swap 0 block write and other blocks write

when writing to gen2 and possible on gen3, it writes first block 3 wich is the trailing sector before writing to block 0, so the last write to block 0 fails because authenticate to old keyset
nfc-tools · Jun 25, 2020 · 3c55b87 · 3c55b87
1 parent 02f0f6b
commit 3c55b87
Showing 1 changed file with 55 additions and 54 deletions.
diff --git a/utils/nfc-mfclassic.c b/utils/nfc-mfclassic.c
@@ -436,6 +436,61 @@ write_card(int write_block_zero)
  }
 
  printf("Writing %d blocks |", uiBlocks + write_block_zero);
+ //Write Block 0 if requested to do so
+ if (write_block_zero) {
+ uiBlock = 0;
+ is_first_block(0);
+ if (bFailure) {
+ // When a failure occured we need to redo the anti-collision
+ if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0) {
+ printf("!\nError: tag was removed\n");
+ return false;
+ }
+ bFailure = false;
+ }
+
+ fflush(stdout);
+ // Try to authenticate for the current sector
+ // If we are are writing to a chinese magic card, we've already unlocked
+ // If we're writing to a One Time Write, we need to authenticate
+ // If we're writing something else, we'll need to authenticate
+ if ((write_block_zero && (magic2 || magic3)) || !write_block_zero) {
+ if (!authenticate(0) && !bTolerateFailures) {
+ printf("!\nError: authentication failed for block 00\n");
+ return false;
+ }
+ }
+
+ // Make sure a earlier write did not fail
+ if (!bFailure) {
+ // Try to write the data block
+ if (bFormatCard && uiBlock)
+ memset(mp.mpd.abtData, 0x00, sizeof(mp.mpd.abtData));
+ else
+ memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData, sizeof(mp.mpd.abtData));
+ // do not write a block 0 with incorrect BCC - card will be made invalid!
+ if ((mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3] ^ mp.mpd.abtData[4]) != 0x00 && !magic2) {
+ printf("!\nError: incorrect BCC in MFD file!\n");
+ printf("Expecting BCC=%02X\n", mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3]);
+ return false;
+ }
+ if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, uiBlock, &mp)) {
+ bFailure = true;
+ printf("Failure to write to data block 0\n");
+ }
+
+ }
+ else {
+ printf("Failure during write process.\n");
+ }
+
+ // Show if the write went well for block 0
+ print_success_or_failure(bFailure, &uiWriteBlocks);
+ if ((!bTolerateFailures) && bFailure)
+ return false;
+
+ }
+
  // Completely write the card, but skipping block 0
  for (uiBlock = 1; uiBlock <= uiBlocks; uiBlock++) {
  // Authenticate everytime we reach the first sector of a new block
@@ -506,60 +561,6 @@ write_card(int write_block_zero)
  return false;
  }
 
- //Write Block 0 if requested to do so
- if (write_block_zero) {
- uiBlock = 0;
- is_first_block(0);
- if (bFailure) {
- // When a failure occured we need to redo the anti-collision
- if (nfc_initiator_select_passive_target(pnd, nmMifare, NULL, 0, &nt) <= 0) {
- printf("!\nError: tag was removed\n");
- return false;
- }
- bFailure = false;
- }
-
- fflush(stdout);
- // Try to authenticate for the current sector
- // If we are are writing to a chinese magic card, we've already unlocked
- // If we're writing to a One Time Write, we need to authenticate
- // If we're writing something else, we'll need to authenticate
- if ((write_block_zero && (magic2 || magic3)) || !write_block_zero) {
- if (!authenticate(0) && !bTolerateFailures) {
- printf("!\nError: authentication failed for block 00\n");
- return false;
- }
- }
-
- // Make sure a earlier write did not fail
- if (!bFailure) {
- // Try to write the data block
- if (bFormatCard && uiBlock)
- memset(mp.mpd.abtData, 0x00, sizeof(mp.mpd.abtData));
- else
- memcpy(mp.mpd.abtData, mtDump.amb[uiBlock].mbd.abtData, sizeof(mp.mpd.abtData));
- // do not write a block 0 with incorrect BCC - card will be made invalid!
- if ((mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3] ^ mp.mpd.abtData[4]) != 0x00 && !magic2) {
- printf("!\nError: incorrect BCC in MFD file!\n");
- printf("Expecting BCC=%02X\n", mp.mpd.abtData[0] ^ mp.mpd.abtData[1] ^ mp.mpd.abtData[2] ^ mp.mpd.abtData[3]);
- return false;
- }
- if (!nfc_initiator_mifare_cmd(pnd, MC_WRITE, uiBlock, &mp)) {
- bFailure = true;
- printf("Failure to write to data block 0\n");
- }
-
- } else {
- printf("Failure during write process.\n");
- }
-
- // Show if the write went well for block 0
- print_success_or_failure(bFailure, &uiWriteBlocks);
- if ((! bTolerateFailures) && bFailure)
- return false;
-
- }
-
  printf("|\n");
  printf("Done, %d of %d blocks written.\n", uiWriteBlocks, uiBlocks + 1);
  fflush(stdout);