]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/iso14443a.c
projects / proxmark3-svn / blob
? search:


8e547147330f9de71de8a15fc9fc51a6adaa6421
[proxmark3-svn] / armsrc / iso14443a.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
5 //
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
8 // the license.
9 //-----------------------------------------------------------------------------
10 // Routines to support ISO 14443 type A.
11 //-----------------------------------------------------------------------------
12
13 #include "proxmark3.h"
14 #include "apps.h"
15 #include "util.h"
16 #include "string.h"
17 #include "cmd.h"
18 #include "iso14443crc.h"
19 #include "iso14443a.h"
20 #include "crapto1.h"
21 #include "mifareutil.h"
22 #include "BigBuf.h"
23 static uint32_t iso14a_timeout;
24 int rsamples = 0;
25 uint8_t trigger = 0;
26 // the block number for the ISO14443-4 PCB
27 static uint8_t iso14_pcb_blocknum = 0;
28
29 //
30 // ISO14443 timing:
31 //
32 // minimum time between the start bits of consecutive transfers from reader to tag: 7000 carrier (13.56Mhz) cycles
33 #define REQUEST_GUARD_TIME (7000/16 + 1)
34 // minimum time between last modulation of tag and next start bit from reader to tag: 1172 carrier cycles
35 #define FRAME_DELAY_TIME_PICC_TO_PCD (1172/16 + 1)
36 // bool LastCommandWasRequest = FALSE;
37
38 //
39 // Total delays including SSC-Transfers between ARM and FPGA. These are in carrier clock cycles (1/13,56MHz)
40 //
41 // When the PM acts as reader and is receiving tag data, it takes
42 // 3 ticks delay in the AD converter
43 // 16 ticks until the modulation detector completes and sets curbit
44 // 8 ticks until bit_to_arm is assigned from curbit
45 // 8*16 ticks for the transfer from FPGA to ARM
46 // 4*16 ticks until we measure the time
47 // - 8*16 ticks because we measure the time of the previous transfer
48 #define DELAY_AIR2ARM_AS_READER (3 + 16 + 8 + 8*16 + 4*16 - 8*16)
49
50 // When the PM acts as a reader and is sending, it takes
51 // 4*16 ticks until we can write data to the sending hold register
52 // 8*16 ticks until the SHR is transferred to the Sending Shift Register
53 // 8 ticks until the first transfer starts
54 // 8 ticks later the FPGA samples the data
55 // 1 tick to assign mod_sig_coil
56 #define DELAY_ARM2AIR_AS_READER (4*16 + 8*16 + 8 + 8 + 1)
57
58 // When the PM acts as tag and is receiving it takes
59 // 2 ticks delay in the RF part (for the first falling edge),
60 // 3 ticks for the A/D conversion,
61 // 8 ticks on average until the start of the SSC transfer,
62 // 8 ticks until the SSC samples the first data
63 // 7*16 ticks to complete the transfer from FPGA to ARM
64 // 8 ticks until the next ssp_clk rising edge
65 // 4*16 ticks until we measure the time
66 // - 8*16 ticks because we measure the time of the previous transfer
67 #define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16)
68
69 // The FPGA will report its internal sending delay in
70 uint16_t FpgaSendQueueDelay;
71 // the 5 first bits are the number of bits buffered in mod_sig_buf
72 // the last three bits are the remaining ticks/2 after the mod_sig_buf shift
73 #define DELAY_FPGA_QUEUE (FpgaSendQueueDelay<<1)
74
75 // When the PM acts as tag and is sending, it takes
76 // 4*16 ticks until we can write data to the sending hold register
77 // 8*16 ticks until the SHR is transferred to the Sending Shift Register
78 // 8 ticks until the first transfer starts
79 // 8 ticks later the FPGA samples the data
80 // + a varying number of ticks in the FPGA Delay Queue (mod_sig_buf)
81 // + 1 tick to assign mod_sig_coil
82 #define DELAY_ARM2AIR_AS_TAG (4*16 + 8*16 + 8 + 8 + DELAY_FPGA_QUEUE + 1)
83
84 // When the PM acts as sniffer and is receiving tag data, it takes
85 // 3 ticks A/D conversion
86 // 14 ticks to complete the modulation detection
87 // 8 ticks (on average) until the result is stored in to_arm
88 // + the delays in transferring data - which is the same for
89 // sniffing reader and tag data and therefore not relevant
90 #define DELAY_TAG_AIR2ARM_AS_SNIFFER (3 + 14 + 8)
91
92 // When the PM acts as sniffer and is receiving reader data, it takes
93 // 2 ticks delay in analogue RF receiver (for the falling edge of the
94 // start bit, which marks the start of the communication)
95 // 3 ticks A/D conversion
96 // 8 ticks on average until the data is stored in to_arm.
97 // + the delays in transferring data - which is the same for
98 // sniffing reader and tag data and therefore not relevant
99 #define DELAY_READER_AIR2ARM_AS_SNIFFER (2 + 3 + 8)
100
101 //variables used for timing purposes:
102 //these are in ssp_clk cycles:
103 static uint32_t NextTransferTime;
104 static uint32_t LastTimeProxToAirStart;
105 static uint32_t LastProxToAirDuration;
106
107
108
109 // CARD TO READER - manchester
110 // Sequence D: 11110000 modulation with subcarrier during first half
111 // Sequence E: 00001111 modulation with subcarrier during second half
112 // Sequence F: 00000000 no modulation with subcarrier
113 // READER TO CARD - miller
114 // Sequence X: 00001100 drop after half a period
115 // Sequence Y: 00000000 no drop
116 // Sequence Z: 11000000 drop at start
117 #define SEC_D 0xf0
118 #define SEC_E 0x0f
119 #define SEC_F 0x00
120 #define SEC_X 0x0c
121 #define SEC_Y 0x00
122 #define SEC_Z 0xc0
123
124 const uint8_t OddByteParity[256] = {
125 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
126 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
127 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
128 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
129 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
130 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
131 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
132 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
133 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
134 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
135 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
136 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
137 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
138 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
139 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
140 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
141 };
142
143
144 void iso14a_set_trigger(bool enable) {
145 trigger = enable;
146 }
147
148
149 void iso14a_set_timeout(uint32_t timeout) {
150 iso14a_timeout = timeout;
151 if(MF_DBGLEVEL >= 3) Dbprintf("ISO14443A Timeout set to %ld (%dms)", iso14a_timeout, iso14a_timeout / 106);
152 }
153
154
155 void iso14a_set_ATS_timeout(uint8_t *ats) {
156
157 uint8_t tb1;
158 uint8_t fwi;
159 uint32_t fwt;
160
161 if (ats[0] > 1) { // there is a format byte T0
162 if ((ats[1] & 0x20) == 0x20) { // there is an interface byte TB(1)
163 if ((ats[1] & 0x10) == 0x10) { // there is an interface byte TA(1) preceding TB(1)
164 tb1 = ats[3];
165 } else {
166 tb1 = ats[2];
167 }
168 fwi = (tb1 & 0xf0) >> 4; // frame waiting indicator (FWI)
169 fwt = 256 * 16 * (1 << fwi); // frame waiting time (FWT) in 1/fc
170
171 iso14a_set_timeout(fwt/(8*16));
172 }
173 }
174 }
175
176
177 //-----------------------------------------------------------------------------
178 // Generate the parity value for a byte sequence
179 //
180 //-----------------------------------------------------------------------------
181 byte_t oddparity (const byte_t bt)
182 {
183 return OddByteParity[bt];
184 }
185
186 void GetParity(const uint8_t *pbtCmd, uint16_t iLen, uint8_t *par)
187 {
188 uint16_t paritybit_cnt = 0;
189 uint16_t paritybyte_cnt = 0;
190 uint8_t parityBits = 0;
191
192 for (uint16_t i = 0; i < iLen; i++) {
193 // Generate the parity bits
194 parityBits |= ((OddByteParity[pbtCmd[i]]) << (7-paritybit_cnt));
195 if (paritybit_cnt == 7) {
196 par[paritybyte_cnt] = parityBits; // save 8 Bits parity
197 parityBits = 0; // and advance to next Parity Byte
198 paritybyte_cnt++;
199 paritybit_cnt = 0;
200 } else {
201 paritybit_cnt++;
202 }
203 }
204
205 // save remaining parity bits
206 par[paritybyte_cnt] = parityBits;
207
208 }
209
210 void AppendCrc14443a(uint8_t* data, int len)
211 {
212 ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
213 }
214
215 void AppendCrc14443b(uint8_t* data, int len)
216 {
217 ComputeCrc14443(CRC_14443_B,data,len,data+len,data+len+1);
218 }
219
220
221 //=============================================================================
222 // ISO 14443 Type A - Miller decoder
223 //=============================================================================
224 // Basics:
225 // This decoder is used when the PM3 acts as a tag.
226 // The reader will generate "pauses" by temporarily switching of the field.
227 // At the PM3 antenna we will therefore measure a modulated antenna voltage.
228 // The FPGA does a comparison with a threshold and would deliver e.g.:
229 // ........ 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 .......
230 // The Miller decoder needs to identify the following sequences:
231 // 2 (or 3) ticks pause followed by 6 (or 5) ticks unmodulated: pause at beginning - Sequence Z ("start of communication" or a "0")
232 // 8 ticks without a modulation: no pause - Sequence Y (a "0" or "end of communication" or "no information")
233 // 4 ticks unmodulated followed by 2 (or 3) ticks pause: pause in second half - Sequence X (a "1")
234 // Note 1: the bitstream may start at any time. We therefore need to sync.
235 // Note 2: the interpretation of Sequence Y and Z depends on the preceding sequence.
236 //-----------------------------------------------------------------------------
237 static tUart Uart;
238
239 // Lookup-Table to decide if 4 raw bits are a modulation.
240 // We accept the following:
241 // 0001 - a 3 tick wide pause
242 // 0011 - a 2 tick wide pause, or a three tick wide pause shifted left
243 // 0111 - a 2 tick wide pause shifted left
244 // 1001 - a 2 tick wide pause shifted right
245 const bool Mod_Miller_LUT[] = {
246 FALSE, TRUE, FALSE, TRUE, FALSE, FALSE, FALSE, TRUE,
247 FALSE, TRUE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE
248 };
249 #define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x000000F0) >> 4])
250 #define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x0000000F)])
251
252 void UartReset()
253 {
254 Uart.state = STATE_UNSYNCD;
255 Uart.bitCount = 0;
256 Uart.len = 0; // number of decoded data bytes
257 Uart.parityLen = 0; // number of decoded parity bytes
258 Uart.shiftReg = 0; // shiftreg to hold decoded data bits
259 Uart.parityBits = 0; // holds 8 parity bits
260 Uart.startTime = 0;
261 Uart.endTime = 0;
262
263 Uart.byteCntMax = 0;
264 Uart.posCnt = 0;
265 Uart.syncBit = 9999;
266 }
267
268 void UartInit(uint8_t *data, uint8_t *parity)
269 {
270 Uart.output = data;
271 Uart.parity = parity;
272 Uart.fourBits = 0x00000000; // clear the buffer for 4 Bits
273 UartReset();
274 }
275
276 // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time
277 static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
278 {
279
280 Uart.fourBits = (Uart.fourBits << 8) | bit;
281
282 if (Uart.state == STATE_UNSYNCD) { // not yet synced
283
284 Uart.syncBit = 9999; // not set
285
286 // 00x11111 2|3 ticks pause followed by 6|5 ticks unmodulated Sequence Z (a "0" or "start of communication")
287 // 11111111 8 ticks unmodulation Sequence Y (a "0" or "end of communication" or "no information")
288 // 111100x1 4 ticks unmodulated followed by 2|3 ticks pause Sequence X (a "1")
289
290 // The start bit is one ore more Sequence Y followed by a Sequence Z (... 11111111 00x11111). We need to distinguish from
291 // Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111)
292 // we therefore look for a ...xx1111 11111111 00x11111xxxxxx... pattern
293 // (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's)
294 //
295 #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00001111 11111111 1110 1111 10000000
296 #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00001111 11111111 1000 1111 10000000
297
298 if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7;
299 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6;
300 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5;
301 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 3)) == ISO14443A_STARTBIT_PATTERN >> 3) Uart.syncBit = 4;
302 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 4)) == ISO14443A_STARTBIT_PATTERN >> 4) Uart.syncBit = 3;
303 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 5)) == ISO14443A_STARTBIT_PATTERN >> 5) Uart.syncBit = 2;
304 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 6)) == ISO14443A_STARTBIT_PATTERN >> 6) Uart.syncBit = 1;
305 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 7)) == ISO14443A_STARTBIT_PATTERN >> 7) Uart.syncBit = 0;
306
307 if (Uart.syncBit != 9999) { // found a sync bit
308 Uart.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
309 Uart.startTime -= Uart.syncBit;
310 Uart.endTime = Uart.startTime;
311 Uart.state = STATE_START_OF_COMMUNICATION;
312 }
313
314 } else {
315
316 if (IsMillerModulationNibble1(Uart.fourBits >> Uart.syncBit)) {
317 if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation in both halves - error
318 UartReset();
319 } else { // Modulation in first half = Sequence Z = logic "0"
320 if (Uart.state == STATE_MILLER_X) { // error - must not follow after X
321 UartReset();
322 } else {
323 Uart.bitCount++;
324 Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
325 Uart.state = STATE_MILLER_Z;
326 Uart.endTime = Uart.startTime + 8*(9*Uart.len + Uart.bitCount + 1) - 6;
327 if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
328 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
329 Uart.parityBits <<= 1; // make room for the parity bit
330 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
331 Uart.bitCount = 0;
332 Uart.shiftReg = 0;
333 if((Uart.len&0x0007) == 0) { // every 8 data bytes
334 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
335 Uart.parityBits = 0;
336 }
337 }
338 }
339 }
340 } else {
341 if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1"
342 Uart.bitCount++;
343 Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg
344 Uart.state = STATE_MILLER_X;
345 Uart.endTime = Uart.startTime + 8*(9*Uart.len + Uart.bitCount + 1) - 2;
346 if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
347 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
348 Uart.parityBits <<= 1; // make room for the new parity bit
349 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
350 Uart.bitCount = 0;
351 Uart.shiftReg = 0;
352 if ((Uart.len&0x0007) == 0) { // every 8 data bytes
353 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
354 Uart.parityBits = 0;
355 }
356 }
357 } else { // no modulation in both halves - Sequence Y
358 if (Uart.state == STATE_MILLER_Z || Uart.state == STATE_MILLER_Y) { // Y after logic "0" - End of Communication
359 Uart.state = STATE_UNSYNCD;
360 Uart.bitCount--; // last "0" was part of EOC sequence
361 Uart.shiftReg <<= 1; // drop it
362 if(Uart.bitCount > 0) { // if we decoded some bits
363 Uart.shiftReg >>= (9 - Uart.bitCount); // right align them
364 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); // add last byte to the output
365 Uart.parityBits <<= 1; // add a (void) parity bit
366 Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align parity bits
367 Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store it
368 return TRUE;
369 } else if (Uart.len & 0x0007) { // there are some parity bits to store
370 Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align remaining parity bits
371 Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them
372 }
373 if (Uart.len) {
374 return TRUE; // we are finished with decoding the raw data sequence
375 } else {
376 UartReset(); // Nothing received - start over
377 }
378 }
379 if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
380 UartReset();
381 } else { // a logic "0"
382 Uart.bitCount++;
383 Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
384 Uart.state = STATE_MILLER_Y;
385 if(Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
386 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
387 Uart.parityBits <<= 1; // make room for the parity bit
388 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
389 Uart.bitCount = 0;
390 Uart.shiftReg = 0;
391 if ((Uart.len&0x0007) == 0) { // every 8 data bytes
392 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
393 Uart.parityBits = 0;
394 }
395 }
396 }
397 }
398 }
399
400 }
401
402 return FALSE; // not finished yet, need more data
403 }
404
405
406
407 //=============================================================================
408 // ISO 14443 Type A - Manchester decoder
409 //=============================================================================
410 // Basics:
411 // This decoder is used when the PM3 acts as a reader.
