1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
6 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
7 // at your option, any later version. See the LICENSE.txt file for the text of
9 //-----------------------------------------------------------------------------
10 // Routines to support ISO 14443 type A.
11 //-----------------------------------------------------------------------------
13 #include "mifarecmd.h"
16 //-----------------------------------------------------------------------------
17 // Select, Authenticaate, Read an MIFARE tag.
19 //-----------------------------------------------------------------------------
20 void MifareReadBlock(uint8_t arg0
, uint8_t arg1
, uint8_t arg2
, uint8_t *datain
)
23 uint8_t blockNo
= arg0
;
24 uint8_t keyType
= arg1
;
26 ui64Key
= bytes_to_num(datain
, 6);
30 byte_t dataoutbuf
[16];
33 struct Crypto1State mpcs
= {0, 0};
34 struct Crypto1State
*pcs
;
39 // iso14a_set_tracing(false);
48 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
49 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
53 if(mifare_classic_auth(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_FIRST
)) {
54 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth error");
58 if(mifare_classic_readblock(pcs
, cuid
, blockNo
, dataoutbuf
)) {
59 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block error");
63 if(mifare_classic_halt(pcs
, cuid
)) {
64 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
72 // ----------------------------- crypto1 destroy
75 if (MF_DBGLEVEL
>= 2) DbpString("READ BLOCK FINISHED");
79 LogTrace(uid
, 4, 0, 0, TRUE
);
81 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
82 // memcpy(ack.d.asBytes, dataoutbuf, 16);
85 cmd_send(CMD_ACK
,isOK
,0,0,dataoutbuf
,16);
86 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
91 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
93 // iso14a_set_tracing(TRUE);
97 //-----------------------------------------------------------------------------
98 // Select, Authenticaate, Read an MIFARE tag.
99 // read sector (data = 4 x 16 bytes = 64 bytes)
100 //-----------------------------------------------------------------------------
101 void MifareReadSector(uint8_t arg0
, uint8_t arg1
, uint8_t arg2
, uint8_t *datain
)
104 uint8_t sectorNo
= arg0
;
105 uint8_t keyType
= arg1
;
106 uint64_t ui64Key
= 0;
107 ui64Key
= bytes_to_num(datain
, 6);
111 byte_t dataoutbuf
[16 * 4];
114 struct Crypto1State mpcs
= {0, 0};
115 struct Crypto1State
*pcs
;
119 iso14a_clear_trace();
120 // iso14a_set_tracing(false);
129 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
130 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
134 if(mifare_classic_auth(pcs
, cuid
, sectorNo
* 4, keyType
, ui64Key
, AUTH_FIRST
)) {
135 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth error");
139 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 0, dataoutbuf
+ 16 * 0)) {
140 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 0 error");
143 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 1, dataoutbuf
+ 16 * 1)) {
144 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 1 error");
147 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 2, dataoutbuf
+ 16 * 2)) {
148 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 2 error");
151 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 3, dataoutbuf
+ 16 * 3)) {
152 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 3 error");
156 if(mifare_classic_halt(pcs
, cuid
)) {
157 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
165 // ----------------------------- crypto1 destroy
166 crypto1_destroy(pcs
);
168 if (MF_DBGLEVEL
>= 2) DbpString("READ SECTOR FINISHED");
171 memset(uid
, 0x44, 4);
172 LogTrace(uid
, 4, 0, 0, TRUE
);
174 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
175 // memcpy(ack.d.asBytes, dataoutbuf, 16 * 2);
178 cmd_send(CMD_ACK
,isOK
,0,0,dataoutbuf
,32);
179 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
182 // memcpy(ack.d.asBytes, dataoutbuf + 16 * 2, 16 * 2);
183 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
184 cmd_send(CMD_ACK
,isOK
,0,0,dataoutbuf
+32, 32);
188 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
190 // iso14a_set_tracing(TRUE);
194 //-----------------------------------------------------------------------------
195 // Select, Authenticaate, Read an MIFARE tag.
