]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
11 #include "mifaresniff.h"
15 static int sniffState
= SNF_INIT
;
16 static uint8_t sniffUIDType
;
17 static uint8_t sniffUID
[8];
18 static uint8_t sniffATQA
[2];
19 static uint8_t sniffSAK
;
20 static uint8_t sniffBuf
[16];
21 static uint32_t timerData
= 0;
24 bool MfSniffInit(void){
25 memset(sniffUID
, 0x00, 8);
26 memset(sniffATQA
, 0x00, 2);
28 sniffUIDType
= SNF_UID_4
;
33 bool MfSniffEnd(void){
35 cmd_send(CMD_ACK
,0,0,0,0,0);
41 bool RAMFUNC
MfSniffLogic(const uint8_t *data
, uint16_t len
, uint8_t *parity
, uint16_t bitCnt
, bool reader
) {
43 if (reader
&& (len
== 1) && (bitCnt
== 7)) { // reset on 7-Bit commands from reader
44 sniffState
= SNF_INIT
;
49 if ((len
== 1) && (reader
) && (bitCnt
== 7) ) { // REQA or WUPA from reader
50 sniffUIDType
= SNF_UID_4
;
51 memset(sniffUID
, 0x00, 8);
52 memset(sniffATQA
, 0x00, 2);
54 sniffState
= SNF_WUPREQ
;
59 if ((!reader
) && (len
== 2)) { // ATQA from tag
60 memcpy(sniffATQA
, data
, 2);
61 sniffState
= SNF_ATQA
;
66 if ((reader
) && (len
== 2) && (data
[0] == 0x93) && (data
[1] == 0x20)) { // Select ALL from reader
67 sniffState
= SNF_ANTICOL1
;
72 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // UID from tag (CL1)
73 memcpy(sniffUID
+ 3, data
, 4);
74 sniffState
= SNF_UID1
;
79 if ((reader
) && (len
== 9) && (data
[0] == 0x93) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 4 Byte UID from reader
85 if ((!reader
) && (len
== 3) && (CheckCrc14443(CRC_14443_A
, data
, 3))) { // SAK from card?
87 if (sniffUID
[3] == 0x88) { // CL2 UID part to be expected
88 sniffState
= SNF_ANTICOL2
;
89 } else { // select completed
90 sniffState
= SNF_CARD_IDLE
;
96 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // CL2 UID
97 memcpy(sniffUID
, sniffUID
+4, 3);
98 memcpy(sniffUID
+3, data
, 4);
99 sniffUIDType
= SNF_UID_7
;
100 sniffState
= SNF_UID2
;
105 if ((reader
) && (len
== 9) && (data
[0] == 0x95) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 2nd part of 7 Byte UID
106 sniffState
= SNF_SAK
;
110 case SNF_CARD_IDLE
:{ // trace the card select sequence
113 memcpy(sniffBuf
+ 2, sniffUID
, 7);
114 memcpy(sniffBuf
+ 9, sniffATQA
, 2);
115 sniffBuf
[11] = sniffSAK
;
118 LogTrace(sniffBuf
, 14, 0, 0, NULL
, TRUE
);
119 } // intentionally no break;
121 LogTrace(data
, len
, 0, 0, NULL
, TRUE
);
122 sniffState
= SNF_CARD_RESP
;
123 timerData
= GetTickCount();
127 LogTrace(data
, len
, 0, 0, NULL
, FALSE
);
128 sniffState
= SNF_CARD_CMD
;
129 timerData
= GetTickCount();
134 sniffState
= SNF_INIT
;
142 bool RAMFUNC
MfSniffSend(uint16_t maxTimeoutMs
) {
143 if (traceLen
&& (GetTickCount() > timerData
+ maxTimeoutMs
)) {
144 return intMfSniffSend();
149 // internal sending function. not a RAMFUNC.
150 bool intMfSniffSend() {
153 int pckLen
= traceLen
;
158 pckSize
= MIN(USB_CMD_DATA_SIZE
, pckLen
);
160 cmd_send(CMD_ACK
, 1, pckSize
, pckNum
, trace
+ traceLen
- pckLen
, pckSize
);
168 cmd_send(CMD_ACK
,2,0,0,0,0);
171 iso14a_clear_trace();