412 // The tag will modulate the reader field by asserting different loads to it. As a consequence, the voltage
413 // at the reader antenna will be modulated as well. The FPGA detects the modulation for us and would deliver e.g. the following:
414 // ........ 0 0 1 1 1 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .......
415 // The Manchester decoder needs to identify the following sequences:
416 // 4 ticks modulated followed by 4 ticks unmodulated: Sequence D = 1 (also used as "start of communication")
417 // 4 ticks unmodulated followed by 4 ticks modulated: Sequence E = 0
418 // 8 ticks unmodulated: Sequence F = end of communication
419 // 8 ticks modulated: A collision. Save the collision position and treat as Sequence D
420 // Note 1: the bitstream may start at any time. We therefore need to sync.
421 // Note 2: parameter offset is used to determine the position of the parity bits (required for the anticollision command only)
422 static tDemod Demod;
423
424 // Lookup-Table to decide if 4 raw bits are a modulation.
425 // We accept three or four "1" in any position
426 const bool Mod_Manchester_LUT[] = {
427 FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, TRUE,
428 FALSE, FALSE, FALSE, TRUE, FALSE, TRUE, TRUE, TRUE
429 };
430
431 #define IsManchesterModulationNibble1(b) (Mod_Manchester_LUT[(b & 0x00F0) >> 4])
432 #define IsManchesterModulationNibble2(b) (Mod_Manchester_LUT[(b & 0x000F)])
433
434
435 void DemodReset()
436 {
437 Demod.state = DEMOD_UNSYNCD;
438 Demod.len = 0; // number of decoded data bytes
439 Demod.parityLen = 0;
440 Demod.shiftReg = 0; // shiftreg to hold decoded data bits
441 Demod.parityBits = 0; //
442 Demod.collisionPos = 0; // Position of collision bit
443 Demod.twoBits = 0xffff; // buffer for 2 Bits
444 Demod.highCnt = 0;
445 Demod.startTime = 0;
446 Demod.endTime = 0;
447
448 //
449 Demod.bitCount = 0;
450 Demod.syncBit = 0xFFFF;
451 Demod.samples = 0;
452 }
453
454 void DemodInit(uint8_t *data, uint8_t *parity)
455 {
456 Demod.output = data;
457 Demod.parity = parity;
458 DemodReset();
459 }
460
461 // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time
462 static RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time)
463 {
464
465 Demod.twoBits = (Demod.twoBits << 8) | bit;
466
467 if (Demod.state == DEMOD_UNSYNCD) {
468
469 if (Demod.highCnt < 2) { // wait for a stable unmodulated signal
470 if (Demod.twoBits == 0x0000) {
471 Demod.highCnt++;
472 } else {
473 Demod.highCnt = 0;
474 }
475 } else {
476 Demod.syncBit = 0xFFFF; // not set
477 if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7;
478 else if ((Demod.twoBits & 0x3B80) == 0x3800) Demod.syncBit = 6;
479 else if ((Demod.twoBits & 0x1DC0) == 0x1C00) Demod.syncBit = 5;
480 else if ((Demod.twoBits & 0x0EE0) == 0x0E00) Demod.syncBit = 4;
481 else if ((Demod.twoBits & 0x0770) == 0x0700) Demod.syncBit = 3;
482 else if ((Demod.twoBits & 0x03B8) == 0x0380) Demod.syncBit = 2;
483 else if ((Demod.twoBits & 0x01DC) == 0x01C0) Demod.syncBit = 1;
484 else if ((Demod.twoBits & 0x00EE) == 0x00E0) Demod.syncBit = 0;
485 if (Demod.syncBit != 0xFFFF) {
486 Demod.startTime = non_real_time?non_real_time:(GetCountSspClk() & 0xfffffff8);
487 Demod.startTime -= Demod.syncBit;
488 Demod.bitCount = offset; // number of decoded data bits
489 Demod.state = DEMOD_MANCHESTER_DATA;
490 }
491 }
492
493 } else {
494
495 if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half
496 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision
497 if (!Demod.collisionPos) {
498 Demod.collisionPos = (Demod.len << 3) + Demod.bitCount;
499 }
500 } // modulation in first half only - Sequence D = 1
501 Demod.bitCount++;
502 Demod.shiftReg = (Demod.shiftReg >> 1) | 0x100; // in both cases, add a 1 to the shiftreg
503 if(Demod.bitCount == 9) { // if we decoded a full byte (including parity)
504 Demod.output[Demod.len++] = (Demod.shiftReg & 0xff);
505 Demod.parityBits <<= 1; // make room for the parity bit
506 Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit
507 Demod.bitCount = 0;
508 Demod.shiftReg = 0;
509 if((Demod.len&0x0007) == 0) { // every 8 data bytes
510 Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits
511 Demod.parityBits = 0;
512 }
513 }
514 Demod.endTime = Demod.startTime + 8*(9*Demod.len + Demod.bitCount + 1) - 4;
515 } else { // no modulation in first half
516 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0
517 Demod.bitCount++;
518 Demod.shiftReg = (Demod.shiftReg >> 1); // add a 0 to the shiftreg
519 if(Demod.bitCount >= 9) { // if we decoded a full byte (including parity)
520 Demod.output[Demod.len++] = (Demod.shiftReg & 0xff);
521 Demod.parityBits <<= 1; // make room for the new parity bit
522 Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit
523 Demod.bitCount = 0;
524 Demod.shiftReg = 0;
525 if ((Demod.len&0x0007) == 0) { // every 8 data bytes
526 Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits1
527 Demod.parityBits = 0;
528 }
529 }
530 Demod.endTime = Demod.startTime + 8*(9*Demod.len + Demod.bitCount + 1);
531 } else { // no modulation in both halves - End of communication
532 if(Demod.bitCount > 0) { // there are some remaining data bits
533 Demod.shiftReg >>= (9 - Demod.bitCount); // right align the decoded bits
534 Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output
535 Demod.parityBits <<= 1; // add a (void) parity bit
536 Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits
537 Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them
538 return TRUE;
539 } else if (Demod.len & 0x0007) { // there are some parity bits to store
540 Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits
541 Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them
542 }
543 if (Demod.len) {
544 return TRUE; // we are finished with decoding the raw data sequence
545 } else { // nothing received. Start over
546 DemodReset();
547 }
548 }
549 }
550 }
551 return FALSE; // not finished yet, need more data
552 }
553
554 //=============================================================================
555 // Finally, a `sniffer' for ISO 14443 Type A
556 // Both sides of communication!
557 //=============================================================================
558
559 //-----------------------------------------------------------------------------
560 // Record the sequence of commands sent by the reader to the tag, with
561 // triggering so that we start recording at the point that the tag is moved
562 // near the reader.
563 //-----------------------------------------------------------------------------
564 void RAMFUNC SniffIso14443a(uint8_t param) {
565 // param:
566 // bit 0 - trigger from first card answer
567 // bit 1 - trigger from first reader 7-bit request
568
569 LEDsoff();
570
571 // We won't start recording the frames that we acquire until we trigger;
572 // a good trigger condition to get started is probably when we see a
573 // response from the tag.
574 // triggered == FALSE -- to wait first for card
575 bool triggered = !(param & 0x03);
576
577 // Allocate memory from BigBuf for some buffers
578 // free all previous allocations first
579 BigBuf_free();
580
581 // The command (reader -> tag) that we're receiving.
582 uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
583 uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
584
585 // The response (tag -> reader) that we're receiving.
586 uint8_t *receivedResponse = BigBuf_malloc(MAX_FRAME_SIZE);
587 uint8_t *receivedResponsePar = BigBuf_malloc(MAX_PARITY_SIZE);
588
589 // The DMA buffer, used to stream samples from the FPGA
590 uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
591
592 // init trace buffer
593 clear_trace();
594 set_tracing(TRUE);
595
596 uint8_t *data = dmaBuf;
597 uint8_t previous_data = 0;
598 int maxDataLen = 0;
599 int dataLen = 0;
600 bool TagIsActive = FALSE;
601 bool ReaderIsActive = FALSE;
602
603 iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
604
605 // Set up the demodulator for tag -> reader responses.
606 DemodInit(receivedResponse, receivedResponsePar);
607
608 // Set up the demodulator for the reader -> tag commands
609 UartInit(receivedCmd, receivedCmdPar);
610
611 // Setup and start DMA.
612 FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
613
614 // And now we loop, receiving samples.
615 for(uint32_t rsamples = 0; TRUE; ) {
616
617 if(BUTTON_PRESS()) {
618 DbpString("cancelled by button");
619 break;
620 }
621
622 LED_A_ON();
623 WDT_HIT();
624
625 int register readBufDataP = data - dmaBuf;
626 int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
627 if (readBufDataP <= dmaBufDataP){
628 dataLen = dmaBufDataP - readBufDataP;
629 } else {
630 dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP;
631 }
632 // test for length of buffer
633 if(dataLen > maxDataLen) {
634 maxDataLen = dataLen;
635 if(dataLen > (9 * DMA_BUFFER_SIZE / 10)) {
636 Dbprintf("blew circular buffer! dataLen=%d", dataLen);
637 break;
638 }
639 }
640 if(dataLen < 1) continue;
641
642 // primary buffer was stopped( <-- we lost data!