197 //-----------------------------------------------------------------------------
198 void MifareWriteBlock(uint8_t arg0
, uint8_t arg1
, uint8_t arg2
, uint8_t *datain
)
201 uint8_t blockNo
= arg0
;
202 uint8_t keyType
= arg1
;
203 uint64_t ui64Key
= 0;
204 byte_t blockdata
[16];
206 ui64Key
= bytes_to_num(datain
, 6);
207 memcpy(blockdata
, datain
+ 10, 16);
213 struct Crypto1State mpcs
= {0, 0};
214 struct Crypto1State
*pcs
;
218 iso14a_clear_trace();
219 // iso14a_set_tracing(false);
228 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
229 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
233 if(mifare_classic_auth(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_FIRST
)) {
234 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth error");
238 if(mifare_classic_writeblock(pcs
, cuid
, blockNo
, blockdata
)) {
239 if (MF_DBGLEVEL
>= 1) Dbprintf("Write block error");
243 if(mifare_classic_halt(pcs
, cuid
)) {
244 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
252 // ----------------------------- crypto1 destroy
253 crypto1_destroy(pcs
);
255 if (MF_DBGLEVEL
>= 2) DbpString("WRITE BLOCK FINISHED");
258 memset(uid
, 0x44, 4);
259 LogTrace(uid
, 4, 0, 0, TRUE
);
261 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
264 cmd_send(CMD_ACK
,isOK
,0,0,0,0);
265 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
270 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
272 // iso14a_set_tracing(TRUE);
276 // Return 1 if the nonce is invalid else return 0
277 int valid_nonce(uint32_t Nt
, uint32_t NtEnc
, uint32_t Ks1
, byte_t
* parity
) {
278 return ((oddparity((Nt
>> 24) & 0xFF) == ((parity
[0]) ^ oddparity((NtEnc
>> 24) & 0xFF) ^ BIT(Ks1
,16))) & \
279 (oddparity((Nt
>> 16) & 0xFF) == ((parity
[1]) ^ oddparity((NtEnc
>> 16) & 0xFF) ^ BIT(Ks1
,8))) & \
280 (oddparity((Nt
>> 8) & 0xFF) == ((parity
[2]) ^ oddparity((NtEnc
>> 8) & 0xFF) ^ BIT(Ks1
,0)))) ? 1 : 0;
283 //-----------------------------------------------------------------------------
284 // MIFARE nested authentication.
286 //-----------------------------------------------------------------------------
287 void MifareNested(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
)
290 uint8_t blockNo
= arg0
;
291 uint8_t keyType
= arg1
;
292 uint8_t targetBlockNo
= arg2
& 0xff;
293 uint8_t targetKeyType
= (arg2
>> 8) & 0xff;
294 uint64_t ui64Key
= 0;
296 ui64Key
= bytes_to_num(datain
, 6);
299 int rtr
, i
, j
, m
, len
;
300 int davg
, dmin
, dmax
;
302 uint32_t cuid
, nt1
, nt2
, nttmp
, nttest
, par
, ks1
;
303 uint8_t par_array
[4];
304 nestedVector nvector
[NES_MAX_INFO
+ 1][11];
305 int nvectorcount
[NES_MAX_INFO
+ 1];
307 struct Crypto1State mpcs
= {0, 0};
308 struct Crypto1State
*pcs
;
310 uint8_t* receivedAnswer
= mifare_get_bigbufptr();
313 for (i
= 0; i
< NES_MAX_INFO
+ 1; i
++) nvectorcount
[i
] = 11; // 11 - empty block;
316 iso14a_clear_trace();
317 iso14a_set_tracing(false);
325 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
331 // test nonce distance
332 for (rtr
= 0; rtr
< 10; rtr
++) {
333 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
335 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A
| FPGA_HF_ISO14443A_READER_MOD
);
337 // Test if the action was cancelled
342 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
343 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
347 if(mifare_classic_authex(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_FIRST
, &nt1
)) {
348 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth1 error");
