projects / proxmark3-svn / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Minor fix with previous cache-removal
[proxmark3-svn] / armsrc / mifarecmd.c
... / ...
CommitLineData
1//-----------------------------------------------------------------------------\r
2// Merlok - June 2011, 2012\r
3// Gerhard de Koning Gans - May 2008\r
4// Hagen Fritsch - June 2010\r
5// Midnitesnake - Dec 2013\r
6// Andy Davies - Apr 2014\r
7// Iceman - May 2014\r
8//\r
9// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
10// at your option, any later version. See the LICENSE.txt file for the text of\r
11// the license.\r
12//-----------------------------------------------------------------------------\r
13// Routines to support ISO 14443 type A.\r
14//-----------------------------------------------------------------------------\r
15\r
16#include "mifarecmd.h"\r
17#include "apps.h"\r
18#include "util.h"\r
19#include "crc.h"\r
20\r
21// the block number for the ISO14443-4 PCB\r
22uint8_t pcb_blocknum = 0;\r
23// Deselect card by sending a s-block. the crc is precalced for speed\r
24static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};\r
25\r
26//-----------------------------------------------------------------------------\r
27// Select, Authenticate, Read a MIFARE tag. \r
28// read block\r
29//-----------------------------------------------------------------------------\r
30void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
31{\r
32 // params\r
33 uint8_t blockNo = arg0;\r
34 uint8_t keyType = arg1;\r
35 uint64_t ui64Key = 0;\r
36 ui64Key = bytes_to_num(datain, 6);\r
37 \r
38 // variables\r
39 byte_t isOK = 0;\r
40 byte_t dataoutbuf[16];\r
41 uint8_t uid[10];\r
42 uint32_t cuid;\r
43 struct Crypto1State mpcs = {0, 0};\r
44 struct Crypto1State *pcs;\r
45 pcs = &mpcs;\r
46\r
47 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
48\r
49 clear_trace();\r
50\r
51 LED_A_ON();\r
52 LED_B_OFF();\r
53 LED_C_OFF();\r
54\r
55 while (true) {\r
56 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
57 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
58 break;\r
59 };\r
60\r
61 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
62 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
63 break;\r
64 };\r
65 \r
66 if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {\r
67 if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");\r
68 break;\r
69 };\r
70\r
71 if(mifare_classic_halt(pcs, cuid)) {\r
72 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
73 break;\r
74 };\r
75 \r
76 isOK = 1;\r
77 break;\r
78 }\r
79 \r
80 // ----------------------------- crypto1 destroy\r
81 crypto1_destroy(pcs);\r
82 \r
83 if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");\r
84\r
85 LED_B_ON();\r
86 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
87 LED_B_OFF();\r
88\r
89 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
90 LEDsoff();\r
91}\r
92\r
93void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){\r
94\r
95 bool turnOffField = (arg0 == 1);\r
96\r
97 LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
98\r
99 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
100\r
101 clear_trace();\r
102\r
103 if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
104 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
105 OnError(0);\r
106 return;\r
107 };\r
108 \r
109 if(!mifare_ultra_auth(keybytes)){\r
110 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");\r
111 OnError(1);\r
112 return;\r
113 }\r
114\r
115 if (turnOffField) {\r
116 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
117 LEDsoff();\r
118 }\r
119 cmd_send(CMD_ACK,1,0,0,0,0);\r
120}\r
121\r
122// Arg0 = BlockNo,\r
123// Arg1 = UsePwd bool\r
124// datain = PWD bytes,\r
125void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
126{\r
127 uint8_t blockNo = arg0;\r
128 byte_t dataout[16] = {0x00};\r
129 bool useKey = (arg1 == 1); //UL_C\r
130 bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
131\r
132 LEDsoff();\r
133 LED_A_ON();\r
134 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
135\r
136 clear_trace();\r
137\r
138 int len = iso14443a_select_card(NULL, NULL, NULL);\r
139 if(!len) {\r
140 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
141 OnError(1);\r
142 return;\r
143 }\r
144\r
145 // UL-C authentication\r
146 if ( useKey ) {\r
147 uint8_t key[16] = {0x00};\r
148 memcpy(key, datain, sizeof(key) );\r
149\r
150 if ( !mifare_ultra_auth(key) ) {\r
151 OnError(1);\r
152 return;\r
153 }\r
154 }\r
155\r
156 // UL-EV1 / NTAG authentication\r
157 if ( usePwd ) {\r
158 uint8_t pwd[4] = {0x00};\r
159 memcpy(pwd, datain, 4);\r
160 uint8_t pack[4] = {0,0,0,0};\r