643 if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
644 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
645 AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
646 Dbprintf("RxEmpty ERROR!!! data length:%d", dataLen); // temporary
647 }
648 // secondary buffer sets as primary, secondary buffer was stopped
649 if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
650 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
651 AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
652 }
653
654 LED_A_OFF();
655
656 if (rsamples & 0x01) { // Need two samples to feed Miller and Manchester-Decoder
657
658 if(!TagIsActive) { // no need to try decoding reader data if the tag is sending
659 uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
660 if (MillerDecoding(readerdata, (rsamples-1)*4)) {
661 LED_C_ON();
662
663 // check - if there is a short 7bit request from reader
664 if ((!triggered) && (param & 0x02) && (Uart.len == 1) && (Uart.bitCount == 7)) triggered = TRUE;
665
666 if(triggered) {
667 if (!LogTrace(receivedCmd,
668 Uart.len,
669 Uart.startTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER,
670 Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER,
671 Uart.parity,
672 TRUE)) break;
673 }
674 /* And ready to receive another command. */
675 UartReset();
676 /* And also reset the demod code, which might have been */
677 /* false-triggered by the commands from the reader. */
678 DemodReset();
679 LED_B_OFF();
680 }
681 ReaderIsActive = (Uart.state != STATE_UNSYNCD);
682 }
683
684 if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time
685 uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
686 if(ManchesterDecoding(tagdata, 0, (rsamples-1)*4)) {
687 LED_B_ON();
688
689 if (!LogTrace(receivedResponse,
690 Demod.len,
691 Demod.startTime*16 - DELAY_TAG_AIR2ARM_AS_SNIFFER,
692 Demod.endTime*16 - DELAY_TAG_AIR2ARM_AS_SNIFFER,
693 Demod.parity,
694 FALSE)) break;
695
696 if ((!triggered) && (param & 0x01)) triggered = TRUE;
697
698 // And ready to receive another response.
699 DemodReset();
700 // And reset the Miller decoder including itS (now outdated) input buffer
701 UartInit(receivedCmd, receivedCmdPar);
702
703 LED_C_OFF();
704 }
705 TagIsActive = (Demod.state != DEMOD_UNSYNCD);
706 }
707 }
708
709 previous_data = *data;
710 rsamples++;
711 data++;
712 if(data == dmaBuf + DMA_BUFFER_SIZE) {
713 data = dmaBuf;
714 }
715 } // main cycle
716
717 DbpString("COMMAND FINISHED");
718
719 FpgaDisableSscDma();
720 Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len);
721 Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]);
722 LEDsoff();
723 }
724
725 //-----------------------------------------------------------------------------
726 // Prepare tag messages
727 //-----------------------------------------------------------------------------
728 static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *parity)
729 {
730 ToSendReset();
731
732 // Correction bit, might be removed when not needed
733 ToSendStuffBit(0);
734 ToSendStuffBit(0);
735 ToSendStuffBit(0);
736 ToSendStuffBit(0);
737 ToSendStuffBit(1); // 1
738 ToSendStuffBit(0);
739 ToSendStuffBit(0);
740 ToSendStuffBit(0);
741
742 // Send startbit
743 ToSend[++ToSendMax] = SEC_D;
744 LastProxToAirDuration = 8 * ToSendMax - 4;
745
746 for(uint16_t i = 0; i < len; i++) {
747 uint8_t b = cmd[i];
748
749 // Data bits
750 for(uint16_t j = 0; j < 8; j++) {
751 if(b & 1) {
752 ToSend[++ToSendMax] = SEC_D;
753 } else {
754 ToSend[++ToSendMax] = SEC_E;
755 }
756 b >>= 1;
757 }
758
759 // Get the parity bit
760 if (parity[i>>3] & (0x80>>(i&0x0007))) {
761 ToSend[++ToSendMax] = SEC_D;
762 LastProxToAirDuration = 8 * ToSendMax - 4;
763 } else {
764 ToSend[++ToSendMax] = SEC_E;
765 LastProxToAirDuration = 8 * ToSendMax;
766 }
767 }
768
769 // Send stopbit
770 ToSend[++ToSendMax] = SEC_F;
771
772 // Convert from last byte pos to length
773 ToSendMax++;
774 }
775
776 static void CodeIso14443aAsTag(const uint8_t *cmd, uint16_t len)
777 {
778 uint8_t par[MAX_PARITY_SIZE];
779
780 GetParity(cmd, len, par);
781 CodeIso14443aAsTagPar(cmd, len, par);
782 }
783
784
785 static void Code4bitAnswerAsTag(uint8_t cmd)
786 {
787 int i;
788
789 ToSendReset();
790
791 // Correction bit, might be removed when not needed
792 ToSendStuffBit(0);
793 ToSendStuffBit(0);
794 ToSendStuffBit(0);
795 ToSendStuffBit(0);
796 ToSendStuffBit(1); // 1
797 ToSendStuffBit(0);
798 ToSendStuffBit(0);
799 ToSendStuffBit(0);
800
801 // Send startbit
802 ToSend[++ToSendMax] = SEC_D;
803
804 uint8_t b = cmd;
805 for(i = 0; i < 4; i++) {
806 if(b & 1) {
807 ToSend[++ToSendMax] = SEC_D;
808 LastProxToAirDuration = 8 * ToSendMax - 4;
809 } else {
810 ToSend[++ToSendMax] = SEC_E;
811 LastProxToAirDuration = 8 * ToSendMax;
812 }
813 b >>= 1;
814 }
815
816 // Send stopbit
817 ToSend[++ToSendMax] = SEC_F;
818
819 // Convert from last byte pos to length
820 ToSendMax++;
821 }
822
823 //-----------------------------------------------------------------------------
824 // Wait for commands from reader
825 // Stop when button is pressed
826 // Or return TRUE when command is captured
827 //-----------------------------------------------------------------------------
828 static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len)
829 {
830 // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
831 // only, since we are receiving, not transmitting).
832 // Signal field is off with the appropriate LED
833 LED_D_OFF();
834 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
835
836 // Now run a `software UART' on the stream of incoming samples.
837 UartInit(received, parity);
838
839 // clear RXRDY:
840 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
841
842 for(;;) {
843 WDT_HIT();
844
845 if(BUTTON_PRESS()) return FALSE;
846
847 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
848 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
849 if(MillerDecoding(b, 0)) {
850 *len = Uart.len;
851 return TRUE;
852 }
853 }
854 }
855 }
856
857 static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNeeded);
858 int EmSend4bitEx(uint8_t resp, bool correctionNeeded);
859 int EmSend4bit(uint8_t resp);
860 int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par);
861 int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded);
862 int EmSendCmd(uint8_t *resp, uint16_t respLen);
863 int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
864 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
865 uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
866
867 static uint8_t* free_buffer_pointer;
868
869 typedef struct {
870 uint8_t* response;
871 size_t response_n;
872 uint8_t* modulation;
873 size_t modulation_n;
874 uint32_t ProxToAirDuration;
875 } tag_response_info_t;
876
877 bool prepare_tag_modulation(tag_response_info_t* response_info, size_t max_buffer_size) {
878 // Example response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
879 // This will need the following byte array for a modulation sequence
880 // 144 data bits (18 * 8)
881 // 18 parity bits
882 // 2 Start and stop
883 // 1 Correction bit (Answer in 1172 or 1236 periods, see FPGA)
884 // 1 just for the case
885 // ----------- +
886 // 166 bytes, since every bit that needs to be send costs us a byte
887 //
888
889
890 // Prepare the tag modulation bits from the message
891 CodeIso14443aAsTag(response_info->response,response_info->response_n);
892
893 // Make sure we do not exceed the free buffer space
894 if (ToSendMax > max_buffer_size) {
895 Dbprintf("Out of memory, when modulating bits for tag answer:");
896 Dbhexdump(response_info->response_n,response_info->response,false);
897 return false;
898 }
899
900 // Copy the byte array, used for this modulation to the buffer position
901 memcpy(response_info->modulation,ToSend,ToSendMax);
902
903 // Store the number of bytes that were used for encoding/modulation and the time needed to transfer them
904 response_info->modulation_n = ToSendMax;
905 response_info->ProxToAirDuration = LastProxToAirDuration;
906
907 return true;
908 }
909
910
911 // "precompile" responses. There are 7 predefined responses with a total of 28 bytes data to transmit.
912 // Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
913 // 28 * 8 data bits, 28 * 1 parity bits, 7 start bits, 7 stop bits, 7 correction bits
914 // -> need 273 bytes buffer
915 #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 273
916
917 bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) {
918 // Retrieve and store the current buffer index
919 response_info->modulation = free_buffer_pointer;
920
921 // Determine the maximum size we can use from our buffer
922 size_t max_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
923
924 // Forward the prepare tag modulation function to the inner function
925 if (prepare_tag_modulation(response_info, max_buffer_size)) {
926 // Update the free buffer offset
927 free_buffer_pointer += ToSendMax;
928 return true;
929 } else {
930 return false;
931 }
932 }
933
934 //-----------------------------------------------------------------------------
935 // Main loop of simulated tag: receive commands from reader, decide what
936 // response to send, and send it.
937 //-----------------------------------------------------------------------------
938 void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data)
939 {
940
941 //Here, we collect UID,NT,AR,NR,UID2,NT2,AR2,NR2
942 // This can be used in a reader-only attack.
943 // (it can also be retrieved via 'hf 14a list', but hey...
944 uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0,0,0};
945 uint8_t ar_nr_collected = 0;
946
947 uint8_t sak;
948
949 // The first response contains the ATQA (note: bytes are transmitted in reverse order).
950 uint8_t response1[2];
951
952 switch (tagType) {
953 case 1: { // MIFARE Classic
954 // Says: I am Mifare 1k - original line
955 response1[0] = 0x04;
956 response1[1] = 0x00;
957 sak = 0x08;
958 } break;
959 case 2: { // MIFARE Ultralight
960 // Says: I am a stupid memory tag, no crypto
961 response1[0] = 0x04;
962 response1[1] = 0x00;
963 sak = 0x00;
964 } break;
965 case 3: { // MIFARE DESFire
966 // Says: I am a DESFire tag, ph33r me
967 response1[0] = 0x04;
968 response1[1] = 0x03;
969 sak = 0x20;
970 } break;
971 case 4: { // ISO/IEC 14443-4
972 // Says: I am a javacard (JCOP)
973 response1[0] = 0x04;
974 response1[1] = 0x00;
975 sak = 0x28;
976 } break;
977 case 5: { // MIFARE TNP3XXX
978 // Says: I am a toy
979 response1[0] = 0x01;
980 response1[1] = 0x0f;
981 sak = 0x01;
982 } break;
983 case 6: { // MIFARE Mini
984 // Says: I am a Mifare Mini, 320b
985 response1[0] = 0x44;
986 response1[1] = 0x00;
987 sak = 0x09;
988 } break;
989 default: {
990 Dbprintf("Error: unkown tagtype (%d)",tagType);
991 return;
992 } break;
993 }
994
995 // The second response contains the (mandatory) first 24 bits of the UID
996 uint8_t response2[5] = {0x00};
997
998 // Check if the uid uses the (optional) part
999 uint8_t response2a[5] = {0x00};
1000
1001 if (flags & FLAG_7B_UID_IN_DATA) {
1002 response2[0] = 0x88;
1003 response2[1] = data[0];
1004 response2[2] = data[1];
1005 response2[3] = data[2];
1006
1007 response2a[0] = data[3];
1008 response2a[1] = data[4];
1009 response2a[2] = data[5];
1010 response2a[3] = data[7];
1011 response2a[4] = response2a[0] ^ response2a[1] ^ response2a[2] ^ response2a[3];
1012
1013 // Configure the ATQA and SAK accordingly
1014 response1[0] |= 0x40;
1015 sak |= 0x04;
1016 } else {
1017 memcpy(response2, data, 4);
1018 //num_to_bytes(uid_1st,4,response2);
1019 // Configure the ATQA and SAK accordingly
1020 response1[0] &= 0xBF;
1021 sak &= 0xFB;
1022 }
1023
1024 // Calculate the BitCountCheck (BCC) for the first 4 bytes of the UID.
1025 response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];
1026
1027 // Prepare the mandatory SAK (for 4 and 7 byte UID)
1028 uint8_t response3[3] = {0x00};
1029 response3[0] = sak;
1030 ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);
1031
1032 // Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
1033 uint8_t response3a[3] = {0x00};
1034 response3a[0] = sak & 0xFB;
1035 ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
1036
1037 uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce
1038 uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS:
1039 // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present,
1040 // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
1041 // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us)
1042 // TC(1) = 0x02: CID supported, NAD not supported
1043 ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
1044
1045 #define TAG_RESPONSE_COUNT 7
1046 tag_response_info_t responses[TAG_RESPONSE_COUNT] = {
1047 { .response = response1, .response_n = sizeof(response1) }, // Answer to request - respond with card type
1048 { .response = response2, .response_n = sizeof(response2) }, // Anticollision cascade1 - respond with uid
1049 { .response = response2a, .response_n = sizeof(response2a) }, // Anticollision cascade2 - respond with 2nd half of uid if asked
1050 { .response = response3, .response_n = sizeof(response3) }, // Acknowledge select - cascade 1
1051 { .response = response3a, .response_n = sizeof(response3a) }, // Acknowledge select - cascade 2
1052 { .response = response5, .response_n = sizeof(response5) }, // Authentication answer (random nonce)
1053 { .response = response6, .response_n = sizeof(response6) }, // dummy ATS (pseudo-ATR), answer to RATS
1054 };
1055
1056 // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it
1057 // Such a response is less time critical, so we can prepare them on the fly
1058 #define DYNAMIC_RESPONSE_BUFFER_SIZE 64
1059 #define DYNAMIC_MODULATION_BUFFER_SIZE 512
1060 uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE];
1061 uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE];
1062 tag_response_info_t dynamic_response_info = {
1063 .response = dynamic_response_buffer,
1064 .response_n = 0,
1065 .modulation = dynamic_modulation_buffer,
1066 .modulation_n = 0
1067 };
1068
1069 BigBuf_free_keep_EM();
1070
1071 // allocate buffers:
1072 uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
1073 uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
1074 free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
1075
1076 // clear trace
1077 clear_trace();
1078 set_tracing(TRUE);
1079
1080 // Prepare the responses of the anticollision phase
1081 // there will be not enough time to do this at the moment the reader sends it REQA
1082 for (size_t i=0; i<TAG_RESPONSE_COUNT; i++) {
1083 prepare_allocated_tag_modulation(&responses[i]);
1084 }
1085
1086 int len = 0;
1087
1088 // To control where we are in the protocol
1089 int order = 0;
1090 int lastorder;
1091
1092 // Just to allow some checks
1093 int happened = 0;
1094 int happened2 = 0;
1095 int cmdsRecvd = 0;
1096
1097 // We need to listen to the high-frequency, peak-detected path.
