| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 |
- mfterm is a terminal interface for working with Mifare Classic tags.
- Tab completion on commands is available. Also, commands that have file
- name arguments provide tab completion on files. There is also a
- command history, like in most normal shells.
- Working with the mfterm program there are a few state variables that
- are used.
- Current Tag
- -----------
- The "current tag" is populated with the 'load' or 'read' commands. The
- 'read' command will read data from a physical tag and requires the
- "current keys" to be set to the keys of the tag. Clear the "current
- tag" by using the 'clear' command.
- Display the "current tag" by using the 'print' command. The keys of
- the "current tag" are displayed with the 'print keys' command. Note:
- the tag keys could be different from the "current keys" displayed by
- the 'keys print' command.
- The data of the "current tag" can be manipulated with the 'set'
- command.
- The "current tag" can be persisted by writing it to a file with the
- 'save' command. It can also be written to a physical tag with the
- 'write' command. For the 'write' command to succeed, the "current
- keys" have to be set to appropriate values.
- If you are reading or loading a 1k tag, the mfterm program will still
- use a full 4k tag to represent it. The last 3k will be all
- zeroes. This is in analogy with the other libnfc tools.
- Current Keys
- ------------
- The "current keys" are used to authenticate when performing operations
- on a physical tag. They can be displayed using the 'keys'
- command. Clear the "current keys" by using the 'keys clear' command.
- The keys are stored just like a tag in a file using the 'keys save',
- but with all the data fields except the sector trailers cleared. The
- keys can be loaded from a file, either a real tag dump or a key tag
- dump, with the 'keys load' command.
- The "current keys" can be set to match the "current tag" by using the
- 'keys import' command. It is also possible to manually set a key using
- the 'keys set' command.
- Use the 'keys test' command to test if the "current keys" can be used
- to authenticate with a physical tag.
- Dictionary
- ----------
- A key dictionary can be imported from a file using the 'dict load'
- command. This dictionary can then be used to perform a dictionary
- attack on the sectors of a tag by using the 'dict attack' command.
- The format of the dictionary file is simple. One key (6 bytes, 12 hex
- characters) per line and # is a comment.
- Performing 'dict load' on several files will produce a dictionary that
- is the union of those files. Duplicates will be removed.
- To list all the keys in the dictionary, use the command 'dict'. To
- clear the dictionary use 'dict clear'.
- Other commands
- --------------
- Quit the mfterm program by issuing the 'quit' command.
- Help is available by writing 'help'
- Specification Files
- -------------------
- A specification file defines names for parts of the tag data. See the
- file mfc-spec.txt for a sample specification.
- Specification files are loaded with the command 'spec load'. They can
- be cleared with 'spec clear'. To display the data structure loaded use
- the command 'spec'.
- Once a specification has been loaded, it can be used to access the
- data in the tag by using a specification path. In the sample
- specification, the path: '.sector_0.block_0.atqa', when entered in the
- terminal, will display the two bytes of data starting with byte 6.
- WARNING:
- --------
- The mfterm software is neither thoroughly tested nor widely used. It
- likely contains a number of serious bugs that can be exploited to
- compromise your computer. Do NOT run the mfterm software as a
- privileged user (e.g. root), and ONLY load tag, dictionary and
- specification files that you get from people you trust.
|