352 if(mifare_classic_authex(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_NESTED
, &nt2
)) {
353 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth2 error");
357 nttmp
= prng_successor(nt1
, 500);
358 for (i
= 501; i
< 2000; i
++) {
359 nttmp
= prng_successor(nttmp
, 1);
360 if (nttmp
== nt2
) break;
365 if (dmin
> i
) dmin
= i
;
366 if (dmax
< i
) dmax
= i
;
367 if (MF_DBGLEVEL
>= 4) Dbprintf("r=%d nt1=%08x nt2=%08x distance=%d", rtr
, nt1
, nt2
, i
);
371 if (rtr
== 0) return;
374 if (MF_DBGLEVEL
>= 3) Dbprintf("distance: min=%d max=%d avg=%d", dmin
, dmax
, davg
);
378 // -------------------------------------------------------------------------------------------------
382 // get crypted nonces for target sector
383 for (rtr
= 0; rtr
< NS_RETRIES_GETNONCE
; rtr
++) {
384 if (MF_DBGLEVEL
>= 4) Dbprintf("------------------------------");
386 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
388 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A
| FPGA_HF_ISO14443A_READER_MOD
);
390 // Test if the action was cancelled
395 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
396 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
400 if(mifare_classic_authex(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_FIRST
, &nt1
)) {
401 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth1 error");
405 // nested authentication
406 len
= mifare_sendcmd_shortex(pcs
, AUTH_NESTED
, 0x60 + (targetKeyType
& 0x01), targetBlockNo
, receivedAnswer
, &par
);
408 if (MF_DBGLEVEL
>= 1) Dbprintf("Auth2 error len=%d", len
);
412 nt2
= bytes_to_num(receivedAnswer
, 4);
413 if (MF_DBGLEVEL
>= 4) Dbprintf("r=%d nt1=%08x nt2enc=%08x nt2par=%08x", rtr
, nt1
, nt2
, par
);
415 // Parity validity check
416 for (i
= 0; i
< 4; i
++) {
417 par_array
[i
] = (oddparity(receivedAnswer
[i
]) != ((par
& 0x08) >> 3));
422 nttest
= prng_successor(nt1
, dmin
- NS_TOLERANCE
);
423 for (m
= dmin
- NS_TOLERANCE
+ 1; m
< dmax
+ NS_TOLERANCE
; m
++) {
424 nttest
= prng_successor(nttest
, 1);
427 if (valid_nonce(nttest
, nt2
, ks1
, par_array
) && (ncount
< 11)){
429 nvector
[NES_MAX_INFO
][ncount
].nt
= nttest
;
430 nvector
[NES_MAX_INFO
][ncount
].ks1
= ks1
;
432 nvectorcount
[NES_MAX_INFO
] = ncount
;
433 if (MF_DBGLEVEL
>= 4) Dbprintf("valid m=%d ks1=%08x nttest=%08x", m
, ks1
, nttest
);
438 // select vector with length less than got
439 if (nvectorcount
[NES_MAX_INFO
] != 0) {
442 for (i
= 0; i
< NES_MAX_INFO
; i
++)
443 if (nvectorcount
[i
] > 10) {
448 if (m
== NES_MAX_INFO
)
449 for (i
= 0; i
< NES_MAX_INFO
; i
++)
450 if (nvectorcount
[NES_MAX_INFO
] < nvectorcount
[i
]) {
455 if (m
!= NES_MAX_INFO
) {
456 for (i
= 0; i
< nvectorcount
[m
]; i
++) {
457 nvector
[m
][i
] = nvector
[NES_MAX_INFO
][i
];
459 nvectorcount
[m
] = nvectorcount
[NES_MAX_INFO
];
466 // ----------------------------- crypto1 destroy
467 crypto1_destroy(pcs
);
470 memset(uid
, 0x44, 4);
471 LogTrace(uid
, 4, 0, 0, TRUE
);
473 // UsbCommand ack = {CMD_ACK, {0, 0, 0}};
475 for (i
= 0; i
< NES_MAX_INFO
; i
++) {
476 if (nvectorcount
[i
] > 10) continue;
478 for (j
= 0; j
< nvectorcount
[i
]; j
+= 5) {
479 ncount
= nvectorcount
[i
] - j
;
480 if (ncount
> 5) ncount
= 5;
482 // ack.arg[0] = 0; // isEOF = 0
483 // ack.arg[1] = ncount;
484 // ack.arg[2] = targetBlockNo + (targetKeyType * 0x100);
485 // memset(ack.d.asBytes, 0x00, sizeof(ack.d.asBytes));
488 memset(buf
, 0x00, sizeof(buf
));
489 memcpy(buf
, &cuid
, 4);
490 for (m
= 0; m
< ncount
; m
++) {
491 memcpy(buf
+ 8 + m
* 8 + 0, &nvector