1098 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
1099
1100 cmdsRecvd = 0;
1101 tag_response_info_t* p_response;
1102
1103 LED_A_ON();
1104 for(;;) {
1105 // Clean receive command buffer
1106
1107 if(!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)) {
1108 DbpString("Button press");
1109 break;
1110 }
1111
1112 p_response = NULL;
1113
1114 // Okay, look at the command now.
1115 lastorder = order;
1116 if(receivedCmd[0] == 0x26) { // Received a REQUEST
1117 p_response = &responses[0]; order = 1;
1118 } else if(receivedCmd[0] == 0x52) { // Received a WAKEUP
1119 p_response = &responses[0]; order = 6;
1120 } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // Received request for UID (cascade 1)
1121 p_response = &responses[1]; order = 2;
1122 } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2)
1123 p_response = &responses[2]; order = 20;
1124 } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) { // Received a SELECT (cascade 1)
1125 p_response = &responses[3]; order = 3;
1126 } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) { // Received a SELECT (cascade 2)
1127 p_response = &responses[4]; order = 30;
1128 } else if(receivedCmd[0] == 0x30) { // Received a (plain) READ
1129 EmSendCmdEx(data+(4*receivedCmd[1]),16,false);
1130 // Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
1131 // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
1132 p_response = NULL;
1133 } else if(receivedCmd[0] == 0x50) { // Received a HALT
1134
1135 if (tracing) {
1136 LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
1137 }
1138 p_response = NULL;
1139 } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request
1140 p_response = &responses[5]; order = 7;
1141 } else if(receivedCmd[0] == 0xE0) { // Received a RATS request
1142 if (tagType == 1 || tagType == 2) { // RATS not supported
1143 EmSend4bit(CARD_NACK_NA);
1144 p_response = NULL;
1145 } else {
1146 p_response = &responses[6]; order = 70;
1147 }
1148 } else if (order == 7 && len == 8) { // Received {nr] and {ar} (part of authentication)
1149 if (tracing) {
1150 LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
1151 }
1152 uint32_t nonce = bytes_to_num(response5,4);
1153 uint32_t nr = bytes_to_num(receivedCmd,4);
1154 uint32_t ar = bytes_to_num(receivedCmd+4,4);
1155 //Dbprintf("Auth attempt {nonce}{nr}{ar}: %08x %08x %08x", nonce, nr, ar);
1156
1157 if(flags & FLAG_NR_AR_ATTACK )
1158 {
1159 if(ar_nr_collected < 2){
1160 // Avoid duplicates... probably not necessary, nr should vary.
1161 //if(ar_nr_responses[3] != nr){
1162 ar_nr_responses[ar_nr_collected*5] = 0;
1163 ar_nr_responses[ar_nr_collected*5+1] = 0;
1164 ar_nr_responses[ar_nr_collected*5+2] = nonce;
1165 ar_nr_responses[ar_nr_collected*5+3] = nr;
1166 ar_nr_responses[ar_nr_collected*5+4] = ar;
1167 ar_nr_collected++;
1168 //}
1169 }
1170
1171 if(ar_nr_collected > 1 ) {
1172
1173 if (MF_DBGLEVEL >= 2) {
1174 Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
1175 Dbprintf("../tools/mfkey/mfkey32 %07x%08x %08x %08x %08x %08x %08x",
1176 ar_nr_responses[0], // UID1
1177 ar_nr_responses[1], // UID2
1178 ar_nr_responses[2], // NT
1179 ar_nr_responses[3], // AR1
1180 ar_nr_responses[4], // NR1
1181 ar_nr_responses[8], // AR2
1182 ar_nr_responses[9] // NR2
1183 );
1184 }
1185 uint8_t len = ar_nr_collected*5*4;
1186 cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,len,0,&ar_nr_responses,len);
1187 ar_nr_collected = 0;
1188 memset(ar_nr_responses, 0x00, len);
1189 }
1190 }
1191 } else {
1192 // Check for ISO 14443A-4 compliant commands, look at left nibble
1193 switch (receivedCmd[0]) {
1194
1195 case 0x0B:
1196 case 0x0A: { // IBlock (command)
1197 dynamic_response_info.response[0] = receivedCmd[0];
1198 dynamic_response_info.response[1] = 0x00;
1199 dynamic_response_info.response[2] = 0x90;
1200 dynamic_response_info.response[3] = 0x00;
1201 dynamic_response_info.response_n = 4;
1202 } break;
1203
1204 case 0x1A:
1205 case 0x1B: { // Chaining command
1206 dynamic_response_info.response[0] = 0xaa | ((receivedCmd[0]) & 1);
1207 dynamic_response_info.response_n = 2;
1208 } break;
1209
1210 case 0xaa:
1211 case 0xbb: {
1212 dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11;
1213 dynamic_response_info.response_n = 2;
1214 } break;
1215
1216 case 0xBA: { //
1217 memcpy(dynamic_response_info.response,"\xAB\x00",2);
1218 dynamic_response_info.response_n = 2;
1219 } break;
1220
1221 case 0xCA:
1222 case 0xC2: { // Readers sends deselect command
1223 memcpy(dynamic_response_info.response,"\xCA\x00",2);
1224 dynamic_response_info.response_n = 2;
1225 } break;
1226
1227 default: {
1228 // Never seen this command before
1229 if (tracing) {
1230 LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
1231 }
1232 Dbprintf("Received unknown command (len=%d):",len);
1233 Dbhexdump(len,receivedCmd,false);
1234 // Do not respond
1235 dynamic_response_info.response_n = 0;
1236 } break;
1237 }
1238
1239 if (dynamic_response_info.response_n > 0) {
1240 // Copy the CID from the reader query
1241 dynamic_response_info.response[1] = receivedCmd[1];
1242
1243 // Add CRC bytes, always used in ISO 14443A-4 compliant cards
1244 AppendCrc14443a(dynamic_response_info.response,dynamic_response_info.response_n);
1245 dynamic_response_info.response_n += 2;
1246
1247 if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
1248 Dbprintf("Error preparing tag response");
1249 if (tracing) {
1250 LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
1251 }
1252 break;
1253 }
1254 p_response = &dynamic_response_info;
1255 }
1256 }
1257
1258 // Count number of wakeups received after a halt
1259 if(order == 6 && lastorder == 5) { happened++; }
1260
1261 // Count number of other messages after a halt
1262 if(order != 6 && lastorder == 5) { happened2++; }
1263
1264 if(cmdsRecvd > 999) {
1265 DbpString("1000 commands later...");
1266 break;
1267 }
1268 cmdsRecvd++;
1269
1270 if (p_response != NULL) {
1271 EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
1272 // do the tracing for the previous reader request and this tag answer:
1273 uint8_t par[MAX_PARITY_SIZE];
1274 GetParity(p_response->response, p_response->response_n, par);
1275
1276 EmLogTrace(Uart.output,
1277 Uart.len,
1278 Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
1279 Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
1280 Uart.parity,
1281 p_response->response,
1282 p_response->response_n,
1283 LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
1284 (LastTimeProxToAirStart + p_response->ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
1285 par);
1286 }
1287
1288 if (!tracing) {
1289 Dbprintf("Trace Full. Simulation stopped.");
1290 break;
1291 }
1292 }
1293
1294 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1295
1296 Dbprintf("%x %x %x", happened, happened2, cmdsRecvd);
1297 LED_A_OFF();
1298 BigBuf_free_keep_EM();
1299 }
1300
1301
1302 // prepare a delayed transfer. This simply shifts ToSend[] by a number
1303 // of bits specified in the delay parameter.
1304 void PrepareDelayedTransfer(uint16_t delay)
1305 {
1306 uint8_t bitmask = 0;
1307 uint8_t bits_to_shift = 0;
1308 uint8_t bits_shifted = 0;
1309
1310 delay &= 0x07;
1311 if (delay) {
1312 for (uint16_t i = 0; i < delay; i++) {
1313 bitmask |= (0x01 << i);
1314 }
1315 ToSend[ToSendMax++] = 0x00;
1316 for (uint16_t i = 0; i < ToSendMax; i++) {
1317 bits_to_shift = ToSend[i] & bitmask;
1318 ToSend[i] = ToSend[i] >> delay;
1319 ToSend[i] = ToSend[i] | (bits_shifted << (8 - delay));
1320 bits_shifted = bits_to_shift;
1321 }
1322 }
1323 }
1324
1325
1326 //-------------------------------------------------------------------------------------
1327 // Transmit the command (to the tag) that was placed in ToSend[].
1328 // Parameter timing:
1329 // if NULL: transfer at next possible time, taking into account
1330 // request guard time and frame delay time
1331 // if == 0: transfer immediately and return time of transfer
1332 // if != 0: delay transfer until time specified
1333 //-------------------------------------------------------------------------------------
1334 static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing)
1335 {
1336
1337 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
1338
1339 uint32_t ThisTransferTime = 0;
1340
1341 if (timing) {
1342 if(*timing == 0) { // Measure time
1343 *timing = (GetCountSspClk() + 8) & 0xfffffff8;
1344 } else {
1345 PrepareDelayedTransfer(*timing & 0x00000007); // Delay transfer (fine tuning - up to 7 MF clock ticks)
1346 }
1347 if(MF_DBGLEVEL >= 4 && GetCountSspClk() >= (*timing & 0xfffffff8)) Dbprintf("TransmitFor14443a: Missed timing");
1348 while(GetCountSspClk() < (*timing & 0xfffffff8)); // Delay transfer (multiple of 8 MF clock ticks)
1349 LastTimeProxToAirStart = *timing;
1350 } else {
1351 ThisTransferTime = ((MAX(NextTransferTime, GetCountSspClk()) & 0xfffffff8) + 8);
1352 while(GetCountSspClk() < ThisTransferTime);
1353 LastTimeProxToAirStart = ThisTransferTime;
1354 }
1355
1356 // clear TXRDY
1357 AT91C_BASE_SSC->SSC_THR = SEC_Y;
1358
1359 uint16_t c = 0;
1360 for(;;) {
1361 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
1362 AT91C_BASE_SSC->SSC_THR = cmd[c];
1363 c++;
1364 if(c >= len) {
1365 break;
1366 }
1367 }
1368 }
1369
1370 NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
1371 }
1372
1373
1374 //-----------------------------------------------------------------------------
1375 // Prepare reader command (in bits, support short frames) to send to FPGA
1376 //-----------------------------------------------------------------------------
1377 void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity)
1378 {
1379 int i, j;
1380 int last;
1381 uint8_t b;
1382
1383 ToSendReset();
1384
1385 // Start of Communication (Seq. Z)
1386 ToSend[++ToSendMax] = SEC_Z;
1387 LastProxToAirDuration = 8 * (ToSendMax+1) - 6;
1388 last = 0;
1389
1390 size_t bytecount = nbytes(bits);
1391 // Generate send structure for the data bits
1392 for (i = 0; i < bytecount; i++) {
1393 // Get the current byte to send
1394 b = cmd[i];
1395 size_t bitsleft = MIN((bits-(i*8)),8);
1396
1397 for (j = 0; j < bitsleft; j++) {
1398 if (b & 1) {
1399 // Sequence X
1400 ToSend[++ToSendMax] = SEC_X;
1401 LastProxToAirDuration = 8 * (ToSendMax+1) - 2;
1402 last = 1;
1403 } else {
1404 if (last == 0) {
1405 // Sequence Z
1406 ToSend[++ToSendMax] = SEC_Z;
1407 LastProxToAirDuration = 8 * (ToSendMax+1) - 6;
1408 } else {
1409 // Sequence Y
1410 ToSend[++ToSendMax] = SEC_Y;
1411 last = 0;
1412 }
1413 }
1414 b >>= 1;
1415 }
1416
1417 // Only transmit parity bit if we transmitted a complete byte
1418 if (j == 8 && parity != NULL) {
1419 // Get the parity bit
1420 if (parity[i>>3] & (0x80 >> (i&0x0007))) {
1421 // Sequence X
1422 ToSend[++ToSendMax] = SEC_X;
1423 LastProxToAirDuration = 8 * (ToSendMax+1) - 2;
1424 last = 1;
1425 } else {
1426 if (last == 0) {
1427 // Sequence Z
1428 ToSend[++ToSendMax] = SEC_Z;
1429 LastProxToAirDuration = 8 * (ToSendMax+1) - 6;
1430 } else {
1431 // Sequence Y
1432 ToSend[++ToSendMax] = SEC_Y;
1433 last = 0;
1434 }
1435 }
1436 }
1437 }
1438
1439 // End of Communication: Logic 0 followed by Sequence Y
1440 if (last == 0) {
1441 // Sequence Z
1442 ToSend[++ToSendMax] = SEC_Z;
1443 LastProxToAirDuration = 8 * (ToSendMax+1) - 6;
1444 } else {
1445 // Sequence Y
1446 ToSend[++ToSendMax] = SEC_Y;
1447 last = 0;
1448 }
1449 ToSend[++ToSendMax] = SEC_Y;
1450
1451 // Convert to length of command:
1452 ToSendMax++;
1453 }
1454
1455 //-----------------------------------------------------------------------------
1456 // Prepare reader command to send to FPGA
1457 //-----------------------------------------------------------------------------
1458 void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *parity)
1459 {
1460 CodeIso14443aBitsAsReaderPar(cmd, len*8, parity);
1461 }
1462
1463
1464 //-----------------------------------------------------------------------------
1465 // Wait for commands from reader
1466 // Stop when button is pressed (return 1) or field was gone (return 2)
1467 // Or return 0 when command is captured
1468 //-----------------------------------------------------------------------------
1469 static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity)
1470 {
1471 *len = 0;
1472
1473 uint32_t timer = 0, vtime = 0;
1474 int analogCnt = 0;
1475 int analogAVG = 0;
1476
1477 // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
1478 // only, since we are receiving, not transmitting).
