hf mfp dump implementation#3116
Merged
iceman1001 merged 7 commits intoRfidResearchGroup:masterfrom Mar 9, 2026
Merged
Conversation
Replace mf_check_keys (which hangs in firmware infinite retry loop) with mf_read_sector for SL1 key probing. Defer MFC key probing to the read phase so it only runs per-sector when SL3 auth fails. Also fix mfcProbeKeys memory leak on early exit paths.
Restructure dump into 4 phases: 1. Classify sectors via single MFC probe (SL3 vs SL1) 2. AES dictionary only on SL3 sectors 3. MFC dictionary only on SL1 sectors 4. Read with found keys Suppress firmware debug output during key probing to prevent auth error message flood, matching MifareChkKeys behavior.
|
You are welcome to add an entry to the CHANGELOG.md as well |
Signed-off-by: apply-science <106422483+apply-science@users.noreply.github.com>
iceman1001
reviewed
Mar 8, 2026
iceman1001
reviewed
Mar 8, 2026
Collaborator
|
Cool new functionality! But why do I get a feeling you are mixing check keys (or find all needed keys) and dump in the same go? I suggest you have a and the reading of a json file, belongs in the fileutils.c |
Restructure hf mfp dump to match hf mf dump pattern: load keys from files, read sectors, save. Remove all key probing/checking logic (use hf mfp chk and hf mf chk separately for key discovery). Use MF_KEY_A/MF_KEY_B defines instead of magic numbers. Replace custom JSON parser with existing loadFileJSON infrastructure.
Signed-off-by: apply-science <106422483+apply-science@users.noreply.github.com>
When no --keys or --mfc-keys arguments are given, automatically look for hf-mfp-<UID>-key.json and hf-mf-<UID>-key.bin files, matching the output of hf mfp chk --dump and hf mf chk --dump. Fail with helpful message if no keys are available, matching the behaviour of hf mf dump.
Collaborator
|
the dump command should support the |
Contributor
Author
It already does.
|
Collaborator
|
Execellent! Great PR! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A early version for performing dumps of MIFARE Plus credentials that supports both SL1, SL3 and mixed mode credentials.