script hf_mf_ultimatecard report "partial read of configuration, use -k or change cfg0 block"

[et-ness]

Describe the bug
I have an Ultime Magic Card, I tried to use the script hf_mf_ultimatecard for read configuration and give me the error:

[usb] pm3 --> script run hf_mf_ultimatecard -c 
[+] executing lua /mnt/data/progetti/pm3/iceman/client/luascripts/hf_mf_ultimatecard.lua
[+] args '-c'

ERROR: 	partial read of configuration, use -k or change cfg0 block	

[+] finished hf_mf_ultimatecard

My ultimate card return 32 byte from configuration

[usb] pm3 --> hf 14a raw -s -c -t 1000 CF00000000C6
[+] 00 00 00 00 00 00 02 09 09 78 00 91 02 BD AC 19 13 10 11 12 13 14 15 16 04 00 08 02 6B 00 4F 6B [ F4 41 ]

I tried to apply this patch

diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua
index b9011c36f..13710a4f1 100644
--- a/client/luascripts/hf_mf_ultimatecard.lua
+++ b/client/luascripts/hf_mf_ultimatecard.lua
@@ -186,7 +186,7 @@ local function read_config()
     atqaf = atqa1..' '..atqa2
     cardtype, cardprotocol, gtustr, atsstr = 'unknown', 'unknown', 'unknown', 'unknown'
     if magicconfig == nil then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end
-    if #magicconfig ~= 64 then lib14a.disconnect(); return nil, "partial read of configuration, "..err_lock end
+    if #magicconfig ~= 64 and #magicconfig ~= 68 then lib14a.disconnect(); return nil, "partial read of configuration, "..err_lock end
     if gtumode == '00' then gtustr = 'Pre-write/Shadow Mode'
     elseif gtumode == '01' then gtustr = 'Restore Mode'
     elseif gtumode == '02' then gtustr = 'Disabled'

and works

[usb] pm3 --> script run hf_mf_ultimatecard -c
[+] executing lua /mnt/data/progetti/pm3/iceman/client/luascripts/hf_mf_ultimatecard.lua
[+] args '-c'

--> #magicconfig 68	expected 64
========================================================================================	
			Ultimate Magic Card Configuration	
========================================================================================	
 - Raw Config      	00000000000002090978009102BDAC191310111213141516040008026B00	
 - Card Protocol    	MIFARE Classic Protocol	
 - Ultralight Mode   	Disabled	
 - ULM Backdoor Key 	00000000	
 - GTU Mode     	Disabled	
 - Card Type     	MIFARE 1k S50 4-byte UID	
 - UID           	04223344	
 - ATQA          	00 04	
 - SAK          	08	

[+] finished hf_mf_ultimatecard

In my card there are these 2 bytes 6B 00 in last position but I don't know what do they mean. I never executed change commands, only a "script run hf_mf_ultimatecard -m 02"

[usb] pm3 --> hf search
 🕕  Searching for ISO14443-A tag...          
[+]  UID: 04 22 33 44 
[+] ATQA: 00 04
[+]  SAK: 08 [2]
[+] Possible types:
[+]    MIFARE Classic 1K
[=] -------------------------- ATS --------------------------
[+] ATS: 09 78 00 91 02 BD AC 19 13 [ 7C 00 ]
[=]      09...............  TL    length is 9 bytes
[=]         78............  T0    TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
[=]            00.........  TA1   different divisors are supported, DR: [], DS: []
[=]               91......  TB1   SFGI = 1 (SFGT = 8192/fc), FWI = 9 (FWT = 2097152/fc)
[=]                  02...  TC1   NAD is NOT supported, CID is supported

[=] -------------------- Historical bytes --------------------
[+]   BDAC1913

[+] Prng detection: weak
[#] Auth error
[?] Hint: try `hf mf` commands


[+] Valid ISO 14443-A tag found

 🕓  Searching for ISO14443-B tag...          
[+]  UID    : 04 22 33 44 
[+]  ATQB   : 1C 00 00 11 77 81 85 
[+]  CHIPID : 00
[+]       App Data: 1C 00 00 11 
[+]       Protocol: 77 81 85 
[+]       Bit Rate: 212 kbit/s PICC -> PCD supported
[+]       Bit Rate: 424 kbit/s PICC -> PCD supported
[+]       Bit Rate: 847 kbit/s PICC -> PCD supported
[+]       Bit Rate: 212 kbit/s PICC <- PCD supported
[+]       Bit Rate: 424 kbit/s PICC <- PCD supported
[+]       Bit Rate: 847 kbit/s PICC <- PCD supported
[+] Max Frame Size: 256 bytes
[+]  Protocol Type: Protocol is compliant with ISO/IEC 14443-4
[+] Frame Wait Integer: 8 - 8192 ETUs | 77312 us
[+]  App Data Code: Application is Standard
[+]  Frame Options: NAD is not supported
[+]  Frame Options: CID is supported
[+] Tag :
[+]   Max Buf Length: 1 (MBLI) 
[+]   CID : 0

[+] 14443-3b tag found:

[+] unknown tag type answered to a 0x000b3f80 command ans:

hf search report "unknown tag type answered to a 0x000b3f80 command ans:" what does it mean?

