Proxmark3GUI/module/mifare.cpp

#include "mifare.h"

Mifare::Mifare(Ui::MainWindow *ui, Util *addr, QObject *parent) : QObject(parent)
{
    util = addr;
    this->ui = ui;
    keyAList = new QStringList();
    keyBList = new QStringList();
    dataList = new QStringList();
    data_clearKey(); // fill with blank Qstring
    data_clearData(); // fill with blank Qstring
    dataPattern = new QRegExp("([0-9a-fA-F]{2} ){15}[0-9a-fA-F]{2}");
}



void Mifare::info()
{
    util->execCMD("hf 14a info");
    ui->funcTab->setCurrentIndex(1);
}

void Mifare::chk()
{
    QString result = util->execCMDWithOutput("hf mf chk *1 ?");
    result = result.mid(result.indexOf("|---|----------------|----------------|"));
    QStringList keys = result.split("\r\n");
    for(int i = 0; i < 16; i++)
    {
        keyAList->replace(i, keys[i + 3].mid(7, 12).trimmed().toUpper());
        if(keyAList->at(i) == "?")
            keyAList->replace(i, "");
        keyBList->replace(i, keys[i + 3].mid(24, 12).trimmed().toUpper());
        if(keyBList->at(i) == "?")
            keyBList->replace(i, "");
    }
    data_syncWithKeyWidget();
    qDebug() << "***********\n" << keys << "***********\n";
}

void Mifare::nested()
{
    QString result = util->execCMDWithOutput("hf mf nested 1 *");
    result = result.mid(result.indexOf("|---|----------------|---|----------------|---|"));
    QStringList keys = result.split("\r\n");
    for(int i = 0; i < 16; i++)
    {
        if(keys[i + 3].at(23) == '1')
            keyAList->replace(i, keys[i + 3].mid(7, 12).trimmed().toUpper());
        if(keys[i + 3].at(44) == '1')
            keyBList->replace(i, keys[i + 3].mid(28, 12).trimmed().toUpper());
    }
    data_syncWithKeyWidget();
    qDebug() << "***********\n" << keys << "***********\n";
}

void Mifare::hardnested()
{
    MF_Attack_hardnestedDialog dialog;
    connect(&dialog, &MF_Attack_hardnestedDialog::sendCMD, util, &Util::execCMD);
    if(dialog.exec() == QDialog::Accepted)
        ui->funcTab->setCurrentIndex(1);
}

void Mifare::sniff()
{
    util->execCMD("hf mf sniff");
    ui->funcTab->setCurrentIndex(1);
}

void Mifare::list()
{
    util->execCMD("hf list mf");
    ui->funcTab->setCurrentIndex(1);
}

void Mifare::read()
{
    QString result = util->execCMDWithOutput("hf mf rdbl "
                     + ui->MF_RW_blockBox->currentText()
                     + " "
                     + ui->MF_RW_keyTypeBox->currentText()
                     + " "
                     + ui->MF_RW_keyEdit->text());
    if(result.indexOf("isOk:01") != -1)
    {
        result = result.mid(result.indexOf(*dataPattern, 0), 47).toUpper();
        if((ui->MF_RW_blockBox->currentText().toInt() + 1) % 4 == 0) // process key block
        {
            if(ui->MF_RW_keyTypeBox->currentText() == "A")
            {
                for(int i = 0; i < 6; i++)
                {
                    result = result.replace(i * 3, 2, ui->MF_RW_keyEdit->text().mid(i * 2, 2));
                }
                ui->MF_RW_dataEdit->setText(result);
                QString tmpKey = result.right(18).replace(" ", "");
                result = util->execCMDWithOutput("hf mf rdbl "
                                                 + ui->MF_RW_keyTypeBox->currentText()
                                                 + " B "
                                                 + tmpKey);
                if(result.indexOf("isOk:01") == -1)
                {
                    result = ui->MF_RW_dataEdit->text();
                    result = result.replace(30, 17, "?? ?? ?? ?? ?? ??");
                    ui->MF_RW_dataEdit->setText(result);
                }
            }
            else
            {
                for(int i = 0; i < 6; i++)
                {
                    result = result.replace(30 + i * 3, 2, ui->MF_RW_keyEdit->text().mid(i * 2, 2));
                }
                result = result.replace(0, 18, "?? ?? ?? ?? ?? ?? ");
                ui->MF_RW_dataEdit->setText(result);
            }
        }
        else
        {
            ui->MF_RW_dataEdit->setText(result);
        }
    }
}

void Mifare::readAll()
{
    QString result;
    QString tmp;
    int offset = 0;
    bool isKeyAValid;
    bool isKeyBValid;
    const int waitTime = 150;
    for(int i = 0; i < sectors; i++)
    {
        result = "";
        isKeyAValid = false;
        isKeyBValid = false;

