added a new command to set UID on magic 14B

RfidResearchGroup · Oct 5, 2024 · 5a7e664 · 5a7e664
1 parent 05231cd
commit 5a7e664
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Added `hf 14b setuid` - set uid on magic 14b tag (@iceman1001)
 - Changed `hf 14b info` - now detect Tiananxin (@iceman1001)
 - Fixed `lf em 410x brute` - better filehandling and memory handling (@iceman1001)
 - Changed split PacketResponseNG status into status and reason(@douniwan5788)

diff --git a/client/src/cmdhf14b.c b/client/src/cmdhf14b.c
@@ -2898,6 +2898,85 @@ static int CmdHF14BMobibRead(const char *Cmd) {
     return PM3_SUCCESS;
 }
 
+static int CmdHF14BSetUID(const char *Cmd) {
+
+    CLIParserContext *ctx;
+    CLIParserInit(&ctx, "hf 14b setuid",
+                  "Set UID for magic card (only works with such cards)\n",
+                  "hf 14b setuid -u 11223344\n"
+                 );
+
+    void *argtable[] = {
+        arg_param_begin,
+        arg_str1("u", "uid", "<hex>", "UID, 4 hex bytes"),
+        arg_param_end
+    };
+    CLIExecWithReturn(ctx, Cmd, argtable, false);
+
+    uint8_t uid[20] = {0};
+    int uidlen = 20;
+    CLIGetHexWithReturn(ctx, 1, uid, &uidlen);
+    CLIParserFree(ctx);
+
+    if (uidlen != 4) {
+        PrintAndLogEx(WARNING, "UID len must be 4 bytes, got " _RED_("%i"), uidlen);
+        return PM3_EINVARG;
+    }
+
+    uint8_t select[sizeof(iso14b_card_select_t)] = {0};
+    iso14b_type_t select_cardtype = ISO14B_NONE;
+    if (get_14b_UID(select, &select_cardtype) == false) {
+        PrintAndLogEx(WARNING, "no tag found");
+        return PM3_SUCCESS;
+    }
+
+    if (select_cardtype != ISO14B_STANDARD) {
+        PrintAndLogEx(FAILED, "None supported tag");
+        return switch_off_field_14b();
+    }
+
+    iso14b_card_select_t *card = (iso14b_card_select_t*)select;
+    if (memcmp(card->atqb, "\x54\x43\x4F\x53", 4) ) {
+        PrintAndLogEx(FAILED, "None supported tag");
+        PrintAndLogEx(NORMAL, "");
+        return switch_off_field_14b();
+    }
+
+    int outlen = 0;
+    uint8_t out[PM3_CMD_DATA_SIZE] = {0};
+    uint8_t tcos_version[] = {0x90, 0xB2, 0x90, 0x00, 0x00};
+    if (exchange_14b_apdu(tcos_version, sizeof(tcos_version), true, false, out, PM3_CMD_DATA_SIZE, &outlen, -1) != PM3_SUCCESS) {
+        PrintAndLogEx(FAILED, "None supported tag");
+        return PM3_EFAILED;
+    }
+
+    uint8_t cmd[] = { 0x90, 0xF8, 0xEE, 0xEE, 0x0B, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+    memcpy(cmd + 6, uid, uidlen);
+    if (exchange_14b_apdu(cmd, sizeof(cmd), true, false, out, PM3_CMD_DATA_SIZE, &outlen, -1) != PM3_SUCCESS) {
+        PrintAndLogEx(WARNING, "timeout while waiting for reply");
+        return PM3_EFAILED;
+    }
+
+    PrintAndLogEx(INFO, "Verifying...");
+
+    // verify
+    if (get_14b_UID(select, &select_cardtype) == false) {
+        PrintAndLogEx(WARNING, "no tag found");
+        return PM3_SUCCESS;
+    }
+
+    if (memcmp(card->uid, uid, uidlen) == 0) {
+        PrintAndLogEx(SUCCESS, "Setting new UID ( " _GREEN_("ok") " )");
+        PrintAndLogEx(HINT, "try `" _YELLOW_("hf 14b reader") "` to verify");
+        PrintAndLogEx(NORMAL, "");
+        return PM3_SUCCESS;;
+    }
+
+    PrintAndLogEx(FAILED, "Setting new UID ( " _RED_("fail") " )");
+    PrintAndLogEx(NORMAL, "");
+    return PM3_SUCCESS;
+}
+
 static command_t CommandTable[] = {
     {"---------", CmdHelp,             AlwaysAvailable, "----------------------- " _CYAN_("General") " -----------------------"},
     {"help",      CmdHelp,             AlwaysAvailable, "This help"},
@@ -2919,6 +2998,8 @@ static command_t CommandTable[] = {
     {"---------", CmdHelp,             AlwaysAvailable, "------------------ " _CYAN_("Calypso / Mobib") " ------------------"},
     {"calypso",   CmdHF14BCalypsoRead, IfPm3Iso14443b,  "Read contents of a Calypso card"},
     {"mobib",     CmdHF14BMobibRead,   IfPm3Iso14443b,  "Read contents of a Mobib card"},
+    {"---------", CmdHelp,             IfPm3Iso14443b,  "------------------------- " _CYAN_("Magic") " -----------------------"},
+    {"setuid",    CmdHF14BSetUID,      IfPm3Iso14443b,   "Set UID for magic card"},
     {NULL, NULL, NULL, NULL}
 };