1479 // Signal field is off with the appropriate LED
1480 LED_D_OFF();
1481 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
1482
1483 // Set ADC to read field strength
1484 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
1485 AT91C_BASE_ADC->ADC_MR =
1486 ADC_MODE_PRESCALE(63) |
1487 ADC_MODE_STARTUP_TIME(1) |
1488 ADC_MODE_SAMPLE_HOLD_TIME(15);
1489 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
1490 // start ADC
1491 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
1492
1493 // Now run a 'software UART' on the stream of incoming samples.
1494 UartInit(received, parity);
1495
1496 // Clear RXRDY:
1497 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1498
1499 for(;;) {
1500 WDT_HIT();
1501
1502 if (BUTTON_PRESS()) return 1;
1503
1504 // test if the field exists
1505 if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF)) {
1506 analogCnt++;
1507 analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
1508 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
1509 if (analogCnt >= 32) {
1510 if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
1511 vtime = GetTickCount();
1512 if (!timer) timer = vtime;
1513 // 50ms no field --> card to idle state
1514 if (vtime - timer > 50) return 2;
1515 } else
1516 if (timer) timer = 0;
1517 analogCnt = 0;
1518 analogAVG = 0;
1519 }
1520 }
1521
1522 // receive and test the miller decoding
1523 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
1524 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1525 if(MillerDecoding(b, 0)) {
1526 *len = Uart.len;
1527 return 0;
1528 }
1529 }
1530
1531 }
1532 }
1533
1534
1535 static int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNeeded)
1536 {
1537 uint8_t b;
1538 uint16_t i = 0;
1539 uint32_t ThisTransferTime;
1540
1541 // Modulate Manchester
1542 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
1543
1544 // include correction bit if necessary
1545 if (Uart.parityBits & 0x01) {
1546 correctionNeeded = TRUE;
1547 }
1548 if(correctionNeeded) {
1549 // 1236, so correction bit needed
1550 i = 0;
1551 } else {
1552 i = 1;
1553 }
1554
1555 // clear receiving shift register and holding register
1556 while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
1557 b = AT91C_BASE_SSC->SSC_RHR; (void) b;
1558 while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
1559 b = AT91C_BASE_SSC->SSC_RHR; (void) b;
1560
1561 // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line)
1562 for (uint16_t j = 0; j < 5; j++) { // allow timeout - better late than never
1563 while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
1564 if (AT91C_BASE_SSC->SSC_RHR) break;
1565 }
1566
1567 while ((ThisTransferTime = GetCountSspClk()) & 0x00000007);
1568
1569 // Clear TXRDY:
1570 AT91C_BASE_SSC->SSC_THR = SEC_F;
1571
1572 // send cycle
1573 for(; i < respLen; ) {
1574 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
1575 AT91C_BASE_SSC->SSC_THR = resp[i++];
1576 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1577 }
1578
1579 if(BUTTON_PRESS()) {
1580 break;
1581 }
1582 }
1583
1584 // Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
1585 uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
1586 for (i = 0; i <= fpga_queued_bits/8 + 1; ) {
1587 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
1588 AT91C_BASE_SSC->SSC_THR = SEC_F;
1589 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1590 i++;
1591 }
1592 }
1593
1594 LastTimeProxToAirStart = ThisTransferTime + (correctionNeeded?8:0);
1595
1596 return 0;
1597 }
1598
1599 int EmSend4bitEx(uint8_t resp, bool correctionNeeded){
1600 Code4bitAnswerAsTag(resp);
1601 int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
1602 // do the tracing for the previous reader request and this tag answer:
1603 uint8_t par[1];
1604 GetParity(&resp, 1, par);
1605 EmLogTrace(Uart.output,
1606 Uart.len,
1607 Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
1608 Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
1609 Uart.parity,
1610 &resp,
1611 1,
1612 LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
1613 (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
1614 par);
1615 return res;
1616 }
1617
1618 int EmSend4bit(uint8_t resp){
1619 return EmSend4bitEx(resp, false);
1620 }
1621
1622 int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par){
1623 CodeIso14443aAsTagPar(resp, respLen, par);
1624 int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
1625 // do the tracing for the previous reader request and this tag answer:
1626 EmLogTrace(Uart.output,
1627 Uart.len,
1628 Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
1629 Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG,
1630 Uart.parity,
1631 resp,
1632 respLen,
1633 LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG,
1634 (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG,
1635 par);
1636 return res;
1637 }
1638
1639 int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded){
1640 uint8_t par[MAX_PARITY_SIZE];
1641 GetParity(resp, respLen, par);
1642 return EmSendCmdExPar(resp, respLen, correctionNeeded, par);
1643 }
1644
1645 int EmSendCmd(uint8_t *resp, uint16_t respLen){
1646 uint8_t par[MAX_PARITY_SIZE];
1647 GetParity(resp, respLen, par);
1648 return EmSendCmdExPar(resp, respLen, false, par);
1649 }
1650
1651 int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
1652 return EmSendCmdExPar(resp, respLen, false, par);
1653 }
1654
1655 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
1656 uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
1657 {
1658 if (tracing) {
1659 // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
1660 // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
1661 // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
1662 uint16_t reader_modlen = reader_EndTime - reader_StartTime;
1663 uint16_t approx_fdt = tag_StartTime - reader_EndTime;
1664 uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
1665 reader_EndTime = tag_StartTime - exact_fdt;
1666 reader_StartTime = reader_EndTime - reader_modlen;
1667 if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE)) {
1668 return FALSE;
1669 } else return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
1670 } else {
1671 return TRUE;
1672 }
1673 }
1674
1675 //-----------------------------------------------------------------------------
1676 // Wait a certain time for tag response
1677 // If a response is captured return TRUE
1678 // If it takes too long return FALSE
1679 //-----------------------------------------------------------------------------
1680 static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset)
1681 {
1682 uint32_t c = 0x00;
1683
1684 // Set FPGA mode to "reader listen mode", no modulation (listen
1685 // only, since we are receiving, not transmitting).
1686 // Signal field is on with the appropriate LED
1687 LED_D_ON();
1688 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);
1689
1690 // Now get the answer from the card
1691 DemodInit(receivedResponse, receivedResponsePar);
1692
1693 // clear RXRDY:
1694 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1695
1696 for(;;) {
1697 WDT_HIT();
1698
1699 if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
1700 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1701 if(ManchesterDecoding(b, offset, 0)) {
1702 NextTransferTime = MAX(NextTransferTime, Demod.endTime - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/16 + FRAME_DELAY_TIME_PICC_TO_PCD);
1703 return TRUE;
1704 } else if (c++ > iso14a_timeout && Demod.state == DEMOD_UNSYNCD) {
1705 return FALSE;
1706 }
1707 }
1708 }
1709 }
1710
1711
1712 void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
1713 {
1714 CodeIso14443aBitsAsReaderPar(frame, bits, par);
1715
1716 // Send command to tag
1717 TransmitFor14443a(ToSend, ToSendMax, timing);
1718 if(trigger)
1719 LED_A_ON();
1720
1721 // Log reader command in trace buffer
1722 if (tracing) {
1723 LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
1724 }
1725 }
1726
1727
1728 void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
1729 {
1730 ReaderTransmitBitsPar(frame, len*8, par, timing);
1731 }
1732
1733
1734 void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
1735 {
1736 // Generate parity and redirect
1737 uint8_t par[MAX_PARITY_SIZE];
1738 GetParity(frame, len/8, par);
1739 ReaderTransmitBitsPar(frame, len, par, timing);
1740 }
1741
1742
1743 void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
1744 {
1745 // Generate parity and redirect
1746 uint8_t par[MAX_PARITY_SIZE];
1747 GetParity(frame, len, par);
1748 ReaderTransmitBitsPar(frame, len*8, par, timing);
1749 }
1750
1751 int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity)
1752 {
1753 if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) return FALSE;
1754 if (tracing) {
1755 LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
1756 }
1757 return Demod.len;
1758 }
1759
1760 int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
1761 {
1762 if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return FALSE;
1763 if (tracing) {
1764 LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
1765 }
1766 return Demod.len;
1767 }
1768
1769 /* performs iso14443a anticollision procedure
1770 * fills the uid pointer unless NULL
1771 * fills resp_data unless NULL */
1772 int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr) {
1773 uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP
1774 uint8_t sel_all[] = { 0x93,0x20 };
1775 uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1776 uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0
1777 uint8_t resp[MAX_FRAME_SIZE]; // theoretically. A usual RATS will be much smaller
1778 uint8_t resp_par[MAX_PARITY_SIZE];
1779 byte_t uid_resp[4];
1780 size_t uid_resp_len;
1781
1782 uint8_t sak = 0x04; // cascade uid
1783 int cascade_level = 0;
1784 int len;
1785
1786 // Broadcast for a card, WUPA (0x52) will force response from all cards in the field
1787 ReaderTransmitBitsPar(wupa,7,0, NULL);
1788
1789 // Receive the ATQA
1790 if(!ReaderReceive(resp, resp_par)) return 0;
1791
1792 if(p_hi14a_card) {
1793 memcpy(p_hi14a_card->atqa, resp, 2);
1794 p_hi14a_card->uidlen = 0;
1795 memset(p_hi14a_card->uid,0,10);
1796 }
1797
1798 // clear uid
1799 if (uid_ptr) {
1800 memset(uid_ptr,0,10);
1801 }
1802
1803 // check for proprietary anticollision:
1804 if ((resp[0] & 0x1F) == 0) {
1805 return 3;
1806 }
1807
1808 // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in
1809 // which case we need to make a cascade 2 request and select - this is a long UID
1810 // While the UID is not complete, the 3nd bit (from the right) is set in the SAK.
1811 for(; sak & 0x04; cascade_level++) {
1812 // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97)
1813 sel_uid[0] = sel_all[0] = 0x93 + cascade_level * 2;
1814
1815 // SELECT_ALL
1816 ReaderTransmit(sel_all, sizeof(sel_all), NULL);
1817 if (!ReaderReceive(resp, resp_par)) return 0;
1818
1819 if (Demod.collisionPos) { // we had a collision and need to construct the UID bit by bit
1820 memset(uid_resp, 0, 4);
1821 uint16_t uid_resp_bits = 0;
1822 uint16_t collision_answer_offset = 0;
1823 // anti-collision-loop:
1824 while (Demod.collisionPos) {
1825 Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);
1826 for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point
1827 uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01;
1828 uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8);
1829 }
1830 uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position
1831 uid_resp_bits++;
1832 // construct anticollosion command:
1833 sel_uid[1] = ((2 + uid_resp_bits/8) << 4) | (uid_resp_bits & 0x07); // length of data in bytes and bits
1834 for (uint16_t i = 0; i <= uid_resp_bits/8; i++) {
1835 sel_uid[2+i] = uid_resp[i];
1836 }
1837 collision_answer_offset = uid_resp_bits%8;
1838 ReaderTransmitBits(sel_uid, 16 + uid_resp_bits, NULL);
1839 if (!ReaderReceiveOffset(resp, collision_answer_offset, resp_par)) return 0;
1840 }
1841 // finally, add the last bits and BCC of the UID
1842 for (uint16_t i = collision_answer_offset; i < (Demod.len-1)*8; i++, uid_resp_bits++) {
1843 uint16_t UIDbit = (resp[i/8] >> (i%8)) & 0x01;
1844 uid_resp[uid_resp_bits/8] |= UIDbit << (uid_resp_bits % 8);
1845 }
1846
1847 } else { // no collision, use the response to SELECT_ALL as current uid
1848 memcpy(uid_resp, resp, 4);
1849 }
1850 uid_resp_len = 4;
1851
1852 // calculate crypto UID. Always use last 4 Bytes.