[i
][m
+ j
].nt
, 4);
492 memcpy(buf
+ 8 + m
* 8 + 4, &nvector
[i
][m
+ j
].ks1
, 4);
496 cmd_send(CMD_ACK
,0,ncount
,targetBlockNo
+ (targetKeyType
* 0x100),buf
,48);
497 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
503 // ack.arg[0] = 1; // isEOF = 1
506 // memset(ack.d.asBytes, 0x00, sizeof(ack.d.asBytes));
509 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
510 cmd_send(CMD_ACK
,1,0,0,0,0);
513 if (MF_DBGLEVEL
>= 4) DbpString("NESTED FINISHED");
516 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
519 iso14a_set_tracing(TRUE
);
522 //-----------------------------------------------------------------------------
523 // MIFARE check keys. key count up to 8.
525 //-----------------------------------------------------------------------------
526 void MifareChkKeys(uint8_t arg0
, uint8_t arg1
, uint8_t arg2
, uint8_t *datain
)
529 uint8_t blockNo
= arg0
;
530 uint8_t keyType
= arg1
;
531 uint8_t keyCount
= arg2
;
532 uint64_t ui64Key
= 0;
539 struct Crypto1State mpcs
= {0, 0};
540 struct Crypto1State
*pcs
;
544 int OLD_MF_DBGLEVEL
= MF_DBGLEVEL
;
545 MF_DBGLEVEL
= MF_DBG_NONE
;
548 iso14a_clear_trace();
549 iso14a_set_tracing(TRUE
);
558 for (i
= 0; i
< keyCount
; i
++) {
559 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
561 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A
| FPGA_HF_ISO14443A_READER_MOD
);
563 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
564 if (OLD_MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
568 ui64Key
= bytes_to_num(datain
+ i
* 6, 6);
569 if(mifare_classic_auth(pcs
, cuid
, blockNo
, keyType
, ui64Key
, AUTH_FIRST
)) {
577 // ----------------------------- crypto1 destroy
578 crypto1_destroy(pcs
);
581 memset(uid
, 0x44, 4);
582 LogTrace(uid
, 4, 0, 0, TRUE
);
584 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
585 // if (isOK) memcpy(ack.d.asBytes, datain + i * 6, 6);
588 cmd_send(CMD_ACK
,isOK
,0,0,datain
+ i
* 6,6);
589 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
593 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
596 // restore debug level
597 MF_DBGLEVEL
= OLD_MF_DBGLEVEL
;
600 //-----------------------------------------------------------------------------
601 // MIFARE commands set debug level
603 //-----------------------------------------------------------------------------
604 void MifareSetDbgLvl(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
606 Dbprintf("Debug level: %d", MF_DBGLEVEL
);
609 //-----------------------------------------------------------------------------
610 // Work with emulator memory
612 //-----------------------------------------------------------------------------
613 void MifareEMemClr(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
617 void MifareEMemSet(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
618 emlSetMem(datain
, arg0
, arg1
); // data, block num, blocks count
621 void MifareEMemGet(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
622 // UsbCommand ack = {CMD_ACK, {arg0, arg1, 0}};
625 emlGetMem(buf
, arg0
, arg1
); // data, block num, blocks count
628 cmd_send(CMD_ACK
,arg0
,arg1
,0,buf
,48);
629 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
633 //-----------------------------------------------------------------------------
634 // Load a card into the emulator memory
636 //-----------------------------------------------------------------------------
637 void MifareECardLoad(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
639 uint8_t sectorNo
= 0;
640 uint8_t keyType
= arg1