161 if (!mifare_ul_ev1_auth(pwd, pack)) {\r
162 OnError(1);\r
163 return;\r
164 }\r
165 } \r
166\r
167 if( mifare_ultra_readblock(blockNo, dataout) ) {\r
168 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");\r
169 OnError(2);\r
170 return;\r
171 }\r
172\r
173 if( mifare_ultra_halt() ) {\r
174 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
175 OnError(3);\r
176 return;\r
177 }\r
178\r
179 cmd_send(CMD_ACK,1,0,0,dataout,16);\r
180 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
181 LEDsoff();\r
182}\r
183\r
184//-----------------------------------------------------------------------------\r
185// Select, Authenticate, Read a MIFARE tag. \r
186// read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)\r
187//-----------------------------------------------------------------------------\r
188void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
189{\r
190 // params\r
191 uint8_t sectorNo = arg0;\r
192 uint8_t keyType = arg1;\r
193 uint64_t ui64Key = 0;\r
194 ui64Key = bytes_to_num(datain, 6);\r
195 \r
196 // variables\r
197 byte_t isOK = 0;\r
198 byte_t dataoutbuf[16 * 16];\r
199 uint8_t uid[10];\r
200 uint32_t cuid;\r
201 struct Crypto1State mpcs = {0, 0};\r
202 struct Crypto1State *pcs;\r
203 pcs = &mpcs;\r
204\r
205 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
206\r
207 clear_trace();\r
208\r
209 LED_A_ON();\r
210 LED_B_OFF();\r
211 LED_C_OFF();\r
212\r
213 isOK = 1;\r
214 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
215 isOK = 0;\r
216 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
217 }\r
218\r
219 \r
220 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
221 isOK = 0;\r
222 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
223 }\r
224 \r
225 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
226 if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {\r
227 isOK = 0;\r
228 if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);\r
229 break;\r
230 }\r
231 }\r
232 \r
233 if(mifare_classic_halt(pcs, cuid)) {\r
234 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
235 }\r
236\r
237 // ----------------------------- crypto1 destroy\r
238 crypto1_destroy(pcs);\r
239 \r
240 if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");\r
241\r
242 LED_B_ON();\r
243 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));\r
244 LED_B_OFF();\r
245\r
246 // Thats it...\r
247 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
248 LEDsoff();\r
249}\r
250\r
251// arg0 = blockNo (start)\r
252// arg1 = Pages (number of blocks)\r
253// arg2 = useKey\r
254// datain = KEY bytes\r
255void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
256{\r
257 LEDsoff();\r
258 LED_A_ON();\r
259 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
260\r
261 // free eventually allocated BigBuf memory\r
262 BigBuf_free();\r
263 clear_trace();\r
264\r
265 // params\r
266 uint8_t blockNo = arg0;\r
267 uint16_t blocks = arg1;\r
268 bool useKey = (arg2 == 1); //UL_C\r
269 bool usePwd = (arg2 == 2); //UL_EV1/NTAG\r
270 uint32_t countblocks = 0;\r
271 uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);\r
272 if (dataout == NULL){\r
273 Dbprintf("out of memory");\r
274 OnError(1);\r
275 return;\r
276 }\r
277\r
278 int len = iso14443a_select_card(NULL, NULL, NULL);\r
279 if (!len) {\r
280 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);\r
281 OnError(1);\r
282 return;\r
283 }\r
284\r
285 // UL-C authentication\r
286 if ( useKey ) {\r
287 uint8_t key[16] = {0x00};\r
288 memcpy(key, datain, sizeof(key) );\r
289\r
290 if ( !mifare_ultra_auth(key) ) {\r
291 OnError(1);\r
292 return;\r
293 }\r
294 }\r
295\r
296 // UL-EV1 / NTAG authentication\r
297 if (usePwd) {\r
298 uint8_t pwd[4] = {0x00};\r
299 memcpy(pwd, datain, sizeof(pwd));\r
300 uint8_t pack[4] = {0,0,0,0};\r
301\r
302 if (!mifare_ul_ev1_auth(pwd, pack)){\r
303 OnError(1);\r
304 return; \r
305 }\r
306 }\r
307\r
308 for (int i = 0; i < blocks; i++){\r
309 if ((i*4) + 4 >= CARD_MEMORY_SIZE) {\r
310 Dbprintf("Data exceeds buffer!!");\r
311 break;\r
312 }\r
313 \r
314 len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);\r
315\r
316 if (len) {\r
317 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);\r
318 // if no blocks read - error out\r
319 if (i==0){\r
320 OnError(2);\r
321 return;\r
322 } else {\r
323 //stop at last successful read block and return what we got\r
324 break;\r
325 }\r
326 } else {\r
327 countblocks++;\r
328 }\r
329 }\r
330\r
331 len = mifare_ultra_halt();\r
332 if (len) {\r
333 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
334 OnError(3);\r
335 return;\r
336 }\r
337\r
338 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);\r
