PATCH: SVN version of proxmark, wrong UID

gregy · 2013-04-02 12:10:59

Hi,
it appears that recent version of proxmark firmware garbles long uids (for example on desfire). Previously (few months ago) it worked fine.

Current svn does this (notice 88 start byte):

ATQA : 44 03          
 UID : 88 04 5f 32 32 1e 80           
 SAK : 20 [1]          
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k | JCOP 31/41          
 ATS : 06 75 77 81 02 80 02 f0           
       -  TL : length is 6 bytes          
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5          
       - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]                                                                                               
       - TB1 : SFGI = 0, FWI = 8                                                                                                                                            
       - TC1 : NAD is NOT supported, CID is supported                                                                                                                       
       -  HB : 80

 ETU     :rssi: who bytes          
---------+----+----+-----------          
 +      0:    :     52              
 +    236:   0: TAG 44  03              
 +      0:    :     93  20              
 +    452:   0: TAG 88  04  5f  33  e0              
 +      0:    :     93  70  88  04  5f  33  e0  e5  c9              
 +    308:   0: TAG 24  d8  36              
 +      0:    :     95  20              
 +    452:   0: TAG 32  32  1e  80  9e              
 +      0:    :     95  70  32  32  1e  80  9e  39  52              
 +    308:   0: TAG 20  fc  70              
 +      0:    :     e0  80  31  73              
 +    668:   0: TAG 06  75  77  81  02  80  02  f0

I fixed it with this

Index: iso14443a.c
===================================================================
--- iso14443a.c (revision 693)
+++ iso14443a.c (working copy)
@@ -1719,7 +1719,7 @@
     if ((sak & 0x04) && uid_resp[0] == 0x88) {
       // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
       // http://www.nxp.com/documents/application_note/AN10927.pdf
-      memcpy(uid_ptr, uid_ptr + 1, 3);
+      memcpy(uid_resp, uid_resp + 1, 3);
       uid_resp_len = 3;
     }

New result:

ATQA : 44 03          
 UID : 04 5f 33 32 32 1e 80           
 SAK : 20 [1]          
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k | JCOP 31/41          
 ATS : 06 75 77 81 02 80 02 f0           
       -  TL : length is 6 bytes          
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 5          
       - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]          
       - TB1 : SFGI = 0, FWI = 8          
       - TC1 : NAD is NOT supported, CID is supported          
       -  HB : 80

Could you please test it. And if it works correctly, commit it to svn?

Thank you

Neuer_User · 2013-05-02 11:20:20

Hi Gregy

This looks like a correct patch. I have tested it against r708 and it seems to work.

Could some admin commit it to svn?

--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -1663,7 +1663,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     if ((sak & 0x04) && uid_resp[0] == 0x88) {
       // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
       // http://www.nxp.com/documents/application_note/AN10927.pdf
-      memcpy(uid_ptr, uid_ptr + 1, 3);
+      memcpy(uid_resp, uid_resp + 1, 3);
       uid_resp_len = 3;
     }

rule · 2013-05-03 07:55:37

done

gregy · 2013-05-03 10:38:37

Thank you

Proxmark3 community

Announcement

#1 2013-04-02 12:10:59

PATCH: SVN version of proxmark, wrong UID

#2 2013-05-02 11:20:20

Re: PATCH: SVN version of proxmark, wrong UID

#3 2013-05-03 07:55:37

Re: PATCH: SVN version of proxmark, wrong UID

#4 2013-05-03 10:38:37

Re: PATCH: SVN version of proxmark, wrong UID

Board footer