;
641 uint64_t ui64Key
= 0;
643 struct Crypto1State mpcs
= {0, 0};
644 struct Crypto1State
*pcs
;
648 byte_t dataoutbuf
[16];
649 byte_t dataoutbuf2
[16];
653 iso14a_clear_trace();
654 iso14a_set_tracing(false);
663 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
664 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
668 for (i
= 0; i
< 16; i
++) {
670 ui64Key
= emlGetKey(sectorNo
, keyType
);
673 if(mifare_classic_auth(pcs
, cuid
, sectorNo
* 4, keyType
, ui64Key
, AUTH_FIRST
)) {
674 if (MF_DBGLEVEL
>= 1) Dbprintf("Sector[%d]. Auth error", i
);
678 if(mifare_classic_auth(pcs
, cuid
, sectorNo
* 4, keyType
, ui64Key
, AUTH_NESTED
)) {
679 if (MF_DBGLEVEL
>= 1) Dbprintf("Sector[%d]. Auth nested error", i
);
684 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 0, dataoutbuf
)) {
685 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 0 error");
688 emlSetMem(dataoutbuf
, sectorNo
* 4 + 0, 1);
690 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 1, dataoutbuf
)) {
691 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 1 error");
694 emlSetMem(dataoutbuf
, sectorNo
* 4 + 1, 1);
696 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 2, dataoutbuf
)) {
697 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 2 error");
700 emlSetMem(dataoutbuf
, sectorNo
* 4 + 2, 1);
702 // get block 3 bytes 6-9
703 if(mifare_classic_readblock(pcs
, cuid
, sectorNo
* 4 + 3, dataoutbuf
)) {
704 if (MF_DBGLEVEL
>= 1) Dbprintf("Read block 3 error");
707 emlGetMem(dataoutbuf2
, sectorNo
* 4 + 3, 1);
708 memcpy(&dataoutbuf2
[6], &dataoutbuf
[6], 4);
709 emlSetMem(dataoutbuf2
, sectorNo
* 4 + 3, 1);
712 if(mifare_classic_halt(pcs
, cuid
)) {
713 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
720 // ----------------------------- crypto1 destroy
721 crypto1_destroy(pcs
);
723 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
726 if (MF_DBGLEVEL
>= 2) DbpString("EMUL FILL SECTORS FINISHED");
729 memset(uid
, 0x44, 4);
730 LogTrace(uid
, 4, 0, 0, TRUE
);
733 //-----------------------------------------------------------------------------
734 // MIFARE 1k emulator
736 //-----------------------------------------------------------------------------
739 //-----------------------------------------------------------------------------
740 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
742 //-----------------------------------------------------------------------------
743 void MifareCSetBlock(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
746 uint8_t needWipe
= arg0
;
747 // bit 0 - need get UID
749 // bit 2 - need HALT after sequence
750 // bit 3 - need init FPGA and field before sequence
751 // bit 4 - need reset FPGA and LED
752 uint8_t workFlags
= arg1
;
753 uint8_t blockNo
= arg2
;
756 uint8_t wupC1
[] = { 0x40 };
757 uint8_t wupC2
[] = { 0x43 };
758 uint8_t wipeC
[] = { 0x41 };
766 memset(uid
, 0x00, 10);
767 uint8_t* receivedAnswer
= mifare_get_bigbufptr();
769 if (workFlags
& 0x08) {
771 iso14a_clear_trace();
772 iso14a_set_tracing(TRUE
);
781 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
783 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A
| FPGA_HF_ISO14443A_READER_MOD
);
788 if (workFlags
& 0x01) {
789 if(!iso14443a_select_card(uid
, NULL
, &cuid
)) {
790 if (MF_DBGLEVEL
>= 1) Dbprintf("Can't select card");
794 if(mifare_classic_halt(NULL
, cuid
)) {
795 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
802 ReaderTransmitBitsPar(wupC1
,7,0);
803 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
804 if (MF_DBGLEVEL