1853 if(cuid_ptr) {
1854 *cuid_ptr = bytes_to_num(uid_resp, 4);
1855 }
1856
1857 // Construct SELECT UID command
1858 sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
1859 memcpy(sel_uid+2, uid_resp, 4); // the UID
1860 sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
1861 AppendCrc14443a(sel_uid, 7); // calculate and add CRC
1862 ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
1863
1864 // Receive the SAK
1865 if (!ReaderReceive(resp, resp_par)) return 0;
1866 sak = resp[0];
1867
1868 // Test if more parts of the uid are coming
1869 if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
1870 // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
1871 // http://www.nxp.com/documents/application_note/AN10927.pdf
1872 uid_resp[0] = uid_resp[1];
1873 uid_resp[1] = uid_resp[2];
1874 uid_resp[2] = uid_resp[3];
1875
1876 uid_resp_len = 3;
1877 }
1878
1879 if(uid_ptr) {
1880 memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len);
1881 }
1882
1883 if(p_hi14a_card) {
1884 memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len);
1885 p_hi14a_card->uidlen += uid_resp_len;
1886 }
1887 }
1888
1889 if(p_hi14a_card) {
1890 p_hi14a_card->sak = sak;
1891 p_hi14a_card->ats_len = 0;
1892 }
1893
1894 // non iso14443a compliant tag
1895 if( (sak & 0x20) == 0) return 2;
1896
1897 // Request for answer to select
1898 AppendCrc14443a(rats, 2);
1899 ReaderTransmit(rats, sizeof(rats), NULL);
1900
1901 if (!(len = ReaderReceive(resp, resp_par))) return 0;
1902
1903
1904 if(p_hi14a_card) {
1905 memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
1906 p_hi14a_card->ats_len = len;
1907 }
1908
1909 // reset the PCB block number
1910 iso14_pcb_blocknum = 0;
1911
1912 // set default timeout based on ATS
1913 iso14a_set_ATS_timeout(resp);
1914
1915 return 1;
1916 }
1917
1918 void iso14443a_setup(uint8_t fpga_minor_mode) {
1919 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
1920 // Set up the synchronous serial port
1921 FpgaSetupSsc();
1922 // connect Demodulated Signal to ADC:
1923 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
1924
1925 // Signal field is on with the appropriate LED
1926 if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD
1927 || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
1928 LED_D_ON();
1929 } else {
1930 LED_D_OFF();
1931 }
1932 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | fpga_minor_mode);
1933
1934 // Start the timer
1935 StartCountSspClk();
1936
1937 DemodReset();
1938 UartReset();
1939 NextTransferTime = 2*DELAY_ARM2AIR_AS_READER;
1940 iso14a_set_timeout(10*106); // 10ms default
1941 }
1942
1943 int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
1944 uint8_t parity[MAX_PARITY_SIZE];
1945 uint8_t real_cmd[cmd_len+4];
1946 real_cmd[0] = 0x0a; //I-Block
1947 // put block number into the PCB
1948 real_cmd[0] |= iso14_pcb_blocknum;
1949 real_cmd[1] = 0x00; //CID: 0 //FIXME: allow multiple selected cards
1950 memcpy(real_cmd+2, cmd, cmd_len);
1951 AppendCrc14443a(real_cmd,cmd_len+2);
1952
1953 ReaderTransmit(real_cmd, cmd_len+4, NULL);
1954 size_t len = ReaderReceive(data, parity);
1955 uint8_t *data_bytes = (uint8_t *) data;
1956 if (!len)
1957 return 0; //DATA LINK ERROR
1958 // if we received an I- or R(ACK)-Block with a block number equal to the
1959 // current block number, toggle the current block number
1960 else if (len >= 4 // PCB+CID+CRC = 4 bytes
1961 && ((data_bytes[0] & 0xC0) == 0 // I-Block
1962 || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
1963 && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) // equal block numbers
1964 {
1965 iso14_pcb_blocknum ^= 1;
1966 }
1967
1968 return len;
1969 }
1970
1971 //-----------------------------------------------------------------------------
1972 // Read an ISO 14443a tag. Send out commands and store answers.
1973 //
1974 //-----------------------------------------------------------------------------
1975 void ReaderIso14443a(UsbCommand *c)
1976 {
1977 iso14a_command_t param = c->arg[0];
1978 uint8_t *cmd = c->d.asBytes;
1979 size_t len = c->arg[1] & 0xffff;
1980 size_t lenbits = c->arg[1] >> 16;
1981 uint32_t timeout = c->arg[2];
1982 uint32_t arg0 = 0;
1983 byte_t buf[USB_CMD_DATA_SIZE];
1984 uint8_t par[MAX_PARITY_SIZE];
1985
1986 if(param & ISO14A_CONNECT) {
1987 clear_trace();
1988 }
1989
1990 set_tracing(TRUE);
1991
1992 if(param & ISO14A_REQUEST_TRIGGER) {
1993 iso14a_set_trigger(TRUE);
1994 }
1995
1996 if(param & ISO14A_CONNECT) {
1997 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1998 if(!(param & ISO14A_NO_SELECT)) {
1999 iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
2000 arg0 = iso14443a_select_card(NULL,card,NULL);
2001 cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t));
2002 }
2003 }
2004
2005 if(param & ISO14A_SET_TIMEOUT) {
2006 iso14a_set_timeout(timeout);
2007 }
2008
2009 if(param & ISO14A_APDU) {
2010 arg0 = iso14_apdu(cmd, len, buf);
2011 cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
2012 }
2013
2014 if(param & ISO14A_RAW) {
2015 if(param & ISO14A_APPEND_CRC) {
2016 if(param & ISO14A_TOPAZMODE) {
2017 AppendCrc14443b(cmd,len);
2018 } else {
2019 AppendCrc14443a(cmd,len);
2020 }
2021 len += 2;
2022 if (lenbits) lenbits += 16;
2023 }
2024 if(lenbits>0) { // want to send a specific number of bits (e.g. short commands)
2025 if(param & ISO14A_TOPAZMODE) {
2026 int bits_to_send = lenbits;
2027 uint16_t i = 0;
2028 ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity
2029 bits_to_send -= 7;
2030 while (bits_to_send > 0) {
2031 ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity
2032 bits_to_send -= 8;
2033 }
2034 } else {
2035 GetParity(cmd, lenbits/8, par);
2036 ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity
2037 }
2038 } else { // want to send complete bytes only
2039 if(param & ISO14A_TOPAZMODE) {
2040 uint16_t i = 0;
2041 ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy
2042 while (i < len) {
2043 ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy
2044 }
2045 } else {
2046 ReaderTransmit(cmd,len, NULL); // 8 bits, odd parity
2047 }
2048 }
2049 arg0 = ReaderReceive(buf, par);
2050 cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
2051 }
2052
2053 if(param & ISO14A_REQUEST_TRIGGER) {
2054 iso14a_set_trigger(FALSE);
2055 }
2056
2057 if(param & ISO14A_NO_DISCONNECT) {
2058 return;
2059 }
2060
2061 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2062 LEDsoff();
2063 }
2064
2065
2066 // Determine the distance between two nonces.
2067 // Assume that the difference is small, but we don't know which is first.
2068 // Therefore try in alternating directions.
2069 int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
2070
2071 if (nt1 == nt2) return 0;
2072
2073 uint16_t i;
2074 uint32_t nttmp1 = nt1;
2075 uint32_t nttmp2 = nt2;
2076
2077 for (i = 1; i < 32768; i++) {
2078 nttmp1 = prng_successor(nttmp1, 1);
2079 if (nttmp1 == nt2) return i;
2080 nttmp2 = prng_successor(nttmp2, 1);
2081 if (nttmp2 == nt1) return -i;
2082 }
2083
2084 return(-99999); // either nt1 or nt2 are invalid nonces
2085 }
2086
2087
2088 //-----------------------------------------------------------------------------
2089 // Recover several bits of the cypher stream. This implements (first stages of)
2090 // the algorithm described in "The Dark Side of Security by Obscurity and
2091 // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
2092 // (article by Nicolas T. Courtois, 2009)
2093 //-----------------------------------------------------------------------------
2094 void ReaderMifare(bool first_try) {
2095 // free eventually allocated BigBuf memory. We want all for tracing.
2096 BigBuf_free();
2097
2098 clear_trace();
2099 set_tracing(TRUE);
2100
2101 // Mifare AUTH
2102 uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
2103 uint8_t mf_nr_ar[8] = { 0x00 }; //{ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
2104 static uint8_t mf_nr_ar3 = 0;
2105
2106 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = { 0x00 };
2107 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = { 0x00 };
2108
2109 byte_t nt_diff = 0;
2110 uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
2111 static byte_t par_low = 0;
2112 bool led_on = TRUE;
2113 uint8_t uid[10] = {0x00};
2114 //uint32_t cuid = 0x00;
2115
2116 uint32_t nt = 0;
2117 uint32_t previous_nt = 0;
2118 static uint32_t nt_attacked = 0;
2119 byte_t par_list[8] = {0x00};
2120 byte_t ks_list[8] = {0x00};
2121
2122 static uint32_t sync_time = 0;
2123 static uint32_t sync_cycles = 0;
2124 int catch_up_cycles = 0;
2125 int last_catch_up = 0;
2126 uint16_t consecutive_resyncs = 0;
2127 int isOK = 0;
2128
2129 int numWrongDistance = 0;
2130
2131 if (first_try) {
2132 mf_nr_ar3 = 0;
2133 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
2134 sync_time = GetCountSspClk() & 0xfffffff8;
2135 sync_cycles = 65536; // theory: Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
2136 nt_attacked = 0;
2137 nt = 0;
2138 par[0] = 0;
2139 }
2140 else {
2141 // we were unsuccessful on a previous call. Try another READER nonce (first 3 parity bits remain the same)
2142 mf_nr_ar3++;
2143 mf_nr_ar[3] = mf_nr_ar3;
2144 par[0] = par_low;
2145 }
2146
2147 LED_A_ON();
2148 LED_B_OFF();
2149 LED_C_OFF();
2150 LED_C_ON();
2151
2152 for(uint16_t i = 0; TRUE; i++) {
2153
2154 WDT_HIT();
2155
2156 // Test if the action was cancelled
2157 if(BUTTON_PRESS()) break;
2158
2159 if (numWrongDistance > 1000) {
2160 isOK = 0;
2161 break;
2162 }
2163
2164 //if(!iso14443a_select_card(uid, NULL, &cuid)) {
2165 if(!iso14443a_select_card(uid, NULL, NULL)) {
2166 if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Can't select card");
2167 continue;
2168 }
2169
2170 sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
2171 catch_up_cycles = 0;
2172
2173 // if we missed the sync time already, advance to the next nonce repeat
2174 while(GetCountSspClk() > sync_time) {
2175 sync_time = (sync_time & 0xfffffff8) + sync_cycles;
2176 }
2177
2178 // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
2179 ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
2180
2181 // Receive the (4 Byte) "random" nonce
2182 if (!ReaderReceive(receivedAnswer, receivedAnswerPar)) {
2183 if (MF_DBGLEVEL >= 1) Dbprintf("Mifare: Couldn't receive tag nonce");
2184 continue;
2185 }
2186
2187 previous_nt = nt;
2188 nt = bytes_to_num(receivedAnswer, 4);
2189
2190 // Transmit reader nonce with fake par
2191 ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
2192
2193 if (first_try && previous_nt && !nt_attacked) { // we didn't calibrate our clock yet
2194 int nt_distance = dist_nt(previous_nt, nt);
2195 if (nt_distance == 0) {
2196 nt_attacked = nt;
2197 }
2198 else {
2199
2200 // invalid nonce received, try again
2201 if (nt_distance == -99999) {
2202 numWrongDistance++;
2203 if (MF_DBGLEVEL >= 3) Dbprintf("The two nonces has invalid distance, tag could have good PRNG\n");
2204 continue;
2205 }
2206
2207 sync_cycles = (sync_cycles - nt_distance);
2208 if (MF_DBGLEVEL >= 3) Dbprintf("calibrating in cycle %d. nt_distance=%d, Sync_cycles: %d\n", i, nt_distance, sync_cycles);
2209 continue;
2210 }
2211 }
2212
2213 if ((nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again...