339\r
340 countblocks *= 4;\r
341\r
342 cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);\r
343 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
344 LEDsoff();\r
345 BigBuf_free();\r
346}\r
347\r
348//-----------------------------------------------------------------------------\r
349// Select, Authenticate, Write a MIFARE tag. \r
350// read block\r
351//-----------------------------------------------------------------------------\r
352void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
353{\r
354 // params\r
355 uint8_t blockNo = arg0;\r
356 uint8_t keyType = arg1;\r
357 uint64_t ui64Key = 0;\r
358 byte_t blockdata[16];\r
359\r
360 ui64Key = bytes_to_num(datain, 6);\r
361 memcpy(blockdata, datain + 10, 16);\r
362 \r
363 // variables\r
364 byte_t isOK = 0;\r
365 uint8_t uid[10];\r
366 uint32_t cuid;\r
367 struct Crypto1State mpcs = {0, 0};\r
368 struct Crypto1State *pcs;\r
369 pcs = &mpcs;\r
370\r
371 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
372\r
373 clear_trace();\r
374\r
375 LED_A_ON();\r
376 LED_B_OFF();\r
377 LED_C_OFF();\r
378\r
379 while (true) {\r
380 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
381 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
382 break;\r
383 };\r
384\r
385 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
386 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
387 break;\r
388 };\r
389 \r
390 if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) {\r
391 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
392 break;\r
393 };\r
394\r
395 if(mifare_classic_halt(pcs, cuid)) {\r
396 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
397 break;\r
398 };\r
399 \r
400 isOK = 1;\r
401 break;\r
402 }\r
403 \r
404 // ----------------------------- crypto1 destroy\r
405 crypto1_destroy(pcs);\r
406 \r
407 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
408\r
409 LED_B_ON();\r
410 cmd_send(CMD_ACK,isOK,0,0,0,0);\r
411 LED_B_OFF();\r
412\r
413\r
414 // Thats it...\r
415 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
416 LEDsoff();\r
417}\r
418\r
419/* // Command not needed but left for future testing \r
420void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)\r
421{\r
422 uint8_t blockNo = arg0;\r
423 byte_t blockdata[16] = {0x00};\r
424\r
425 memcpy(blockdata, datain, 16);\r
426\r
427 uint8_t uid[10] = {0x00};\r
428\r
429 LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
430\r
431 clear_trace();\r
432 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
433\r
434 if(!iso14443a_select_card(uid, NULL, NULL)) {\r
435 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
436 OnError(0);\r
437 return;\r
438 };\r
439\r
440 if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {\r
441 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
442 OnError(0);\r
443 return; };\r
444\r
445 if(mifare_ultra_halt()) {\r
446 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
447 OnError(0);\r
448 return;\r
449 };\r
450\r
451 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
452\r
453 cmd_send(CMD_ACK,1,0,0,0,0);\r
454 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
455 LEDsoff();\r
456}\r
457*/\r
458\r
459// Arg0 : Block to write to.\r
460// Arg1 : 0 = use no authentication.\r
461// 1 = use 0x1A authentication.\r
462// 2 = use 0x1B authentication.\r
463// datain : 4 first bytes is data to be written.\r
464// : 4/16 next bytes is authentication key.\r
465void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
466{\r
467 uint8_t blockNo = arg0;\r
468 bool useKey = (arg1 == 1); //UL_C\r
469 bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
470 byte_t blockdata[4] = {0x00};\r
471\r
472 memcpy(blockdata, datain,4);\r
473 \r
474 LEDsoff();\r
475 LED_A_ON();\r
476 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
477\r
478 clear_trace();\r
479\r
480 if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
481 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
482 OnError(0);\r
483 return;\r
484 };\r
485\r
486 // UL-C authentication\r
487 if ( useKey ) {\r
488 uint8_t key[16] = {0x00};\r
489 memcpy(key, datain+4, sizeof(key) );\r
490\r
491 if ( !mifare_ultra_auth(key) ) {\r
492 OnError(1);\r
493 return;\r
494 }\r
495 }\r
496 \r
497 // UL-EV1 / NTAG authentication\r
498 if (usePwd) {\r
499 uint8_t pwd[4] = {0x00};\r
500 memcpy(pwd, datain+4, 4);\r
501 uint8_t pack[4] = {0,0,0,0};\r
502 if (!mifare_ul_ev1_auth(pwd, pack)) {\r
503 OnError(1);\r
504 return;\r
505 }\r
506 }\r
507\r
508 if(mifare_ultra_writeblock(blockNo, blockdata)) {\r
509 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
510 OnError(0);\r
511 return;\r
512 };\r
