te4gh0st
/
Miflare-Dump-Analyse-Tool


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377
							#!/usr/bin/env python3
"""
Miflare Dump Analyse Tool (1K/4K)

A command-line utility for analyzing and manipulating MIFARE Classic dumps.

Main Features:
- Load and display .bin dumps of 1K (16 sectors) or 4K (64 sectors) MIFARE Classic cards
- Optional bit-level view with --bits (-b)
- Visual highlight of UID, BCC, ATQA, and SAK in sector 0, block 0
- Visual parsing of trailer blocks: Key A, Access Bits, User Data, and Key B
- Detect MIFARE tag type and manufacturer
- Calculate and verify BCC for custom UIDs (--calc-bcc)
- Decode access bits (--calc-access) or generate them interactively (--gen-access)
- Compare two dumps with optional diff-only mode (--compare, --diff-only)
- Multilingual support: English (default) and Russian (--lang ru)

Example Usage:
  ./mdat.py dump.bin --bits
  ./mdat.py --calc-bcc B7 52 3D 22
  ./mdat.py --calc-access FF 07 08
  ./mdat.py --gen-access
  ./mdat.py --compare dump1.bin dump2.bin --diff-only

--
Copyright (c) 2025 te4gh0st
"""
import sys
import argparse
import textwrap

# ANSI escape codes for colors
RESET = "\033[0m"
RED = "\033[31m"
GREEN = "\033[32m"
YELLOW = "\033[33m"
CYAN = "\033[36m"
MAGENTA = "\033[35m"
GRAY = "\033[90m"

LANG_TEXT = {
    'en': {
        'sector': 'Sector', 'block': 'Block', 'uid': 'UID', 'bcc': 'BCC',
        'atqa': 'ATQA', 'sak': 'SAK', 'type': 'Tag type', 'mf': 'Manufacturer',
        'access': 'Access', 'calc_bcc': 'Calculated BCC',
        'access_calc': 'Access bits calculation',
        'access_block': 'Access Block',
        'read_write': 'Key A/B read & write (insecure)',
        'read_only': 'Key A read only',
        'read_allow_write_never': 'Read with Key A, writing not allowed',
        'read_write_key_b': 'Read/Write with Key B',
        'read_key_b_write_never': 'Read with Key B, writing not allowed',
        'no_access': 'No access',
        'custom': 'Custom', 'trailer': 'Trailer',
        'compare': 'Comparing dumps',
        'diff_only': 'Differences only',
        'trailer_details': {
            (0,0,0): 'Key A/B readable/writable, Access Bits writable (INSECURE)',
            (0,1,0): 'Key B readable/writable with Key A, Access Bits writable',
            (1,0,0): 'Key B readable with Key A, Access Bits writable',
            (1,1,0): 'Key B readable with Key A, Access Bits writable (Key B required)',
        },
        'options': [
            ((0, 0, 0), 'Key A/B readable/writable, Access Bits writable (INSECURE)'),
            ((0, 1, 0), 'Key B readable/writable with Key A, Access Bits writable'),
            ((1, 0, 0), 'Key B readable with Key A, Access Bits writable'),
            ((1, 1, 0), 'Key B readable with Key A, Access Bits writable (Key B required)')],
        'gen_access': '=== Access Bytes Generator ===\nSelect access bits for each block:',
        'input_prompt': 'Choose option [1-4] for block {i}: ',
        'user_data_prompt': 'UserData byte (hex, e.g. 69) [00]: ',
        'invalid_choice': 'Invalid choice. Please enter a number from 1 to 4.',
        'invalid_hex': 'Invalid hex input. Defaulting to 00.',
        'result': 'Result:',
        'no_description': 'No description available.',
        'access_bytes': 'Access Bytes',
        'byte': 'Byte',
        'differences': 'Total differences'
    },
    'ru': {
        'sector': 'Сектор', 'block': 'Блок', 'uid': 'UID', 'bcc': 'BCC',
        'atqa': 'ATQA', 'sak': 'SAK', 'type': 'Тип метки', 'mf': 'Производитель',
        'access': 'Права', 'calc_bcc': 'Вычисленный BCC',
        'access_calc': 'Калькулятор бит доступа',
        'access_block': 'Блок доступа',
        'custom': 'Пользовательские', 'trailer': 'Трейлер',
        'read_write': 'Чтение/запись с ключом A/B (небезопасно)',
        'read_only': 'Только чтение с ключом A',
        'read_allow_write_never': 'Чтение с ключом A, запись невозможна',
        'read_write_key_b': 'Чтение/запись с ключом B',
        'read_key_b_write_never': 'Чтение с ключом B, запись невозможна',
        'no_access': 'Нет доступа',
        'compare': 'Сравнение дампов',
        'diff_only': 'Только различия',
        'trailer_details': {
            (0,0,0): 'Key A/B доступны для чтения/записи, Биты доступа изменяемы (НЕБЕЗОПАСНО)',
            (0,1,0): 'Key B доступен для чтения/записи с Key A, Биты доступа изменяемы',
            (1,0,0): 'Key B доступен для чтения с Key A, Биты доступа изменяемы',
            (1,1,0): 'Key B доступен для чтения с Key A, Биты доступа изменяемы (требуется Key B)',
        },
        'gen_access': '=== Генератор байтов доступа ===\nВыберите биты доступа для каждого блока:',
        'input_prompt': 'Выберите вариант [1-4] для блока {i}: ',
        'user_data_prompt': 'Байт UserData (в hex, напр. 69) [00]: ',
        'invalid_choice': 'Неверный выбор. Введите число от 1 до 4.',
        'invalid_hex': 'Неверный формат hex. Используется значение по умолчанию: 00.',
        'result': 'Результат:',
        'no_description': 'Описание недоступно.',
        'options': [
            ((0, 0, 0), 'Ключи A/B доступны для чтения/записи, биты доступа изменяемы (НЕБЕЗОПАСНО)'),
            ((0, 1, 0), 'Ключ B доступен для чтения/записи с ключом A, биты доступа изменяемы'),
            ((1, 0, 0), 'Ключ B доступен для чтения с ключом A, биты доступа изменяемы'),
            ((1, 1, 0), 'Ключ B доступен для чтения с ключом A, биты доступа изменяемы (требуется ключ B)'),
        ],
        'access_bytes': 'Байты доступа',
        'byte': 'Байт',
        'differences': 'Всего отличий'

