Merge pull request #2716 from nvx/zuid_detection

Changed `hf mf info` - now differentiates between full USCUID and cut…
RfidResearchGroup · Jan 14, 2025 · 87bdc25 · 87bdc25
2 parents 9b68dc1 + 29e0c51
commit 87bdc25
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 16 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips (@nvx)
 - Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) 
 - Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz)
 - Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva)

diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
@@ -2927,6 +2927,7 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
     uint8_t rdbl00[4] = {ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8};
     uint8_t gen4gdmAuth[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92};
     uint8_t gen4gdmGetConf[4] = {MIFARE_MAGIC_GDM_READ_CFG, 0x00, 0x39, 0xF7};
+    uint8_t gen4gdmGetMagicBlock[4] = {MIFARE_MAGIC_GDM_READBLOCK, 0x00, 0xC2, 0x66};
     uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0};
     uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D};
     bool isGen2 = false;
@@ -2955,7 +2956,16 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) {
         ReaderTransmit(gen4gdmGetConf, sizeof(gen4gdmGetConf), NULL);
         res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par);
         if (res > 1) {
-            flag |= MAGIC_FLAG_GDM_WUP_40;
+            // could be ZUID or full USCUID, the magic blocks don't exist on ZUID so
+            // a failure here indicates a feature limited chip like ZUID
+            // check for GDM hidden block read
+            ReaderTransmit(gen4gdmGetMagicBlock, sizeof(gen4gdmGetMagicBlock), NULL);
+            res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par);
+            if (res > 1) {
+                flag |= MAGIC_FLAG_GDM_WUP_40;
+            } else {
+                flag |= MAGIC_FLAG_GDM_WUP_40_ZUID;
+            }
         }
     }
 

diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c
@@ -2761,7 +2761,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
             PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf c*") "` magic commands");
 
             // if GEN4 GDM in Gen1a more,  hint about it
-            if ((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) {
+            if (((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) || ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID)) {
                 PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf gdm* --gen1a") "` magic commands");
             }
         }

diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c
@@ -1614,6 +1614,10 @@ uint16_t detect_mf_magic(bool is_mfc, uint8_t key_type, uint64_t key) {
         PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( Gen1 Magic Wakeup )");
     }
 
+    if ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID) {
+        PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( ZUID Gen1 Magic Wakeup )");
+    }
+
     if ((isMagic & MAGIC_FLAG_GEN_UNFUSED) == MAGIC_FLAG_GEN_UNFUSED) {
         PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Write Once / FUID"));
     }

diff --git a/include/protocols.h b/include/protocols.h
@@ -263,20 +263,21 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define MAGIC_SINGLE                (MAGIC_HALT | MAGIC_INIT | MAGIC_OFF) //0x1E
 
 // by CMD_HF_MIFARE_CIDENT / Flags
-#define MAGIC_FLAG_NONE          0x0000
-#define MAGIC_FLAG_GEN_1A        0x0001
-#define MAGIC_FLAG_GEN_1B        0x0002
-#define MAGIC_FLAG_GEN_2         0x0004
-#define MAGIC_FLAG_GEN_UNFUSED   0x0008
-#define MAGIC_FLAG_SUPER_GEN1    0x0010
-#define MAGIC_FLAG_SUPER_GEN2    0x0020
-#define MAGIC_FLAG_NTAG21X       0x0040
-#define MAGIC_FLAG_GEN_3         0x0080
-#define MAGIC_FLAG_GEN_4GTU      0x0100
-#define MAGIC_FLAG_GDM_AUTH      0x0200
-#define MAGIC_FLAG_QL88          0x0400
-#define MAGIC_FLAG_GDM_WUP_20    0x0800
-#define MAGIC_FLAG_GDM_WUP_40    0x1000
+#define MAGIC_FLAG_NONE            0x0000
+#define MAGIC_FLAG_GEN_1A          0x0001
+#define MAGIC_FLAG_GEN_1B          0x0002
+#define MAGIC_FLAG_GEN_2           0x0004
+#define MAGIC_FLAG_GEN_UNFUSED     0x0008
+#define MAGIC_FLAG_SUPER_GEN1      0x0010
+#define MAGIC_FLAG_SUPER_GEN2      0x0020
+#define MAGIC_FLAG_NTAG21X         0x0040
+#define MAGIC_FLAG_GEN_3           0x0080
+#define MAGIC_FLAG_GEN_4GTU        0x0100
+#define MAGIC_FLAG_GDM_AUTH        0x0200
+#define MAGIC_FLAG_QL88            0x0400
+#define MAGIC_FLAG_GDM_WUP_20      0x0800
+#define MAGIC_FLAG_GDM_WUP_40      0x1000
+#define MAGIC_FLAG_GDM_WUP_40_ZUID 0x2000
 
 
 // Commands for configuration of Gen4 GTU cards.