2214 catch_up_cycles = -dist_nt(nt_attacked, nt);
2215 if (catch_up_cycles >= 99999) { // invalid nonce received. Don't resync on that one.
2216 catch_up_cycles = 0;
2217 continue;
2218 }
2219 if (catch_up_cycles == last_catch_up) {
2220 consecutive_resyncs++;
2221 }
2222 else {
2223 last_catch_up = catch_up_cycles;
2224 consecutive_resyncs = 0;
2225 }
2226 if (consecutive_resyncs < 3) {
2227 if (MF_DBGLEVEL >= 3) Dbprintf("Lost sync in cycle %d. nt_distance=%d. Consecutive Resyncs = %d. Trying one time catch up...\n", i, -catch_up_cycles, consecutive_resyncs);
2228 }
2229 else {
2230 sync_cycles = sync_cycles + catch_up_cycles;
2231 if (MF_DBGLEVEL >= 3) Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d.\n", i, -catch_up_cycles, sync_cycles);
2232 }
2233 continue;
2234 }
2235
2236 consecutive_resyncs = 0;
2237
2238 // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
2239 if (ReaderReceive(receivedAnswer, receivedAnswerPar))
2240 {
2241 catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer
2242
2243 if (nt_diff == 0)
2244 {
2245 par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change
2246 }
2247
2248 led_on = !led_on;
2249 if(led_on) LED_B_ON(); else LED_B_OFF();
2250
2251 par_list[nt_diff] = SwapBits(par[0], 8);
2252 ks_list[nt_diff] = receivedAnswer[0] ^ 0x05;
2253
2254 // Test if the information is complete
2255 if (nt_diff == 0x07) {
2256 isOK = 1;
2257 break;
2258 }
2259
2260 nt_diff = (nt_diff + 1) & 0x07;
2261 mf_nr_ar[3] = (mf_nr_ar[3] & 0x1F) | (nt_diff << 5);
2262 par[0] = par_low;
2263 } else {
2264 if (nt_diff == 0 && first_try)
2265 {
2266 par[0]++;
2267 } else {
2268 par[0] = ((par[0] & 0x1F) + 1) | par_low;
2269 }
2270 }
2271 }
2272
2273 mf_nr_ar[3] &= 0x1F;
2274
2275 byte_t buf[28] = {0x00};
2276
2277 memcpy(buf + 0, uid, 4);
2278 num_to_bytes(nt, 4, buf + 4);
2279 memcpy(buf + 8, par_list, 8);
2280 memcpy(buf + 16, ks_list, 8);
2281 memcpy(buf + 24, mf_nr_ar, 4);
2282
2283 cmd_send(CMD_ACK,isOK,0,0,buf,28);
2284
2285 set_tracing(FALSE);
2286 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2287 LEDsoff();
2288 }
2289
2290
2291 /*
2292 *MIFARE 1K simulate.
2293 *
2294 *@param flags :
2295 * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
2296 * 4B_FLAG_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
2297 * 7B_FLAG_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
2298 * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later
2299 *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is inifite
2300 */
2301 void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain)
2302 {
2303 int cardSTATE = MFEMUL_NOFIELD;
2304 int _7BUID = 0;
2305 int vHf = 0; // in mV
2306 int res;
2307 uint32_t selTimer = 0;
2308 uint32_t authTimer = 0;
2309 uint16_t len = 0;
2310 uint8_t cardWRBL = 0;
2311 uint8_t cardAUTHSC = 0;
2312 uint8_t cardAUTHKEY = 0xff; // no authentication
2313 uint32_t cardRr = 0;
2314 uint32_t cuid = 0;
2315 //uint32_t rn_enc = 0;
2316 uint32_t ans = 0;
2317 uint32_t cardINTREG = 0;
2318 uint8_t cardINTBLOCK = 0;
2319 struct Crypto1State mpcs = {0, 0};
2320 struct Crypto1State *pcs;
2321 pcs = &mpcs;
2322 uint32_t numReads = 0;//Counts numer of times reader read a block
2323 uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
2324 uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE];
2325 uint8_t response[MAX_MIFARE_FRAME_SIZE];
2326 uint8_t response_par[MAX_MIFARE_PARITY_SIZE];
2327
2328 uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID
2329 uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
2330 uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; // !!!
2331 uint8_t rSAK[] = {0x08, 0xb6, 0xdd};
2332 uint8_t rSAK1[] = {0x04, 0xda, 0x17};
2333
2334 uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
2335 uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
2336
2337 //Here, we collect UID,NT,AR,NR,UID2,NT2,AR2,NR2
2338 // This can be used in a reader-only attack.
2339 // (it can also be retrieved via 'hf 14a list', but hey...
2340 uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0};
2341 uint8_t ar_nr_collected = 0;
2342
2343 // free eventually allocated BigBuf memory but keep Emulator Memory
2344 BigBuf_free_keep_EM();
2345
2346 // clear trace
2347 clear_trace();
2348 set_tracing(TRUE);
2349
2350 // Authenticate response - nonce
2351 uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
2352
2353 //-- Determine the UID
2354 // Can be set from emulator memory, incoming data
2355 // and can be 7 or 4 bytes long
2356 if (flags & FLAG_4B_UID_IN_DATA)
2357 {
2358 // 4B uid comes from data-portion of packet
2359 memcpy(rUIDBCC1,datain,4);
2360 rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
2361
2362 } else if (flags & FLAG_7B_UID_IN_DATA) {
2363 // 7B uid comes from data-portion of packet
2364 memcpy(&rUIDBCC1[1],datain,3);
2365 memcpy(rUIDBCC2, datain+3, 4);
2366 _7BUID = true;
2367 } else {
2368 // get UID from emul memory
2369 emlGetMemBt(receivedCmd, 7, 1);
2370 _7BUID = !(receivedCmd[0] == 0x00);
2371 if (!_7BUID) { // ---------- 4BUID
2372 emlGetMemBt(rUIDBCC1, 0, 4);
2373 } else { // ---------- 7BUID
2374 emlGetMemBt(&rUIDBCC1[1], 0, 3);
2375 emlGetMemBt(rUIDBCC2, 3, 4);
2376 }
2377 }
2378
2379 /*
2380 * Regardless of what method was used to set the UID, set fifth byte and modify
2381 * the ATQA for 4 or 7-byte UID
2382 */
2383 rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
2384 if (_7BUID) {
2385 rATQA[0] = 0x44;
2386 rUIDBCC1[0] = 0x88;
2387 rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
2388 rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
2389 }
2390
2391 // We need to listen to the high-frequency, peak-detected path.
2392 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
2393
2394
2395 if (MF_DBGLEVEL >= 1) {
2396 if (!_7BUID) {
2397 Dbprintf("4B UID: %02x%02x%02x%02x",
2398 rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3]);
2399 } else {
2400 Dbprintf("7B UID: (%02x)%02x%02x%02x%02x%02x%02x%02x",
2401 rUIDBCC1[0], rUIDBCC1[1], rUIDBCC1[2], rUIDBCC1[3],
2402 rUIDBCC2[0], rUIDBCC2[1] ,rUIDBCC2[2], rUIDBCC2[3]);
2403 }
2404 }
2405
2406 bool finished = FALSE;
2407 while (!BUTTON_PRESS() && !finished) {
2408 WDT_HIT();
2409
2410 // find reader field
2411 if (cardSTATE == MFEMUL_NOFIELD) {
2412 vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
2413 if (vHf > MF_MINFIELDV) {
2414 cardSTATE_TO_IDLE();
2415 LED_A_ON();
2416 }
2417 }
2418 if(cardSTATE == MFEMUL_NOFIELD) continue;
2419
2420 //Now, get data
2421
2422 res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
2423 if (res == 2) { //Field is off!
2424 cardSTATE = MFEMUL_NOFIELD;
2425 LEDsoff();
2426 continue;
2427 } else if (res == 1) {
2428 break; //return value 1 means button press
2429 }
2430
2431 // REQ or WUP request in ANY state and WUP in HALTED state
2432 if (len == 1 && ((receivedCmd[0] == 0x26 && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == 0x52)) {
2433 selTimer = GetTickCount();
2434 EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == 0x52));
2435 cardSTATE = MFEMUL_SELECT1;
2436
2437 // init crypto block
2438 LED_B_OFF();
2439 LED_C_OFF();
2440 crypto1_destroy(pcs);
2441 cardAUTHKEY = 0xff;
2442 continue;
2443 }
2444
2445 switch (cardSTATE) {
2446 case MFEMUL_NOFIELD:
2447 case MFEMUL_HALTED:
2448 case MFEMUL_IDLE:{
2449 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2450 break;
2451 }
2452 case MFEMUL_SELECT1:{
2453 // select all
2454 if (len == 2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x20)) {
2455 if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL received");
2456 EmSendCmd(rUIDBCC1, sizeof(rUIDBCC1));
2457 break;
2458 }
2459
2460 if (MF_DBGLEVEL >= 4 && len == 9 && receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 )
2461 {
2462 Dbprintf("SELECT %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
2463 }
2464 // select card
2465 if (len == 9 &&
2466 (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
2467 EmSendCmd(_7BUID?rSAK1:rSAK, _7BUID?sizeof(rSAK1):sizeof(rSAK));
2468 cuid = bytes_to_num(rUIDBCC1, 4);
2469 if (!_7BUID) {
2470 cardSTATE = MFEMUL_WORK;
2471 LED_B_ON();
2472 if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
2473 break;
2474 } else {
2475 cardSTATE = MFEMUL_SELECT2;
2476 }
2477 }
2478 break;
2479 }
2480 case MFEMUL_AUTH1:{
2481 if( len != 8)
2482 {
2483 cardSTATE_TO_IDLE();
2484 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2485 break;
2486 }
2487
2488 uint32_t ar = bytes_to_num(receivedCmd, 4);
2489 uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
2490
2491 //Collect AR/NR
2492 //if(ar_nr_collected < 2 && cardAUTHSC == 2){
2493 if(ar_nr_collected < 2){
2494 if(ar_nr_responses[2] != ar)
2495 {// Avoid duplicates... probably not necessary, ar should vary.
2496 ar_nr_responses[ar_nr_collected*4] = cuid;
2497 ar_nr_responses[ar_nr_collected*4+1] = nonce;
2498 ar_nr_responses[ar_nr_collected*4+2] = ar;
2499 ar_nr_responses[ar_nr_collected*4+3] = nr;
2500 ar_nr_collected++;
2501 }
2502 // Interactive mode flag, means we need to send ACK
2503 if(flags & FLAG_INTERACTIVE && ar_nr_collected == 2)
2504 {
2505 finished = true;
2506 }
2507 }
2508
2509 // --- crypto
2510 crypto1_word(pcs, ar , 1);
2511 cardRr = nr ^ crypto1_word(pcs, 0, 0);
2512
2513 // test if auth OK
2514 if (cardRr != prng_successor(nonce, 64)){
2515 if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
2516 cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
2517 cardRr, prng_successor(nonce, 64));
2518 // Shouldn't we respond anything here?
2519 // Right now, we don't nack or anything, which causes the
2520 // reader to do a WUPA after a while. /Martin
2521 // -- which is the correct response. /piwi
2522 cardSTATE_TO_IDLE();
2523 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2524 break;
2525 }
2526
2527 ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
2528
2529 num_to_bytes(ans, 4, rAUTH_AT);
2530 // --- crypto
2531 EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
2532 LED_C_ON();
2533 cardSTATE = MFEMUL_WORK;
2534 if (MF_DBGLEVEL >= 4) Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
2535 cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
2536 GetTickCount() - authTimer);
2537 break;
2538 }
2539 case MFEMUL_SELECT2:{
2540 if (!len) {
2541 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2542 break;
2543 }
2544 if (len == 2 && (receivedCmd[0] == 0x95 && receivedCmd[1] == 0x20)) {
2545 EmSendCmd(rUIDBCC2, sizeof(rUIDBCC2));
2546 break;
2547 }
2548
2549 // select 2 card
2550 if (len == 9 &&
2551 (receivedCmd[0] == 0x95 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0)) {
2552 EmSendCmd(rSAK, sizeof(rSAK));
2553 cuid = bytes_to_num(rUIDBCC2, 4);
2554 cardSTATE = MFEMUL_WORK;
2555 LED_B_ON();
2556 if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
2557 break;
2558 }
2559
2560 // i guess there is a command). go into the work state.