    }
}

access_map = {
    (0, 0, 0): ('read_write', None),
    (1, 0, 0): ('read_only', None),
    (0, 1, 0): ('read_allow_write_never', None),
    (0, 0, 1): ('read_write_key_b', None),
    (0, 1, 1): ('read_write_key_b', None),
    (1, 0, 1): ('read_key_b_write_never', None),
    (1, 1, 0): ('read_write_key_b', None),
    (1, 1, 1): ('no_access', None),
}

TAG_TYPES = {
    (0x0004, 0x08): ('MIFARE Classic 1K', 'NXP'),
    (0x0002, 0x18): ('MIFARE Classic 4K', 'NXP'),
    (0x0344, 0x38): ('MIFARE Ultralight', 'NXP'),
    (0x0044, 0x20): ('MIFARE DESFire EV1/EV2', 'NXP'),
    (0x0400, 0x88): ('Cascade Tag (7-byte UID)', 'NXP'),
    (0x4400, 0x98): ('MIFARE Classic 4K with 7-byte UID', 'NXP'),
}

def color_bits(val, mask=None, color=YELLOW):
    bits = ''.join(str((val >> i) & 1) for i in reversed(range(8)))
    if mask is None:
        return bits
    mask_bits = ''.join(str((mask >> i) & 1) for i in reversed(range(8)))
    out = []
    for b, m in zip(bits, mask_bits):
        out.append((color + b + RESET) if m == '1' else b)
    return ''.join(out)


def calc_bcc(uid_bytes):
    b = 0
    for x in uid_bytes:
        b ^= x
    return b


def parse_access(ab6, ab7, ab8):
    c1 = [((ab7 >> i) & 1) ^ 1 for i in range(4)]
    c2 = [((ab8 >> i) & 1) ^ 1 for i in range(4)]
    c3 = [((ab6 >> i) & 1) for i in range(4)]
    return {i: (c1[i], c2[i], c3[i]) for i in range(4)}


def describe_access(bits, lang):
    t = LANG_TEXT[lang]
    desc = {}
    for i, (c1, c2, c3) in bits.items():
        if i < 3:
            entry = access_map.get((c1, c2, c3))
            d = t[entry[0]] if entry else f"{t['custom']} ({c1},{c2},{c3})"
        else:
            d = t['trailer_details'].get((c1, c2, c3), t['trailer'])
        desc[i] = d
    return desc


def hexdump(b): return ' '.join(f"{x:02X}" for x in b)