513\r
514 if(mifare_ultra_halt()) {\r
515 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
516 OnError(0);\r
517 return;\r
518 };\r
519\r
520 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
521\r
522 cmd_send(CMD_ACK,1,0,0,0,0);\r
523 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
524 LEDsoff();\r
525}\r
526\r
527void MifareUSetPwd(uint8_t arg0, uint8_t *datain){\r
528 \r
529 uint8_t pwd[16] = {0x00};\r
530 byte_t blockdata[4] = {0x00};\r
531 \r
532 memcpy(pwd, datain, 16);\r
533 \r
534 LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
535 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
536\r
537 clear_trace();\r
538\r
539 if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
540 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
541 OnError(0);\r
542 return;\r
543 };\r
544\r
545 blockdata[0] = pwd[7];\r
546 blockdata[1] = pwd[6];\r
547 blockdata[2] = pwd[5];\r
548 blockdata[3] = pwd[4];\r
549 if(mifare_ultra_writeblock( 44, blockdata)) {\r
550 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
551 OnError(44);\r
552 return;\r
553 };\r
554\r
555 blockdata[0] = pwd[3];\r
556 blockdata[1] = pwd[2];\r
557 blockdata[2] = pwd[1];\r
558 blockdata[3] = pwd[0];\r
559 if(mifare_ultra_writeblock( 45, blockdata)) {\r
560 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
561 OnError(45);\r
562 return;\r
563 };\r
564\r
565 blockdata[0] = pwd[15];\r
566 blockdata[1] = pwd[14];\r
567 blockdata[2] = pwd[13];\r
568 blockdata[3] = pwd[12];\r
569 if(mifare_ultra_writeblock( 46, blockdata)) {\r
570 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
571 OnError(46);\r
572 return;\r
573 };\r
574\r
575 blockdata[0] = pwd[11];\r
576 blockdata[1] = pwd[10];\r
577 blockdata[2] = pwd[9];\r
578 blockdata[3] = pwd[8];\r
579 if(mifare_ultra_writeblock( 47, blockdata)) {\r
580 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
581 OnError(47);\r
582 return;\r
583 }; \r
584\r
585 if(mifare_ultra_halt()) {\r
586 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
587 OnError(0);\r
588 return;\r
589 };\r
590\r
591 cmd_send(CMD_ACK,1,0,0,0,0);\r
592 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
593 LEDsoff();\r
594}\r
595\r
596// Return 1 if the nonce is invalid else return 0\r
597int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {\r
598 return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
599 (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \\r
600 (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;\r
601}\r
602\r
603\r
604//-----------------------------------------------------------------------------\r
605// MIFARE nested authentication. \r
606// \r
607//-----------------------------------------------------------------------------\r
608void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)\r
609{\r
610 // params\r
611 uint8_t blockNo = arg0 & 0xff;\r
612 uint8_t keyType = (arg0 >> 8) & 0xff;\r
613 uint8_t targetBlockNo = arg1 & 0xff;\r
614 uint8_t targetKeyType = (arg1 >> 8) & 0xff;\r
615 uint64_t ui64Key = 0;\r
616\r
617 ui64Key = bytes_to_num(datain, 6);\r
618 \r
619 // variables\r
620 uint16_t rtr, i, j, len;\r
621 uint16_t davg;\r
622 static uint16_t dmin, dmax;\r
623 uint8_t uid[10];\r
624 uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;\r
625 uint8_t par[1];\r
626 uint32_t target_nt[2], target_ks[2];\r
627 \r
628 uint8_t par_array[4];\r
629 uint16_t ncount = 0;\r
630 struct Crypto1State mpcs = {0, 0};\r
631 struct Crypto1State *pcs;\r
632 pcs = &mpcs;\r
633 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
634\r
635 uint32_t auth1_time, auth2_time;\r
636 static uint16_t delta_time;\r
637\r
638 LED_A_ON();\r
639 LED_C_OFF();\r
640 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
641\r
642 // free eventually allocated BigBuf memory\r
643 BigBuf_free();\r
644\r
645 if (calibrate) clear_trace();\r
646 set_tracing(true);\r
647 \r
648 // statistics on nonce distance\r
649 int16_t isOK = 0;\r
650 #define NESTED_MAX_TRIES 12\r
651 uint16_t unsuccessfull_tries = 0;\r
652 if (calibrate) { // for first call only. Otherwise reuse previous calibration\r
653 LED_B_ON();\r
654 WDT_HIT();\r
655\r
656 davg = dmax = 0;\r
657 dmin = 2000;\r
658 delta_time = 0;\r
659 \r
660 for (rtr = 0; rtr < 17; rtr++) {\r
661\r
662 // Test if the action was cancelled\r
663 if(BUTTON_PRESS()) {\r
664 isOK = -2;\r
665 break;\r
666 }\r
667\r
668 // prepare next select. No need to power down the card.\r
669 if(mifare_classic_halt(pcs, cuid)) {\r
670 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");\r
671 rtr--;\r
672 continue;\r
673 }\r
674\r
675 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
