]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Some work on iclass, started on some better support in 'hf iclass list' and also...
[proxmark3-svn] / armsrc / mifaresniff.c
1 //-----------------------------------------------------------------------------
2 // Merlok - 2012
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
10
11 #include "mifaresniff.h"
12 #include "apps.h"
13
14
15 static int sniffState = SNF_INIT;
16 static uint8_t sniffUIDType;
17 static uint8_t sniffUID[8];
18 static uint8_t sniffATQA[2];
19 static uint8_t sniffSAK;
20 static uint8_t sniffBuf[16];
21 static uint32_t timerData = 0;
22
23
24 bool MfSniffInit(void){
25 memset(sniffUID, 0x00, 8);
26 memset(sniffATQA, 0x00, 2);
27 sniffSAK = 0;
28 sniffUIDType = SNF_UID_4;
29
30 return FALSE;
31 }
32
33 bool MfSniffEnd(void){
34 LED_B_ON();
35 cmd_send(CMD_ACK,0,0,0,0,0);
36 LED_B_OFF();
37
38 return FALSE;
39 }
40
41 bool RAMFUNC MfSniffLogic(const uint8_t *data, uint16_t len, uint8_t *parity, uint16_t bitCnt, bool reader) {
42
43 if (reader && (len == 1) && (bitCnt == 7)) { // reset on 7-Bit commands from reader
44 sniffState = SNF_INIT;
45 }
46
47 switch (sniffState) {
48 case SNF_INIT:{
49 if ((len == 1) && (reader) && (bitCnt == 7) ) { // REQA or WUPA from reader
50 sniffUIDType = SNF_UID_4;
51 memset(sniffUID, 0x00, 8);
52 memset(sniffATQA, 0x00, 2);
53 sniffSAK = 0;
54 sniffState = SNF_WUPREQ;
55 }
56 break;
57 }
58 case SNF_WUPREQ:{
59 if ((!reader) && (len == 2)) { // ATQA from tag
60 memcpy(sniffATQA, data, 2);
61 sniffState = SNF_ATQA;
62 }
63 break;
64 }
65 case SNF_ATQA:{
66 if ((reader) && (len == 2) && (data[0] == 0x93) && (data[1] == 0x20)) { // Select ALL from reader
67 sniffState = SNF_ANTICOL1;
68 }
69 break;
70 }
71 case SNF_ANTICOL1:{
72 if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // UID from tag (CL1)
73 memcpy(sniffUID + 3, data, 4);
74 sniffState = SNF_UID1;
75 }
76 break;
77 }
78 case SNF_UID1:{
79 if ((reader) && (len == 9) && (data[0] == 0x93) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 4 Byte UID from reader
80 sniffState = SNF_SAK;
81 }
82 break;
83 }
84 case SNF_SAK:{
85 if ((!reader) && (len == 3) && (CheckCrc14443(CRC_14443_A, data, 3))) { // SAK from card?
86 sniffSAK = data[0];
87 if (sniffUID[3] == 0x88) { // CL2 UID part to be expected
88 sniffState = SNF_ANTICOL2;
89 } else { // select completed
90 sniffState = SNF_CARD_IDLE;
91 }
92 }
93 break;
94 }
95 case SNF_ANTICOL2:{
96 if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // CL2 UID
97 memcpy(sniffUID, sniffUID+4, 3);
98 memcpy(sniffUID+3, data, 4);
99 sniffUIDType = SNF_UID_7;
100 sniffState = SNF_UID2;
101 }
102 break;
103 }
104 case SNF_UID2:{
105 if ((reader) && (len == 9) && (data[0] == 0x95) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 2nd part of 7 Byte UID
106 sniffState = SNF_SAK;
107 }
108 break;
109 }
110 case SNF_CARD_IDLE:{ // trace the card select sequence
111 sniffBuf[0] = 0xFF;
112 sniffBuf[1] = 0xFF;
113 memcpy(sniffBuf + 2, sniffUID, 7);
114 memcpy(sniffBuf + 9, sniffATQA, 2);
115 sniffBuf[11] = sniffSAK;
116 sniffBuf[12] = 0xFF;
117 sniffBuf[13] = 0xFF;
118 LogTrace(sniffBuf, 14, 0, 0, NULL, TRUE);
119 } // intentionally no break;
120 case SNF_CARD_CMD:{
121 LogTrace(data, len, 0, 0, NULL, TRUE);
122 sniffState = SNF_CARD_RESP;
123 timerData = GetTickCount();
124 break;
125 }
126 case SNF_CARD_RESP:{
127 LogTrace(data, len, 0, 0, NULL, FALSE);
128 sniffState = SNF_CARD_CMD;
129 timerData = GetTickCount();
130 break;
131 }
132
133 default:
134 sniffState = SNF_INIT;
135 break;
136 }
137
138
139 return FALSE;
140 }
141
142 bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs) {
143 if (traceLen && (GetTickCount() > timerData + maxTimeoutMs)) {
144 return intMfSniffSend();
145 }
146 return FALSE;
147 }
148
149 // internal sending function. not a RAMFUNC.
150 bool intMfSniffSend() {
151
152 int pckSize = 0;
153 int pckLen = traceLen;
154 int pckNum = 0;
155
156 FpgaDisableSscDma();
157 while (pckLen > 0) {
158 pckSize = MIN(USB_CMD_DATA_SIZE, pckLen);
159 LED_B_ON();
160 cmd_send(CMD_ACK, 1, pckSize, pckNum, trace + traceLen - pckLen, pckSize);
161 LED_B_OFF();
162
163 pckLen -= pckSize;
164 pckNum++;
165 }
166
167 LED_B_ON();
168 cmd_send(CMD_ACK,2,0,0,0,0);
169 LED_B_OFF();
170
171 iso14a_clear_trace();
172
173 return TRUE;
174 }
Proxmark3 GIT tracking
Impressum, Datenschutz