        // check keys and read the first block of each sector
        if(data_isKeyValid(keyAList->at(i)))
        {
            result = util->execCMDWithOutput("hf mf rdsc "
                                             + QString::number(i)
                                             + " A "
                                             + keyAList->at(i), waitTime);
            qDebug() << result;
            offset = result.indexOf("isOk:01");
            if(offset != -1)
            {
                isKeyAValid = true;
                for(int j = 0; j < 4; j++)
                {
                    tmp = result.mid(result.indexOf(*dataPattern, offset), 47).toUpper();
                    offset += 47;
                    qDebug() << tmp;
                    tmp.replace(" ", "");
                    dataList->replace(i * 4 + j, tmp);
                    data_syncWithDataWidget(false, i * 4 + j);
                }
            }
        }
        if(data_isKeyValid(keyBList->at(i)))
        {
            result = util->execCMDWithOutput("hf mf rdsc "
                                             + QString::number(i)
                                             + " B "
                                             + keyBList->at(i), waitTime);
            qDebug() << result;
            offset = result.indexOf("isOk:01");
            if(offset != -1)
            {
                isKeyBValid = true;
                for(int j = 0; j < 4; j++)
                {
                    tmp = result.mid(result.indexOf(*dataPattern, offset), 47).toUpper();
                    offset += 47;
                    qDebug() << tmp;
                    tmp.replace(" ", "");
                    dataList->replace(i * 4 + j, tmp);
                    data_syncWithDataWidget(false, i * 4 + j);
                }
            }
        }

        if(isKeyAValid || isKeyBValid)
        {
            // fill the MF_dataWidget with the known valid key
            //
            // check whether the MF_dataWidget contains the valid key,
            // and fill MF_keyWidget(when you only have KeyA but the ReadBlock output contains the KeyB)
            //
            // the structure is not symmetric, since you cannot get KeyA from output
            // this program will only process the provided KeyA(in MF_keyWidget)
            result = dataList->at(4 * i + 3);
            if(isKeyAValid)
            {
                result.replace(0, 12, keyAList->at(i));
            }
            else
            {
                result = result.replace(0, 12, "????????????");
            }
            dataList->replace(4 * i + 3, result);

            if(isKeyBValid)
            {
                result.replace(20, 12, keyBList->at(i));
                dataList->replace(4 * i + 3, result);
                data_syncWithDataWidget(false, 4 * i + 3);
            }
            else // now isKeyAValid == true, the output might contains the KeyB
            {
                QString tmpKey = dataList->at(4 * i + 3).right(12);
                result = util->execCMDWithOutput("hf mf rdbl "
                                                 + QString::number(4 * i + 3)
                                                 + " B "
                                                 + tmpKey, waitTime);
                if(result.indexOf("isOk:01") != -1)
                {
                    keyBList->replace(i, tmpKey);
                    data_syncWithKeyWidget(false, i, false);
                }
                else
                {
                    result = dataList->at(4 * i + 3);
                    result = result.replace(20, 12, "????????????");
                    dataList->replace(4 * i + 3, result);

                }
            }
            data_syncWithDataWidget(false, 4 * i + 3);
        }
    }
}

void Mifare::write()
{
    QString result = util->execCMDWithOutput("hf mf wrbl "
                     + ui->MF_RW_blockBox->currentText()
                     + " "
                     + ui->MF_RW_keyTypeBox->currentText()
                     + " "
                     + ui->MF_RW_keyEdit->text()
                     + " "
                     + ui->MF_RW_dataEdit->text().replace(" ", ""));
    if(result.indexOf("isOk:01") != -1)
    {

