Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NFC Magic] Issuing GEN4_CMD_GET_CFG may not be safe #204

Open
Pwntastic opened this issue Apr 17, 2024 · 0 comments
Open

[NFC Magic] Issuing GEN4_CMD_GET_CFG may not be safe #204

Pwntastic opened this issue Apr 17, 2024 · 0 comments

Comments

@Pwntastic
Copy link

Pwntastic commented Apr 17, 2024
edited
Loading

Reading through the proxmark magic card notes, there's a note that using the UMC C6 / GEN4_CMD_GET_CFG command to retrieve a gen4 card's config may cause the actual config to change on some buggy cards:

👉 TODO Using C6 command can change config due to a bug in some cards. CC should be used instead.
https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#identify-26

It looks like the nfc_magic tool is issuing that C6 command when attempting to detect gen4 cards:
https://github.com/flipperdevices/flipperzero-good-faps/blob/dev/nfc_magic/magic/protocols/gen4/gen4_poller.c#L107

#define GEN4_CMD_GET_CFG (0xC6)
...

NfcCommand gen4_poller_detect_callback(NfcGenericEvent event, void* context) {
...
            bit_buffer_append_byte(gen4_poller_detect_ctx->tx_buffer, GEN4_CMD_GET_CFG);

Perhaps it should instead just issue a CC / GEN4_CMD_GET_REVISION command instead?

#define GEN4_CMD_GET_REVISION (0xCC)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Pwntastic