def show_sector(sec, idx, args, txt):
    print(CYAN + f"{txt['sector']} {idx}" + RESET)
    for i, blk in enumerate(sec):
        header = f" {txt['block']} {i}: {hexdump(blk)}"
        print(header)
        if args.bits:
            bits_str = ' '.join(color_bits(x, mask=0xFF) for x in blk)
            print(f"  Bits : {bits_str}")
        # UID block
        if idx == 0 and i == 0:
            uid = blk[:4]
            bcc_byte = blk[4]
            sak = blk[5]
            atqa = (blk[7] << 8) | blk[6]
            calc = calc_bcc(uid)
            ok = calc == bcc_byte
            print(f"  {txt['uid']}: " + ' '.join(MAGENTA + f"{x:02X}" + RESET for x in uid))
            print(f"  {txt['bcc']}: {YELLOW}{bcc_byte:02X}{RESET} ({txt['calc_bcc']}: {calc:02X}) → " +
                  (GREEN + "OK" + RESET if ok else RED + "FAIL" + RESET))
            print(f"  {txt['atqa']}: {atqa:04X}, {txt['sak']}: {sak:02X}")
        # Trailer block with Key A, Access Bits, User Data, Key B
        if i == 3:
            key_a = blk[0:6]
            ab6, ab7, ab8 = blk[6], blk[7], blk[8]
            user_data = blk[9]
            key_b = blk[10:16]
            # Colored segments
            ka_str = ' '.join(MAGENTA + f"{x:02X}" + RESET for x in key_a)
            ab_str = ' '.join(YELLOW + f"{x:02X}" + RESET for x in (ab6, ab7, ab8))
            ud_str = CYAN + f"{user_data:02X}" + RESET
            kb_str = ' '.join(GREEN + f"{x:02X}" + RESET for x in key_b)
            print(f"  Key A       : {ka_str}")
            print(f"  Access bits : {ab_str}  UserData: {ud_str}")
            print(f"  Key B       : {kb_str}")
            # decode access
            bits = parse_access(ab6, ab7, ab8)
            desc = describe_access(bits, args.lang)
            for b, d in desc.items():
                print(f"    {txt['access']} {txt['access_block']} {b}: {d}")
        # print()


def load(path):
    d = open(path, 'rb').read()
    if len(d) not in (1024, 4096):
        sys.exit("Bad dump size")
    bl = [d[i:i+16] for i in range(0, len(d), 16)]
    return [bl[i*4:(i+1)*4] for i in range(len(bl)//4)]


def generate_access_interactive(lang):
    t = LANG_TEXT[lang]
    print(f"{CYAN}{t['gen_access']}{RESET}")
    specs = {}

    options = list(access_map.items())

    for i in range(4):
        print(f"\n{YELLOW}Block {i}:{RESET}")
        for idx, (bits, (key, _)) in enumerate(options, 1):
            print(f"  {idx}. C1,C2,C3 = {bits} — {t.get(key, key)}")

        while True:
            choice = input(t['input_prompt'].format(i=i, max=len(options)))
            if choice.isdigit() and 1 <= int(choice) <= len(options):
                bits = options[int(choice)-1][0]
                specs[i] = bits
                print(f"{MAGENTA}Выбрано: C1={bits[0]}, C2={bits[1]}, C3={bits[2]}{RESET}")
                break
            else:
                print(f"{RED}{t['invalid_choice']}{RESET}")

    # UserData input
    ud_in = input(f"{CYAN}{t['user_data_prompt']}{RESET}") or "00"
    try:
        ud = int(ud_in, 16)
    except ValueError:
        print(f"{RED}{t['invalid_hex']}{RESET}")
        ud = 0x00

    ab6 = sum((specs[i][2] << i) for i in range(4))
    ab7 = sum(((specs[i][0] ^ 1) << i) for i in range(4))
    ab8 = sum(((specs[i][1] ^ 1) << i) for i in range(4))

    print(f"\n{GREEN}{t['result']}{RESET}")
    print(f"Access bytes: {ab6:02X} {ab7:02X} {ab8:02X}  UserData: {ud:02X}")
    sys.exit(0)


def highlight_diff_bytes(b1: bytes, b2: bytes) -> tuple[str, str]:
    """Подсвечивает отличающиеся байты красным, совпадающие серым"""
    h1 = []
    h2 = []
    for byte1, byte2 in zip(b1, b2):
        hex1 = f"{byte1:02X}"
        hex2 = f"{byte2:02X}"
        if byte1 != byte2:
            h1.append(f"{RED}{hex1}{RESET}")
            h2.append(f"{RED}{hex2}{RESET}")
        else:
            h1.append(f"{GRAY}{hex1}{RESET}")
            h2.append(f"{GRAY}{hex2}{RESET}")
    return ' '.join(h1), ' '.join(h2)