2561 if (len != 4) {
2562 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2563 break;
2564 }
2565 cardSTATE = MFEMUL_WORK;
2566 //goto lbWORK;
2567 //intentional fall-through to the next case-stmt
2568 }
2569
2570 case MFEMUL_WORK:{
2571 if (len == 0) {
2572 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2573 break;
2574 }
2575
2576 bool encrypted_data = (cardAUTHKEY != 0xFF) ;
2577
2578 if(encrypted_data) {
2579 // decrypt seqence
2580 mf_crypto1_decrypt(pcs, receivedCmd, len);
2581 }
2582
2583 if (len == 4 && (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61)) {
2584 authTimer = GetTickCount();
2585 cardAUTHSC = receivedCmd[1] / 4; // received block num
2586 cardAUTHKEY = receivedCmd[0] - 0x60;
2587 crypto1_destroy(pcs);//Added by martin
2588 crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
2589
2590 if (!encrypted_data) { // first authentication
2591 if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
2592
2593 crypto1_word(pcs, cuid ^ nonce, 0);//Update crypto state
2594 num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
2595 } else { // nested authentication
2596 if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
2597 ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
2598 num_to_bytes(ans, 4, rAUTH_AT);
2599 }
2600
2601 EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
2602 //Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
2603 cardSTATE = MFEMUL_AUTH1;
2604 break;
2605 }
2606
2607 // rule 13 of 7.5.3. in ISO 14443-4. chaining shall be continued
2608 // BUT... ACK --> NACK
2609 if (len == 1 && receivedCmd[0] == CARD_ACK) {
2610 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2611 break;
2612 }
2613
2614 // rule 12 of 7.5.3. in ISO 14443-4. R(NAK) --> R(ACK)
2615 if (len == 1 && receivedCmd[0] == CARD_NACK_NA) {
2616 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
2617 break;
2618 }
2619
2620 if(len != 4) {
2621 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2622 break;
2623 }
2624
2625 if(receivedCmd[0] == 0x30 // read block
2626 || receivedCmd[0] == 0xA0 // write block
2627 || receivedCmd[0] == 0xC0 // inc
2628 || receivedCmd[0] == 0xC1 // dec
2629 || receivedCmd[0] == 0xC2 // restore
2630 || receivedCmd[0] == 0xB0) { // transfer
2631 if (receivedCmd[1] >= 16 * 4) {
2632 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2633 if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
2634 break;
2635 }
2636
2637 if (receivedCmd[1] / 4 != cardAUTHSC) {
2638 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2639 if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC);
2640 break;
2641 }
2642 }
2643 // read block
2644 if (receivedCmd[0] == 0x30) {
2645 if (MF_DBGLEVEL >= 4) {
2646 Dbprintf("Reader reading block %d (0x%02x)",receivedCmd[1],receivedCmd[1]);
2647 }
2648 emlGetMem(response, receivedCmd[1], 1);
2649 AppendCrc14443a(response, 16);
2650 mf_crypto1_encrypt(pcs, response, 18, response_par);
2651 EmSendCmdPar(response, 18, response_par);
2652 numReads++;
2653 if(exitAfterNReads > 0 && numReads >= exitAfterNReads) {
2654 Dbprintf("%d reads done, exiting", numReads);
2655 finished = true;
2656 }
2657 break;
2658 }
2659 // write block
2660 if (receivedCmd[0] == 0xA0) {
2661 if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)",receivedCmd[1],receivedCmd[1]);
2662 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
2663 cardSTATE = MFEMUL_WRITEBL2;
2664 cardWRBL = receivedCmd[1];
2665 break;
2666 }
2667 // increment, decrement, restore
2668 if (receivedCmd[0] == 0xC0 || receivedCmd[0] == 0xC1 || receivedCmd[0] == 0xC2) {
2669 if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
2670 if (emlCheckValBl(receivedCmd[1])) {
2671 if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking");
2672 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2673 break;
2674 }
2675 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
2676 if (receivedCmd[0] == 0xC1)
2677 cardSTATE = MFEMUL_INTREG_INC;
2678 if (receivedCmd[0] == 0xC0)
2679 cardSTATE = MFEMUL_INTREG_DEC;
2680 if (receivedCmd[0] == 0xC2)
2681 cardSTATE = MFEMUL_INTREG_REST;
2682 cardWRBL = receivedCmd[1];
2683 break;
2684 }
2685 // transfer
2686 if (receivedCmd[0] == 0xB0) {
2687 if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
2688 if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd[1]))
2689 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2690 else
2691 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
2692 break;
2693 }
2694 // halt
2695 if (receivedCmd[0] == 0x50 && receivedCmd[1] == 0x00) {
2696 LED_B_OFF();
2697 LED_C_OFF();
2698 cardSTATE = MFEMUL_HALTED;
2699 if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED. Selected time: %d ms", GetTickCount() - selTimer);
2700 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2701 break;
2702 }
2703 // RATS
2704 if (receivedCmd[0] == 0xe0) {//RATS
2705 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2706 break;
2707 }
2708 // command not allowed
2709 if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking");
2710 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2711 break;
2712 }
2713 case MFEMUL_WRITEBL2:{
2714 if (len == 18){
2715 mf_crypto1_decrypt(pcs, receivedCmd, len);
2716 emlSetMem(receivedCmd, cardWRBL, 1);
2717 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
2718 cardSTATE = MFEMUL_WORK;
2719 } else {
2720 cardSTATE_TO_IDLE();
2721 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2722 }
2723 break;
2724 }
2725
2726 case MFEMUL_INTREG_INC:{
2727 mf_crypto1_decrypt(pcs, receivedCmd, len);
2728 memcpy(&ans, receivedCmd, 4);
2729 if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
2730 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2731 cardSTATE_TO_IDLE();
2732 break;
2733 }
2734 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2735 cardINTREG = cardINTREG + ans;
2736 cardSTATE = MFEMUL_WORK;
2737 break;
2738 }
2739 case MFEMUL_INTREG_DEC:{
2740 mf_crypto1_decrypt(pcs, receivedCmd, len);
2741 memcpy(&ans, receivedCmd, 4);
2742 if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
2743 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2744 cardSTATE_TO_IDLE();
2745 break;
2746 }
2747 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2748 cardINTREG = cardINTREG - ans;
2749 cardSTATE = MFEMUL_WORK;
2750 break;
2751 }
2752 case MFEMUL_INTREG_REST:{
2753 mf_crypto1_decrypt(pcs, receivedCmd, len);
2754 memcpy(&ans, receivedCmd, 4);
2755 if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
2756 EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
2757 cardSTATE_TO_IDLE();
2758 break;
2759 }
2760 LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
2761 cardSTATE = MFEMUL_WORK;
2762 break;
2763 }
2764 }
2765 }
2766
2767 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
2768 LEDsoff();
2769
2770 if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
2771 {
2772 //May just aswell send the collected ar_nr in the response aswell
2773 cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,1,0,&ar_nr_responses,ar_nr_collected*4*4);
2774 }
2775
2776 if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 )
2777 {
2778 if(ar_nr_collected > 1 ) {
2779 Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
2780 Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
2781 ar_nr_responses[0], // UID
2782 ar_nr_responses[1], // NT
2783 ar_nr_responses[2], // AR1
2784 ar_nr_responses[3], // NR1
2785 ar_nr_responses[6], // AR2
2786 ar_nr_responses[7] // NR2
2787 );
2788 } else {
2789 Dbprintf("Failed to obtain two AR/NR pairs!");
2790 if(ar_nr_collected > 0 ) {
2791 Dbprintf("Only got these: UID=%08x, nonce=%08x, AR1=%08x, NR1=%08x",
2792 ar_nr_responses[0], // UID
2793 ar_nr_responses[1], // NT
2794 ar_nr_responses[2], // AR1
2795 ar_nr_responses[3] // NR1
2796 );
2797 }
2798 }
2799 }
2800 if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
2801
2802 }
2803
2804
2805 //-----------------------------------------------------------------------------
2806 // MIFARE sniffer.
2807 //
2808 //-----------------------------------------------------------------------------
2809 void RAMFUNC SniffMifare(uint8_t param) {
2810 // param:
2811 // bit 0 - trigger from first card answer
2812 // bit 1 - trigger from first reader 7-bit request
2813
2814 // free eventually allocated BigBuf memory
2815 BigBuf_free();
2816
2817 // C(red) A(yellow) B(green)
2818 LEDsoff();
2819 // init trace buffer
2820 clear_trace();
2821 set_tracing(TRUE);
2822
2823 // The command (reader -> tag) that we're receiving.
2824 // The length of a received command will in most cases be no more than 18 bytes.
2825 // So 32 should be enough!
2826 uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
2827 uint8_t receivedCmdPar[MAX_MIFARE_PARITY_SIZE];
2828 // The response (tag -> reader) that we're receiving.
2829 uint8_t receivedResponse[MAX_MIFARE_FRAME_SIZE];
2830 uint8_t receivedResponsePar[MAX_MIFARE_PARITY_SIZE];
2831
2832 // allocate the DMA buffer, used to stream samples from the FPGA
2833 uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
2834 uint8_t *data = dmaBuf;
2835 uint8_t previous_data = 0;
2836 int maxDataLen = 0;
2837 int dataLen = 0;
2838 bool ReaderIsActive = FALSE;
2839 bool TagIsActive = FALSE;
2840
2841 iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
2842
2843 // Set up the demodulator for tag -> reader responses.
2844 DemodInit(receivedResponse, receivedResponsePar);
2845
2846 // Set up the demodulator for the reader -> tag commands
2847 UartInit(receivedCmd, receivedCmdPar);
2848
2849 // Setup for the DMA.
2850 FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); // set transfer address and number of bytes. Start transfer.
2851
2852 LED_D_OFF();
2853
2854 // init sniffer
2855 MfSniffInit();
2856
2857 // And now we loop, receiving samples.
2858 for(uint32_t sniffCounter = 0; TRUE; ) {
2859
2860 if(BUTTON_PRESS()) {
2861 DbpString("cancelled by button");
2862 break;
2863 }
2864
2865 LED_A_ON();
2866 WDT_HIT();
2867
2868 if ((sniffCounter & 0x0000FFFF) == 0) { // from time to time
2869 // check if a transaction is completed (timeout after 2000ms).
2870 // if yes, stop the DMA transfer and send what we have so far to the client
2871 if (MfSniffSend(2000)) {
2872 // Reset everything - we missed some sniffed data anyway while the DMA was stopped
2873 sniffCounter = 0;
2874 data = dmaBuf;
2875 maxDataLen = 0;
2876 ReaderIsActive = FALSE;
2877 TagIsActive = FALSE;
2878 FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE); // set transfer address and number of bytes. Start transfer.
2879 }
2880 }
2881
2882 int register readBufDataP = data - dmaBuf; // number of bytes we have processed so far
2883 int register dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR; // number of bytes already transferred
2884 if (readBufDataP <= dmaBufDataP){ // we are processing the same block of data which is currently being transferred
2885 dataLen = dmaBufDataP - readBufDataP; // number of bytes still to be processed
2886 } else {
2887 dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP; // number of bytes still to be processed
2888 }
2889 // test for length of buffer
2890 if(dataLen > maxDataLen) { // we are more behind than ever...
2891 maxDataLen = dataLen;
2892 if(dataLen > (9 * DMA_BUFFER_SIZE / 10)) {
2893 Dbprintf("blew circular buffer! dataLen=0x%x", dataLen);
2894 break;
2895 }
2896 }
2897 if(dataLen < 1) continue;
2898
2899 // primary buffer was stopped ( <-- we lost data!
2900 if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
2901 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dmaBuf;
2902 AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
2903 Dbprintf("RxEmpty ERROR!!! data length:%d", dataLen); // temporary
2904 }
2905 // secondary buffer sets as primary, secondary buffer was stopped
2906 if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
2907 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf;
2908 AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
2909 }
2910
2911 LED_A_OFF();
2912
2913 if (sniffCounter & 0x01) {
2914
2915 if(!TagIsActive) { // no need to try decoding tag data if the reader is sending
2916 uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
2917 if(MillerDecoding(readerdata, (sniffCounter-1)*4)) {
2918 LED_C_INV();
2919 if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, TRUE)) break;
2920
2921 /* And ready to receive another command. */
2922 UartInit(receivedCmd, receivedCmdPar);
2923
2924 /* And also reset the demod code */
2925 DemodReset();
2926 }
2927 ReaderIsActive = (Uart.state != STATE_UNSYNCD);
2928 }
2929
2930 if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending
2931 uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
2932 if(ManchesterDecoding(tagdata, 0, (sniffCounter-1)*4)) {
2933 LED_C_INV();
2934
2935 if (MfSniffLogic(receivedResponse, Demod.len, Demod.parity, Demod.bitCount, FALSE)) break;
2936
2937 // And ready to receive another response.
2938 DemodReset();
2939
2940 // And reset the Miller decoder including its (now outdated) input buffer
2941 UartInit(receivedCmd, receivedCmdPar);
2942 }
2943 TagIsActive = (Demod.state != DEMOD_UNSYNCD);
2944 }
2945 }
2946
2947 previous_data = *data;
2948 sniffCounter++;
2949 data++;
2950 if(data == dmaBuf + DMA_BUFFER_SIZE) {
2951 data = dmaBuf;
2952 }
2953
2954 } // main cycle
2955
2956 DbpString("COMMAND FINISHED");
2957
2958 FpgaDisableSscDma();
2959 MfSniffEnd();
2960
2961 Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len);
2962 LEDsoff();
2963 }
Proxmark3 GIT tracking
Impressum, Datenschutz