Last active
September 29, 2024 17:26
-
-
Save iwalton3/60456fea460a5734d2d4d2701cfcb960 to your computer and use it in GitHub Desktop.
Backup a small file on your xSiiD or similar while still allowing normal function (e.g. URL on scan) for unused space. File can be protected from deletion and also optionally protected from reading using password. Note you should still encrypt the file if it is sensitive! Please be careful as you can't recover password if forgotten!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| read -sp"Password (8 hex chars raw or string): " p | |
| echo | |
| if ! grep -q "^[0-9A-Fa-f]\{8\}$" <<< "$p" | |
| then | |
| echo "You provided a text password." | |
| echo "Hashing with: echo -n \"PASSWORD\" | sha256sum" | |
| echo "The password will be the first 8 chars of the hash." | |
| p=$(echo -n "$p" | sha256sum) | |
| p=${p:0:8} | |
| echo "Hashed password: $p" | |
| echo "============" | |
| echo | |
| fi | |
| l=$(cat "$1"|wc -c) | |
| x=$((226-l/4)) | |
| if [[ $((l%4)) != 0 ]] | |
| then | |
| x=$((x-1)) | |
| fi | |
| if [[ "$x" -lt 4 ]] | |
| then | |
| echo "Too much data!" | |
| exit 1 | |
| fi | |
| echo "To set a new password if this is factory set xSiiD:" | |
| echo "hf mfu wrbl -b 229 -d $p -k 444E4752" | |
| echo | |
| echo "To set a new password if this is another tag w/o password:" | |
| echo "hf mfu wrbl -b 229 -d $p" | |
| echo "============" | |
| echo | |
| echo "To prevent writes to zip area:" | |
| echo "hf mfu wrbl -b 227 -d 000000$(printf "%x\n" $x) -k $p" | |
| echo "============" | |
| echo | |
| echo "To protect the data from reads as well without password:" | |
| echo "hf mfu wrbl -b 228 -d 80000000 -k $p" | |
| echo "Note: Requires the previous \"prevent writes\" command." | |
| echo "============" | |
| echo | |
| echo "To remove data protections (except password):" | |
| echo "hf mfu wrbl -b 228 -d 00000000 -k $p" | |
| echo "hf mfu wrbl -b 227 -d 000000E2 -k $p" | |
| echo "============" | |
| echo | |
| echo "To write new data:" | |
| xxd -c 4 -p "$1" | while read -r line | |
| do | |
| while [[ ${#line} -lt 8 ]] | |
| do | |
| line="${line}00" | |
| done | |
| echo "hf mfu wrbl -b $((x++)) -d $line -k $p" | |
| done | |
| echo "===========" | |
| echo "READING DATA" | |
| echo "To read from proxmark:" | |
| echo "hf mfu dump -f filename -k $p" | |
| echo | |
| echo "To read using NFC tools shell on android:" | |
| echo "1B$(tr '[:lower:]' '[:upper:]' <<< "$p"),3A00FF" | |
| echo | |
| echo "To find these commands more easily from memory, note that:" | |
| echo "1B is the PWD_AUTH command from the datasheet, which has the" | |
| echo "8 char hex password after it." | |
| echo "3A00FF is the READ_FAST command set to dump all possible data" | |
| echo "(00 start FF end)" | |
| echo | |
| echo "After you dump it, you'll need to find the start of your file" | |
| echo "and manually remove everything before it. On android you also" | |
| echo "need to convert the tag data from hex back to binary. You can" | |
| echo "use Termux on Android to help with this, namely edit the hex" | |
| echo "with vim to remove the zeros before the data at the end of" | |
| echo "the tag data, and then use \"cat dump | xxd -r -p > my_file\"" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment