added more keys (@equipter)
[RRG-proxmark3.git] / client / luascripts / hf_mfu_setuid.lua
blob921563ed60a82dc746e25684625d5b921420e677
1 local getopt = require('getopt')
2 local utils = require('utils')
3 local ansicolors = require('ansicolors')
5 copyright = ''
6 author = "Iceman"
7 version = 'v1.0.3'
8 desc = [[
9 This script tries to set UID on a mifare Ultralight magic card which either
10 - answers to chinese backdoor commands
11 - brickable magic tag (must write in one session)
13 It defaults to GEN1A type of uid changeable card.
15 example = [[
16 -- backdoor magic tag (gen1a)
17 script run hf_mfu_setuid -u 11223344556677
19 -- backdoor magic tag (gen1b)
20 script run hf_mfu_setuid -b -u 11223344556677
22 -- brickable magic tag (gen2)
23 script run hf_mfu_setuid -2 -u 11223344556677
25 usage = [[
26 script run hf_mfu_setuid [-h] [-b] [-2] [-u <uid>]
28 arguments = [[
29 -h : this help
30 -u <UID> : UID (14 hexsymbols)
31 -b : write to magic tag GEN1B
32 -2 : write to brickable magic tag GEN2
35 local DEBUG = true
36 local bxor = bit32.bxor
37 ---
38 -- A debug printout-function
39 local function dbg(args)
40 if not DEBUG then return end
41 if type(args) == 'table' then
42 local i = 1
43 while args[i] do
44 dbg(args[i])
45 i = i+1
46 end
47 else
48 print('###', args)
49 end
50 end
51 ---
52 -- This is only meant to be used when errors occur
53 local function oops(err)
54 print('ERROR:', err)
55 core.clearCommandBuffer()
56 return nil, err
57 end
58 ---
59 -- Usage help
60 local function help()
61 print(copyright)
62 print(author)
63 print(version)
64 print(desc)
65 print(ansicolors.cyan..'Usage'..ansicolors.reset)
66 print(usage)
67 print(ansicolors.cyan..'Arguments'..ansicolors.reset)
68 print(arguments)
69 print(ansicolors.cyan..'Example usage'..ansicolors.reset)
70 print(example)
71 end
73 --- Set UID on magic command enabled
74 function magicUID(b0, b1, b2, isgen1a)
76 if isgen1a then
77 print('Using backdoor Magic tag (gen1a) function')
78 else
79 print('Using backdoor Magic tag (gen1b) function')
80 end
82 -- write block 0
83 core.console('hf 14a raw -k -a -b 7 40')
84 if isgen1a then
85 core.console('hf 14a raw -k -a 43')
86 end
87 core.console('hf 14a raw -c -a A200'..b0)
89 -- write block 1
90 core.console('hf 14a raw -k -a -b 7 40')
91 if isgen1a then
92 core.console('hf 14a raw -k -a 43')
93 end
94 core.console('hf 14a raw -c -a A201'..b1)
96 -- write block 2
97 core.console('hf 14a raw -k -a -b 7 40')
98 if isgen1a then
99 core.console('hf 14a raw -k -a 43')
101 core.console('hf 14a raw -c -a A202'..b2)
104 --- Set UID on magic but brickable
105 function brickableUID(b0, b1, b2)
107 print('Using BRICKABLE Magic tag function')
109 core.console('hf 14a raw -k -s -3')
111 -- write block 0
112 core.console('hf 14a raw -k -c A200'..b0)
114 -- write block 1
115 core.console('hf 14a raw -k -c A201'..b1)
117 -- write block 2
118 core.console('hf 14a raw -k -c A202'..b2)
121 -- The main entry point
122 function main(args)
124 print( string.rep('--',20) )
125 print( string.rep('--',20) )
126 print()
128 local uid = '04112233445566'
129 local tagtype = 1
131 -- Read the parameters
132 for o, a in getopt.getopt(args, 'hu:b2') do
133 if o == 'h' then return help() end
134 if o == 'u' then uid = a end
135 if o == 'b' then tagtype = 2 end
136 if o == '2' then tagtype = 3 end
139 -- uid string checks
140 if uid == nil then return oops('empty uid string') end
141 if #uid == 0 then return oops('empty uid string') end
142 if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
144 local uidbytes = utils.ConvertHexToBytes(uid)
146 local bcc1 = bxor(0x88, uidbytes[1], uidbytes[2], uidbytes[3])
147 local bcc2 = bxor(uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7])
149 local block0 = string.format('%02X%02X%02X%02X', uidbytes[1], uidbytes[2], uidbytes[3], bcc1)
150 local block1 = string.format('%02X%02X%02X%02X', uidbytes[4], uidbytes[5], uidbytes[6], uidbytes[7])
151 local block2 = string.format('%02X%02X%02X%02X', bcc2, 0x48, 0x00, 0x00)
153 print('new UID | '..uid)
155 core.clearCommandBuffer()
157 if tagtype == 3 then
158 brickableUID(block0, block1, block2)
159 else
160 local is_gen1a = (tagtype == 1)
161 magicUID(block0, block1, block2, is_gen1a)
164 --halt
165 core.console('hf 14a raw -c -a 5000')
168 main(args)