676 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
677 rtr--;\r
678 continue;\r
679 };\r
680\r
681 auth1_time = 0;\r
682 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
683 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");\r
684 rtr--;\r
685 continue;\r
686 };\r
687\r
688 if (delta_time) {\r
689 auth2_time = auth1_time + delta_time;\r
690 } else {\r
691 auth2_time = 0;\r
692 }\r
693 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {\r
694 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");\r
695 rtr--;\r
696 continue;\r
697 };\r
698\r
699 nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160\r
700 for (i = 101; i < 1200; i++) {\r
701 nttmp = prng_successor(nttmp, 1);\r
702 if (nttmp == nt2) break;\r
703 }\r
704\r
705 if (i != 1200) {\r
706 if (rtr != 0) {\r
707 davg += i;\r
708 dmin = MIN(dmin, i);\r
709 dmax = MAX(dmax, i);\r
710 }\r
711 else {\r
712 delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing\r
713 }\r
714 if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
715 } else {\r
716 unsuccessfull_tries++;\r
717 if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable)\r
718 isOK = -3;\r
719 }\r
720 }\r
721 }\r
722\r
723 davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
724 \r
725 if (MF_DBGLEVEL >= 3) Dbprintf("rtr=%d isOK=%d min=%d max=%d avg=%d, delta_time=%d", rtr, isOK, dmin, dmax, davg, delta_time);\r
726\r
727 dmin = davg - 2;\r
728 dmax = davg + 2;\r
729 \r
730 LED_B_OFF();\r
731 \r
732 }\r
733 // ------------------------------------------------------------------------------------------------- \r
734 \r
735 LED_C_ON();\r
736\r
737 // get crypted nonces for target sector\r
738 for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
739\r
740 target_nt[i] = 0;\r
741 while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
742 \r
743 // prepare next select. No need to power down the card.\r
744 if(mifare_classic_halt(pcs, cuid)) {\r
745 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");\r
746 continue;\r
747 }\r
748\r
749 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
750 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");\r
751 continue;\r
752 };\r
753 \r
754 auth1_time = 0;\r
755 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
756 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");\r
757 continue;\r
758 };\r
759\r
760 // nested authentication\r
761 auth2_time = auth1_time + delta_time;\r
762 len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);\r
763 if (len != 4) {\r
764 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);\r
765 continue;\r
766 };\r
767 \r
768 nt2 = bytes_to_num(receivedAnswer, 4); \r
769 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);\r
770 \r
771 // Parity validity check\r
772 for (j = 0; j < 4; j++) {\r
773 par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));\r
774 }\r
775 \r
776 ncount = 0;\r
777 nttest = prng_successor(nt1, dmin - 1);\r
778 for (j = dmin; j < dmax + 1; j++) {\r
779 nttest = prng_successor(nttest, 1);\r
780 ks1 = nt2 ^ nttest;\r
781\r
782 if (valid_nonce(nttest, nt2, ks1, par_array)){\r
783 if (ncount > 0) { // we are only interested in disambiguous nonces, try again\r
784 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);\r
785 target_nt[i] = 0;\r
786 break;\r
787 }\r
788 target_nt[i] = nttest;\r
789 target_ks[i] = ks1;\r
790 ncount++;\r
791 if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces\r
792 target_nt[i] = 0;\r
793 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);\r
794 break;\r
795 }\r
796 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);\r
797 }\r
798 }\r
799 if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);\r
800 }\r
801 }\r
802\r
803 LED_C_OFF();\r
804 \r
805 // ----------------------------- crypto1 destroy\r
806 crypto1_destroy(pcs);\r
807 \r
808 byte_t buf[4 + 4 * 4];\r
809 memcpy(buf, &cuid, 4);\r
810 memcpy(buf+4, &target_nt[0], 4);\r
811 memcpy(buf+8, &target_ks[0], 4);\r
812 memcpy(buf+12, &target_nt[1], 4);\r
813 memcpy(buf+16, &target_ks[1], 4);\r
814 \r
815 LED_B_ON();\r
816 cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
817 LED_B_OFF();\r
818\r
819 if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");\r
820\r
821 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
822 LEDsoff();\r
823}\r
824\r
825//-----------------------------------------------------------------------------\r
826// MIFARE check keys. key count up to 85. \r
827// \r
828//-----------------------------------------------------------------------------\r
829void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
830{\r
831 // params\r
832 uint8_t blockNo = arg0 & 0xff;\r
