proxmark3 icon indicating copy to clipboard operation
proxmark3 copied to clipboard
verified publisher icon RfidResearchGroup

[idea] cmdhffudan CmdHFFudanWrBl comments

Open DjBalagur opened this issue 4 months ago • 1 comments

Hi @iceman1001 , great job!

I wanted to try writing data to the FM11RF005M tag, but when I tried, I got a notification

[usb] pm3 --> hf fudan wrbl --blk 2 -k FFFFFFFFFFFF -d 10000000 [+] Not implemented yet. Feel free to contribute!

I decided to look at the code and saw that this was done and commented out. I'm new to this stuff, so I'm not entirely sure if it's possible to simply uncomment it. But perhaps that would be enough to activate block writing.

`static int CmdHFFudanWrBl(const char *Cmd) {

CLIParserContext *ctx;
CLIParserInit(&ctx, "hf fudan wrbl",
              "Write fudan block with 4 hex bytes of data\n",
              "hf fudan wrbl --blk 1 -k FFFFFFFFFFFF -d 01020304"
             );
void *argtable[] = {
    arg_param_begin,
    arg_int1(NULL, "blk", "<dec>", "block number"),
    arg_str0("k", "key", "<hex>", "key, 6 hex bytes"),
    arg_str0("d", "data", "<hex>", "bytes to write, 4 hex bytes"),
    arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);

int b = arg_get_int_def(ctx, 1, 1);

int keylen = 0;
uint8_t key[6] = {0};
CLIGetHexWithReturn(ctx, 2, key, &keylen);

uint8_t block[MAX_FUDAN_BLOCK_SIZE] = {0x00};
int blen = 0;
CLIGetHexWithReturn(ctx, 3, block, &blen);
CLIParserFree(ctx);

if (blen != MAX_FUDAN_BLOCK_SIZE) {
    PrintAndLogEx(WARNING, "block data must include 4 HEX bytes. Got %i", blen);
    return PM3_EINVARG;
}

if (b > 255) {
    return PM3_EINVARG;
}

PrintAndLogEx(SUCCESS, "Not implemented yet. Feel free to contribute!");

/*

uint8_t blockno = (uint8_t)b;

PrintAndLogEx(INFO, "Writing block no %d, key %s", blockno, sprint_hex_inrow(key, sizeof(key)));
PrintAndLogEx(INFO, "data: %s", sprint_hex(block, sizeof(block)));

uint8_t data[26];
memcpy(data, key, sizeof(key));
memcpy(data + 10, block, sizeof(block));
clearCommandBuffer();
SendCommandMIX(CMD_HF_MIFARE_WRITEBL, blockno, 0, 0, data, sizeof(data));

PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500) == false) {
    PrintAndLogEx(FAILED, "command execution time out");
    return PM3_ETIMEOUT;
}

uint8_t isok  = resp.oldarg[0] & 0xff;
if (isok) {
    PrintAndLogEx(SUCCESS, "Write ( " _GREEN_("ok") " )");
    PrintAndLogEx(HINT, "Hint: Try `" _YELLOW_("hf fudan rdbl") "` to verify");
} else {
    PrintAndLogEx(FAILED, "Write ( " _RED_("fail") " )");
}
*/
return PM3_SUCCESS;

}`

DjBalagur avatar Oct 21 '25 20:10 DjBalagur

Sadly, no, its not that simple, its the Mifare classic write block source you see there and it needs to be adapted on device side.

iceman1001 avatar Oct 22 '25 19:10 iceman1001