Factory test, don't returns 6666, but this

[usb] pm3 --> hf 14a raw -s -c -t 1000 CF00000000CC
[+] 00 00 00 03 AB [ E7 31 ]

Expected behavior
Read configuration without issue

Desktop (please complete the following information):

• OS: linux
• hw version

 [usb] pm3 --> hw version

 [ Proxmark3 RFID instrument ]

 [ CLIENT ]
  Iceman/master/v4.15864-78-gc88c3bc4f 2022-11-26 08:25:47 2644e31b5
  compiled with............. GCC 10.2.1 20210110
  platform.................. Linux / x86_64
  Readline support.......... present
  QT GUI support............ absent
  native BT support......... absent
  Python script support..... present
  Lua SWIG support.......... present
  Python SWIG support....... present

 [ PROXMARK3 ]
  firmware.................. PM3 GENERIC

 [ ARM ]
  bootrom: Iceman/master/v4.15864-31-gbde4e8d75 2022-11-12 09:13:54 2afcb5732
       os: Iceman/master/v4.15864-78-gc88c3bc4f 2022-11-26 08:25:58 2644e31b5
  compiled with GCC 11.2.1 20220111

 [ FPGA ] 
  LF image 2s30vq100 2022-03-23 17:21:05
  HF image 2s30vq100 2022-03-23 17:21:16
  HF FeliCa image 2s30vq100 2022-03-23 17:21:27
  HF 15 image 2s30vq100 2022-03-23 17:21:38

 [ Hardware ]
  --= uC: AT91SAM7S512 Rev A
  --= Embedded Processor: ARM7TDMI
  --= Internal SRAM size: 64K bytes
  --= Architecture identifier: AT91SAM7Sxx Series
  --= Embedded flash memory 512K bytes ( 59% used )

• hw status

 [usb] pm3 --> hw status
[#] Memory
[#]   BigBuf_size............. 42724
[#]   Available memory........ 40416
[#] Tracing
[#]   tracing ................ 0
[#]   traceLen ............... 189
[#] Current FPGA image
[#]   mode.................... HF image 2s30vq100 2022-03-23 17:21:16
[#] LF Sampling config
[#]   [q] divisor............. 95 ( 125.00 kHz )
[#]   [b] bits per sample..... 8
[#]   [d] decimation.......... 1
[#]   [a] averaging........... yes
[#]   [t] trigger threshold... 0
[#]   [s] samples to skip..... 0 
[#] 
[#] LF T55XX config
[#]            [r]               [a]   [b]   [c]   [d]   [e]   [f]   [g]
[#]            mode            |start|write|write|write| read|write|write
[#]                            | gap | gap |  0  |  1  | gap |  2  |  3
[#] ---------------------------+-----+-----+-----+-----+-----+-----+------
[#] fixed bit length (default) |  31 |  20 |  18 |  50 |  15 | N/A | N/A | 
[#]     long leading reference |  31 |  20 |  18 |  50 |  15 | N/A | N/A | 
[#]               leading zero |  31 |  20 |  18 |  40 |  15 | N/A | N/A | 
[#]    1 of 4 coding reference |  31 |  20 |  18 |  34 |  15 |  50 |  66 | 
[#] 
[#] HF 14a config
[#]   [a] Anticol override.... std    ( follow standard )
[#]   [b] BCC override........ std    ( follow standard )
[#]   [2] CL2 override........ std    ( follow standard )
[#]   [3] CL3 override........ std    ( follow standard )
[#]   [r] RATS override....... std    ( follow standard )
[#] Transfer Speed
[#]   Sending packets to client...
[#]   Time elapsed................... 500ms
[#]   Bytes transferred.............. 274432
[#]   Transfer Speed PM3 -> Client... 548864 bytes/s
[#] Various
[#]   Max stack usage......... 4088 / 8480 bytes
[#]   Debug log level......... 1 ( error )
[#]   ToSendMax............... 84
[#]   ToSend BUFFERSIZE....... 2308
[#]   Slow clock.............. 29948 Hz
[#] Installed StandAlone Mode
[#]   LF HID26 standalone - aka SamyRun (Samy Kamkar)
[#] 

• data tune

 [=] ---------- LF Antenna ----------
[+] LF antenna: 27.48 V - 125.00 kHz
[+] LF antenna: 20.25 V - 134.83 kHz
[+] LF optimal: 27.48 V - 125.00 kHz
[+] Approx. Q factor (*): 6.9 by frequency bandwidth measurement
[+] Approx. Q factor (*): 8.0 by peak voltage measurement
[+] LF antenna is OK
[=] ---------- HF Antenna ----------
[+] HF antenna: 16.87 V - 13.56 MHz
[+] Approx. Q factor (*): 4.9 by peak voltage measurement
[+] HF antenna is OK

(*) Q factor must be measured without tag on the antenna

[+] Displaying LF tuning graph. Divisor 88 (blue) is 134.83 kHz, 95 (red) is 125.00 kHz.

[DidierA]

Hello,
interesting, where did you get this card?

[et-ness]

Hello, interesting, where did you get this card?

lab401

[DidierA]

Funny, I got two from them 2 months ago and they behave as described in the notes (30 bytes returned)
lab401 also links here for documentation...

[et-ness]

it was out of stock for a time.
does your version emulate a tag 14b?

[DidierA]

Yes

[iceman1001]

make a PR with your patch?

[DidierA]

Please test PR #1827 .
it contains your patch to hf_mfu_ultimatecard, and hf 14a info should detect your card as magic gen4.