833 uint8_t keyType = (arg0 >> 8) & 0xff;\r
834 bool clearTrace = arg1;\r
835 uint8_t keyCount = arg2;\r
836 uint64_t ui64Key = 0;\r
837 \r
838 // variables\r
839 int i;\r
840 byte_t isOK = 0;\r
841 uint8_t uid[10];\r
842 uint32_t cuid;\r
843 struct Crypto1State mpcs = {0, 0};\r
844 struct Crypto1State *pcs;\r
845 pcs = &mpcs;\r
846 \r
847 // clear debug level\r
848 int OLD_MF_DBGLEVEL = MF_DBGLEVEL; \r
849 MF_DBGLEVEL = MF_DBG_NONE;\r
850 \r
851 LED_A_ON();\r
852 LED_B_OFF();\r
853 LED_C_OFF();\r
854 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
855\r
856 if (clearTrace) clear_trace();\r
857 set_tracing(TRUE);\r
858\r
859 for (i = 0; i < keyCount; i++) {\r
860 if(mifare_classic_halt(pcs, cuid)) {\r
861 if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");\r
862 }\r
863\r
864 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
865 if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");\r
866 break;\r
867 };\r
868\r
869 ui64Key = bytes_to_num(datain + i * 6, 6);\r
870 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
871 continue;\r
872 };\r
873 \r
874 isOK = 1;\r
875 break;\r
876 }\r
877 \r
878 // ----------------------------- crypto1 destroy\r
879 crypto1_destroy(pcs);\r
880 \r
881 LED_B_ON();\r
882 cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
883 LED_B_OFF();\r
884\r
885 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
886 LEDsoff();\r
887\r
888 // restore debug level\r
889 MF_DBGLEVEL = OLD_MF_DBGLEVEL; \r
890}\r
891\r
892//-----------------------------------------------------------------------------\r
893// MIFARE commands set debug level\r
894// \r
895//-----------------------------------------------------------------------------\r
896void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
897 MF_DBGLEVEL = arg0;\r
898 Dbprintf("Debug level: %d", MF_DBGLEVEL);\r
899}\r
900\r
901//-----------------------------------------------------------------------------\r
902// Work with emulator memory\r
903// \r
904// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_HF) here although FPGA is not\r
905// involved in dealing with emulator memory. But if it is called later, it might\r
906// destroy the Emulator Memory.\r
907//-----------------------------------------------------------------------------\r
908\r
909void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
910 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
911 emlClearMem();\r
912}\r
913\r
914void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
915 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
916 emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
917}\r
918\r
919void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
920 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
921 byte_t buf[USB_CMD_DATA_SIZE];\r
922 emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
923\r
924 LED_B_ON();\r
925 cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);\r
926 LED_B_OFF();\r
927}\r
928\r
929//-----------------------------------------------------------------------------\r
930// Load a card into the emulator memory\r
931// \r
932//-----------------------------------------------------------------------------\r
933void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
934 uint8_t numSectors = arg0;\r
935 uint8_t keyType = arg1;\r
936 uint64_t ui64Key = 0;\r
937 uint32_t cuid;\r
938 struct Crypto1State mpcs = {0, 0};\r
939 struct Crypto1State *pcs;\r
940 pcs = &mpcs;\r
941\r
942 // variables\r
943 byte_t dataoutbuf[16];\r
944 byte_t dataoutbuf2[16];\r
945 uint8_t uid[10];\r
946\r
947 LED_A_ON();\r
948 LED_B_OFF();\r
949 LED_C_OFF();\r
950 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
951 \r
952 clear_trace();\r
953 set_tracing(false);\r
954 \r
955 bool isOK = true;\r
956\r
957 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
958 isOK = false;\r
959 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
960 }\r
961 \r
962 for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
963 ui64Key = emlGetKey(sectorNo, keyType);\r
964 if (sectorNo == 0){\r
965 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
966 isOK = false;\r
967 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);\r
968 break;\r
969 }\r
970 } else {\r
971 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {\r
972 isOK = false;\r
973 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);\r
974 break;\r
975 }\r
976 }\r
977 \r
978 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
979 if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {\r
980 isOK = false;\r
981 if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);\r
982 break;\r
