor
  37 ---
  38 -- A debug printout-function
  39 local function dbg(args)
  40     if not DEBUG then return end
  41     if type(args) == 'table' then
  42         local i = 1
  43         while args[i] do
  44             dbg(args[i])
  45             i = i+1
  46         end
  47     else
  48         print('###', args)
  49     end
  50 end
  51 ---
  52 -- This is only meant to be used when errors occur
  53 local function oops(err)
  54     print('ERROR:', err)
  55     core.clearCommandBuffer()
  56     return nil, err
  57 end
  58 ---
  59 -- Usage help
  60 local function help()
  61     print(copyright)
  62     print(author)
  63     print(version)
  64     print(desc)
  65     print(ansicolors.cyan..'Usage'..ansicolors.reset)
  66     print(usage)
  67     print(ansicolors.cyan..'Arguments'..ansicolors.reset)
  68     print(arguments)
  69     print(ansicolors.cyan..'Example usage'..ansicolors.reset)
  70     print(example)
  71 end
  72 --
  73 --- Set UID on magic command enabled
  74 function magicUID(b0, b1, b2,  isgen1a)
  75
  76     if isgen1a then
  77         print('Using backdoor Magic tag (gen1a) function')
  78     else
  79         print('Using backdoor Magic tag (gen1b) function')
  80     end
  81
  82     -- write block 0
  83     core.console('hf 14a raw -k -a -b 7 40')
  84     if isgen1a then
  85         core.console('hf 14a raw -k -a 43')
  86     end
  87     core.console('hf 14a raw -c -a A200'..b0)
  88
  89     -- write block 1
  90     core.console('hf 14a raw -k -a -b 7 40')
  91     if isgen1a then
  92         core.console('hf 14a raw -k -a 43')
  93     end
  94     core.console('hf 14a raw -c -a A201'..b1)
  95
  96     -- write block 2
  97     core.console('hf 14a raw -k -a -b 7 40')
  98     if isgen1a then
  99         core.console('hf 14a raw -k -a 43')
 100     end
 101     core.console('hf 14a raw -c -a A202'..b2)
 102 end
 103 --
 104 --- Set UID on magic but brickable
 105 function brickableUID(b0, b1, b2)
 106
 107     print('Using BRICKABLE Magic tag function')
 108
 109     core.console('hf 14a raw -k -s -3')
 110
 111     -- write block 0
 112     core.console('hf 14a raw -k -c A200'..b0)
 113
 114     -- write block 1
 115     core.console('hf 14a raw -k -c A201'..b1)
 116
 117     -- write block 2
 118     core.console('hf 14a raw -k -c A202'..b2)
 119 end
 120 ---
 121 -- The main entry point
 122 function main(args)
 123
 124     print( string.rep('--',20) )
 125     print( string.rep('--',20) )
 126     print()
 127
 128     local uid = '04112233445566'
 129     local tagtype = 1
 130
 131     -- Read the parameters
 132     for o, a in getopt.getopt(args, 'hu:b2') do
 133         if o == 'h' then return help() end
 134         if o == 'u' then uid = a end
 135         if o == 'b' then tagtype = 2 end
 136         if o == '2' then tagtype = 3 end
 137     end
 138
 139     -- uid string checks
 140     if uid == nil then return oops('empty uid string') end
 141     if #uid == 0 then return oops('empty uid string') end
 142     if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
 143
 144     local uidbytes = utils.ConvertHexToBytes(uid)
 145
 146     local bcc1 = bxor(0x88, uidbytes[1], uidbytes[2], uidbytes[3])
 147     local bcc2 = bxor(uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7])
 148
 149     local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1)
 150     local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7])
 151     local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00)
 152
 153     print('new UID | '..uid)
 154
 155     core.clearCommandBuffer()
 156
 157     if tagtype == 3 then
 158         brickableUID(block0, block1, block2)
 159     else
 160         local is_gen1a = (tagtype == 1)
 161         magicUID(block0, block1, block2, is_gen1a)
 162     end
 163
 164         --halt
 165     core.console('hf 14a raw -c -a 5000')
 166 end
 167
 168 main(args)