def compare_dumps(path1, path2, args, txt):
    d1 = load(path1)
    d2 = load(path2)
    print(f"{CYAN}{txt['compare']}{RESET}")
    diffs = 0
    for si, (s1, s2) in enumerate(zip(d1, d2)):
        for bi, (b1, b2) in enumerate(zip(s1, s2)):
            if args.diff_only:
                if b1 != b2:
                    diffs += 1
                    print(f"{YELLOW}{txt['sector']} {si} {txt['block']} {bi}:{RESET}")
                    h1, h2 = highlight_diff_bytes(b1, b2)
                    print(f"  A: {h1}")
                    print(f"  B: {h2}")
            else:
                marker = GREEN + '==' + RESET if b1 == b2 else RED + '!=' + RESET
                h1, h2 = highlight_diff_bytes(b1, b2)
                print(f"{txt['sector']} {si:<2} {txt['block']} {bi}: {h1} {marker} {h2}")
                if b1 != b2:
                    diffs += 1
    print(f"\n{MAGENTA}{txt['differences']}: {diffs}{RESET}")
    sys.exit(0)


def main():
    p = argparse.ArgumentParser(
        description='Miflare Dump Analyse Tool\nCopyright (c) 2025 te4gh0st',
        formatter_class=argparse.RawTextHelpFormatter)
    p.add_argument('dump', nargs='?', help='.bin dump file')
    p.add_argument('--bits', '-b', action='store_true', help='Show bits view (Показать биты)')
    p.add_argument('--lang', choices=['en', 'ru'], default='en', help='Language / Язык')
    p.add_argument('--calc-bcc', nargs='+', metavar='BYTE',
                   help='Calculate BCC for UID bytes (Вычислить BCC для байт UID)')
    p.add_argument('--calc-access', nargs=3, metavar='HEX',
                   help='Decode access bytes FF 07 08 (Декодировать байты доступа FF 07 08)')
    p.add_argument('--gen-access', action='store_true', help='Generate access bytes interactively (Интерактивная генерация бит доступа)')
    p.add_argument('--compare', nargs=2, metavar=('DUMP1','DUMP2'),
                   help='Compare two dumps (Сравнить два дампа)')
    p.add_argument('--diff-only', action='store_true', help='Show only differences when comparing (Только различия)')
    args = p.parse_args()
    txt = LANG_TEXT[args.lang]

    if args.calc_bcc:
        uid = [int(x, 16) for x in args.calc_bcc]
        print(f"{txt['uid']}: {' '.join(f"{x:02X}" for x in uid)} → {txt['bcc']}: {calc_bcc(uid):02X}")
        sys.exit(0)

    if args.calc_access:
        ab6, ab7, ab8 = [int(x, 16) for x in args.calc_access]
        bits = parse_access(ab6, ab7, ab8)
        desc = describe_access(bits, args.lang)
        t = LANG_TEXT[args.lang]

        print(f"{CYAN}{t['access_calc']}{RESET}")
        print(f"{YELLOW}{'Access Matrix:':<20}{RESET}")
        for block, (c1, c2, c3) in bits.items():
            print(f"  Block {block:<2}:  C1={c1}  C2={c2}  C3={c3}")

        print(f"\n{YELLOW}{'Descriptions:' if args.lang == 'en' else 'Пояснения:'}{RESET}")
        for block in sorted(desc):
            print(f"  {t['access_block']} {block}: {MAGENTA}{desc[block]}{RESET}")

        print(f"\n{GREEN}{t['access_bytes']}:{RESET}  [{t['byte']} 6] = {RED}{ab6:02X}{RESET} "
              f" [{t['byte']} 7] = {RED}{ab7:02X}{RESET}   [{t['byte']} 8] = {RED}{ab8:02X}{RESET}")
        sys.exit(0)

    if args.gen_access:
        generate_access_interactive(args.lang)

    if args.compare:
        compare_dumps(args.compare[0], args.compare[1], args, txt)

    if not args.dump:
        p.print_help()
        sys.exit(1)

    secs = load(args.dump)

    # Display tag type and manufacturer
    if secs and secs[0] and secs[0][0]:
        block0 = secs[0][0]
        sak = block0[5]
        atqa = (block0[7] << 8) | block0[6]
        tag_type, manufacturer = TAG_TYPES.get((atqa, sak), ('Unknown', 'Unknown'))
        print(f"{txt['type']}: {MAGENTA}{tag_type}{RESET}\n{txt['mf']}: {MAGENTA}{manufacturer}{RESET}\n")

    for i, sec in enumerate(secs):
        show_sector(sec, i, args, txt)

if __name__ == '__main__':
    main()