983 };\r
984 if (isOK) {\r
985 if (blockNo < NumBlocksPerSector(sectorNo) - 1) {\r
986 emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);\r
987 } else { // sector trailer, keep the keys, set only the AC\r
988 emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);\r
989 memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);\r
990 emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);\r
991 }\r
992 }\r
993 }\r
994\r
995 }\r
996\r
997 if(mifare_classic_halt(pcs, cuid)) {\r
998 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
999 };\r
1000\r
1001 // ----------------------------- crypto1 destroy\r
1002 crypto1_destroy(pcs);\r
1003\r
1004 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1005 LEDsoff();\r
1006 \r
1007 if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
1008\r
1009}\r
1010\r
1011\r
1012//-----------------------------------------------------------------------------\r
1013// Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)\r
1014// \r
1015//-----------------------------------------------------------------------------\r
1016void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
1017 \r
1018 // params\r
1019 uint8_t needWipe = arg0;\r
1020 // bit 0 - need get UID\r
1021 // bit 1 - need wupC\r
1022 // bit 2 - need HALT after sequence\r
1023 // bit 3 - need init FPGA and field before sequence\r
1024 // bit 4 - need reset FPGA and LED\r
1025 uint8_t workFlags = arg1;\r
1026 uint8_t blockNo = arg2;\r
1027 \r
1028 // card commands\r
1029 uint8_t wupC1[] = { 0x40 }; \r
1030 uint8_t wupC2[] = { 0x43 }; \r
1031 uint8_t wipeC[] = { 0x41 }; \r
1032 \r
1033 // variables\r
1034 byte_t isOK = 0;\r
1035 uint8_t uid[10] = {0x00};\r
1036 uint8_t d_block[18] = {0x00};\r
1037 uint32_t cuid;\r
1038 \r
1039 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
1040 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
1041\r
1042 // reset FPGA and LED\r
1043 if (workFlags & 0x08) {\r
1044 LED_A_ON();\r
1045 LED_B_OFF();\r
1046 LED_C_OFF();\r
1047 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
1048 \r
1049 clear_trace();\r
1050 set_tracing(TRUE);\r
1051 }\r
1052\r
1053 while (true) {\r
1054\r
1055 // get UID from chip\r
1056 if (workFlags & 0x01) {\r
1057 if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
1058 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
1059 break;\r
1060 };\r
1061\r
1062 if(mifare_classic_halt(NULL, cuid)) {\r
1063 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
1064 break;\r
1065 };\r
1066 };\r
1067 \r
1068 // reset chip\r
1069 if (needWipe){\r
1070 ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
1071 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1072 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
1073 break;\r
1074 };\r
1075\r
1076 ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
1077 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1078 if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");\r
1079 break;\r
1080 };\r
1081\r
1082 if(mifare_classic_halt(NULL, cuid)) {\r
1083 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
1084 break;\r
1085 };\r
1086 }; \r
1087\r
1088 // write block\r
1089 if (workFlags & 0x02) {\r
1090 ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
1091 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1092 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
1093 break;\r
1094 };\r
1095\r
1096 ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
1097 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1098 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");\r
1099 break;\r
1100 };\r
1101 }\r
1102\r
1103 if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
1104 if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");\r
1105 break;\r
1106 };\r
1107 \r
1108 memcpy(d_block, datain, 16);\r
1109 AppendCrc14443a(d_block, 16);\r
1110 \r
1111 ReaderTransmit(d_block, sizeof(d_block), NULL);\r
1112 if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {\r
1113 if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");\r
1114 break;\r
1115 }; \r
1116 \r
1117 if (workFlags & 0x04) {\r
1118 if (mifare_classic_halt(NULL, cuid)) {\r
1119 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
1120 break;\r
1121 };\r
1122 }\r
1123 \r
1124 isOK = 1;\r
1125 break;\r
1126 }\r
1127 \r
1128 LED_B_ON();\r
1129 cmd_send(CMD_ACK,isOK,0,0,uid,4);\r
1130 LED_B_OFF();\r
1131\r
1132 if ((workFlags & 0x10) || (!isOK)) {\r
1133 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1134 LEDsoff();\r
1135 }\r
1136}\r
1137\r
1138\r
1139void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
1140 \r
1141 // params\r