    }
}

void Mifare::writeAll()
{
    const int waitTime = 300;
    QString result;
    for(int i = 0; i < 16; i++)
    {
        for(int j = 0; j < 4; j++)
        {
            result = ""; // if the KeyA is invalid and the result is not empty, the KeyB will not be tested.
            if(data_isDataValid(dataList->at(i * 4 + j)) != DATA_NOSPACE || dataList->at(i * 4 + j).contains('?'))
                continue;
            if(data_isKeyValid(keyAList->at(i)))
            {
                result = util->execCMDWithOutput("hf mf wrbl "
                                                 + QString::number(i * 4 + j)
                                                 + " A "
                                                 + keyAList->at(i)
                                                 + " "
                                                 + dataList->at(i * 4 + j), waitTime);
            }
            qDebug() << i << j << result.indexOf("isOk:01") << data_isKeyValid(keyBList->at(i));
            if(result.indexOf("isOk:01") == -1 && data_isKeyValid(keyBList->at(i)))
            {
                result = util->execCMDWithOutput("hf mf wrbl "
                                                 + QString::number(i * 4 + j)
                                                 + " B "
                                                 + keyBList->at(i)
                                                 + " "
                                                 + dataList->at(i * 4 + j), waitTime);
            }
        }
    }
}

void Mifare::dump()
{
    util->execCMD("hf mf dump");
    ui->funcTab->setCurrentIndex(1);
}

void Mifare::restore()
{
    util->execCMD("hf mf restore");
    ui->funcTab->setCurrentIndex(1);
}

void Mifare::data_syncWithDataWidget(bool syncAll, int block)
{
    QString tmp = "";
    if(syncAll)
    {
        for(int i = 0; i < blocks; i++)
        {
            tmp += dataList->at(i).mid(0, 2);
            for(int j = 1; j < 16; j++)
            {
                tmp += " ";
                tmp += dataList->at(i).mid(j * 2, 2);
            }
            ui->MF_dataWidget->item(i, 2)->setText(tmp);
        }
    }
    else
    {
        tmp += dataList->at(block).mid(0, 2);
        for(int j = 1; j < 16; j++)
        {
            tmp += " ";
            tmp += dataList->at(block).mid(j * 2, 2);
        }
        ui->MF_dataWidget->item(block, 2)->setText(tmp);
    }
}

void Mifare::data_syncWithKeyWidget(bool syncAll, int sector, bool isKeyA)
{
    if(syncAll)
    {
        for(int i = 0; i < sectors; i++)
        {
            ui->MF_keyWidget->item(i, 1)->setText(keyAList->at(i));
            ui->MF_keyWidget->item(i, 2)->setText(keyBList->at(i));
        }
    }
    else
    {
        if(isKeyA)
            ui->MF_keyWidget->item(sector, 1)->setText(keyAList->at(sector));
        else
            ui->MF_keyWidget->item(sector, 2)->setText(keyBList->at(sector));
    }
}

void Mifare::data_clearData()
{
    dataList->clear();
    for(int i = 0; i < blocks; i++)
        dataList->append("");
}

void Mifare::data_clearKey()
{
    keyAList->clear();
    keyBList->clear();
    for(int i = 0; i < sectors; i++)
    {
        keyAList->append("");
        keyBList->append("");
    }
}

bool Mifare::data_isKeyValid(const QString& key)
{
    if(key.length() != 12)
        return false;
    for(int i = 0; i < 12; i++)
    {
        if(!((key[i] >= '0' && key[i] <= '9') || (key[i] >= 'A' && key[i] <= 'F')))
            return false;
    }
    return true;
}

Mifare::DataType Mifare::data_isDataValid(QString data) // "?" will not been processd there
{
    if(data.length() == 47)
    {
        for(int i = 0; i < 47; i++)
        {
            if(i % 3 != 0)
            {
                if(!((data[i] >= '0' && data[i] <= '9') || (data[i] >= 'A' && data[i] <= 'F') || data[i] == '?'))
                    return DATA_INVALID;
            }
            else
            {
                if(data[i] != ' ')
                    return DATA_INVALID;
            }
            return DATA_WITHSPACE;
        }
    }
    else if(data.length() == 32)
    {
        for(int i = 0; i < 32; i++)
        {
            if(!((data[i] >= '0' && data[i] <= '9') || (data[i] >= 'A' && data[i] <= 'F') || data[i] == '?'))
                return DATA_INVALID;
        }
        return DATA_NOSPACE;
    }
    else
        return DATA_INVALID;
}