>= 1) Dbprintf("wupC1 error");
808 ReaderTransmit(wipeC
, sizeof(wipeC
));
809 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
810 if (MF_DBGLEVEL
>= 1) Dbprintf("wipeC error");
814 if(mifare_classic_halt(NULL
, cuid
)) {
815 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
821 if (workFlags
& 0x02) {
822 ReaderTransmitBitsPar(wupC1
,7,0);
823 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
824 if (MF_DBGLEVEL
>= 1) Dbprintf("wupC1 error");
828 ReaderTransmit(wupC2
, sizeof(wupC2
));
829 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
830 if (MF_DBGLEVEL
>= 1) Dbprintf("wupC2 error");
835 if ((mifare_sendcmd_short(NULL
, 0, 0xA0, blockNo
, receivedAnswer
) != 1) || (receivedAnswer
[0] != 0x0a)) {
836 if (MF_DBGLEVEL
>= 1) Dbprintf("write block send command error");
840 memcpy(d_block
, datain
, 16);
841 AppendCrc14443a(d_block
, 16);
843 ReaderTransmit(d_block
, sizeof(d_block
));
844 if ((ReaderReceive(receivedAnswer
) != 1) || (receivedAnswer
[0] != 0x0a)) {
845 if (MF_DBGLEVEL
>= 1) Dbprintf("write block send data error");
849 if (workFlags
& 0x04) {
850 if (mifare_classic_halt(NULL
, cuid
)) {
851 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
860 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
861 // if (isOK) memcpy(ack.d.asBytes, uid, 4);
865 * Removed by Martin, the uid is overwritten with 0x44,
866 * which can 't be intended.
868 * memset(uid, 0x44, 4);
869 * LogTrace(uid, 4, 0, 0, TRUE);
874 cmd_send(CMD_ACK
,isOK
,0,0,uid
,4);
875 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
878 if ((workFlags
& 0x10) || (!isOK
)) {
880 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
885 void MifareCGetBlock(uint32_t arg0
, uint32_t arg1
, uint32_t arg2
, uint8_t *datain
){
889 // bit 2 - need HALT after sequence
890 // bit 3 - need init FPGA and field before sequence
891 // bit 4 - need reset FPGA and LED
892 uint8_t workFlags
= arg0
;
893 uint8_t blockNo
= arg2
;
896 uint8_t wupC1
[] = { 0x40 };
897 uint8_t wupC2
[] = { 0x43 };
904 memset(data
, 0x00, 18);
905 uint8_t* receivedAnswer
= mifare_get_bigbufptr();
907 if (workFlags
& 0x08) {
909 iso14a_clear_trace();
910 iso14a_set_tracing(TRUE
);
919 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);
921 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A
| FPGA_HF_ISO14443A_READER_MOD
);
925 if (workFlags
& 0x02) {
926 ReaderTransmitBitsPar(wupC1
,7,0);
927 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
928 if (MF_DBGLEVEL
>= 1) Dbprintf("wupC1 error");
932 ReaderTransmit(wupC2
, sizeof(wupC2
));
933 if(!ReaderReceive(receivedAnswer
) || (receivedAnswer
[0] != 0x0a)) {
934 if (MF_DBGLEVEL
>= 1) Dbprintf("wupC2 error");
940 if ((mifare_sendcmd_short(NULL
, 0, 0x30, blockNo
, receivedAnswer
) != 18)) {
941 if (MF_DBGLEVEL
>= 1) Dbprintf("read block send command error");
944 memcpy(data
, receivedAnswer
, 18);
946 if (workFlags
& 0x04) {
947 if (mifare_classic_halt(NULL
, cuid
)) {
948 if (MF_DBGLEVEL
>= 1) Dbprintf("Halt error");
957 // UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
958 // if (isOK) memcpy(ack.d.asBytes, data, 18);
962 * Removed by Martin, this piece of overwrites the 'data' variable
963 * which is sent two lines down, and is obviously not correct.
965 * memset(data, 0x44, 4);
966 * LogTrace(data, 4, 0, 0, TRUE);
969 cmd_send(CMD_ACK
,isOK
,0,0,data
,18);
970 // UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
973 if ((workFlags
& 0x10) || (!isOK
)) {
975 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF
);