1142 // bit 1 - need wupC\r
1143 // bit 2 - need HALT after sequence\r
1144 // bit 3 - need init FPGA and field before sequence\r
1145 // bit 4 - need reset FPGA and LED\r
1146 uint8_t workFlags = arg0;\r
1147 uint8_t blockNo = arg2;\r
1148 \r
1149 // card commands\r
1150 uint8_t wupC1[] = { 0x40 }; \r
1151 uint8_t wupC2[] = { 0x43 }; \r
1152 \r
1153 // variables\r
1154 byte_t isOK = 0;\r
1155 uint8_t data[18] = {0x00};\r
1156 uint32_t cuid = 0;\r
1157 \r
1158 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
1159 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
1160 \r
1161 if (workFlags & 0x08) {\r
1162 LED_A_ON();\r
1163 LED_B_OFF();\r
1164 LED_C_OFF();\r
1165 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
1166\r
1167 clear_trace();\r
1168 set_tracing(TRUE);\r
1169 }\r
1170\r
1171 while (true) {\r
1172 if (workFlags & 0x02) {\r
1173 ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
1174 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1175 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
1176 break;\r
1177 };\r
1178\r
1179 ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
1180 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1181 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");\r
1182 break;\r
1183 };\r
1184 }\r
1185\r
1186 // read block\r
1187 if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {\r
1188 if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");\r
1189 break;\r
1190 };\r
1191 memcpy(data, receivedAnswer, 18);\r
1192 \r
1193 if (workFlags & 0x04) {\r
1194 if (mifare_classic_halt(NULL, cuid)) {\r
1195 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
1196 break;\r
1197 };\r
1198 }\r
1199 \r
1200 isOK = 1;\r
1201 break;\r
1202 }\r
1203 \r
1204 LED_B_ON();\r
1205 cmd_send(CMD_ACK,isOK,0,0,data,18);\r
1206 LED_B_OFF();\r
1207\r
1208 if ((workFlags & 0x10) || (!isOK)) {\r
1209 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1210 LEDsoff();\r
1211 }\r
1212}\r
1213\r
1214void MifareCIdent(){\r
1215 \r
1216 // card commands\r
1217 uint8_t wupC1[] = { 0x40 }; \r
1218 uint8_t wupC2[] = { 0x43 }; \r
1219 \r
1220 // variables\r
1221 byte_t isOK = 1;\r
1222 \r
1223 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
1224 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
1225\r
1226 ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
1227 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1228 isOK = 0;\r
1229 };\r
1230\r
1231 ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
1232 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
1233 isOK = 0;\r
1234 };\r
1235\r
1236 if (mifare_classic_halt(NULL, 0)) {\r
1237 isOK = 0;\r
1238 };\r
1239\r
1240 cmd_send(CMD_ACK,isOK,0,0,0,0);\r
1241}\r
1242\r
1243//\r
1244// DESFIRE\r
1245//\r
1246\r
1247void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){\r
1248\r
1249 byte_t dataout[11] = {0x00};\r
1250 uint8_t uid[10] = {0x00};\r
1251 uint32_t cuid;\r
1252 \r
1253 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
1254 clear_trace();\r
1255\r
1256 int len = iso14443a_select_card(uid, NULL, &cuid);\r
1257 if(!len) {\r
1258 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
1259 OnError(1);\r
1260 return;\r
1261 };\r
1262\r
1263 if(mifare_desfire_des_auth1(cuid, dataout)){\r
1264 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");\r
1265 OnError(4);\r
1266 return;\r
1267 }\r
1268\r
1269 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
1270 cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
1271}\r
1272\r
1273void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){\r
1274\r
1275 uint32_t cuid = arg0;\r
1276 uint8_t key[16] = {0x00};\r
1277 byte_t isOK = 0;\r
1278 byte_t dataout[12] = {0x00};\r
1279 \r
1280 memcpy(key, datain, 16);\r
1281 \r
1282 isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
1283 \r
1284 if( isOK) {\r
1285 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed"); \r
1286 OnError(4);\r
1287 return;\r
1288 }\r
1289\r
1290 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");\r
1291\r
1292 cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
1293 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1294 LEDsoff();\r
1295}\r
1296\r
1297void OnSuccess(){\r
1298 pcb_blocknum = 0;\r
1299 ReaderTransmit(deselect_cmd, 3 , NULL);\r
1300 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1301 LEDsoff();\r
1302}\r
1303\r
1304void OnError(uint8_t reason){\r
1305 pcb_blocknum = 0;\r
1306 ReaderTransmit(deselect_cmd, 3 , NULL);\r
1307 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
1308 cmd_send(CMD_ACK,0,reason,0,0,0);\r
1309 LEDsoff();\r
1310}\r
Proxmark3 GIT tracking
Impressum, Datenschutz